private bool AzManTestCheckAccess()
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
string applicationName = "Application Test";
string[] operations = new string[] { this.txtOperation.Text };
HybridDictionary businessRuleParameters = new HybridDictionary();
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, AzManStorePath, null);
IAzApplication azApp = store.OpenApplication(applicationName, null);
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken((UInt64)identity.Token, null);
// costruisce il vettore dei valori e dei delle regole di business
Object[] names = new Object[0];
Object[] values = new Object[0];
Object[] operationIds = new Object[operations.Length];
for (Int32 index = 0; index < operations.Length; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
Object[] internalScopes = new Object[1];
Object[] result = (Object[])clientCtx.AccessCheck("AuditString", internalScopes, operationIds, names, values, null, null, null);
foreach (Int32 accessAllowed in result)
{
if (accessAllowed != 0)
{
return(false);
}
}
return(true);
}
/// <devdoc>
/// Checks access to specified a set of tasks in a specified application in a specified scope.
/// </devdoc>
private bool CheckAccessTasks(string auditIdentifier, WindowsIdentity identity, string[] tasks)
{
string[] scopes = new string[] { this.scopeName };
IAzApplication azApp = null;
try
{
IAzClientContext clientCtx = GetClientContext(identity, this.applicationName, out azApp);
object[] operationIds = GetTaskOperations(azApp, tasks);
object[] internalScopes = null;
if (scopes != null)
{
internalScopes = new object[1];
internalScopes[0] = scopes[0];
}
object[] result = (object[])clientCtx.AccessCheck(auditIdentifier,
internalScopes, operationIds, null, null, null, null, null);
foreach (int accessAllowed in result)
{
if (accessAllowed != 0)
{
return(false);
}
}
}
catch (COMException comEx)
{
throw new SecurityException(comEx.Message, comEx);
}
return(true);
}
// use this to update a running app
// after you change the AzMan policy
public void UpdateCache()
{
try {
store.UpdateCache(null);
Marshal.ReleaseComObject(app);
app = store.OpenApplication(appName, null);
}
catch (COMException x) {
throw new AzManException("UpdateCache failed", x);
}
}
public void Dispose()
{
if (null == app)
{
return;
}
Marshal.ReleaseComObject(app);
Marshal.ReleaseComObject(store);
app = null;
store = null;
}
internal AzApplication(AzManContext context, IAzApplication app = null)
{
Guard.ArgumentIsNotNull(context, nameof(context));
_context = context;
IAzItem = app;
Operations = new AzItemCollection <AzOperation>(this, GetOperations, () => !IsNew);
Operations.CollectionChanged += TheValue_HasChanged;
Scopes = new AzItemCollection <AzScope>(this, GetScopes, () => !IsNew);
Scopes.CollectionChanged += TheValue_HasChanged;
}
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application)
{
IAzTask azTask = null;
if (azScope == null)
{
azTask = azApplication.OpenTask(taskName, null);
}
else
{
azTask = azScope.OpenTask(taskName, null);
}
if (azTask != null)
{
IAzManItem item = application.GetItem(taskName);
//SubTasks
object[] azSubTasks = azTask.Tasks as object[];
if (azSubTasks != null)
{
foreach (string azSubTask in azSubTasks)
{
IAzManItem subItem = application.GetItem(azSubTask);
var members = item.GetMembers();
if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0)
{
item.AddMember(subItem);
}
this.SetHirearchy(azScope, azApplication, azSubTask, application);
}
}
//SubOperations
object[] azSubOperations = azTask.Operations as object[];
if (azSubOperations != null)
{
foreach (string azSubOperation in azSubOperations)
{
IAzManItem subItem = application.GetItem(azSubOperation);
var members = item.GetMembers();
if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0)
{
item.AddMember(subItem);
}
}
}
}
}
private object[] GetTaskOperations(AzManAuthorizationProviderData data, IAzApplication azApp, string[] tasks)
{
string[] scopes = new string[] { data.Scope };
StringCollection operations = new StringCollection();
foreach (String task in tasks)
{
IAzScope scope = null;
if ((scopes != null) && (scopes[0].Length > 0))
{
scope = azApp.OpenScope(scopes[0], null);
