L
loftty
Guest
Hi,
I want to be able to stop being able access a web api method from a given feature. So if they don't have the reporting feature, you won't be able to call it. My code that I have so far is:
API Method:
[HttpGet]
[Route("getallreports")]
[PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
[FeaturePermission(SecurityAction.Demand, Feature = Features.Reporting, DemandAny = true)]
public string GetAllReports()
{
var data = dataarm.GetReports();
}
Feature Permission Attribute Class:
[Serializable, AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Struct | AttributeTargets.Method | AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)]
public sealed class FeaturePermissionAttribute : CodeAccessSecurityAttribute
{
private Features feature;
private bool demandany;
public Features Feature { get { return feature; } set { feature = value; } }
public Boolean DemandAny { get { return demandany; } set { demandany = value; } }
public FeaturePermissionAttribute(SecurityAction action)
: base(action) { }
public override IPermission CreatePermission()
{
if (Unrestricted)
return new FeaturePermission(PermissionState.Unrestricted);
else
return new FeaturePermission(feature, demandany);
}
}
Feature Permission Class:
public class FeaturePermission : IPermission, IUnrestrictedPermission
{
private Features features = Features.None;
private bool demand_any = false;
private bool unrestricted = true;
DataArm data_arm = new DataArm();
public Features Feature
{
get { return features; }
}
public bool DemandAny
{
get { return demand_any; }
}
public FeaturePermission(bool unrestricted)
{
if (unrestricted)
{
this.features = Features.All;
this.demand_any = false;
this.unrestricted = true;
}
else
{
this.features = Features.None;
this.demand_any = false;
}
}
public FeaturePermission(Features features) : this(features, false)
{
}
public FeaturePermission(Features features, bool demandany)
{
this.features = features;
this.demand_any = demandany;
}
public FeaturePermission(PermissionState state)
{
if (state == PermissionState.Unrestricted)
{
this.features = Features.All;
this.demand_any = false;
this.unrestricted = true;
}
else
{
this.features = Features.None;
this.demand_any = false;
}
}
public Boolean TryDemand()
{
if (IsUnrestricted())
return true;
var settings = data_arm.GetSettings(false);
if (settings.License == null || !settings.License.HasFeature(features, demand_any))
return false;
else
return true;
}
#region IPermission Members
public IPermission Copy()
{
if (unrestricted)
return new FeaturePermission(true);
else
return new FeaturePermission(features, demand_any);
}
public IPermission Intersect(IPermission target)
{
if (target == null)
return null;
FeaturePermission permission = target as FeaturePermission;
if (permission == null)
throw new ArgumentException("Cannot cast target permission type.", "target");
if (IsUnrestricted() && permission.IsUnrestricted())
return new FeaturePermission(true);
return new FeaturePermission(features & permission.features, demand_any & permission.demand_any);
}
public Boolean IsSubsetOf(IPermission target)
{
if (target == null)
return (features == Features.None);
FeaturePermission permission = target as FeaturePermission;
if (permission == null)
throw new ArgumentException("Cannot cast target permission type.", "target");
return ((features & ~permission.features) == Features.None);
}
public IPermission Union(IPermission target)
{
if (target == null)
return Copy();
FeaturePermission permission = target as FeaturePermission;
if (permission == null)
throw new ArgumentException("Cannot cast target permission type.", "target");
if (IsUnrestricted() || permission.IsUnrestricted())
return new FeaturePermission(true);
return new FeaturePermission(features | permission.features, demand_any | permission.demand_any);
}
public void Demand()
{
if (!TryDemand())
throw new LicenseConstraintException();
}
#endregion
#region IUnrestrictedPermission Members
public Boolean IsUnrestricted()
{
return unrestricted;
}
#endregion
#region ISecurityEncodable Members
public void FromXml(SecurityElement e)
{
String __unrestricted = e.Attributes["Unrestricted"] as String;
if (__unrestricted != null)
{
unrestricted = Convert.ToBoolean(__unrestricted);
if (IsUnrestricted())
{
features = Features.All;
demand_any = false;
}
}
if (!IsUnrestricted())
{
String __feature = e.Attributes["Feature"] as String;
if (__feature != null)
features = (Features)Enum.Parse(typeof(Features), __feature, true);
String __demand_any = e.Attributes["DemandAny"] as String;
if (__demand_any != null)
demand_any = Boolean.Parse(__demand_any);
}
}
public SecurityElement ToXml()
{
SecurityElement e = new SecurityElement("IPermission");
e.AddAttribute("class", GetType().AssemblyQualifiedName.Replace('\"', '\''));
e.AddAttribute("version", "1");
if (!IsUnrestricted())
{
e.AddAttribute("Feature", features.ToString());
e.AddAttribute("DemandAny", demand_any.ToString());
}
else
e.AddAttribute("Unrestricted", "true");
return e;
}
#endregion
}
Any ideas to why I can always still access the API method?
Regards,
Loftty
Continue reading...
I want to be able to stop being able access a web api method from a given feature. So if they don't have the reporting feature, you won't be able to call it. My code that I have so far is:
API Method:
[HttpGet]
[Route("getallreports")]
[PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
[FeaturePermission(SecurityAction.Demand, Feature = Features.Reporting, DemandAny = true)]
public string GetAllReports()
{
var data = dataarm.GetReports();
}
Feature Permission Attribute Class:
[Serializable, AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Struct | AttributeTargets.Method | AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)]
public sealed class FeaturePermissionAttribute : CodeAccessSecurityAttribute
{
private Features feature;
private bool demandany;
public Features Feature { get { return feature; } set { feature = value; } }
public Boolean DemandAny { get { return demandany; } set { demandany = value; } }
public FeaturePermissionAttribute(SecurityAction action)
: base(action) { }
public override IPermission CreatePermission()
{
if (Unrestricted)
return new FeaturePermission(PermissionState.Unrestricted);
else
return new FeaturePermission(feature, demandany);
}
}
Feature Permission Class:
public class FeaturePermission : IPermission, IUnrestrictedPermission
{
private Features features = Features.None;
private bool demand_any = false;
private bool unrestricted = true;
DataArm data_arm = new DataArm();
public Features Feature
{
get { return features; }
}
public bool DemandAny
{
get { return demand_any; }
}
public FeaturePermission(bool unrestricted)
{
if (unrestricted)
{
this.features = Features.All;
this.demand_any = false;
this.unrestricted = true;
}
else
{
this.features = Features.None;
this.demand_any = false;
}
}
public FeaturePermission(Features features) : this(features, false)
{
}
public FeaturePermission(Features features, bool demandany)
{
this.features = features;
this.demand_any = demandany;
}
public FeaturePermission(PermissionState state)
{
if (state == PermissionState.Unrestricted)
{
this.features = Features.All;
this.demand_any = false;
this.unrestricted = true;
}
else
{
this.features = Features.None;
this.demand_any = false;
}
}
public Boolean TryDemand()
{
if (IsUnrestricted())
return true;
var settings = data_arm.GetSettings(false);
if (settings.License == null || !settings.License.HasFeature(features, demand_any))
return false;
else
return true;
}
#region IPermission Members
public IPermission Copy()
{
if (unrestricted)
return new FeaturePermission(true);
else
return new FeaturePermission(features, demand_any);
}
public IPermission Intersect(IPermission target)
{
if (target == null)
return null;
FeaturePermission permission = target as FeaturePermission;
if (permission == null)
throw new ArgumentException("Cannot cast target permission type.", "target");
if (IsUnrestricted() && permission.IsUnrestricted())
return new FeaturePermission(true);
return new FeaturePermission(features & permission.features, demand_any & permission.demand_any);
}
public Boolean IsSubsetOf(IPermission target)
{
if (target == null)
return (features == Features.None);
FeaturePermission permission = target as FeaturePermission;
if (permission == null)
throw new ArgumentException("Cannot cast target permission type.", "target");
return ((features & ~permission.features) == Features.None);
}
public IPermission Union(IPermission target)
{
if (target == null)
return Copy();
FeaturePermission permission = target as FeaturePermission;
if (permission == null)
throw new ArgumentException("Cannot cast target permission type.", "target");
if (IsUnrestricted() || permission.IsUnrestricted())
return new FeaturePermission(true);
return new FeaturePermission(features | permission.features, demand_any | permission.demand_any);
}
public void Demand()
{
if (!TryDemand())
throw new LicenseConstraintException();
}
#endregion
#region IUnrestrictedPermission Members
public Boolean IsUnrestricted()
{
return unrestricted;
}
#endregion
#region ISecurityEncodable Members
public void FromXml(SecurityElement e)
{
String __unrestricted = e.Attributes["Unrestricted"] as String;
if (__unrestricted != null)
{
unrestricted = Convert.ToBoolean(__unrestricted);
if (IsUnrestricted())
{
features = Features.All;
demand_any = false;
}
}
if (!IsUnrestricted())
{
String __feature = e.Attributes["Feature"] as String;
if (__feature != null)
features = (Features)Enum.Parse(typeof(Features), __feature, true);
String __demand_any = e.Attributes["DemandAny"] as String;
if (__demand_any != null)
demand_any = Boolean.Parse(__demand_any);
}
}
public SecurityElement ToXml()
{
SecurityElement e = new SecurityElement("IPermission");
e.AddAttribute("class", GetType().AssemblyQualifiedName.Replace('\"', '\''));
e.AddAttribute("version", "1");
if (!IsUnrestricted())
{
e.AddAttribute("Feature", features.ToString());
e.AddAttribute("DemandAny", demand_any.ToString());
}
else
e.AddAttribute("Unrestricted", "true");
return e;
}
#endregion
}
Any ideas to why I can always still access the API method?
Regards,
Loftty
Continue reading...