namespace Acme Application Authorization using System using System Sec

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
namespace Acme.Application.Authorization
{
using System;
using System.Security.Claims;
/// <summary>
/// Represents an action that can be performed on a resource.
/// </summary>
public interface IResourceAction
{
/// <summary>
/// Creates a claim corresponding to this action.
/// </summary>
/// <returns>
/// A claim that the principal is allowed to perform the action
/// defined by this object.
/// </returns>
Claim ToClaim();
/// <summary>
/// Gets the action name.
/// </summary>
string Action { get; }
/// <summary>
/// Gets the resource name.
/// </summary>
string Resource { get; }
}
/// <summary>
/// Represents an action that can be performed on a resource.
/// </summary>
/// <remarks>
/// The declaring class of a concrete descendant of this class
/// specifies the resource.
/// </remarks>
/// <typeparam name="TAction">
/// A class representing a concrete action.
/// </typeparam>
public abstract class ResourceAction<TAction> : IResourceAction
where TAction : IResourceAction, new()
{
/// <summary>
/// A claim corresponding to this action.
/// </summary>
public static Claim Claim = new TAction().ToClaim();
/// <summary>
/// Gets the action name.
/// </summary>
public string Action
{
get
{
return GetType().Name.ToLowerInvariant();
}
}
/// <summary>
/// Gets the resource name.
/// </summary>
public string Resource
{
get
{
Type resourceType = GetType().DeclaringType;
if (resourceType == null)
{
throw new InvalidOperationException(
"The resource type could not be determined from the action type.");
}
return ResourceAuthorization.Resource.Prefix + resourceType.Name.ToLowerInvariant();
}
}
/// <summary>
/// Creates a claim corresponding to this action.
/// </summary>
/// <returns>
/// A claim that the principal is allowed to perform the action defined by this object.
/// </returns>
public Claim ToClaim()
{
return new Claim(Resource, Action);
}
}
/// <summary>
/// Defines available resources and their corresponding actions.
/// </summary>
/// <remarks>
/// <example>
/// Adding claims
/// <code>
/// identity.AddClaim(Resource.Missiles.Launch.Claim);
/// </code>
/// </example>
/// <example>
/// Requiring permissions declaratively
/// <code>
/// [ResourceAuthorize(typeof(Resource.Missiles.Launch))]
/// public void ControllerAction() {}
/// </code>
/// </example>
/// </remarks>
public static class Resource
{
/// <summary>
/// The standard prefix of resource names.
/// </summary>
public const string Prefix = "acme:resouce:";
/// <summary>
/// Nuclear missiles.
/// </summary>
public static class Missiles
{
/// <summary>
/// The user may launch missiles.
/// </summary>
public sealed class Launch : ResourceAction<Launch>
{
}
}
}
/*
public class ResourceAuthorizeAttribute : AuthorizeAttribute
{
private readonly string _action;
private readonly string _resource;
/// <summary>
/// Initializes a new instance of <see cref="ResourceAuthorizeAttribute"/>
/// with the specified resource and acrion.
/// </summary>
/// <param name="resourceActionType">
/// The type describing the resource-action pair.
/// Must be of the form <c>Resource.YourResource.YourAction</c>.
/// See the nested classes of the <see cref="Resource"/> class.
/// </param>
public ResourceAuthorizeAttribute(Type resourceActionType)
{
var ra = (IResourceAction)Activator.CreateInstance(resourceActionType);
_action = ra.Action;
_resource = ra.Resource;
}
...
}
*/
}