Class AuthorizationRuleAssignment
Represents an authorization rule assignment to a service version, contract, endpoint, or operation. A list of rule assignments to a particular service represents an access control policy for that service.
Inherited Members
Namespace: Nevatech.Vsb.Repository.Entities
Assembly: Nevatech.Vsb.Repository.dll
Syntax
[DataContract(Namespace = "http://schemas.nevatech.com/sentinet/2011/02")]
public sealed class AuthorizationRuleAssignment : DomainObjectBase, IValidator, IExtensibleDataObject, IEquatable<AuthorizationRuleAssignment>Remarks
The access control works as follows:
- Authorization rule defines a set of claims that rule matches.
- Each authorization rule can be assigned to a service version, contract, endpoint, or service operation. If rule is assigned to a service version then it applies to all contracts in that service version. If it is assigned to a contract then it applies to all operations in that contract, etc.
- Then rule is assigned, it is given a priority - the order in which rules in the access list are evaluated. Rule with higher priority is evaluated first.
- The result of rule execution is a "match" or "not-match" value. Which means that claims of the current caller's identity do or do not satisfy the rule's condition. Evaluation of the rule list stops at the first "match", unless its "Action" is set to None.
- Each rule assignment also defines the authorization decision that should be made, if rule matches the claims. The decisions are Permit (access should be granted), Deny (access is denied and call should be blocked), or None (mark transaction with service agreement identifier and continue rule evaluations).
- If all rules in the access list are evaluated and no match was determined, then access to the resource should be denied. However, if access list is empty (not defined) then access should be denied.
- If Service Agreement identifier is provided then messages matching this rule must be "marked" with that identifier (included in the scope of that SLA).
Constructors
AuthorizationRuleAssignment()
Initializes and empty object.
Declaration
public AuthorizationRuleAssignment()Properties
Action
Gets or sets the action that will be taken, if that rule matches particular set of claims.
Declaration
[DataMember]
public AuthorizationRuleAction Action { get; set; }Property Value
| Type | Description |
|---|---|
| AuthorizationRuleAction |
ContractId
Gets or sets identifier of the contract that rule is applied to. If not set, then rule is applied to all contracts in the service version.
Declaration
[DataMember(EmitDefaultValue = false)]
public int? ContractId { get; set; }Property Value
| Type | Description |
|---|---|
| int? |
ContractName
Gets contract WSDL name that rule is applied to.
Declaration
[DataMember(EmitDefaultValue = false)]
public string ContractName { get; }Property Value
| Type | Description |
|---|---|
| string |
EndpointId
Gets or sets identifier of the endpoint that rule is applied to. If not set, then rule is applied to all endpoints in the service version.
Declaration
[DataMember(EmitDefaultValue = false)]
public int? EndpointId { get; set; }Property Value
| Type | Description |
|---|---|
| int? |
EndpointName
Gets endpoint WSDL name that rule is applied to.
Declaration
[DataMember(EmitDefaultValue = false)]
public string EndpointName { get; }Property Value
| Type | Description |
|---|---|
| string |
GroupId
Gets or sets authorization group identifier. Either rule or group can be assigned at the same time.
Declaration
[DataMember]
public int? GroupId { get; set; }Property Value
| Type | Description |
|---|---|
| int? |
GroupName
Gets authorization group name.
Declaration
[DataMember(EmitDefaultValue = false)]
public string GroupName { get; }Property Value
| Type | Description |
|---|---|
| string |
IsEnabled
Gets flag indicating that referenced rule or group is enabled. If no rule or group is assigned then property returns true.
Declaration
[DataMember]
public bool IsEnabled { get; set; }Property Value
| Type | Description |
|---|---|
| bool |
Kind
Gets the service kind: SOAP, REST, or OpenData.
Declaration
[DataMember(EmitDefaultValue = false)]
public ServiceKind Kind { get; }Property Value
| Type | Description |
|---|---|
| ServiceKind |
ObjectType
Gets object type identifier.
Declaration
public override EntityType ObjectType { get; }Property Value
| Type | Description |
|---|---|
| EntityType |
Overrides
OperationId
Gets or sets identifier of the service operation that rule is applied to. If not set, then rule is applied to all operations in the service version.
