Class AuthorizationRuleAssignment

Represents an authorization rule assignment to a service version, contract, endpoint, or operation. A list of rule assignments to a particular service represents an access control policy for that service.

Inheritance
Object
DomainObjectBase
AuthorizationRuleAssignment
Inherited Members
Namespace: Nevatech.Vsb.Repository.Entities
Assembly: Nevatech.Vsb.Repository.dll
Syntax
public sealed class AuthorizationRuleAssignment : DomainObjectBase, IValidator, IExtensibleDataObject, IEquatable<AuthorizationRuleAssignment>
Remarks

The access control works as follows:

  • Authorization rule defines a set of claims that rule matches.
  • Each authorization rule can be assigned to a service version, contract, endpoint, or service operation. If rule is assigned to a service version then it applies to all contracts in that service version. If it is assigned to a contract then it applies to all operations in that contract, etc.
  • Then rule is assigned, it is given a priority - the order in which rules in the access list are evaluated. Rule with higher priority is evaluated first.
  • The result of rule execution is a "match" or "not-match" value. Which means that claims of the current caller's identity do or do not satisfy the rule's condition. Evaluation of the rule list stops at the first "match", unless its "Action" is set to None.
  • Each rule assignment also defines the authorization decision that should be made, if rule matches the claims. The decisions are Permit (access should be granted), Deny (access is denied and call should be blocked), or None (mark transaction with service agreement identifier and continue rule evaluations).
  • If all rules in the access list are evaluated and no match was determined, then access to the resource should be denied. However, if access list is empty (not defined) then access should be denied.
  • If Service Agreement identifier is provided then messages matching this rule must be "marked" with that identifier (included in the scope of that SLA).

Constructors

AuthorizationRuleAssignment()

Initializes and empty object.

Declaration
public AuthorizationRuleAssignment()

Properties

Action

Gets or sets the action that will be taken, if that rule matches particular set of claims.

Declaration
public AuthorizationRuleAction Action { get; set; }
Property Value
Type Description
AuthorizationRuleAction

ContractId

Gets or sets identifier of the contract that rule is applied to. If not set, then rule is applied to all contracts in the service version.

Declaration
public int? ContractId { get; set; }
Property Value
Type Description
Nullable<Int32>

ContractName

Gets contract WSDL name that rule is applied to.

Declaration
public string ContractName { get; }
Property Value
Type Description
String

EndpointId

Gets or sets identifier of the endpoint that rule is applied to. If not set, then rule is applied to all endpoints in the service version.

Declaration
public int? EndpointId { get; set; }
Property Value
Type Description
Nullable<Int32>

EndpointName

Gets endpoint WSDL name that rule is applied to.

Declaration
public string EndpointName { get; }
Property Value
Type Description
String

GroupId

Gets or sets authorization group identifier. Either rule or group can be assigned at the same time.

Declaration
public int? GroupId { get; set; }
Property Value
Type Description
Nullable<Int32>

GroupName

Gets authorization group name.

Declaration
public string GroupName { get; }
Property Value
Type Description
String

Kind

Gets the service kind: SOAP, REST, or OpenData.

Declaration
public ServiceKind Kind { get; }
Property Value
Type Description
ServiceKind

ObjectType

Gets object type identifier.

Declaration
public override EntityType ObjectType { get; }
Property Value
Type Description
EntityType
Overrides

OperationId

Gets or sets identifier of the service operation that rule is applied to. If not set, then rule is applied to all operations in the service version.

Declaration
public int? OperationId { get; set; }
Property Value
Type Description
Nullable<Int32>

OperationName

Gets contract/operation WSDL name that rule is applied to.

Declaration
public string OperationName { get; }
Property Value
Type Description
String

Priority

Gets or sets rule priority that dictates the order in which rules are executed for particular service. Rule with higher priority is executed first.

Declaration
public int Priority { get; set; }
Property Value
Type Description
Int32

RuleExpression

Gets authorization rule expression.

Declaration
public AuthorizationExpressionBase RuleExpression { get; }
Property Value
Type Description
AuthorizationExpressionBase

RuleId

Gets or sets authorization rule identifier. If rule and group are not set then "match-all" rule is applied.

Declaration
public int? RuleId { get; set; }
Property Value
Type Description
Nullable<Int32>

RuleName

Gets authorization rule name.

Declaration
public string RuleName { get; }
Property Value
Type Description
String

ServiceAgreementId

Gets or sets identifier of the service agreement this authorization rule belongs to. Transactions matching the rule will have this identifier assigned.

Declaration
public int? ServiceAgreementId { get; set; }
Property Value
Type Description
Nullable<Int32>

ServiceAgreementName

Gets the friendly name of the service agreement this authorization rule belongs to.

Declaration
public string ServiceAgreementName { get; }
Property Value
Type Description
String

ServiceId

Gets the service identifier.

Declaration
public int ServiceId { get; }
Property Value
Type Description
Int32

ServiceName

Gets the service friendly name.

Declaration
public string ServiceName { get; }
Property Value
Type Description
String

ServiceVersionId

Gets or sets identifier of the service version that rule is applied to.

Declaration
public int ServiceVersionId { get; set; }
Property Value
Type Description
Int32

ServiceVersionName

Gets service version friendly name.

Declaration
public string ServiceVersionName { get; }
Property Value
Type Description
String

Version

Gets the custom-defined service version identifier.

Declaration
public string Version { get; }
Property Value
Type Description
String

VersionNumber

Gets service version number.

Declaration
public int VersionNumber { get; }
Property Value
Type Description
Int32

Methods

Compress()

Clears unnecessary to runtime data to reduce message payload.

Declaration
public void Compress()

Equals(AuthorizationRuleAssignment)

Determines whether the specified domain object is equal to the current object.

Declaration
public bool Equals(AuthorizationRuleAssignment other)
Parameters
Type Name Description
AuthorizationRuleAssignment other

The object to compare with the current object.
Returns
Type Description
Boolean

True, if objects are equal. False, if objects are not equal.

Equals(Object)

Determines whether the specified domain object is equal to the current object.

Declaration
public override bool Equals(object obj)
Parameters
Type Name Description
Object obj

The object to compare with the current object.
Returns
Type Description
Boolean

True, if objects are equal. False, if objects are not equal.
Overrides

GetHashCode()

Returns the hash code for this instance.

Declaration
public override int GetHashCode()
Returns
Type Description
Int32

Hash code of the current instance.
Overrides

ToString()

Returns string representation of the object.

Declaration
public override string ToString()
Returns
Type Description
String

String representation of the object.
Overrides

Validate()

Evaluates the state of this object.

Declaration
public override bool Validate()
Returns
Type Description
Boolean

True if state is valid; otherwise, false.
Overrides

Implements