protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
IPrincipal user = httpContext.User;
if (!user.Identity.IsAuthenticated)
{
return(false);
}
AuthorizationType authorization = AzManStore.CheckAccess(Store, Application.ToString().Replace('_', ' '), Item.ToString().Replace('_', ' '), AzManStore.GetDBUser(User), DateTime.Now, false, null);
if (authorization == AuthorizationType.Allow || authorization == AuthorizationType.AllowWithDelegation)
{
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Determines if user is authorized to view the resource that is indicated by
/// this <see cref="IAzManItem"/> task. If the user is not authorized for the task or
/// authorization cannot be determined, return false.
/// </summary>
/// <param name="task">Instance of <see cref="IAzManItem"/> to examine.</param>
/// <returns>True if authorized, otherwise returns false.</returns>
private bool AccessAllowed(IAzManItem task)
{
// item must be of type Task.
if (task.ItemType != ItemType.Task)
{
return(false);
}
// Does the task have a defined (external) Url defined?
// If it does then access rights are based upon the task
if (task.Attributes.ContainsKey(Constants.Menu.Url))
{
return(task.CheckAccess(_dbUser, DateTime.Now, null) == AuthorizationType.Allow);
}
// Does this task have a child item of type ItemType.Operation
foreach (var azManItem in task.Members)
{
if (azManItem.Value.ItemType == ItemType.Operation)
{
// If an operation was associated with this task, return access rights
// based on that operation.
return(azManItem.Value.CheckAccess(_dbUser, DateTime.Now, null) == AuthorizationType.Allow);
}
}
// At this point, the remaining possibility is that the task has attributes that
// point to an operation in a different application. This would be indicated by
// the task haveing two attributes defined: "application" and "operation"
if (task.Attributes.ContainsKey(Constants.Menu.Application) && task.Attributes.ContainsKey(Constants.Menu.Operation))
{
return(_storage.CheckAccess(task.Application.Store.Name,
task.Attributes[Constants.Menu.Application].Value, task.Attributes[Constants.Menu.Operation].Value,
_dbUser, DateTime.Now, true, null)
== AuthorizationType.Allow);
}
// If made it to this point, there is something not defined correctly so
// return a false since cannot determine access rights.
return(false);
}
/// <summary>
/// Retrive a complete Authorization for the current user and populate the string array
/// from .NetSqlAzMan store
/// </summary>
/// <param name="userName">User name identifying the current user</param>
/// <returns>Array of strings containing all of the permissions from .NetSqlAzMan store</returns>
private bool CheckAccess(IAzManDBUser dbUser, string app, string role, IAzManStorage storage)
{
var result = false;
//IAzManDBUser dbUser = storage.GetDBUser(dbUserName);
AuthorizationType auth = storage.CheckAccess("CATS", app, role, dbUser, DateTime.Now, false);
switch (auth)
{
case AuthorizationType.AllowWithDelegation:
case AuthorizationType.Allow:
result = true;
break;
case AuthorizationType.Neutral:
case AuthorizationType.Deny:
result = false;
break;
}
return(result);
}
private void CheckNodeAccess(TreeNode tn)
{
var tag = (ItemType)tn.Tag;
string sItemType = String.Empty;
switch (tag)
{
case ItemType.Role:
sItemType = "Role";
break;
case ItemType.Task:
sItemType = "Task";
break;
case ItemType.Operation:
sItemType = "Operation";
break;
}
AuthorizationType auth = AuthorizationType.Neutral;
string sAuth = String.Empty;
DateTime chkStart = DateTime.Now;
TimeSpan elapsedTime = TimeSpan.Zero;
DateTime chkEnd = DateTime.Now;
List <KeyValuePair <string, string> > attributes = null;
//Cache Build