Declaration
[DataMember(EmitDefaultValue = false)]
public int? OperationId { get; set; }Property Value
| Type | Description |
|---|---|
| int? |
OperationName
Gets contract/operation WSDL name that rule is applied to.
Declaration
[DataMember(EmitDefaultValue = false)]
public string OperationName { get; }Property Value
| Type | Description |
|---|---|
| string |
Priority
Gets or sets rule priority that dictates the order in which rules are executed for particular service. Rule with higher priority is executed first.
Declaration
[DataMember]
public int Priority { get; set; }Property Value
| Type | Description |
|---|---|
| int |
RuleExpression
Gets authorization rule expression.
Declaration
[DataMember(EmitDefaultValue = false)]
public AuthorizationExpressionBase RuleExpression { get; }Property Value
| Type | Description |
|---|---|
| AuthorizationExpressionBase |
RuleId
Gets or sets authorization rule identifier. If rule and group are not set then "match-all" rule is applied.
Declaration
[DataMember]
public int? RuleId { get; set; }Property Value
| Type | Description |
|---|---|
| int? |
RuleName
Gets authorization rule name.
Declaration
[DataMember(EmitDefaultValue = false)]
public string RuleName { get; }Property Value
| Type | Description |
|---|---|
| string |
ServiceAgreementId
Gets or sets identifier of the service agreement this authorization rule belongs to. Transactions matching the rule will have this identifier assigned.
Declaration
[DataMember(EmitDefaultValue = false)]
public int? ServiceAgreementId { get; set; }Property Value
| Type | Description |
|---|---|
| int? |
ServiceAgreementName
Gets the friendly name of the service agreement this authorization rule belongs to.
Declaration
[DataMember(EmitDefaultValue = false)]
public string ServiceAgreementName { get; }Property Value
| Type | Description |
|---|---|
| string |
ServiceId
Gets the service identifier.
Declaration
[DataMember(EmitDefaultValue = false)]
public int ServiceId { get; }Property Value
| Type | Description |
|---|---|
| int |
ServiceName
Gets the service friendly name.
Declaration
[DataMember(EmitDefaultValue = false)]
public string ServiceName { get; }Property Value
| Type | Description |
|---|---|
| string |
ServiceVersionId
Gets or sets identifier of the service version that rule is applied to.
Declaration
[DataMember]
public int ServiceVersionId { get; set; }Property Value
| Type | Description |
|---|---|
| int |
ServiceVersionName
Gets service version friendly name.
Declaration
[DataMember(EmitDefaultValue = false)]
public string ServiceVersionName { get; }Property Value
| Type | Description |
|---|---|
| string |
Version
Gets the custom-defined service version identifier.
Declaration
[DataMember(EmitDefaultValue = false)]
public string Version { get; }Property Value
| Type | Description |
|---|---|
| string |
VersionNumber
Gets service version number.
Declaration
[DataMember(EmitDefaultValue = false)]
public int VersionNumber { get; }Property Value
| Type | Description |
|---|---|
| int |
Methods
Compress()
Clears unnecessary to runtime data to reduce message payload.
Declaration
public void Compress()Equals(AuthorizationRuleAssignment)
Determines whether the specified domain object is equal to the current object.
Declaration
public bool Equals(AuthorizationRuleAssignment other)Parameters
| Type | Name | Description |
|---|---|---|
| AuthorizationRuleAssignment | other | The object to compare with the current object. |
Returns
| Type | Description |
|---|---|
| bool | True, if objects are equal. False, if objects are not equal. |
Equals(object)
Determines whether the specified domain object is equal to the current object.
Declaration
public override bool Equals(object obj)Parameters
| Type | Name | Description |
|---|---|---|
| object | obj | The object to compare with the current object. |
Returns
| Type | Description |
|---|---|
| bool | True, if objects are equal. False, if objects are not equal. |
Overrides
GetHashCode()
Returns the hash code for this instance.
Declaration
public override int GetHashCode()Returns
| Type | Description |
|---|---|
| int | Hash code of the current instance. |
Overrides
ToString()
Returns string representation of the object.
Declaration
public override string ToString()Returns
| Type | Description |
|---|---|
| string | String representation of the object. |
Overrides
Validate()
Evaluates the state of this object.
Declaration
public override bool Validate()Returns
| Type | Description |
|---|---|
| bool | True if state is valid; otherwise, false. |