当前位置: 文江博客话题详情

基于服务调用参数的AuthorizationManager

发布于 2024-08-21 23:35:33 字数 1321 浏览 11 评论 0原文

我目前正在开发自己的 AuthorizationManager,它看起来像这样:

 public class MyAuthorizationManager : ServiceAuthorizationManager
{
    static bool initialize = false;
    public override bool CheckAccess(OperationContext operationContext)
    {
        ServiceSecurityContext context = ServiceSecurityContext.Current;
        string[] roles = Roles.GetRolesForUser(operationContext.ServiceSecurityContext.PrimaryIdentity.Name);
        return roles.Count() > 0;
    }

    public override bool CheckAccess(OperationContext operationContext, ref System.ServiceModel.Channels.Message message)
    {
        MessageBuffer buffer = operationContext.RequestContext.RequestMessage.CreateBufferedCopy(int.MaxValue);
        message = buffer.CreateMessage();
        Console.WriteLine(message);
        return base.CheckAccess(operationContext, ref message);
    }
}

我想根据服务合同参数执行授权检查,例如,如果合同如下所示:

[ServiceContract]
public interface IServerContract
{
    [OperationContract]
    [ServiceKnownType(typeof(ChildTypeOne))]
    [ServiceKnownType(typeof(ChildTypeTwo))]
    string SecuredMessage(ParentType incoming);
}

我的目标是根据类型进行授权,例如,如果传入日期是 ChildTypeOne,如果是 ChildTypeTwo,则拒绝。

我检查了“消息”,它看起来像:

  • 它必须被解密
  • 似乎高度依赖于绑定

有没有简单的方法来简单地获取参数类型?

原文

I'm currently developing my own AuthorizationManager, it looks something like that:

 public class MyAuthorizationManager : ServiceAuthorizationManager
{
    static bool initialize = false;
    public override bool CheckAccess(OperationContext operationContext)
    {
        ServiceSecurityContext context = ServiceSecurityContext.Current;
        string[] roles = Roles.GetRolesForUser(operationContext.ServiceSecurityContext.PrimaryIdentity.Name);
        return roles.Count() > 0;
    }

    public override bool CheckAccess(OperationContext operationContext, ref System.ServiceModel.Channels.Message message)
    {
        MessageBuffer buffer = operationContext.RequestContext.RequestMessage.CreateBufferedCopy(int.MaxValue);
        message = buffer.CreateMessage();
        Console.WriteLine(message);
        return base.CheckAccess(operationContext, ref message);
    }
}

I would like to perform authorization check based on a service contract parameter, in example, if contract looks like:

[ServiceContract]
public interface IServerContract
{
    [OperationContract]
    [ServiceKnownType(typeof(ChildTypeOne))]
    [ServiceKnownType(typeof(ChildTypeTwo))]
    string SecuredMessage(ParentType incoming);
}

My goal is authorizing depending on type, in example, authorizing if incoming date is ChildTypeOne and deniying in case it was ChildTypeTwo.

I've checked "Message" and it looks like:

  • It must be decrypted
  • Seems to be highly dependent on binding

Is there any easy way to simply get parameter type?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

记忆之渊 2024-08-28 23:35:33

好的,我已经弄清楚如何执行该操作。无论如何,如果您知道更好的方法,请告诉我:

这是我正在使用的 AuthorizationManager:

 public class MyAuthorizationManager : ServiceAuthorizationManager
{
    static bool initialize = false;

    public override bool CheckAccess(OperationContext operationContext, ref System.ServiceModel.Channels.Message message)
    {
            bool returnedValue = base.CheckAccess(operationContext, ref message);
            // messags in WCF are always read-once
            // we create one copy to work with, and one copy to return back to the plumbing
            MessageBuffer buffer = operationContext.RequestContext.RequestMessage.CreateBufferedCopy(int.MaxValue);
            message = buffer.CreateMessage();

            // get the username vale using XPath
            XPathNavigator nav = buffer.CreateNavigator();
            StandardNamespaceManager nsm = new StandardNamespaceManager(nav.NameTable);
            nav = nav.SelectSingleNode("//@i:type",nsm);
            returnedValue &= (nav.ToString() == "a:"+typeof(ChildTypeOne).Name);
            return returnedValue;
    }


    public class StandardNamespaceManager : XmlNamespaceManager
    {
        public StandardNamespaceManager(XmlNameTable nameTable)
            : base(nameTable)
        {
            this.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/");
            this.AddNamespace("s11", "http://schemas.xmlsoap.org/soap/envelope/");
            this.AddNamespace("s12", "http://www.w3.org/2003/05/soap-envelope");
            this.AddNamespace("wsaAugust2004", "http://schemas.xmlsoap.org/ws/2004/08/addressing");
            this.AddNamespace("wsa10", "http://www.w3.org/2005/08/addressing");
            this.AddNamespace("i", "http://www.w3.org/2001/XMLSchema-instance");
        }
    }
}

以前的 AuthorizationManager 将拒绝“ChildTypeTwo”。您可以使用 RoleProvider 来根据类型获取角色。

Ok, i've figured out how to perform that. Anyway, if you know any better way to do so, let me know:

Here is the AuthorizationManager i'm using:

 public class MyAuthorizationManager : ServiceAuthorizationManager
{
    static bool initialize = false;

    public override bool CheckAccess(OperationContext operationContext, ref System.ServiceModel.Channels.Message message)
    {
            bool returnedValue = base.CheckAccess(operationContext, ref message);
            // messags in WCF are always read-once
            // we create one copy to work with, and one copy to return back to the plumbing
            MessageBuffer buffer = operationContext.RequestContext.RequestMessage.CreateBufferedCopy(int.MaxValue);
            message = buffer.CreateMessage();

            // get the username vale using XPath
            XPathNavigator nav = buffer.CreateNavigator();
            StandardNamespaceManager nsm = new StandardNamespaceManager(nav.NameTable);
            nav = nav.SelectSingleNode("//@i:type",nsm);
            returnedValue &= (nav.ToString() == "a:"+typeof(ChildTypeOne).Name);
            return returnedValue;
    }


    public class StandardNamespaceManager : XmlNamespaceManager
    {
        public StandardNamespaceManager(XmlNameTable nameTable)
            : base(nameTable)
        {
            this.AddNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/");
            this.AddNamespace("s11", "http://schemas.xmlsoap.org/soap/envelope/");
            this.AddNamespace("s12", "http://www.w3.org/2003/05/soap-envelope");
            this.AddNamespace("wsaAugust2004", "http://schemas.xmlsoap.org/ws/2004/08/addressing");
            this.AddNamespace("wsa10", "http://www.w3.org/2005/08/addressing");
            this.AddNamespace("i", "http://www.w3.org/2001/XMLSchema-instance");
        }
    }
}

Previous AuthorizationManager will work rejecting "ChildTypeTwo". You can use a RoleProvider in order to get role based on type.

回复 原文
~没有更多了~

关于作者

醉态萌生

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

琉璃梦幻

文章 0 评论 0

qq_4zWU6L

文章 0 评论 0

话少情深

文章 0 评论 0

西西弗的石头怪

文章 0 评论 0

彻夜缠绵

文章 0 评论 0

千寻…

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文