The Security Application Block provides extension points to implement a custom authorization provider; we may extend either the IAuthorizationProvider
interface or the abstract class AuthorizationProvider
. The Authorize method is where we need to provide our authorization logic. Both the extension points are part of the Microsoft.Practices.EnterpriseLibrary.Security
namespace.
Following is the IAuthorizationProvider
interface which exposes the Authorize
method:
public interface IAuthorizationProvider { bool Authorize(IPrincipal principal, string context); }
The following code snippet shows the implementation of the AuthorizationProvider
abstract class, which inherits the IAuthorizationProvider
interface and provides wiring of the instrumentation provider for instrumentation purposes:
public abstract class AuthorizationProvider : IAuthorizationProvider { IAuthorizationProviderInstrumentationProvider instrumentationProvider; protected AuthorizationProvider() : this(new NullAuthorizationProviderInstrumentationProvider()) { } protected AuthorizationProvider(IAuthorizationProviderInstrumentationProvider instrumentationProvider) { if (instrumentationProvider == null) throw new ArgumentNullException("instrumentationProvider"); this.instrumentationProvider = instrumentationProvider; } public abstract bool Authorize(IPrincipal principal, string context); protected IAuthorizationProviderInstrumentationProvider InstrumentationProvider { get { return this.instrumentationProvider; } } }
Implementing a custom authorization provider is pretty straight-forward. As mentioned previously, we can inherit from the AuthorizationProvider
class and provide an override the Authorize
method to provide our authorization logic. Apart from that, we also have to decorate the class with the ConfigurationElementType
attribute. To make our job easy, the application block provides the CustomAuthorizationProviderData
class, which holds a configuration object for custom providers. This class is part of the Microsoft.Practices.EnterpriseLibrary.Security.Configuration
namespace.
The following code snippet shows a typical custom Authorization Provider implementation:
[ConfigurationElementType(typeof(CustomAuthorizationProviderData))] public class XmlAuthorizationProvider : AuthorizationProvider { public XmlAuthorizationProvider(NameValueCollection configurationItems) { } public override bool Authorize(IPrincipal principal, string context) { // Custom authorization logic goes here // Return true or false based on the authorization outcome return false; } }
3.145.40.189