Question
I am attempting to create an ClaimsAuthorizationManager implementation which seems pretty straight forward. However, due to the fact that my MVC application utilizes Areas, the Resource property of the AuthorizationContext object (received as an argument of the CheckAccess method) isn't providing enough information about my resource.
I'm looking for some way to indicate a Resource description at the Controller or Area level without having to decorate every action method. I attempted to add [ClaimsPrincipalPermission(SecurityAction.Demand, Resource = "MyResourceName")] to a controller but that resulted in an exception due to the lack of Operation value. I was hoping to achieve a hierarchical cascading setting. For example, all ActionMethods would use the resource defined in the attribute and would resort to the default operation identity mechanism.
Is there a something I'm missing here? Is there a framework or Thinktecture.IdentityModel helper utility for accomplishing this? Is there an opportunity to register a custom AuthorizationContent generator class?
Thanks!
Solution
The built-in mechanism is a little low level for doing these sorts of check (since it's based on CAS). You should look into the Thinktecture IdentityModel helper library for these things. We provide an easier mechanism/API to do claims based checks:
http://leastprivilege.com/2012/10/26/using-claims-based-authorization-in-mvc-and-web-api/
https://stackoverflow.com/questions/20709188
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian