private static string GetInternalLogonType(LogonType logonType)
{
if (logonType == 2)
{
return("Delegated");
}
return(logonType.ToString());
}
/// <summary>
/// 用户身份认证
/// </summary>
/// <param name="strUserValue">用户数据值</param>
/// <param name="eunmValueType">用户数据值类型</param>
/// <param name="strPwdTypeGuid">用户所使用的密码类型</param>
/// <param name="strUserPwd">用户所使用的登录口令(明码,待转换)</param>
private void InitLogOnUserInfo(string strUserValue, LogonType eunmValueType, string strPwdTypeGuid, string strUserPwd)
{
ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strUserValue.Trim()), "对不起,没有确定的用户登录信息!");
_StrUserLogOnName = strUserValue;
try
{
string strPwd = SecurityCalculate.PwdCalculate(strPwdTypeGuid, strUserPwd);
string strOriginal = @"
SELECT OU_USERS.PARENT_GUID, OU_USERS.USER_GUID, OU_USERS.DISPLAY_NAME, OU_USERS.OBJ_NAME,
OU_USERS.ALL_PATH_NAME, OU_USERS.INNER_SORT, OU_USERS.GLOBAL_SORT, OU_USERS.ORIGINAL_SORT, OU_USERS.SIDELINE,
OU_USERS.START_TIME, OU_USERS.END_TIME, USERS.LOGON_NAME, OU_USERS.DESCRIPTION,
USERS.RANK_CODE, RANK_DEFINE.SORT_ID, RANK_DEFINE.NAME, RANK_DEFINE.VISIBLE
FROM OU_USERS, USERS LEFT JOIN RANK_DEFINE ON USERS.RANK_CODE = RANK_DEFINE.CODE_NAME
WHERE OU_USERS.USER_GUID = USERS.GUID
AND USERS." + TSqlBuilder.Instance.CheckQuotationMark(eunmValueType.ToString(), false) + @" = {0}
{1}
{2}
AND OU_USERS.STATUS = 1
AND DATEDIFF(DAY, OU_USERS.START_TIME, GETDATE()) >= 0
AND DATEDIFF(DAY, GETDATE(), OU_USERS.END_TIME) >= 0 " ;
string strSql = string.Format(strOriginal,
TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true),
" AND USERS.USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(strPwd, true),
strPwdTypeGuid == string.Empty ? string.Empty : " AND USERS.PWD_TYPE_GUID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strPwdTypeGuid, true));
using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias))
{
Database database = DatabaseFactory.Create(context);
DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql + " AND USERS.POSTURAL <> 1 ");
if (ds.Tables[0].Rows.Count > 0)
{
SetImpersonateUser();
if (_StrUserLogOnName != strUserValue)
{
strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(_StrUserLogOnName, true),
string.Empty, string.Empty);
ds = database.ExecuteDataSet(CommandType.Text, strSql);
}
}
else
{
DataSet posDS = database.ExecuteDataSet(CommandType.Text, strSql);
ExceptionHelper.TrueThrow(posDS.Tables[0].Rows.Count > 0,
"对不起,您的帐号[" + strUserValue + "]目前被禁用了!\n\n请联系管理员!");
}
InitData(ds);
}
}
catch (System.Exception ex)
{
//ExceptionManager.Publish(ex);
throw ex;
}
}
public AuditEvent(MailboxSession session, MailboxAuditOperations operation, COWSettings settings, OperationResult result, LogonType logonType, bool externalAccess)
{
EnumValidator.ThrowIfInvalid <MailboxAuditOperations>(operation);
EnumValidator.ThrowIfInvalid <OperationResult>(result, "result");
EnumValidator.ThrowIfInvalid <LogonType>(logonType, "logonType");
Util.ThrowOnNullArgument(session, "session");
Util.ThrowOnNullArgument(settings, "settings");
this.MailboxSession = session;
this.AuditOperation = operation;
this.COWSettings = settings;
this.OperationSucceeded = result;
this.LogonType = logonType;
this.ExternalAccess = externalAccess;
this.CreationTime = DateTime.UtcNow;
this.RecordId = CombGuidGenerator.NewGuid(this.CreationTime);
this.OrganizationId = (string.IsNullOrEmpty(session.OrganizationId.ToString()) ? "First Org" : session.OrganizationId.ToString());
this.MailboxGuid = session.MailboxGuid;
this.OperationName = operation.ToString();
this.LogonTypeName = logonType.ToString();
}
/// <summary>
/// Logon a user with the specified credentials.
/// </summary>
/// <param name="credentials">Credentials for logon. See <see cref="NetworkCredential"/>.</param>
/// <param name="logontype">See <see cref="LogonType"/>.</param>
/// <returns>The <see cref="WindowsIdentity"/> of the logged on account.</returns>
/// <permission cref="SecurityPermission">Demand for <see cref="SecurityPermissionFlag.ControlPrincipal"/> permission flag.</permission>
/// <exception cref="ArgumentException">Unable to logon</exception>
public static WindowsIdentity LogonUser(NetworkCredential credentials, LogonType logontype)
{
// Parameter validation
if (credentials == null)
{
throw new ArgumentException("credentials");
}
// Demand permissions
new SecurityPermission(SecurityPermissionFlag.ControlPrincipal).Demand();
// Assert permissions
_assertedPermissions.Assert();
// initialize tokens
IntPtr pExistingTokenHandle = IntPtr.Zero;
IntPtr pDuplicateTokenHandle = IntPtr.Zero;
string domain = credentials.Domain;
if (domain == null || domain.Length == 0)
{
domain = Environment.MachineName;
}
bool returnValue = false;
try
{
returnValue = Win32Native.LogonUser(credentials.UserName,
domain,
credentials.Password,
(int)logontype,
Win32Native.LOGON32_PROVIDER_DEFAULT,
ref pExistingTokenHandle);
if (returnValue && pExistingTokenHandle != IntPtr.Zero)
{
returnValue = Win32Native.DuplicateToken(pExistingTokenHandle, (int)Win32Native.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, ref pDuplicateTokenHandle);
// did DuplicateToken fail?
if (returnValue)
{
// create new identity using new primary token
return(new WindowsIdentity(pDuplicateTokenHandle, "NTLM", WindowsAccountType.Normal, true));
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
catch (Win32Exception wex)
{
//Add detailed description
throw new ArgumentException(Resource.ResourceManager[Resource.MessageKey.LogonUserException,
domain,
credentials.UserName,
logontype.ToString(),
Environment.NewLine,
wex.Message,
Environment.MachineName,
WindowsIdentity.GetCurrent().Name]);
}
finally
{
// close handles
if (pExistingTokenHandle != IntPtr.Zero)
{
Win32Native.CloseHandle(pExistingTokenHandle);
}
if (pDuplicateTokenHandle != IntPtr.Zero)
{
Win32Native.CloseHandle(pDuplicateTokenHandle);
}
// Revert permission (Not strictly necessary but a good practice indeed.)
System.Security.CodeAccessPermission.RevertAssert();
}
}
/// <summary>
/// 用户身份认证
/// </summary>
/// <param name="strUserValue">用户数据值</param>
/// <param name="eunmValueType">用户数据值类型</param>
/// <param name="strPwdTypeGuid">用户所使用的密码类型</param>
/// <param name="strUserPwd">用户所使用的登录口令(明码,待转换)</param>
private void InitLogOnUserInfo(string strUserValue, LogonType eunmValueType, string strPwdTypeGuid, string strUserPwd)
{
ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strUserValue.Trim()), "对不起,没有确定的用户登录信息!");
_StrUserLogOnName = strUserValue;
try
{
string strPwd = SecurityCalculate.PwdCalculate(strPwdTypeGuid, strUserPwd);
string strOriginal = @"
SELECT OU_USERS.PARENT_GUID, OU_USERS.USER_GUID, OU_USERS.DISPLAY_NAME, OU_USERS.OBJ_NAME,
OU_USERS.ALL_PATH_NAME, OU_USERS.INNER_SORT, OU_USERS.GLOBAL_SORT, OU_USERS.ORIGINAL_SORT, OU_USERS.SIDELINE,
OU_USERS.START_TIME, OU_USERS.END_TIME, USERS.LOGON_NAME, OU_USERS.DESCRIPTION,
USERS.RANK_CODE, RANK_DEFINE.SORT_ID, RANK_DEFINE.NAME, RANK_DEFINE.VISIBLE
FROM OU_USERS, USERS LEFT JOIN RANK_DEFINE ON USERS.RANK_CODE = RANK_DEFINE.CODE_NAME
WHERE OU_USERS.USER_GUID = USERS.GUID
AND USERS." + TSqlBuilder.Instance.CheckQuotationMark(eunmValueType.ToString(), false) + @" = {0}
{1}
{2}
AND OU_USERS.STATUS = 1
AND DATEDIFF(DAY, OU_USERS.START_TIME, GETDATE()) >= 0
AND DATEDIFF(DAY, GETDATE(), OU_USERS.END_TIME) >= 0 ";
string strSql = string.Format(strOriginal,
TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true),
" AND USERS.USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(strPwd, true),
strPwdTypeGuid == string.Empty ? string.Empty : " AND USERS.PWD_TYPE_GUID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strPwdTypeGuid, true));
using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias))
{
Database database = DatabaseFactory.Create(context);
DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql + " AND USERS.POSTURAL <> 1 ");
if (ds.Tables[0].Rows.Count > 0)
{
SetImpersonateUser();
if (_StrUserLogOnName != strUserValue)
{
strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(_StrUserLogOnName, true),
string.Empty, string.Empty);
ds = database.ExecuteDataSet(CommandType.Text, strSql);
}
}
else
{
DataSet posDS = database.ExecuteDataSet(CommandType.Text, strSql);
ExceptionHelper.TrueThrow(posDS.Tables[0].Rows.Count > 0,
"对不起,您的帐号[" + strUserValue + "]目前被禁用了!\n\n请联系管理员!");
}
InitData(ds);
}
}
catch (System.Exception ex)
{
//ExceptionManager.Publish(ex);
throw ex;
}
}