}
IAzTask azTask = null;
if (scope != null)
{
azTask = scope.OpenTask(task, null);
}
else
{
azTask = azApp.OpenTask(task, null);
}
Array ops = azTask.Operations as Array;
Debug.Assert(ops != null);
foreach (String op in ops)
{
operations.Add(op);
}
}
if (operations.Count == 0)
{
throw new ConfigurationException(SR.NoOperations);
}
object[] operationIds = new object[operations.Count];
for (int index = 0; index < operations.Count; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
return(operationIds);
}
private object[] GetTaskOperations(IAzApplication azApp, string[] tasks)
{
string[] scopes = new string[] { this.scopeName };
StringCollection operations = new StringCollection();
foreach (String task in tasks)
{
IAzScope scope = null;
if ((scopes != null) && (scopes[0].Length > 0))
{
scope = azApp.OpenScope(scopes[0], null);
}
IAzTask azTask = null;
if (scope != null)
{
azTask = scope.OpenTask(task, null);
}
else
{
azTask = azApp.OpenTask(task, null);
}
Array ops = azTask.Operations as Array;
foreach (String op in ops)
{
operations.Add(op);
}
}
if (operations.Count == 0)
{
throw new ConfigurationErrorsException(Properties.Resources.NoOperations);
}
object[] operationIds = new object[operations.Count];
for (int index = 0; index < operations.Count; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
return(operationIds);
}
public AzManHelper(string connectionString, string appName)
{
this.appName = appName;
try {
// load and initialize the AzMan runtime
store = new AzAuthorizationStore();
store.Initialize(0, connectionString, null);
// drill down to our application
app = store.OpenApplication(appName, null);
}
catch (COMException x) {
throw new AzManException("Failed to initizlize AzManHelper", x);
}
catch (System.IO.FileNotFoundException x) {
throw new AzManException(string.Format("Failed to load AzMan policy from {0} - make sure your connection string is correct.", connectionString), x);
}
}
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application)
{
IAzTask azTask = null;
if (azScope == null)
{
azTask = azApplication.OpenTask(taskName, null);
}
else
{
azTask = azScope.OpenTask(taskName, null);
}
IAzManItem item = application.GetItem(taskName);
if (azTask != null)
{
//SubTasks
object[] azSubTasks = azTask.Tasks as object[];
if (azSubTasks != null)
{
foreach (string azSubTask in azSubTasks)
{
IAzManItem subItem = application.GetItem(azSubTask);
item.AddMember(subItem);
//this.SetHirearchy(azScope, azApplication, azSubTask, application);
}
}
//SubOperations
object[] azSubOperations = azTask.Operations as object[];
if (azSubOperations != null)
{
foreach (string azSubOperation in azSubOperations)
{
IAzManItem subItem = application.GetItem(azSubOperation);
item.AddMember(subItem);
}
}
}
}
private void CreaStrutturaSuAzMan(string azManStorePath, int n)
{
this.Clessidra(true);
this.StartTimer();
WindowsIdentity id = WindowsIdentity.GetCurrent();
NTAccount userName = new NTAccount(id.Name);
IAzAuthorizationStore store = new AzAuthorizationStoreClass();
store.Initialize(0, azManStorePath, null);
object o = null;
this.pb.Maximum = n - 1;
for (int a = 0; a < n; a++)
{
IAzApplication app = store.CreateApplication("Application" + a.ToString(), null);
app.Submit(0, null);
this.pb.Value = a;
Application.DoEvents();
//IAzClientContext ctx = app.InitializeClientContextFromToken((UInt64)id.Token, null);
for (int i = 0; i < n; i++)
{
IAzOperation op = app.CreateOperation("Operation" + i.ToString(), o);
op.OperationID = i + 1;
op.Submit(0, null);
IAzTask task = app.CreateTask("Task" + i.ToString(), null);
task.AddOperation(op.Name, null);
task.Submit(0, null);
IAzTask roleTask = app.CreateTask("Role" + i.ToString(), null);
roleTask.IsRoleDefinition = 1;
roleTask.AddTask("Task" + i.ToString(), null);
roleTask.Submit(0, null);
IAzRole role = app.CreateRole("Role" + i.ToString(), null);
role.AddTask("Role" + i.ToString(), null);
role.AddMember(id.User.Value, null); //add current user
role.Submit(0, null);
}
}
this.StopTimer(this.txtAzManElapsed);
this.Clessidra(false);
}
/// <devdoc>
/// Checks access to specified a set of operations in a specified application in a specified scope.
