任何人都可以指导如何在自定义授权策略中缓存声明,这样,每次客户端发出新的服务请求时,我都不必访问数据库来获取所有权利? 根据文档,如果我们返回true,则每次调用评估方法时,state参数都应保留该值,并且不应为null。
public class AuthorizationPolicy : IAuthorizationPolicy
{
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IIdentity identity = GetClientIdentity(evaluationContext);
var claimsIdentity = new ClaimsIdentity(identity);
IPrincipal principal = new ClaimsPrincipal(claimsIdentity);
evaluationContext.Properties["Principal"] = principal;
string userName = string.Empty;
bool bRet = false;
CustomAuthState customstate = null;
// If the state is null, then this has not been called before so
// set up a custom state.
if (state == null)
{
customstate = new CustomAuthState();
state = customstate;
}
else
{
customstate = (CustomAuthState)state;
}
// If claims have not been added yet...
if (!customstate.ClaimsAdded)
{
// Create an empty list of claims.
IList<Claim> claims = new List<Claim>();
// Iterate through each of the claim sets in the evaluation context.
foreach (ClaimSet cs in evaluationContext.ClaimSets)
{
// Look for Name claims in the current claimset.
foreach (Claim c in cs.FindClaims(System.IdentityModel.Claims.ClaimTypes.Name, Rights.PossessProperty))
{
userName = string.IsNullOrEmpty(userName) ? c.Resource.ToString() : userName;
// Get the list of operations the given username is allowed to call.
foreach (Claim claim in GetAllowedOpList(userName, evaluationContext))
{
// Add claims to the list.
claims.Add(claim);
}
}
}
// Add claims to the evaluation context.
evaluationContext.AddClaimSet(this, new DefaultClaimSet(Issuer, claims));
// Record that claims were added.
customstate.ClaimsAdded = true;
// Return true, indicating that this method does not need to be called again.
bRet = true;
}
else
{
// Should never get here, but just in case, return true.
bRet = true;
}
return bRet;
}
}
public class DPEServiceAuthorizationManager : ServiceAuthorizationManager
{
/// <summary>
/// Checks authorization for the given operation context based on default policy evaluation.
/// </summary>
/// <param name="operationContext">The <see cref="T:System.ServiceModel.OperationContext" /> for the current authorization request.</param>
/// <returns>
/// true if access is granted; otherwise, false. The default is true.
/// </returns>
protected override bool CheckAccessCore(OperationContext operationContext)
{
bool sucessFlag = false;
string action = operationContext.RequestContext.RequestMessage.Headers.Action;
//ReadOnlyCollection<ClaimSet> claimSets = ServiceSecurityContext.Current.AuthorizationContext.ClaimSets;
ReadOnlyCollection<ClaimSet> claimSets = operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets;
IEnumerable<Claim> allowedOperations = claimSets
.Where(d => d.Issuer == ClaimSet.System)
.SelectMany(d => d.FindClaims(Common.Constants.ClaimTypes.AllowedOperations, Rights.PossessProperty));
sucessFlag = (allowedOperations.Any(d => (d.Resource.ToString() == action)));
return sucessFlag;
//return (UserId != null && allowedOperations.Any(d=>(d.Resource.ToString() == action)));
}
}