C# 为什么未调用ClaimsAuthorizationManager.LoadCustomConfiguration?
我正在尝试实现我自己的C# 为什么未调用ClaimsAuthorizationManager.LoadCustomConfiguration?,c#,configuration,authorization,claims-based-identity,claims,C#,Configuration,Authorization,Claims Based Identity,Claims,我正在尝试实现我自己的ClaimsAuthorizationManager,主要遵循MSDN上的示例。目标是从项目配置文件加载策略,并使用它们评估应用程序发出的访问控制请求 我的自定义ClaimsAuthorizationManager与下面的代码非常相似 当我运行TestSuite来测试CheckAccess()方法时,它失败了。我调试并注意到管理器没有从配置文件加载策略事实上,LoadCustomConfiguration()方法从未被调用,即使我在配置中注册了自定义管理器。这是什么原因 我
ClaimsAuthorizationManagerClaimsAuthorizationManagerCheckAccess()LoadCustomConfiguration()<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!--WIF 4.5 sections -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</configSections>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" /></startup>
<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="Foo.Bar.ClaimsAuthorization.FooBarAuthorizationManager, Foo.Bar.ClaimsAuthorization">
<policy resource="TestResource" action="TestAction">
<or>
<claim claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" claimValue="Developer" />
<claim claimType="http://schemas.xmlsoap.org/claims/Group" claimValue="Administrator" />
</or>
</policy>
</claimsAuthorizationManager>
</identityConfiguration>
</system.identityModel>
</configuration>
var hasAccess = ClaimsAuthorization.CheckAccess("TestAction", "TestResource");
Assert.IsFalse(hasAccess);
我意识到我的设置是正确的,但我以错误的方式调用了自定义
ClaimsAuthorizationManagernamespace Foo.Bar.ClaimsAuthorization
{
public class FooBarAuthorizationManager : ClaimsAuthorizationManager
{
static readonly Dictionary<ResourceAction, Func<ClaimsPrincipal, bool>> Policies = new Dictionary<ResourceAction, Func<ClaimsPrincipal, bool>>();
readonly PolicyReader policyReader = new PolicyReader();
/// <summary>
/// Overloads the base class method to load the custom policies from the config file
/// </summary>
/// <param name="nodelist">XmlNodeList containing the policy information read from the config file</param>
public override void LoadCustomConfiguration(XmlNodeList nodelist)
{
if (nodelist == null)
return;
foreach (XmlNode node in nodelist)
{
//
// Initialize the policy cache
//
XmlDictionaryReader rdr = XmlDictionaryReader.CreateDictionaryReader(new XmlTextReader(new StringReader(node.OuterXml)));
rdr.MoveToContent();
string resource = rdr.GetAttribute("resource");
string action = rdr.GetAttribute("action");
Expression<Func<ClaimsPrincipal, bool>> policyExpression = policyReader.ReadPolicy(rdr);
//
// Compile the policy expression into a function
//
Func<ClaimsPrincipal, bool> policy = policyExpression.Compile();
//
// Insert the policy function into the policy cache
//
Policies[new ResourceAction(resource, action)] = policy;
}
}
/// <summary>
/// Checks if the principal specified in the authorization context is authorized to perform action specified in the authorization context
/// on the specified resoure
/// </summary>
/// <param name="pec">Authorization context</param>
/// <returns>true if authorized, false otherwise</returns>
public override bool CheckAccess(AuthorizationContext pec)
{
//
// Evaluate the policy against the claims of the
// principal to determine access
//
bool access;
try
{
var ra = new ResourceAction(pec.Resource.First().Value, pec.Action.First().Value);
access = Policies[ra](pec.Principal);
}
catch (Exception)
{
access = false;
}
return access;
}
public bool CheckAccess(string resource, string action)
{
return CheckAccess(resource, action, Thread.CurrentPrincipal);
}
public bool CheckAccess(string resource, string action, IPrincipal principal)
{
var claimsPrincipal = principal as ClaimsPrincipal;
if (claimsPrincipal == null)
throw new ArgumentException("Principal is null or not of type ClaimsPrincipal!", "principal");
var context = new AuthorizationContext(claimsPrincipal, resource, action);
return CheckAccess(context);
}
}
}
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!--WIF 4.5 sections -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</configSections>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" /></startup>
<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="Foo.Bar.ClaimsAuthorization.FooBarAuthorizationManager, Foo.Bar.ClaimsAuthorization">
<policy resource="TestResource" action="TestAction">
<or>
<claim claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" claimValue="Developer" />
<claim claimType="http://schemas.xmlsoap.org/claims/Group" claimValue="Administrator" />
</or>
</policy>
</claimsAuthorizationManager>
</identityConfiguration>
</system.identityModel>
</configuration>
var hasAccess = ClaimsAuthorization.CheckAccess("TestAction", "TestResource");
Assert.IsFalse(hasAccess);
反编译源代码显示,这是
FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager
这似乎是访问当前的
ClaimsAuthorizationManagerClaimsPrincipalPermission.CheckAccess(“TestResource”,“TestAction”)