/// </devdoc>
private bool CheckAccessOperations(AzManAuthorizationProviderData data, string auditIdentifier, IIdentity identity, string[] operations)
{
string[] scopes = new string[] { data.Scope };
IAzApplication azApp = null;
try
{
IAzClientContext clientCtx = GetClientContext(data, identity, data.Application, out azApp);
Debug.Assert(azApp != null);
object[] operationIds = new object[operations.Length];
for (int index = 0; index < operations.Length; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
object[] internalScopes = null;
if (scopes != null)
{
internalScopes = new object[1];
internalScopes[0] = scopes[0];
}
object[] result = (object[])clientCtx.AccessCheck(auditIdentifier,
internalScopes, operationIds, null, null, null, null, null);
foreach (int accessAllowed in result)
{
if (accessAllowed != 0)
{
return(false);
}
}
}
catch (COMException comEx)
{
throw new SecurityException(comEx.Message, comEx);
}
return(true);
}
/// <summary>
/// Check access permission for user
/// </summary>
/// <returns>void</returns>
public bool CheckAccessPermissions(object[] operationIds)
{
bool bCheckAccess = false;
AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass();
AzManStore.Initialize(0, ConfigurationManager.ConnectionStrings[AuthorizationManagerConstants.AZMANPOLICYSTORECONNECTIONSTRING].ConnectionString, null);
IAzApplication azApp = AzManStore.OpenApplication(AuthorizationManagerConstants.AZMANAPPLICATION, null);
// Get the current user context
IPrincipal userPrincipal = HttpContext.Current.User;
WindowsIdentity userIdentity = userPrincipal.Identity as WindowsIdentity;
IAzClientContext clientContext = azApp.InitializeClientContextFromToken((ulong)userIdentity.Token, null);
// Check if user has access to the operations
// The first argument, "Auditstring", is a string that is used if you
// have run-time auditing turned on
object[] result = (object[])clientContext.AccessCheck("CheckAccessPermission", new object[1], operationIds, null, null, null, null, null);
// Test the integer array we got back to see which operations are
// authorized
int accessAllowed = (int)result[0];
if (accessAllowed != 0)
{
// current user not authorized to perform operation
bCheckAccess = false;
}
else
{
// current user authorized to perform operation
bCheckAccess = true;
}
return(bCheckAccess);
}
private void TestSuAzMan(string azManStorePath, int max)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
IAzAuthorizationStore store = new AzAuthorizationStoreClass();
store.Initialize(0, azManStorePath, null);
int rnd = 0; // new Random().Next(max);
IAzApplication app = store.OpenApplication("Application" + rnd.ToString(), null);
IAzClientContext ctx = app.InitializeClientContextFromToken((ulong)id.Token.ToInt64(), null);
string opName = "Operation" + rnd.ToString();
IAzOperation op = app.OpenOperation(opName, null);
object[] parameterNames = new object[1] {
"chiave"
};
object[] parameterValues = new object[1] {
"valore"
};
object[] oRes = (object[])ctx.AccessCheck("Test", null, new object[] { op.OperationID }, parameterNames, parameterValues, null, null, null);
foreach (int accessAllowed in oRes)
{
if (accessAllowed != 0)
{
break;
}
}
store.CloseApplication("Application" + rnd.ToString(), 0);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(op);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(app);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(store);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(ctx);
op = null;
ctx = null;
app = null;
store = null;
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp)
{
lock (contextLock)
{
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
azApp = store.OpenApplication(applicationName, null);
}
ulong tokenHandle = (ulong)identity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
return clientCtx;
}
private object[] GetTaskOperations(IAzApplication azApp, string[] tasks)
{
string[] scopes = new string[] { this.scopeName };
StringCollection operations = new StringCollection();
foreach (String task in tasks)
{
IAzScope scope = null;
if ((scopes != null) && (scopes[0].Length > 0))
{
scope = azApp.OpenScope(scopes[0], null);
}
IAzTask azTask = null;
if (scope != null)
{
azTask = scope.OpenTask(task, null);
}
else
{
azTask = azApp.OpenTask(task, null);
}
Array ops = azTask.Operations as Array;
foreach (String op in ops)
{
operations.Add(op);
}
}
if (operations.Count == 0)
{
