public CustomPrincipal(WindowsIdentity winIdentity)
{
this.identity = winIdentity;
foreach (IdentityReference group in winIdentity.Groups)
{
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
string groupName = Formatter.ParseName(name.ToString());
List <GrupaPermisija> lista = r.CitajIzXML();
foreach (GrupaPermisija g in lista)
{
if (g.NazivGrupe == groupName)
{
if (!roles.ContainsKey(groupName))
{
roles.Add(groupName, g.Permisije.ToArray());
break;
}
}
}
}
}
public bool IsInRole(string permission)
{
foreach (IdentityReference group in this.identity.Groups)
{
//dobijamo naziv grupe
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
//proveravamo ime grupe preko klase Formatter
string groupName = Formatter.ParseName(name.ToString());
//ovo nam vraca funcija iz RoleConfig klase
string[] permissions;
//proverava da li odredjena grupa ima permisiju za tu funkciju
if (RoleConfig.GetPermissions(groupName, out permissions))
{
foreach (string permision in permissions)
{
if (permision.Equals(permission))
{
return(true);
}
}
}
}
return(false);
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
string service = Formatter.ParseName(WindowsIdentity.GetCurrent().Name); //servis
X509Certificate2 certificateOfService = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, service);
if (!certificate.Issuer.Equals(certificateOfService.Subject))
{
throw new Exception("Client certificate is not from the valid issuer.");
}
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine,
Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Issuer))
{
throw new Exception("Certificate is not from the valid issuer.");
}
}
public bool IsInRole(string permission)
{
foreach (IdentityReference group in this.identity.Groups)
{
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
string groupName = Formatter.ParseName(name.ToString());
string[] permissions;
if (RolesConfig.GetPermissions(groupName, out permissions))
{
foreach (string permision in permissions)
{
if (permision.Equals(permission))
{
return(true);
}
}
}
}
return(false);
}
public bool IsInRole(string dozvola)
{
foreach (IdentityReference grupa in this.identity.Groups)
{
SecurityIdentifier sid = (SecurityIdentifier)grupa.Translate(typeof(SecurityIdentifier));
var ime = sid.Translate(typeof(NTAccount));
string imeGrupe = Formatter.ParseName(ime.ToString());
string[] dozvole;
//pozivamo metodu koja nam vraca sve dozvole iz RoleConfigFile.resx za datu grupu, ako dozvole ne postoje, metoda vraca false
if (RoleConfig.GetPermissions(imeGrupe, out dozvole))
{
foreach (string doz in dozvole)
{
if (doz.Equals(dozvola))
{
return(true);
}
}
}
}
return(false);
}
/// <summary>
/// Implementation of a custom certificate validation on the client side.
/// Client should consider certificate valid if the given certifiate is not self-signed.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
X509Certificate2 clnCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (certificate == null)
{
Audit.AuthenticationFailed("Nema sertifikat");
throw new Exception("Client certificate not found.");
}
if (!certificate.Subject.Equals(certificate.Issuer))
{
Audit.AuthenticationFailed("Certificate is not self-signed.");
throw new Exception("Certificate is not self-signed.");
}
Audit.AuthenticationSuccess(certificate.Subject);
}
public override void Validate(X509Certificate2 certificate)
{
X509Certificate2 cert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(cert.Issuer))
{
throw new Exception("Certificate is not from the valid issuer.");
}
if (certificate.NotAfter.Ticks <= DateTime.Now.Ticks)
{
throw new Exception("Certificate has expired.");
}
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
if (certificate == null)
{
Audit.AuthenticationFailed("Nema sertifikat");
throw new Exception("Nema sertifikat");
}
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Subject))
{
Audit.AuthenticationFailed("Certificate is not issued by the service.");
throw new Exception("Certificate is not issued by the service.");
}
Audit.AuthenticationSuccess(certificate.Subject);
}
/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Issuer)) //server proverava da li je klijentski sertifikat potpisan od strane istog CA kao i sopstveni
{
throw new Exception("Certificate is not from the valid issuer.");
}
}