private void AddAuthorizationPolicies(SecurityTokenSpecification spec, Collection<IAuthorizationPolicy> policies) { if (((spec != null) && (spec.SecurityTokenPolicies != null)) && (spec.SecurityTokenPolicies.Count > 0)) { for (int i = 0; i < spec.SecurityTokenPolicies.Count; i++) { policies.Add(spec.SecurityTokenPolicies[i]); } } }
private void AddAuthorizationPolicies(SecurityTokenSpecification spec, Collection <IAuthorizationPolicy> policies) { if (spec != null && spec.SecurityTokenPolicies != null && spec.SecurityTokenPolicies.Count > 0) { for (int i = 0; i < spec.SecurityTokenPolicies.Count; ++i) { policies.Add(spec.SecurityTokenPolicies[i]); } } }
void AddAuthorizationPolicies(SecurityTokenSpecification spec, Collection<IAuthorizationPolicy> policies) { if (spec != null && spec.SecurityTokenPolicies != null && spec.SecurityTokenPolicies.Count > 0) { for (int i = 0; i < spec.SecurityTokenPolicies.Count; ++i) { policies.Add(spec.SecurityTokenPolicies[i]); } } }
/// <summary> /// Converts a given set of WCF IAuthorizationPolicy to WIF ClaimIdentities. /// </summary> /// <param name="authorizationPolicies">Set of AuthorizationPolicies to convert to IDFx.</param> /// <param name="securityTokenHandlerCollection">The SecurityTokenHandlerCollection to use.</param> /// <returns>ClaimsIdentityCollection</returns> static ReadOnlyCollection <ClaimsIdentity> ConvertToIDFxIdentities(IList <IAuthorizationPolicy> authorizationPolicies, SecurityTokenHandlerCollection securityTokenHandlerCollection) { if (authorizationPolicies == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("authorizationPolicies"); } if (securityTokenHandlerCollection == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenHandlerCollection"); } List <ClaimsIdentity> identities = new List <ClaimsIdentity>(); SecurityTokenSpecification kerberosTokenSpecification = null; SysAuthorizationContext kerberosAuthContext = null; if ((OperationContext.Current != null) && (OperationContext.Current.IncomingMessageProperties != null) && (OperationContext.Current.IncomingMessageProperties.Security != null)) { SecurityMessageProperty securityMessageProperty = OperationContext.Current.IncomingMessageProperties.Security; foreach (SecurityTokenSpecification tokenSpecification in new SecurityTokenSpecificationEnumerable(securityMessageProperty)) { if (tokenSpecification.SecurityToken is KerberosReceiverSecurityToken) { kerberosTokenSpecification = tokenSpecification; kerberosAuthContext = SysAuthorizationContext.CreateDefaultAuthorizationContext(kerberosTokenSpecification.SecurityTokenPolicies); break; } } } bool hasKerberosTokenPolicyMatched = false; foreach (IAuthorizationPolicy policy in authorizationPolicies) { bool authPolicyHandled = false; if ((kerberosTokenSpecification != null) && !hasKerberosTokenPolicyMatched) { if (kerberosTokenSpecification.SecurityTokenPolicies.Contains(policy)) { hasKerberosTokenPolicyMatched = true; } else { SysAuthorizationContext authContext = SysAuthorizationContext.CreateDefaultAuthorizationContext(new List <IAuthorizationPolicy>() { policy }); // Kerberos creates only one ClaimSet. So any more ClaimSet would mean that this is not a Policy created from Kerberos. if (authContext.ClaimSets.Count == 1) { bool allClaimsMatched = true; foreach (System.IdentityModel.Claims.Claim c in authContext.ClaimSets[0]) { if (!kerberosAuthContext.ClaimSets[0].ContainsClaim(c)) { allClaimsMatched = false; break; } } hasKerberosTokenPolicyMatched = allClaimsMatched; } } if (hasKerberosTokenPolicyMatched) { SecurityTokenHandler tokenHandler = securityTokenHandlerCollection[kerberosTokenSpecification.SecurityToken]; if ((tokenHandler != null) && tokenHandler.CanValidateToken) { identities.AddRange(tokenHandler.ValidateToken(kerberosTokenSpecification.SecurityToken)); authPolicyHandled = true; } } } if (!authPolicyHandled) { SysAuthorizationContext defaultAuthContext = SysAuthorizationContext.CreateDefaultAuthorizationContext(new List <IAuthorizationPolicy>() { policy }); // // Merge all ClaimSets to IClaimsIdentity. // identities.Add(ConvertToIDFxIdentity(defaultAuthContext.ClaimSets, securityTokenHandlerCollection.Configuration)); } } return(identities.AsReadOnly()); }