public AuthorisationDC GetUserAuthorisationInfo(string token, string appID, string[] adGroups, string staffCode, string firstName, string lastName, IRepository <ADRoleLookup> adRoleLookupRepository, IRepository <StaffAttributes> staffAttributesRepository)
{
try
{
#region Parameter validation
//Validate for parameters which cannot be null
if (null == token)
{
throw new ArgumentNullException("token");
}
if (null == adGroups)
{
throw new ArgumentNullException("adGroups");
}
if (null == staffCode)
{
throw new ArgumentNullException("staffCode");
}
if (null == adRoleLookupRepository)
{
throw new ArgumentNullException("adRoleLookupRepository");
}
#endregion
// Call overload with injected objects
string[] MatchingRoles = GetRolesForADGroups(staffCode, staffCode, appID, "", adGroups, adRoleLookupRepository);
//***************************CHANGE TO GET ROLES FROM STAFF ATTRIBUTES********************************
//*****************THE ONLY ROLE IN AD IS NOW ONE GIVING ACCESS TO THE APPLICATION USED BY LANDING PAGE********************
Guid StaffCodeGuid = Guid.Parse(staffCode);
List <StaffAttributes> attributes = staffAttributesRepository.Find(new Specification <StaffAttributes>(x => x.ApplicationAttribute.IsRole && x.LookupValue == "Yes" && x.StaffCode == StaffCodeGuid), x => x.ApplicationAttribute.AttributeName, "ApplicationAttribute", "Application", "ApplicationAttribute.ApplicationAttributeExtension").ToList();
MatchingRoles = MatchingRoles.Concat <string>(attributes.Select(x => x.ApplicationAttribute.AttributeName)).ToArray();
//add pseudo Staff Maintenance role if user is staff admin. This role in used in custom Authorization checks
if (attributes.Where(x => x.ApplicationAttribute.ApplicationAttributeExtension.Any(y => y.IsStaffAdmin == true)).Count() > 0)
{
List <String> matchingRolesList = new List <string>(MatchingRoles);
matchingRolesList.Add(FrameworkRoles.STAFF_MAINTAINANCE);
MatchingRoles = matchingRolesList.ToArray();
}
//Return user information
AuthorisationDC returnObject = new AuthorisationDC()
{
Roles = MatchingRoles.AsEnumerable <string>(), UserID = staffCode, UserName = firstName + " " + lastName
};
return(returnObject);
}
catch (Exception e)
{
//Prevent exception from propogating across the service interface
ExceptionManager.ShieldException(e);
return(null);
}
}
/// <summary>
/// Gets authorisation information relating to the current user
/// </summary>
/// <remarks>
/// Retrieves application roles based on a users group membership
/// </remarks>
/// <param name="context">HttpContext</param>
/// <param name="appID">Application ID</param>
public static void GetUserAuthorisationInfo(HttpContextBase context, string appID)
{
string[] roles = null;
if (context.User.Identity.IsAuthenticated && context.Request.LogonUserIdentity != null && context.Request.LogonUserIdentity.IsAuthenticated)
{
//Get roles from session if available
if (null != SessionManager.UserRoles)
{
roles = SessionManager.UserRoles;
}
else
// If roles not in session then retrieve from authorisation service
{
AuthorisationDC authorisationResult = null;
//Create instance of Authorisation service
AuthorisationServiceClient sc = new AuthorisationServiceClient();
//Get user name for current user
string userName = context.User.Identity.Name;
try
{
#if DEBUG
authorisationResult = new AuthorisationDC();
authorisationResult.Roles = new string[] { "FW-ADMIN", "FW-APPLICATION", "UCB-APPLICATION", "AM-APPLICATION" };
authorisationResult.UserID = "F308F543-75A8-4218-A644-F27765CE51AB";
authorisationResult.UserName = "******";
#else
string[] adGroups = Roles.GetRolesForUser();
//Authorise user and retrieve user roles
authorisationResult = sc.GetUserAuthorisationInfo(userName, appID, adGroups);
//Close service communication
((ICommunicationObject)sc).Close();
#endif
//Store roles in session so we don't have to call service each time
SessionManager.UserRoles = roles = authorisationResult.Roles;
//Store user's ID in session
SessionManager.UserID = authorisationResult.UserID;
//Store user's Name in session
SessionManager.UserName = authorisationResult.UserName;
}
catch (FaultException <AuthorisationFailureFault> )
{
((ICommunicationObject)sc).Close();
//Store user's ID in session
SessionManager.UserID = userName;
//Store roles as empty array
SessionManager.UserRoles = new string[] { };
}
catch (Exception e)
{
ExceptionManager.HandleException(e, (ICommunicationObject)sc);
}
}
}
//Create new principal object and attach roles
GenericPrincipal principal = new GenericPrincipal(context.User.Identity, roles);
//Attach new principal to current thread
Thread.CurrentPrincipal = context.User = principal;
}
/// <summary>
/// Gets authorisation information relating to the current user
/// </summary>
/// <remarks>
/// Retrieves application roles based on a users group membership
/// </remarks>
/// <param name="context">HttpContext</param>
/// <param name="appID">Application ID</param>
public void GetUserAuthorisationInfo(HttpContextBase context, string appID)
{
string[] roles = null;
if (context.User.Identity.IsAuthenticated && context.Request.LogonUserIdentity != null && context.Request.LogonUserIdentity.IsAuthenticated)
{
//Get roles from session if available
if (null != sessionManager.UserRoles)
{
roles = sessionManager.UserRoles;
}
else
// If roles not in session then retrieve from authorisation service
{
AuthorisationDC authorisationResult = null;
