[This is preliminary documentation and subject to change.]
Encapsulates a single authorization policy and implements the core authorization functionality to be used from within your application.
For a list of all members of this type, see AuthorizationPolicy Members.
System.Object
LaMarvin.Constable.Model.ObjectBase
LaMarvin.Constable.Model.NamedObjectBase
LaMarvin.Constable.AuthorizationPolicy
LaMarvin.Constable.Design.Fallback.FallbackPolicy
Public static (Shared in Visual Basic) members of this type are safe for multithreaded operations. Instance members are not guaranteed to be thread-safe.
The methods of the class can be divided into the following categories:
| Category | Description |
|---|---|
| Authorization policy definition and manipulation. | Methods in this category are used to populate and modify the authorization policy. That is, to define Roles, States, Actions, Properties and the associated ActionRules and PropertyRules. |
| Authorization context definition and manipulation. | You'll use properties in this category to set and retrieve the CurrentPrincipal and the CurrentState that are used for authorization checks. |
| Authorization checking and querying the authorization policy. | Methods in this category take into account the current authorization context to query the authorization policy for authorization rules (IsActionExecutable, GetExecutableActionRules, GetChangeablePropertyRules) and to actually ExecuteActions. |
The following example defines a simple authorization policy and then performs some authorization queries based on the policy:
[Visual Basic]
' Instantiate a simple authorization policy.
Dim policy As New AuthorizationPolicy
' At least one state has to be specified.
policy.States.AddNew("Default")
' Use WindowsRoles that map to the local Users and Administrators Windows group membership.
policy.Roles.Add(New WindowsRole("User", "BUILTIN\Users"))
policy.Roles.Add(New WindowsRole("Admin", "BUILTIN\Administrators"))
' Define two sample actions for both the User and Admin roles.
policy.Actions.AddNew("Logoff")
policy.Actions.AddNew("Shutdown")
' Now define the authorization rules - User can execute Logoff, Admin both actions.
policy.ActionRules.AddNew("Logoff", "User")
policy.ActionRules.AddNew("Logoff", "Admin")
policy.ActionRules.AddNew("Shutdown", "Admin")
' Associate the current Windows user with the policy.
policy.CurrentPrincipal = New WindowsPrincipal(WindowsIdentity.GetCurrent())
' If the user is an Admin, we can execute the "Shutdown" action.
If policy.Roles("Admin").IsMember(policy.CurrentPrincipal) Then
Debug.Assert(policy.IsActionExecutable("Shutdown"))
policy.ExecuteAction("Shutdown")
End If
' If the user is at least in the User role, she can execute Logoff.
If policy.Roles("User").IsMember(policy.CurrentPrincipal) Then
Debug.Assert(policy.IsActionExecutable("Logoff"))
policy.ExecuteAction("Logoff")
End If
' If there are no executable action rules for the user, she is neither an User, nor an Admin.
If policy.GetExecutableActionRules().Count = 0 Then
Debug.Assert(Not policy.Roles("User").IsMember(policy.CurrentPrincipal))
Debug.Assert(Not policy.Roles("Admin").IsMember(policy.CurrentPrincipal))
End If
[C#]
Instantiate a simple authorization policy.
AuthorizationPolicy policy = new AuthorizationPolicy();
// At least one state has to be specified.
policy.States.AddNew("Default");
// Use WindowsRoles that map to the local Users and Administrators Windows group membership.
policy.Roles.Add(new WindowsRole("User", @"BUILTIN\Users"));
policy.Roles.Add(new WindowsRole("Admin", @"BUILTIN\Administrators"));
// Define two sample actions for both the User and Admin roles.
policy.Actions.AddNew("Logoff");
policy.Actions.AddNew("Shutdown");
// Now define the authorization rules - User can execute Logoff, Admin both actions.
policy.ActionRules.AddNew("Logoff", "User");
policy.ActionRules.AddNew("Logoff", "Admin");
policy.ActionRules.AddNew("Shutdown", "Admin");
// Associate the current Windows user with the policy.
policy.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
// If the user is an Admin, we can execute the "Shutdown" action.
if (policy.Roles["Admin"].IsMember(policy.CurrentPrincipal))
{
Debug.Assert(policy.IsActionExecutable("Shutdown"));
policy.ExecuteAction("Shutdown");
}
// If the user is at least in the User role, she can execute Logoff.
if (policy.Roles["User"].IsMember(policy.CurrentPrincipal))
{
Debug.Assert(policy.IsActionExecutable("Logoff"));
policy.ExecuteAction("Logoff");
}
// If there are no executable action rules for the user, she is neither an User, nor an Admin.
if (policy.GetExecutableActionRules().Count == 0)
{
Debug.Assert(!policy.Roles["User"].IsMember(policy.CurrentPrincipal));
Debug.Assert(!policy.Roles["Admin"].IsMember(policy.CurrentPrincipal));
}
Namespace: LaMarvin.Constable
Assembly: LaMarvin.Constable (in LaMarvin.Constable.dll)
AuthorizationPolicy Members | LaMarvin.Constable Namespace