protected virtual void ApplySecurityRules(SecurityResourceConfigurationInfo src, SecuredResourceContainerInfo resourceContainer, ISecurityConfiguration securityConfiguration) { foreach (SecuredResourceInfo resource in resourceContainer.SecuredResources) { List <Object> securedResources = securityConfiguration.GetSecuredResource(resource.Scope, resource.Name); if (securedResources == null) { return; } if (securedResources.Count > 0) { var minLevel = resource.ConfigurationOptions.Select(option => option.Level).Min(); var restrictiveOptions = from option in resource.ConfigurationOptions where option.Level == minLevel select option; List <ConfigurationOptionInfo> applicableOptions = new List <ConfigurationOptionInfo>(restrictiveOptions); string[] allRoleNames = (from roles in src.SecurityRoles select roles.Name).ToArray(); // new string[src.SecurityRoles.Count]; //foreach (SecurityRoleInfo role in src.SecurityRoles) //{ // allRoleNames[allRoleNames.Length-1] = role.Name; //} List <string> userRoleNames = UserBLL.HasRoles( UserBLL.GetCurrentUser(), allRoleNames); var anyRoles = from role in src.SecurityRoles where (from userRole in userRoleNames where role.Name == userRole select userRole).Any() select role; foreach (SecurityRoleInfo role in (from role in src.SecurityRoles where (from userRole in userRoleNames where role.Name == userRole select userRole).Any() select role)) { var grantedOptions = role.GrantedResourceContainers.Where(grc => grc.Name == resourceContainer.Name) .SelectMany(grc => grc.GrantedResources.Where(gr => (gr.Scope == resource.Scope) && (gr.Name == resource.Name))) .Select(gr => gr.Option) .SelectMany(grantedOption => resource.ConfigurationOptions.Where(option => option.OptionId == grantedOption) .Select(option => option)); foreach (ConfigurationOptionInfo option in grantedOptions) { if (applicableOptions.RemoveAll(ao => (ao.Property == option.Property) && (ao.Level < option.Level)) > 0) { applicableOptions.Add(option); } } } foreach (ConfigurationOptionInfo applicableOption in applicableOptions) { foreach (object securedResource in securedResources) { PropertyInfo optionProperty = securedResource.GetType().GetProperty(applicableOption.Property); optionProperty.SetValue(securedResource, Convert.ChangeType(applicableOption.Value, optionProperty.PropertyType), null); } } } } }
protected override void OnPreRenderComplete(EventArgs e) { XmlSerializer s = new XmlSerializer(typeof(SecurityResourceConfigurationInfo)); Stream stream = null; SecurityResourceConfigurationInfo src = null; try { stream = File.OpenRead(HttpContext.Current.Request.PhysicalApplicationPath + ConfigurationManager.AppSettings["SecurityConfigurationFile"]); src = (SecurityResourceConfigurationInfo)s.Deserialize(stream); } catch (Exception) { } finally { stream.Close(); } if (src == null) { return; } if (Page is ISecurityConfiguration) { var pageFileQuery = from container in src.SecuredResourceContainers where (container.Name.ToUpper() == Request.Path.ToUpper()) select container; if (pageFileQuery.Count() > 0) { ApplySecurityRules(src, pageFileQuery.ElementAt(0), (ISecurityConfiguration)Page); } } List <UserControl> userControls = new List <UserControl>(); AccumulateUserControls(this, userControls); foreach (UserControl userControl in userControls) { if (userControl is ISecurityConfiguration) { var userControlFileQuery = from container in src.SecuredResourceContainers where (container.Name.ToUpper() == userControl.AppRelativeVirtualPath.Substring(1).ToUpper()) select container; if (userControlFileQuery.Count() > 0) { ApplySecurityRules(src, userControlFileQuery.ElementAt(0), (ISecurityConfiguration)userControl); } } } base.OnPreRenderComplete(e); }
