public void New_Test()
{
var user = new User();
var identity = new CustomIdentity<User>(user, user.Name, true);
var roleProvider = new BasicRoleProvider<User>();
var principal = new CustomPrincipal<User>(identity, roleProvider);
Assert.AreSame(identity, principal.Identity);
Assert.AreSame(roleProvider, principal.RoleProvider);
Assert.IsTrue(principal.IsInRole("any string"));
Assert.Throws<ArgumentNullException>(() => new CustomPrincipal<User>(null, roleProvider));
Assert.Throws<ArgumentNullException>(() => new CustomPrincipal<User>(identity, null));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
CustomPrincipal prinzipal = new CustomPrincipal(filterContext.HttpContext.User.Identity);
if (prinzipal.IsInRole(Role))
{
return;
}
RouteValueDictionary dictionary = new RouteValueDictionary
{
{"controller", "Content"},
{"action", "Show"},
{"id", "AccessDenied"}
};
filterContext.Result = new RedirectToRouteResult(dictionary);
}
public void TestDefaultBehavior()
{
// arrange
var identity = new Mock <IIdentity>();
var obj = new {
id = 1,
firstName = "John",
lastName = "Smith",
roles = new[] {
Constants.Roles.ADMINISTRATOR_ROLE
}
};
// act
var principal = new CustomPrincipal(identity.Object, obj.roles, obj.id, obj.firstName, obj.lastName);
// assert
Assert.Equal(obj.id, principal.Id);
Assert.Equal(obj.firstName, principal.FirstName);
Assert.Equal(obj.lastName, principal.LastName);
Assert.True(principal.IsInRole(Constants.Roles.ADMINISTRATOR_ROLE));
}
public double Process_Id(int id_Brojila)
{
double x = 0;
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
if (principal.IsInRole(Permissions.execute.ToString()))
{
x = GetPotrosnja(id_Brojila);
///
OperationContext context = OperationContext.Current;
MessageProperties prop = context.IncomingMessageProperties;
RemoteEndpointMessageProperty endpoint =
prop[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
string ip = endpoint.Address;
///
// _listID[id_counter] = OperationContext.Current.SessionId;
_listID[id_counter] = ip;
id_counter++;
if (IPS(ip)) // sad pogledaj da li ta ip adresa je na crnoj listi , ako jeste prekini izvrsavanje!!!
{
return(0); // prekini operaciju !!!
}
int z = IDS(_listID);
if (IDS(_listID) == 3)
{
Console.WriteLine("Prijavljujem DooS napad");
Audit.Dos_Attack_Report(principal.Identity.Name);
_listID = new string[15];
Block_listID[block_id_counter] = ip;
block_id_counter++;
id_counter = 0;
}
Audit.AuthorizationSuccess(principal.Identity.Name, Permissions.execute.ToString());
}
return(x);
}
private IList <RestoreQueue> InternalSelect(int startRowIndex, int maximumRows, out int resultCount)
{
resultCount = 0;
if (maximumRows == 0)
{
return(new List <RestoreQueue>());
}
if (SearchKeys != null)
{
IList <RestoreQueue> archiveQueueList = new List <RestoreQueue>();
foreach (ServerEntityKey key in SearchKeys)
{
archiveQueueList.Add(RestoreQueue.Load(key));
}
resultCount = archiveQueueList.Count;
return(archiveQueueList);
}
WebQueryRestoreQueueParameters parameters = new WebQueryRestoreQueueParameters();
parameters.StartIndex = startRowIndex;
parameters.MaxRowCount = maximumRows;
if (Partition != null)
{
parameters.ServerPartitionKey = Partition.Key;
}
if (!string.IsNullOrEmpty(PatientId))
{
string key = PatientId.Replace("*", "%");
key = key.Replace("?", "_");
parameters.PatientId = key;
}
if (!string.IsNullOrEmpty(PatientName))
{
string key = PatientName.Replace("*", "%");
key = key.Replace("?", "_");
parameters.PatientsName = key;
}
if (String.IsNullOrEmpty(ScheduledDate))
{
parameters.ScheduledTime = null;
}
else
{
parameters.ScheduledTime = DateTime.ParseExact(ScheduledDate, DateFormats, null);
}
if (StatusEnum != null)
{
parameters.RestoreQueueStatusEnum = StatusEnum;
}
List <string> groupOIDs = new List <string>();
CustomPrincipal user = Thread.CurrentPrincipal as CustomPrincipal;
if (user != null)
{
if (!user.IsInRole(MatrixPACS.Enterprise.Common.AuthorityTokens.DataAccess.AllStudies))
{
foreach (var oid in user.Credentials.DataAccessAuthorityGroups)
{
groupOIDs.Add(oid.ToString());
}
parameters.CheckDataAccess = true;
parameters.UserAuthorityGroupGUIDs = StringUtilities.Combine(groupOIDs, ",");
}
}
IList <RestoreQueue> list = _searchController.FindRestoreQueue(parameters);