//Create instance of Authorisation service
//AuthorisationServiceClient sc = new AuthorisationServiceClient();
IAuthorisationService sc = authorisationService;
//Get user name for current user
string userName = context.User.Identity.Name;
try
{
#if DEBUG
authorisationResult = new AuthorisationDC();
authorisationResult.Roles = new string[] { };
//authorisationResult.Roles = new string[] { AppRoles.APPLICATION, AppRoles.NOMINATED_MANAGER, AppRoles.TRADE_UNION, AppRoles.UCB_MI_USER, AppRoles.STAFFADMIN };
authorisationResult.Roles = new string[] { AppRoles.APPLICATION, AppRoles.NOMINATED_MANAGER, AppRoles.DEPUTY_NOMINATED_MANAGER, AppRoles.ADMIN, AppRoles.TRADE_UNION, AppRoles.BUSINESS_AREA_MANAGER, AppRoles.UCB_MI_USER, AppRoles.STAFFADMIN };
// authorisationResult.Roles = new string[] { AppRoles.APPLICATION, AppRoles.NOMINATED_MANAGER, AppRoles.DEPUTY_NOMINATED_MANAGER, AppRoles.ADMIN, AppRoles.TRADE_UNION, AppRoles.BUSINESS_AREA_MANAGER, AppRoles.UCB_MI_USER, AppRoles.STAFFADMIN };
// authorisationResult.Roles = new string[] { "UCB-APPLICATION", "UCB-ADMIN" };
authorisationResult.UserID = "DF8752EF-74DB-4AEE-A55A-1D3D5F6AA6FE";
authorisationResult.UserName = "******";
#else
string[] adGroups = Roles.GetRolesForUser();
//Authorise user and retrieve user roles
authorisationResult = sc.GetUserAuthorisationInfo(userName, appID, adGroups);
//Close service communication
((ICommunicationObject)sc).Close();
#endif
//Store roles in session so we don't have to call service each time
sessionManager.UserRoles = roles = authorisationResult.Roles;
//Store user's ID in session
sessionManager.UserID = authorisationResult.UserID;
//Store user's Name in session
sessionManager.UserName = authorisationResult.UserName;
}
catch (FaultException <AuthorisationFailureFault> )
{
((ICommunicationObject)sc).Close();
//Store user's ID in session
sessionManager.UserID = userName;
//Store roles as empty array
sessionManager.UserRoles = new string[] { };
}
catch (Exception e)
{
ExceptionManager.HandleException(e, (ICommunicationObject)sc);
}
}
}
//Create new principal object and attach roles
GenericPrincipal principal = new GenericPrincipal(context.User.Identity, roles);
//Attach new principal to current thread
Thread.CurrentPrincipal = context.User = principal;
}
public AuthorisationDC GetUserAuthorisationInfo(string token, string appID, string[] roles)
{
try
{
#region Parameter validation
//Validate for parameters which cannot be null
if (null == token)
{
throw new ArgumentNullException("token");
}
if (null == appID)
{
throw new ArgumentNullException("appID");
}
if (null == roles)
{
throw new ArgumentNullException("roles");
}
#endregion
// Get the domain name from configuration
string domainName = ConfigurationManager.AppSettings.Get("DomainName");
// Remove domain name from user name
token = token.Substring(token.IndexOf("\\") + 1);
// Token passed was invalid
if (null == token)
{
throw new ArgumentOutOfRangeException("token");
}
//Remove the domain name from the AD groups
var adGroupsWithoutDomainPrefix = (from x in roles
select(x.Contains("\\") ? x.Substring(x.LastIndexOf("\\") + 1) : x)).ToArray();
// Create instance of Staff repository. Note - no way to specify user guids
IRepository <Staff> staffRepository = new Repository <Staff>("", "", appID, "");
//Find user
List <Staff> staffItems = staffRepository.Find(x => x.StaffNumber == token && x.IsActive == true).ToList();
Staff staffItem = null;
if (staffItems.Count() != 1)
{
// If zero staff records are found then the user is not in the Staff table
throw new FailedAuthorisationException();
}
else
{
// One staff member found.
staffItem = staffItems[0];
}
// Convert to string
string staffCode = staffItem.Code.ToString();
// Create instance of ADRoleLookup repository
IRepository <ADRoleLookup> adRoleLookupRepository = new Repository <ADRoleLookup>(staffCode, staffCode, appID, "");
IRepository <StaffAttributes> staffAttributesRepository = new Repository <StaffAttributes>(staffCode, staffCode, appID, "");
// Get user authorisation information
AuthorisationDC returnObject = GetUserAuthorisationInfo(token, appID, adGroupsWithoutDomainPrefix, staffCode, staffItem.FirstName, staffItem.LastName, adRoleLookupRepository, staffAttributesRepository);
return(returnObject);
}
catch (ArgumentNullException e)
{
// Publish the exception information
ExceptionManager.PublishException(e);
//Prevent exception from propogating across the service interface
throw new FaultException <AuthorisationFailureFault>(new AuthorisationFailureFault(), "Authorisation failure");
}
catch (ArgumentOutOfRangeException e)
{
// Publish the exception information
ExceptionManager.PublishException(e);
//Prevent exception from propogating across the service interface
throw new FaultException <AuthorisationFailureFault>(new AuthorisationFailureFault(), "Authorisation failure");
}
catch (FailedAuthorisationException)
{
//Prevent exception from propogating across the service interface
throw new FaultException <AuthorisationFailureFault>(new AuthorisationFailureFault(), "Authorisation failure");
}
catch (Exception e)
{
if (!(e is FaultException))
{
// Publish the exception information
ExceptionManager.PublishException(e);
// Throw default fault exception
throw new FaultException <ServiceErrorFault>(new ServiceErrorFault(), "The service experienced a serious error.");
}
return(null);
}
}