if (chkUserPermisisonCache.Checked && _UserPermissionCache == null)
{
txtDetails.Text += "Building UserPermissionCache ... " + Environment.NewLine;
_UserPermissionCache = new UserPermissionCache(_Storage, _Store.Name, _Application.Name, _DbUser, true, false);
chkEnd = DateTime.Now;
elapsedTime = (TimeSpan)chkEnd.Subtract(chkStart);
txtDetails.Text += String.Format("[{0} mls.]\r\n", elapsedTime.TotalMilliseconds) + Environment.NewLine;
}
else if (chkStorageCache.Checked && _StorageCache == null)
{
txtDetails.Text += "Building StorageCache ... " + Environment.NewLine;
_StorageCache = new StorageCache(_Storage.ConnectionString);
_StorageCache.BuildStorageCache(_Store.Name, _Application.Name);
chkEnd = DateTime.Now;
elapsedTime = (TimeSpan)chkEnd.Subtract(chkStart);
txtDetails.Text += String.Format("[{0} mls.]\r\n", elapsedTime.TotalMilliseconds) + Environment.NewLine;
}
chkStart = DateTime.Now;
elapsedTime = TimeSpan.Zero;
txtDetails.Text += String.Format("{0} {1} '{2}' ... ", "Check Access Test on", sItemType, tn.Text);
try
{
if (chkUserPermisisonCache.Checked)
{
auth = _UserPermissionCache.CheckAccess(
tn.Text,
!String.IsNullOrEmpty(txtValidFor.Text) ? Convert.ToDateTime(txtValidFor.Text) : DateTime.Now,
out attributes);
}
else if (this.chkStorageCache.Checked)
{
auth = _StorageCache.CheckAccess(
_Store.Name,
_Application.Name,
tn.Text, _DbUser.CustomSid.StringValue,
!String.IsNullOrEmpty(txtValidFor.Text) ? Convert.ToDateTime(txtValidFor.Text) : DateTime.Now,
false,
out attributes);
}
else
{
auth = _Storage.CheckAccess(
_Store.Name,
_Application.Name,
tn.Text, _DbUser,
!String.IsNullOrEmpty(txtValidFor.Text) ? Convert.ToDateTime(txtValidFor.Text) : DateTime.Now,
false,
out attributes);
}
chkEnd = DateTime.Now;
elapsedTime = (TimeSpan)chkEnd.Subtract(chkStart);
sAuth = "Neutral";
switch (auth)
{
case AuthorizationType.AllowWithDelegation:
sAuth = "Allow with Delegation";
break;
case AuthorizationType.Allow:
sAuth = "Allow";
break;
case AuthorizationType.Deny:
sAuth = "Deny";
break;
case AuthorizationType.Neutral:
sAuth = "Neutral";
break;
}
//tn.ToolTip = sAuth;
txtDetails.Text += String.Format("{0} [{1} mls.]", sAuth, elapsedTime.TotalMilliseconds) + Environment.NewLine;
if (attributes != null && attributes.Count > 0)
{
txtDetails.Text += String.Format(" {0} attribute(s) found:", attributes.Count) + Environment.NewLine;
int attributeIndex = 0;
foreach (KeyValuePair <string, string> attr in attributes)
{
txtDetails.Text += String.Format(" {0}) Key: {1} Value: {2}", ++attributeIndex, attr.Key, attr.Value) + Environment.NewLine;
}
}
}
catch (Exception ex)
{
sAuth = "Check Access Test Error";
txtDetails.Text += String.Format("{0} [{1} mls.]", ex.Message, elapsedTime.TotalMilliseconds) + Environment.NewLine;
}
tn.Text = String.Format("{0} - ({1})", tn.Text, sAuth.ToUpper());
foreach (TreeNode tnChild in tn.Nodes)
{
CheckNodeAccess(tnChild);
}
}
/// <summary>
/// Retrive a complete Authorization for the current user and populate the string array
/// from .NetSqlAzMan store
/// </summary>
/// <param name="userName">User name identifying the current user</param>
/// <returns>Array of strings containing all of the permissions from .NetSqlAzMan store</returns>
private bool CheckAccess(IAzManDBUser dbUser, string app, string role, IAzManStorage storage)
{
var result = false;
//IAzManDBUser dbUser = storage.GetDBUser(dbUserName);
AuthorizationType auth = storage.CheckAccess("CATS", app, role, dbUser, DateTime.Now, false);
switch (auth)
{
case AuthorizationType.AllowWithDelegation:
case AuthorizationType.Allow:
result = true;
break;
case AuthorizationType.Neutral:
case AuthorizationType.Deny:
result = false;
break;
}
return result;
}