throw new ConfigurationErrorsException(Properties.Resources.NoOperations);
}
object[] operationIds = new object[operations.Count];
for (int index = 0; index < operations.Count; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
return operationIds;
}
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application)
{
IAzTask azTask = null;
if (azScope == null)
azTask = azApplication.OpenTask(taskName, null);
else
azTask = azScope.OpenTask(taskName, null);
IAzManItem item = application.GetItem(taskName);
if (azTask != null)
{
//SubTasks
object[] azSubTasks = azTask.Tasks as object[];
if (azSubTasks != null)
{
foreach (string azSubTask in azSubTasks)
{
IAzManItem subItem = application.GetItem(azSubTask);
item.AddMember(subItem);
//this.SetHirearchy(azScope, azApplication, azSubTask, application);
}
}
//SubOperations
object[] azSubOperations = azTask.Operations as object[];
if (azSubOperations != null)
{
foreach (string azSubOperation in azSubOperations)
{
IAzManItem subItem = application.GetItem(azSubOperation);
item.AddMember(subItem);
}
}
}
}
private object[] GetTaskOperations(AzManAuthorizationProviderData data, IAzApplication azApp, string[] tasks)
{
string[] scopes = new string[] {data.Scope};
StringCollection operations = new StringCollection();
foreach (String task in tasks)
{
IAzScope scope = null;
if ((scopes != null) && (scopes[0].Length > 0))
{
scope = azApp.OpenScope(scopes[0], null);
}
IAzTask azTask = null;
if (scope != null)
{
azTask = scope.OpenTask(task, null);
}
else
{
azTask = azApp.OpenTask(task, null);
}
Array ops = azTask.Operations as Array;
Debug.Assert(ops != null);
foreach (String op in ops)
{
operations.Add(op);
}
}
if (operations.Count == 0)
{
throw new ConfigurationException(SR.NoOperations);
}
object[] operationIds = new object[operations.Count];
for (int index = 0; index < operations.Count; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
return operationIds;
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp)
{
WindowsIdentity winIdentity = identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(SR.WindowsIdentityOnly);
}
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, data.StoreLocation, null);
azApp = store.OpenApplication(applicationName, null);
Debug.Assert(azApp != null, "could not open the application");
ulong tokenHandle = (ulong) winIdentity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
Debug.Assert(clientCtx != null, "could not get the context");
return clientCtx;
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp)
{
lock (contextLock)
{
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
azApp = store.OpenApplication(applicationName, null);
}
ulong tokenHandle = (ulong)identity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
return(clientCtx);
}
public AzApplicationScopeWrapper(IAzApplication application)
{
Guard.ArgumentIsNotNull(application, nameof(application));
_application = application;
}
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application)
{
IAzTask azTask = null;
if (azScope == null)
azTask = azApplication.OpenTask(taskName, null);
else
azTask = azScope.OpenTask(taskName, null);
if (azTask != null)
{
IAzManItem item = application.GetItem(taskName);
//SubTasks
object[] azSubTasks = azTask.Tasks as object[];
if (azSubTasks != null)
{
foreach (string azSubTask in azSubTasks)
{
IAzManItem subItem = application.GetItem(azSubTask);
var members = item.GetMembers();
if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0)
item.AddMember(subItem);
this.SetHirearchy(azScope, azApplication, azSubTask, application);
}
}
//SubOperations
object[] azSubOperations = azTask.Operations as object[];
if (azSubOperations != null)
{
foreach (string azSubOperation in azSubOperations)
{
IAzManItem subItem = application.GetItem(azSubOperation);
var members = item.GetMembers();
if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0)
item.AddMember(subItem);
}
}
}
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp)
{
WindowsIdentity winIdentity = identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(SR.WindowsIdentityOnly);
}
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, data.StoreLocation, null);
azApp = store.OpenApplication(applicationName, null);
Debug.Assert(azApp != null, "could not open the application");
ulong tokenHandle = (ulong)winIdentity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
Debug.Assert(clientCtx != null, "could not get the context");
return(clientCtx);
}
