Constable Authorization Engine 2.0 BETA

AuthorizationPolicy Class

[This is preliminary documentation and subject to change.]

Encapsulates a single authorization policy and implements the core authorization functionality to be used from within your application.

For a list of all members of this type, see AuthorizationPolicy Members.

System.Object
LaMarvin.Constable.Model.ObjectBase
LaMarvin.Constable.Model.NamedObjectBase
LaMarvin.Constable.AuthorizationPolicy
LaMarvin.Constable.Design.Fallback.FallbackPolicy

[VisualBasic]
<Serializable>
PublicClassAuthorizationPolicy
InheritsNamedObjectBase
ImplementsIChangeEventSource
[C#]
[Serializable]
publicclassAuthorizationPolicy : NamedObjectBase, IChangeEventSource

Thread Safety

Public static (Shared in Visual Basic) members of this type are safe for multithreaded operations. Instance members are not guaranteed to be thread-safe.

Remarks

The methods of the class can be divided into the following categories:

Category Description
Authorization policy definition and manipulation. Methods in this category are used to populate and modify the authorization policy. That is, to define Roles, States, Actions, Properties and the associated ActionRules and PropertyRules.
Authorization context definition and manipulation. You'll use properties in this category to set and retrieve the CurrentPrincipal and the CurrentState that are used for authorization checks.
Authorization checking and querying the authorization policy. Methods in this category take into account the current authorization context to query the authorization policy for authorization rules (IsActionExecutable, GetExecutableActionRules, GetChangeablePropertyRules) and to actually ExecuteActions.

Example

The following example defines a simple authorization policy and then performs some authorization queries based on the policy:

[VisualBasic]
' Instantiate a simple authorization policy.
Dim policy As New AuthorizationPolicy

' At least one state has to be specified.
policy.States.AddNew("Default")

' Use WindowsRoles that map to the local Users and Administrators Windows group membership.
policy.Roles.Add(New WindowsRole("User", "BUILTIN\Users"))
policy.Roles.Add(New WindowsRole("Admin", "BUILTIN\Administrators"))

' Define two sample actions for both the User and Admin roles.
policy.Actions.AddNew("Logoff")
policy.Actions.AddNew("Shutdown")

' Now define the authorization rules - User can execute Logoff, Admin both actions.
policy.ActionRules.AddNew("Logoff", "User")
policy.ActionRules.AddNew("Logoff", "Admin")
policy.ActionRules.AddNew("Shutdown", "Admin")

' Associate the current Windows user with the policy.
policy.CurrentPrincipal = New WindowsPrincipal(WindowsIdentity.GetCurrent())

' If the user is an Admin, we can execute the "Shutdown" action.
If policy.Roles("Admin").IsMember(policy.CurrentPrincipal) Then
  Debug.Assert(policy.IsActionExecutable("Shutdown"))
  policy.ExecuteAction("Shutdown")
End If

' If the user is at least in the User role, she can execute Logoff.
If policy.Roles("User").IsMember(policy.CurrentPrincipal) Then
  Debug.Assert(policy.IsActionExecutable("Logoff"))
  policy.ExecuteAction("Logoff")
End If

' If there are no executable action rules for the user, she is neither an User, nor an Admin.
If policy.GetExecutableActionRules().Count = 0 Then
  Debug.Assert(Not policy.Roles("User").IsMember(policy.CurrentPrincipal))
  Debug.Assert(Not policy.Roles("Admin").IsMember(policy.CurrentPrincipal))
End If

[C#]
Instantiate a simple authorization policy.
AuthorizationPolicy policy = new AuthorizationPolicy();

// At least one state has to be specified.
policy.States.AddNew("Default");

// Use WindowsRoles that map to the local Users and Administrators Windows group membership.
policy.Roles.Add(new WindowsRole("User", @"BUILTIN\Users"));
policy.Roles.Add(new WindowsRole("Admin", @"BUILTIN\Administrators"));

// Define two sample actions for both the User and Admin roles.
policy.Actions.AddNew("Logoff");
policy.Actions.AddNew("Shutdown");

// Now define the authorization rules - User can execute Logoff, Admin both actions.
policy.ActionRules.AddNew("Logoff", "User");
policy.ActionRules.AddNew("Logoff", "Admin");
policy.ActionRules.AddNew("Shutdown", "Admin");

// Associate the current Windows user with the policy.
policy.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());

// If the user is an Admin, we can execute the "Shutdown" action.
if (policy.Roles["Admin"].IsMember(policy.CurrentPrincipal))
{
  Debug.Assert(policy.IsActionExecutable("Shutdown"));
  policy.ExecuteAction("Shutdown");
}

// If the user is at least in the User role, she can execute Logoff.
if (policy.Roles["User"].IsMember(policy.CurrentPrincipal))
{
  Debug.Assert(policy.IsActionExecutable("Logoff"));
  policy.ExecuteAction("Logoff");
}

// If there are no executable action rules for the user, she is neither an User, nor an Admin.
if (policy.GetExecutableActionRules().Count == 0)
{
  Debug.Assert(!policy.Roles["User"].IsMember(policy.CurrentPrincipal));
  Debug.Assert(!policy.Roles["Admin"].IsMember(policy.CurrentPrincipal));
}

Requirements

Namespace: LaMarvin.Constable

Assembly: LaMarvin.Constable (in LaMarvin.Constable.dll)

See Also

AuthorizationPolicy Members | LaMarvin.Constable Namespace