A helper class containing methods used in the implementation of role-based security.
Beispiel #1
0
        // Static Methods

        /// <summary>
        /// Creates a new provider from data cached by the <see cref="SecurityProviderCache"/>.
        /// </summary>
        /// <param name="username">The username of the user for which to create a new provider.</param>
        /// <returns>A new provider initialized from cached data.</returns>
        public static ISecurityProvider CreateProvider(string username)
        {
            CacheContext cacheContext;

            lock (s_cache)
            {
                cacheContext = s_cache.GetOrAdd(username, name => new CacheContext(SecurityProviderUtility.CreateProvider(username)));
            }

            ISecurityProvider provider = SecurityProviderUtility.CreateProvider(cacheContext.Provider.UserData);

            AutoRefresh(provider);

            return(provider);
        }
Beispiel #2
0
        // Static Methods

        /// <summary>
        /// Validates that current provider is ready, creating it if necessary.
        /// </summary>
        /// <param name="username">User name of the user for whom the<see cref= "ISecurityProvider" /> is to be created; defaults to current user.</param>
        public static void ValidateCurrentProvider(string username = null)
        {
            // Initialize the security principal from caller's windows identity if uninitialized, note that
            // simply by checking current provider any existing cached security principal will be restored,
            // if no current provider exists we create a new one
            if ((object)CurrentProvider == null)
            {
                lock (typeof(SecurityProviderCache))
                {
                    // Let's see if we won the race...
                    if ((object)CurrentProvider == null)
                    {
                        CurrentProvider = SecurityProviderUtility.CreateProvider(username);
                    }
                }
            }
        }
Beispiel #3
0
        /// <summary>
        /// Attempts to reauthenticate the current thread principal
        /// after their provider has been removed from the cache.
        /// </summary>
        /// <returns>True if the user successfully reauthenticated; false otherwise.</returns>
        public static bool ReauthenticateCurrentPrincipal()
        {
            IPrincipal        currentPrincipal;
            SecurityIdentity  identity;
            ISecurityProvider provider = null;
            string            password = null;
            bool authenticated;

            currentPrincipal = Thread.CurrentPrincipal;

            if ((object)currentPrincipal == null)
            {
                return(false);
            }

            identity = currentPrincipal.Identity as SecurityIdentity;

            if ((object)identity != null)
            {
                provider = identity.Provider;
            }

            if ((object)provider != null)
            {
                password = provider.Password;
            }

            // Reset the current principal
            WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();

            if ((object)currentIdentity != null)
            {
                Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
            }

            // Create a new provider associated with current identity
            provider = SecurityProviderUtility.CreateProvider(currentPrincipal.Identity.Name);

            // Re-authenticate user
            authenticated = provider.Authenticate(password);

            // Re-cache current provider for user
            CurrentProvider = provider;

            return(authenticated);
        }
Beispiel #4
0
        // Static Methods

        /// <summary>
        /// Creates a new provider from data cached by the <see cref="SecurityProviderCache"/>.
        /// </summary>
        /// <param name="username">The username of the user for which to create a new provider.</param>
        /// <param name="passthroughPrincipal"><see cref="IPrincipal"/> obtained through alternative authentication mechanisms to provide authentication for the <see cref="ISecurityProvider"/>.</param>
        /// <param name="autoRefresh">Indicates whether the provider should be automatically refreshed on a timer.</param>
        /// <returns>A new provider initialized from cached data.</returns>
        public static ISecurityProvider CreateProvider(string username, IPrincipal passthroughPrincipal = null, bool autoRefresh = true)
        {
            CacheContext cacheContext;

            lock (s_cache)
            {
                cacheContext = s_cache.GetOrAdd(username, name => new CacheContext(SecurityProviderUtility.CreateProvider(username, passthroughPrincipal)));
            }

            ISecurityProvider provider = SecurityProviderUtility.CreateProvider(cacheContext.Provider.UserData);

            provider.PassthroughPrincipal = passthroughPrincipal;

            if (autoRefresh)
            {
                AutoRefresh(provider);
            }

            return(provider);
        }
Beispiel #5
0
        /// <summary>
        /// Determines whether the user is a member of either of the specified <paramref name="roles"/>.
        /// </summary>
        /// <param name="roles">Comma separated list of roles to check.</param>
        /// <returns>true if the user is a member of either of the specified <paramref name="roles"/>, otherwise false.</returns>
        public bool IsInRole(string roles)
        {
            if (!m_identity.Provider.UserData.IsDefined || !m_identity.Provider.IsUserAuthenticated ||
                m_identity.Provider.UserData.IsDisabled || m_identity.Provider.UserData.IsLockedOut)
            {
                // No need to check user roles.
                return(false);
            }

            // Check if user has any one of the specified roles.
            foreach (string role in roles.Split(','))
            {
                if (m_identity.Provider.UserData.Roles.FirstOrDefault(currentRole => (SecurityProviderUtility.IsRegexMatch(m_identity.Provider.TranslateRole(role.Trim()), currentRole))) != null)
                {
                    return(true);
                }
            }

            return(false);
        }