/// <summary>
        /// Gets a list of users in the specified role for the configured applicationName.
        /// </summary>
        /// <param name="roleName">The name of the role to get the list of users for.</param>
        /// <returns>
        /// A string array containing the names of all the users who are members of the specified role for the configured applicationName.
        /// </returns>
        public override string[] GetUsersInRole(string roleName)
        {
            using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
            {
                IAzManApplication application = storage[this.storeName][this.applicationName];
                IAzManItem        role        = application[roleName];
                if (role.ItemType != ItemType.Role)
                {
                    throw new ArgumentException(String.Format("{0} must be a Role.", roleName), "roleName");
                }

                IAzManAuthorization[] authz = role.GetAuthorizations();
                List <string>         users = new List <string>();
                foreach (IAzManAuthorization auth in authz)
                {
                    if (auth.AuthorizationType == AuthorizationType.Allow
                        ||
                        auth.AuthorizationType == AuthorizationType.AllowWithDelegation)
                    {
                        if (auth.SidWhereDefined == WhereDefined.Local || auth.SidWhereDefined == WhereDefined.LDAP)
                        {
                            string displayName;
                            auth.GetMemberInfo(out displayName);
                            users.Add(displayName);
                        }
                        else if (auth.SidWhereDefined == WhereDefined.Database)
                        {
                            users.Add(application.GetDBUser(auth.SID).UserName);
                        }
                    }
                }
                return(users.ToArray());
            }
        }
        /// <summary>
        /// Adds the specified user names to the specified roles for the configured applicationName.
        /// </summary>
        /// <param name="usernames">A string array of user names to be added to the specified roles.</param>
        /// <param name="roleNames">A string array of the role names to add the specified user names to.</param>
        public override void AddUsersToRoles(string[] usernames, string[] roleNames)
        {
            using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
            {
                try
                {
                    storage.OpenConnection();
                    storage.BeginTransaction();
                    IAzManApplication application = storage[this.storeName][this.applicationName];
                    foreach (string roleName in roleNames)
                    {
                        IAzManItem role = application.GetItem(roleName);
                        if (role.ItemType != ItemType.Role)
                        {
                            throw new ArgumentException(String.Format("{0} must be a Role.", roleName));
                        }

                        foreach (string username in usernames)
                        {
                            IAzManSid    owner        = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User);
                            WhereDefined whereDefined = WhereDefined.LDAP;
                            if (this.userLookupType == "LDAP")
                            {
                                string    fqun      = this.getFQUN(username);
                                NTAccount ntaccount = new NTAccount(fqun);
                                if (ntaccount == null)
                                {
                                    throw SqlAzManException.UserNotFoundException(username, null);
                                }
                                IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier)))));
                                if (sid == null)
                                {
                                    throw SqlAzManException.UserNotFoundException(username, null);
                                }
                                role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null);
                            }
                            else
                            {
                                var       dbuser = application.GetDBUser(username);
                                IAzManSid sid    = dbuser.CustomSid;
                                role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null);
                            }
                        }
                    }
                    storage.CommitTransaction();
                    //Rebuild StorageCache
                    this.InvalidateCache(false);
                }
                catch
                {
                    storage.RollBackTransaction();
                    throw;
                }
                finally
                {
                    storage.CloseConnection();
                }
            }
        }
 /// <summary>
 /// Gets the DB user.
 /// </summary>
 /// <param name="dbUserName">Name of the db user.</param>
 /// <returns></returns>
 /// <remarks>Thread-Safe</remarks>
 public virtual IAzManDBUser GetDBUser(string dbUserName)
 {
     using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
     {
         IAzManApplication application = storage[this.storeName][this.applicationName];
         return(application.GetDBUser(dbUserName));
     }
 }
Beispiel #4
0
        private void DBUserList_FormClosed(object sender, FormClosedEventArgs e)
        {
            var form = (DBUsersList)sender;

            if (form.SelectedItems != null)
            {
                if (form.SelectedItems.Count > 0)
                {
                    var item = form.SelectedItems[0];
                    if (item != null)
                    {
                        IAzManDBUser dbUser = _Application.GetDBUser(item.SubItems[0].Text);
                        txtUser.Tag  = dbUser;
                        txtUser.Text = dbUser.UserName;

                        txtDetails.Text = String.Empty;
                        tvwResults.Nodes.Clear();
                    }
                }
            }
        }
        /// <summary>
        /// Gets a value indicating whether the specified user is in the specified role for the configured applicationName.
        /// </summary>
        /// <param name="username">The user name to search for.</param>
        /// <param name="roleName">The role to search in.</param>
        /// <returns>
        /// true if the specified user is in the specified role for the configured applicationName; otherwise, false.
        /// </returns>
        public override bool IsUserInRole(string username, string roleName)
        {
            if (this.userLookupType == "LDAP")
            {
                WindowsIdentity wid = null;
                if (String.Compare(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).Name, this.getFQUN(username), true) == 0)
                {
                    wid = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent());
                }
                if (wid == null)
                {
                    wid = new WindowsIdentity(this.getUpn(this.getFQUN(username))); //Kerberos Protocol Transition: Works in W2K3 native domain only
                }

                if (!this.useWCFCacheService)
                {
                    return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now)
                            where
                            t.Type == ItemType.Role
                            &&
                            (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation)
                            &&
                            t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
                            select t).Count() > 0);
                }
                else
                {
                    using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient())
                    {
                        try
                        {
                            return((from t in csc.GetAuthorizedItemsForWindowsUsers(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now, null)
                                    where
                                    t.Type == NetSqlAzManWCFCacheService.ItemType.Role
                                    &&
                                    (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation)
                                    &&
                                    t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
                                    select t).Count() > 0);
                        }
                        finally
                        {
                            ((IDisposable)csc).Dispose();
                        }
                    }
                }
            }
            else
            {
                using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
                {
                    IAzManApplication application = storage[this.storeName][this.applicationName];
                    IAzManDBUser      dbUser      = application.GetDBUser(username);

                    if (!this.useWCFCacheService)
                    {
                        return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, dbUser.CustomSid.StringValue, DateTime.Now)
                                where
                                t.Type == ItemType.Role
                                &&
                                (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation)
                                &&
                                t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
                                select t).Count() > 0);
                    }
                    else
                    {
                        using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient())
                        {
                            try
                            {
                                return((from t in csc.GetAuthorizedItemsForDatabaseUsers(this.storeName, this.applicationName, dbUser.CustomSid.StringValue, DateTime.Now, null)
                                        where
                                        t.Type == NetSqlAzManWCFCacheService.ItemType.Role
                                        &&
                                        (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation)
                                        &&
                                        t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
                                        select t).Count() > 0);
                            }
                            finally
                            {
                                ((IDisposable)csc).Dispose();
                            }
                        }
                    }
                }
            }
        }