protected void Application_PostAcquireRequestState(object sender, EventArgs e) { string formName = Request.AppRelativeCurrentExecutionFilePath.Substring(1); if ((formName.ToUpper() == "/SelectWarehouse.aspx".ToUpper()) || (formName.ToUpper() == "/AccessDenied.aspx".ToUpper()) || (formName.ToUpper() == "/ErrorPage.aspx".ToUpper()) || new FileInfo(formName.Substring(1)).Extension.ToUpper() != ".aspx".ToUpper()) { return; } if (Session["CurrentWarehouse"] == null) { Response.Redirect("SelectWarehouse.aspx", true); } XmlSerializer s = new XmlSerializer(typeof(SecurityResourceConfigurationInfo)); Stream stream = null; SecurityResourceConfigurationInfo src = null; try { stream = File.OpenRead(HttpContext.Current.Request.PhysicalApplicationPath + ConfigurationManager.AppSettings["SecurityConfigurationFile"]); src = (SecurityResourceConfigurationInfo)s.Deserialize(stream); } catch (Exception) { } finally { stream.Close(); } if (src == null) { return; } string[] allRoleNames = new string[src.SecurityRoles.Count]; int i = 0; foreach (SecurityRoleInfo role in src.SecurityRoles) { allRoleNames[i++] = role.Name; } List <string> userRoleNames = null; if (formName == "/SelectWarehouse.aspx") { userRoleNames = UserBLL.HasRoles( UserBLL.GetCurrentUser(), allRoleNames); } else { userRoleNames = UserBLL.HasRoles( UserBLL.GetCurrentUser(), allRoleNames); } var forms = from role in src.SecurityRoles where userRoleNames.Any(urn => urn == role.Name) && role.GrantedResourceContainers.Any(gr => gr.Name == formName) select role; if (forms.Count() == 0) { Response.Redirect("AccessDenied.aspx"); } }
//helper method for applying the security rules of the application private void AppllySecurityRules(string pageName, GINGridViewerDriver driver) { XmlSerializer s = new XmlSerializer(typeof(SecurityResourceConfigurationInfo)); SecurityResourceConfigurationInfo src = null; using (Stream stream = File.OpenRead(HttpContext.Current.Request.PhysicalApplicationPath + ConfigurationManager.AppSettings["SecurityConfigurationFile"])) { try { src = (SecurityResourceConfigurationInfo)s.Deserialize(stream); } catch (Exception) { } } if (src == null) { return; } List <string> allRoleNames = new List <string>(); foreach (SecurityRoleInfo role in src.SecurityRoles) { allRoleNames.Add(role.Name); } List <string> userRoleNames = UserBLL.HasRoles( UserBLL.GetCurrentUser(), allRoleNames.ToArray()); foreach (SecurityRoleInfo role in (from role in src.SecurityRoles where (from userRole in userRoleNames where role.Name == userRole select userRole).Any() select role)) { SecuredResourceContainerInfo resourceContainer = src.SecuredResourceContainers.Find(cont => cont.Name == pageName); if (resourceContainer == null) { break; } foreach (GINColumnDescriptor column in driver.Columns) { SecuredResourceInfo securedResource = resourceContainer.SecuredResources.Find(sr => (sr.Scope == driver.Name) && (sr.Name == column.Name)); if (securedResource != null) { var minLevel = securedResource.ConfigurationOptions.Select(option => option.Level).Min(); var restrictiveOptions = from option in securedResource.ConfigurationOptions where option.Level == minLevel select option; List <ConfigurationOptionInfo> applicableOptions = new List <ConfigurationOptionInfo>(restrictiveOptions); var grantedOptions = role.GrantedResourceContainers.Where(grc => grc.Name == resourceContainer.Name) .SelectMany(grc => grc.GrantedResources.Where(gr => (gr.Scope == securedResource.Scope) && (gr.Name == securedResource.Name)) .Select(gr => gr.Option) .SelectMany(grantedOption => securedResource.ConfigurationOptions.Where(option => option.OptionId == grantedOption) .Select(option => option))); foreach (ConfigurationOptionInfo option in grantedOptions) { if (applicableOptions.RemoveAll(ao => (ao.Property == option.Property) && (ao.Level < option.Level)) > 0) { applicableOptions.Add(option); } } foreach (ConfigurationOptionInfo applicableOption in applicableOptions) { PropertyInfo optionProperty = column.GetType().GetProperty(applicableOption.Property); optionProperty.SetValue(column, Convert.ChangeType(applicableOption.Value, optionProperty.PropertyType), null); } } } } }