resultCount = parameters.ResultCount;
return(list);
}
private IList <WorkQueue> InternalSelect(int startRowIndex, int maximumRows, out int resultCount)
{
resultCount = 0;
if (maximumRows == 0)
{
return(new List <WorkQueue>());
}
if (SearchKeys != null)
{
IList <WorkQueue> workQueueList = new List <WorkQueue>();
foreach (ServerEntityKey key in SearchKeys)
{
workQueueList.Add(WorkQueue.Load(key));
}
resultCount = workQueueList.Count;
return(workQueueList);
}
WebWorkQueueQueryParameters parameters = new WebWorkQueueQueryParameters
{
StartIndex = startRowIndex,
MaxRowCount = maximumRows
};
if (Partition != null)
{
parameters.ServerPartitionKey = Partition.Key;
}
if (!string.IsNullOrEmpty(PatientsName))
{
string key = PatientsName.Replace("*", "%");
key = key.Replace("?", "_");
parameters.PatientsName = key;
}
if (!string.IsNullOrEmpty(PatientId))
{
string key = PatientId.Replace("*", "%");
key = key.Replace("?", "_");
parameters.PatientID = key;
}
if (!string.IsNullOrEmpty(ProcessingServer))
{
string key = ProcessingServer.Replace("*", "%");
key = key.Replace("?", "_");
parameters.ProcessorID = key;
}
if (String.IsNullOrEmpty(ScheduledDate))
{
parameters.ScheduledTime = null;
}
else
{
parameters.ScheduledTime = DateTime.ParseExact(ScheduledDate, DateFormats, null);
}
if (TypeEnums != null && TypeEnums.Length > 0)
{
string types = "(";
if (TypeEnums.Length == 1)
{
types += TypeEnums[0].Enum;
}
else
{
string separator = "";
foreach (WorkQueueTypeEnum typeEnum in TypeEnums)
{
types += separator + typeEnum.Enum;
separator = ",";
}
}
parameters.Type = types + ")";
}
if (StatusEnums != null && StatusEnums.Length > 0)
{
string statuses = "(";
if (StatusEnums.Length == 1)
{
statuses += StatusEnums[0].Enum;
}
else
{
string separator = "";
foreach (WorkQueueStatusEnum statusEnum in StatusEnums)
{
statuses += separator + statusEnum.Enum;
separator = ",";
}
}
parameters.Status = statuses + ")";
}
if (PriorityEnum != null)
{
parameters.Priority = PriorityEnum;
}
List <string> groupOIDs = new List <string>();
CustomPrincipal user = Thread.CurrentPrincipal as CustomPrincipal;
if (user != null)
{
if (!user.IsInRole(ClearCanvas.Enterprise.Common.AuthorityTokens.DataAccess.AllStudies))
{
foreach (var oid in user.Credentials.DataAccessAuthorityGroups)
{
groupOIDs.Add(oid.ToString());
}
parameters.CheckDataAccess = true;
parameters.UserAuthorityGroupGUIDs = StringUtilities.Combine(groupOIDs, ",");
}
}
IList <WorkQueue> list = _searchController.FindWorkQueue(parameters);
resultCount = parameters.ResultCount;
return(list);
}
protected void Page_Load(object sender, EventArgs e)
{
//if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
//{
CustomPrincipal cp = HttpContext.Current.User as CustomPrincipal;
String activepage = Request.RawUrl;
if (cp != null && cp.IsInRole("Admin"))
{
AdminPanel.Visible = true;
CandidatePanel.Visible = false;
}
if (cp == null || cp.IsInRole("Candidate"))
{
if (activepage.Contains("RegisterCandidate.aspx") ||
activepage.Contains("ViewCandidate.aspx") ||
activepage.Contains("CandidateManagement2.aspx") ||
activepage.Contains("AddProfession.aspx") ||
activepage.Contains("AddSkillSet.aspx") ||
activepage.Contains("AddRegion.aspx") ||
activepage.Contains("AddJobPosting.aspx") ||
activepage.Contains("ViewJobPosting.aspx") ||
activepage.Contains("ModifyJobPosting.aspx") ||
activepage.Contains("ViewReports.aspx"))
{
Response.Redirect("/Default.aspx");
}
AdminPanel.Visible = false;
CandidatePanel.Visible = true;
}
if (cp == null)
{
CandidateProfileLink.Visible = false;
LinkButton1.Visible = false;
RegisterCandidateLink.Visible = true;
LoginLink.Visible = true;
RegisterAccountLink.Visible = true;
}
#region ActiveLinkCheck
if (activepage.Contains("Default.aspx"))
{
DefaultLink.Attributes.Add("class", "nav-link active");
DefaultLink2.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("RegisterCandidate.aspx"))
{
RegisterCandidateLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("ViewCandidate.aspx"))
{
ViewCandidateLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("AddJobPosting.aspx"))
{
AddJobPostingLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("ModifyJobPosting.aspx"))
{
ModifyJobPostingLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("ViewJobPosting.aspx"))
{
ViewJobpostingLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("CandidateManagement.aspx"))
{
CandidateManagementLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("CandidateProfile.aspx"))
{
CandidateProfileLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("Contact.aspx"))
{
ContactLink.Attributes.Add("class", "nav-link active");
ContactLink2.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("ViewReports.aspx"))
{
ReportLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("AddProfession.aspx"))
{
AddProfessionLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("AddSkillSet.aspx"))
{
AddSkillsetLink.Attributes.Add("class", "nav-link active");
}
else if (activepage.Contains("AddRegion.aspx"))
{
AddRegionLink.Attributes.Add("class", "nav-link active");
}
else
{
DefaultLink.Attributes.Add("class", "nav-link active");
DefaultLink2.Attributes.Add("class", "nav-link active");
}
#endregion
//}
//else
//{
// SignOut.Text = "Sign In";
//}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
try
{
AuthenticationHeaderValue authValue = actionContext.Request.Headers.Authorization;
if (authValue != null && !String.IsNullOrWhiteSpace(authValue.Parameter) && authValue.Scheme == BasicAuthResponseHeaderValue)
{
Credentials parsedCredentials = ParseAuthorizationHeader(authValue.Parameter);
if (parsedCredentials != null)
{
var user = Context.Users.Where(u => u.Name == parsedCredentials.Username).FirstOrDefault();
bool VerifyPassword = HashSalt.VerifyPassword(parsedCredentials.Password, user.PasswordHash, user.PasswordSalt);
if (user != null && VerifyPassword)
{
List <string> list = new List <string>();
string[] userinroles = user.Role.Split(',');
foreach (var item in userinroles)
{
list.Add(item);
}
var roles = list.ToArray();
var authorizedUsers = ConfigurationManager.AppSettings[UsersConfigKey];
var authorizedRoles = ConfigurationManager.AppSettings[RolesConfigKey];
Users = String.IsNullOrEmpty(Users) ? authorizedUsers : Users;
Roles = String.IsNullOrEmpty(Roles) ? authorizedRoles : Roles;
CurrentUser = new CustomPrincipal(parsedCredentials.Username, roles);
if (!String.IsNullOrEmpty(Roles))
{
if (!CurrentUser.IsInRole(Roles))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
actionContext.Response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue);
return;
}
}
if (!String.IsNullOrEmpty(Users))
{
if (!Users.Contains(CurrentUser.UserId.ToString()))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
actionContext.Response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue);
return;
}
}
}
}
}
}
catch (Exception)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
actionContext.Response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue);
return;
}
}
/// <summary>
/// Retrieves a Boolean value indicating whether the specified System.Web.SiteMapNode
/// object can be viewed by the user in the specified context.
/// </summary>
/// <param name="context">The System.Web.HttpContext that contains user information.</param>
/// <param name="node">The System.Web.SiteMapNode that is requested by the user.</param>
/// <returns>True if security trimming is enabled and node can be viewed by the user or security trimming is not enabled; otherwise, false.</returns>
public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
CustomPrincipal user = HttpContext.Current.User as CustomPrincipal;
if (node == null)
{
throw new ArgumentNullException("node");
}
if (context == null)
{
throw new ArgumentNullException("context");
}
if (!this.SecurityTrimmingEnabled)
{
return(true);
}
if ((node.Roles != null) && (node.Roles.Count > 0))
{
foreach (string role in node.Roles)
{
if (!string.Equals(role, "*", StringComparison.InvariantCultureIgnoreCase) && ((user == null) || !user.IsInRole(role)))
{
continue;
}
return(true);
}
}
return(false);
}
public static bool IsInRole(this Controller controller, Role role)
{
CustomPrincipal prinzipal = new CustomPrincipal(controller.HttpContext.User.Identity);
return prinzipal.IsInRole(role);
}
public static bool IsInRole2(this CustomPrincipal user, string role)
{
return(user?.IsInRole(role) ?? false);
}