private static int CheckUserAccess(string connectString, SecurityRequest securityRequest)
{
int rtnCode = 0;
if (securityRequest.Type == "Administrator")
{
SqlParameter[] ParamList = new SqlParameter[] {
new SqlParameter("@UserName", securityRequest.Id),
new SqlParameter("@Token", Guid.Parse(securityRequest.Token)),
new SqlParameter("@Code", System.Data.SqlDbType.Int)
{
Direction = System.Data.ParameterDirection.Output
}
};
Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(connectString, System.Data.CommandType.StoredProcedure, "SP_CheckAdministratorAccessByToken", ParamList);
rtnCode = Int32.Parse(ParamList[2].Value.ToString());
}
else if (securityRequest.Type == "ProjectUser")
{
SqlParameter[] ParamList = new SqlParameter[] {
new SqlParameter("@UserName", securityRequest.Id),
new SqlParameter("@Token", Guid.Parse(securityRequest.Token)),
new SqlParameter("@Code", System.Data.SqlDbType.Int)
{
Direction = System.Data.ParameterDirection.Output
}
};
Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(connectString, System.Data.CommandType.StoredProcedure, "SP_CheckProjectUserAccessByToken", ParamList);
rtnCode = Int32.Parse(ParamList[2].Value.ToString());
}
return(rtnCode);
}
public static SecurityCode CheckAccess(string connectString,SecurityRequest securityRequest, System.Reflection.MethodBase methodBase)
{
new HP.TS.Devops.Core.Logger(connectString, "HP.TS.Devops.Security.CheckAccess").Write(string.Format("ID={0},Type={1},Token={2},Method={3}", securityRequest.Id, securityRequest.Type, Guid.Parse(securityRequest.Token), methodBase.Name));
int checkUserAccess = CheckUserAccess(connectString, securityRequest);//-1, 0 ,1
if (checkUserAccess == -1)
{
return SecurityCode.Timeout;//timeout
}
else if (checkUserAccess == 0)
{
return SecurityCode.TokenIssue;//token error
}
else if (checkUserAccess == 1)
{
int checkMethodAccess = CheckMethodAccess(connectString, securityRequest, methodBase);//0, 1
if (checkMethodAccess == 0)
{
return SecurityCode.MethodAccessIssue;//method no access
}
else if (checkMethodAccess == 1)
{
return SecurityCode.Success;//success
}
else
{
return SecurityCode.UnknownRuleMapIssue;//unknown rulemap error
}
}
else
{
return SecurityCode.UnknownUserAccessIssue;//unknown user error
}
}
public static SecurityCode CheckAccess(string connectString, SecurityRequest securityRequest, System.Reflection.MethodBase methodBase)
{
new HP.TS.Devops.Core.Logger(connectString, "HP.TS.Devops.Security.CheckAccess").Write(string.Format("ID={0},Type={1},Token={2},Method={3}", securityRequest.Id, securityRequest.Type, Guid.Parse(securityRequest.Token), methodBase.Name));
int checkUserAccess = CheckUserAccess(connectString, securityRequest);//-1, 0 ,1
if (checkUserAccess == -1)
{
return(SecurityCode.Timeout);//timeout
}
else if (checkUserAccess == 0)
{
return(SecurityCode.TokenIssue);//token error
}
else if (checkUserAccess == 1)
{
int checkMethodAccess = CheckMethodAccess(connectString, securityRequest, methodBase);//0, 1
if (checkMethodAccess == 0)
{
return(SecurityCode.MethodAccessIssue);//method no access
}
else if (checkMethodAccess == 1)
{
return(SecurityCode.Success);//success
}
else
{
return(SecurityCode.UnknownRuleMapIssue);//unknown rulemap error
}
}
else
{
return(SecurityCode.UnknownUserAccessIssue);//unknown user error
}
}
public static SecurityCode CheckAccess(string connectString, SecurityRequest securityRequest, out string message)
{
SecurityCode securityCode = CheckAccess(connectString, securityRequest, new System.Diagnostics.StackFrame(1).GetMethod());
message = Enum.GetName(typeof(SecurityCode), securityCode);
return(securityCode);
}
private static int CheckMethodAccess(string connectString, SecurityRequest securityRequest, System.Reflection.MethodBase methodBase)
{
SqlParameter[] ParamList = new SqlParameter[] {
new SqlParameter("@Rule", securityRequest.Type),
new SqlParameter("@Map", methodBase.Name),
new SqlParameter("@Return", System.Data.SqlDbType.Int)
{
Direction = System.Data.ParameterDirection.ReturnValue
}
};
Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(connectString, System.Data.CommandType.StoredProcedure, "SP_CheckAccess", ParamList);
return(Int32.Parse(ParamList[2].Value.ToString()));
}
public static SecurityCode CheckAccess(string connectString, SecurityRequest securityRequest)
{
return CheckAccess(connectString, securityRequest, new System.Diagnostics.StackFrame(1).GetMethod());
}
public static SecurityCode CheckAccess(string connectString, SecurityRequest securityRequest,out string message)
{
SecurityCode securityCode = CheckAccess(connectString, securityRequest, new System.Diagnostics.StackFrame(1).GetMethod());
message = Enum.GetName(typeof(SecurityCode), securityCode);
return securityCode;
}
private static int CheckUserAccess(string connectString, SecurityRequest securityRequest)
{
int rtnCode = 0;
if (securityRequest.Type == "Administrator")
{
SqlParameter[] ParamList = new SqlParameter[] {
new SqlParameter("@UserName", securityRequest.Id),
new SqlParameter("@Token", Guid.Parse(securityRequest.Token)),
new SqlParameter("@Code", System.Data.SqlDbType.Int) { Direction = System.Data.ParameterDirection.Output }
};
Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(connectString, System.Data.CommandType.StoredProcedure, "SP_CheckAdministratorAccessByToken", ParamList);
rtnCode = Int32.Parse(ParamList[2].Value.ToString());
}
else if (securityRequest.Type == "ProjectUser")
{
SqlParameter[] ParamList = new SqlParameter[] {
new SqlParameter("@UserName", securityRequest.Id),
new SqlParameter("@Token", Guid.Parse(securityRequest.Token)),
new SqlParameter("@Code", System.Data.SqlDbType.Int) { Direction = System.Data.ParameterDirection.Output }
};
Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(connectString, System.Data.CommandType.StoredProcedure, "SP_CheckProjectUserAccessByToken", ParamList);
rtnCode = Int32.Parse(ParamList[2].Value.ToString());
}
return rtnCode;
}
private static int CheckMethodAccess(string connectString, SecurityRequest securityRequest, System.Reflection.MethodBase methodBase)
{
SqlParameter[] ParamList = new SqlParameter[] {
new SqlParameter("@Rule", securityRequest.Type),
new SqlParameter("@Map", methodBase.Name),
new SqlParameter("@Return",System.Data.SqlDbType.Int){ Direction = System.Data.ParameterDirection.ReturnValue }
};
Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(connectString, System.Data.CommandType.StoredProcedure, "SP_CheckAccess", ParamList);
return Int32.Parse(ParamList[2].Value.ToString());
}
public void TestCheckAccess()
{
SecurityRequest securityRequest = new SecurityRequest() { Type = "Administrator" };
HP.TS.Devops.Security.SecurityAction.CheckAccess(this.ConnectString, securityRequest, new StackFrame(1).GetMethod());
}
public static SecurityCode CheckAccess(string connectString, SecurityRequest securityRequest)
{
return(CheckAccess(connectString, securityRequest, new System.Diagnostics.StackFrame(1).GetMethod()));
}
