How to pass claims from custom IAuthorizationPolic

2019-07-16 08:54发布

I have custom security token and custom IAuthorizationPolicy, like this:

public class TestAuthorizationPolicy : IAuthorizationPolicy
{
    public TestAuthorizationPolicy(string name, string someData, string moreData)
    {
        this.Name = name;
        this.SomeData = someData;
        this.MoreData = moreData;

        var claims = new[]
        {
            new Claim("http://text.example.com/Claims/Name", this.Name, Rights.Identity),
            new Claim("http://text.example.com/Claims/SomeData", this.SomeData, Rights.PossessProperty),
            new Claim("http://text.example.com/Claims/MoreData", this.MoreData, Rights.PossessProperty),
        };

        this.Id = SecUid.Create().ID;
        this.Issuance = new DefaultClaimSet(claims);
        this.Issuer = this.Issuance.Issuer;
    }

    private string Name { get; set; }
    private string SomeData { get; set; }
    private string MoreData { get; set; }

    private ClaimSet Issuance { get; set; }

    public string Id { get; private set; }

    public ClaimSet Issuer { get; private set; }

    public bool Evaluate(EvaluationContext evaluationContext, ref object state)
    {
        evaluationContext.AddClaimSet(this, this.Issuance);

        var identity = new GenericIdentity(this.Name, "Custom");

        evaluationContext.Properties["Identities"] = new IIdentity[] { identity };
        evaluationContext.Properties["Principal"] = new GenericPrincipal(identity, new string[0]);

        return true;
    }
}

Service methods have mine CAS attribute, that in turn returns mine IPermission, which ensures current security context have claims, provided by policy, required to perform operation.

Mostly this works fine. But in some rare CAS executes on different thread, then the thread my policy was executed on. So in that cases ServiceSecurityContext is empty. No any authorization policies, no any claims, no identities, nothing.

So, token was received by server, successfully parsed, security data was set and... lost? Why does it happen? How to deal with it?

Also tried to get rid of CAS and do all checks inside service methods. Same problem - different threads for policy and for service result in empty security context.

标签: c# wcf security
0条回答
登录 后发表回答