private bool AzManTestCheckAccess() { WindowsIdentity identity = WindowsIdentity.GetCurrent(); string applicationName = "Application Test"; string[] operations = new string[] { this.txtOperation.Text }; HybridDictionary businessRuleParameters = new HybridDictionary(); AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, AzManStorePath, null); IAzApplication azApp = store.OpenApplication(applicationName, null); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken((UInt64)identity.Token, null); // costruisce il vettore dei valori e dei delle regole di business Object[] names = new Object[0]; Object[] values = new Object[0]; Object[] operationIds = new Object[operations.Length]; for (Int32 index = 0; index < operations.Length; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } Object[] internalScopes = new Object[1]; Object[] result = (Object[])clientCtx.AccessCheck("AuditString", internalScopes, operationIds, names, values, null, null, null); foreach (Int32 accessAllowed in result) { if (accessAllowed != 0) { return(false); } } return(true); }
/// <devdoc> /// Checks access to specified a set of tasks in a specified application in a specified scope. /// </devdoc> private bool CheckAccessTasks(string auditIdentifier, WindowsIdentity identity, string[] tasks) { string[] scopes = new string[] { this.scopeName }; IAzApplication azApp = null; try { IAzClientContext clientCtx = GetClientContext(identity, this.applicationName, out azApp); object[] operationIds = GetTaskOperations(azApp, tasks); object[] internalScopes = null; if (scopes != null) { internalScopes = new object[1]; internalScopes[0] = scopes[0]; } object[] result = (object[])clientCtx.AccessCheck(auditIdentifier, internalScopes, operationIds, null, null, null, null, null); foreach (int accessAllowed in result) { if (accessAllowed != 0) { return(false); } } } catch (COMException comEx) { throw new SecurityException(comEx.Message, comEx); } return(true); }
// use this to update a running app // after you change the AzMan policy public void UpdateCache() { try { store.UpdateCache(null); Marshal.ReleaseComObject(app); app = store.OpenApplication(appName, null); } catch (COMException x) { throw new AzManException("UpdateCache failed", x); } }
public void Dispose() { if (null == app) { return; } Marshal.ReleaseComObject(app); Marshal.ReleaseComObject(store); app = null; store = null; }
internal AzApplication(AzManContext context, IAzApplication app = null) { Guard.ArgumentIsNotNull(context, nameof(context)); _context = context; IAzItem = app; Operations = new AzItemCollection <AzOperation>(this, GetOperations, () => !IsNew); Operations.CollectionChanged += TheValue_HasChanged; Scopes = new AzItemCollection <AzScope>(this, GetScopes, () => !IsNew); Scopes.CollectionChanged += TheValue_HasChanged; }
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application) { IAzTask azTask = null; if (azScope == null) { azTask = azApplication.OpenTask(taskName, null); } else { azTask = azScope.OpenTask(taskName, null); } if (azTask != null) { IAzManItem item = application.GetItem(taskName); //SubTasks object[] azSubTasks = azTask.Tasks as object[]; if (azSubTasks != null) { foreach (string azSubTask in azSubTasks) { IAzManItem subItem = application.GetItem(azSubTask); var members = item.GetMembers(); if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0) { item.AddMember(subItem); } this.SetHirearchy(azScope, azApplication, azSubTask, application); } } //SubOperations object[] azSubOperations = azTask.Operations as object[]; if (azSubOperations != null) { foreach (string azSubOperation in azSubOperations) { IAzManItem subItem = application.GetItem(azSubOperation); var members = item.GetMembers(); if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0) { item.AddMember(subItem); } } } } }
private object[] GetTaskOperations(AzManAuthorizationProviderData data, IAzApplication azApp, string[] tasks) { string[] scopes = new string[] { data.Scope }; StringCollection operations = new StringCollection(); foreach (String task in tasks) { IAzScope scope = null; if ((scopes != null) && (scopes[0].Length > 0)) { scope = azApp.OpenScope(scopes[0], null); } IAzTask azTask = null; if (scope != null) { azTask = scope.OpenTask(task, null); } else { azTask = azApp.OpenTask(task, null); } Array ops = azTask.Operations as Array; Debug.Assert(ops != null); foreach (String op in ops) { operations.Add(op); } } if (operations.Count == 0) { throw new ConfigurationException(SR.NoOperations); } object[] operationIds = new object[operations.Count]; for (int index = 0; index < operations.Count; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } return(operationIds); }
private object[] GetTaskOperations(IAzApplication azApp, string[] tasks) { string[] scopes = new string[] { this.scopeName }; StringCollection operations = new StringCollection(); foreach (String task in tasks) { IAzScope scope = null; if ((scopes != null) && (scopes[0].Length > 0)) { scope = azApp.OpenScope(scopes[0], null); } IAzTask azTask = null; if (scope != null) { azTask = scope.OpenTask(task, null); } else { azTask = azApp.OpenTask(task, null); } Array ops = azTask.Operations as Array; foreach (String op in ops) { operations.Add(op); } } if (operations.Count == 0) { throw new ConfigurationErrorsException(Properties.Resources.NoOperations); } object[] operationIds = new object[operations.Count]; for (int index = 0; index < operations.Count; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } return(operationIds); }
public AzManHelper(string connectionString, string appName) { this.appName = appName; try { // load and initialize the AzMan runtime store = new AzAuthorizationStore(); store.Initialize(0, connectionString, null); // drill down to our application app = store.OpenApplication(appName, null); } catch (COMException x) { throw new AzManException("Failed to initizlize AzManHelper", x); } catch (System.IO.FileNotFoundException x) { throw new AzManException(string.Format("Failed to load AzMan policy from {0} - make sure your connection string is correct.", connectionString), x); } }
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application) { IAzTask azTask = null; if (azScope == null) { azTask = azApplication.OpenTask(taskName, null); } else { azTask = azScope.OpenTask(taskName, null); } IAzManItem item = application.GetItem(taskName); if (azTask != null) { //SubTasks object[] azSubTasks = azTask.Tasks as object[]; if (azSubTasks != null) { foreach (string azSubTask in azSubTasks) { IAzManItem subItem = application.GetItem(azSubTask); item.AddMember(subItem); //this.SetHirearchy(azScope, azApplication, azSubTask, application); } } //SubOperations object[] azSubOperations = azTask.Operations as object[]; if (azSubOperations != null) { foreach (string azSubOperation in azSubOperations) { IAzManItem subItem = application.GetItem(azSubOperation); item.AddMember(subItem); } } } }
private void CreaStrutturaSuAzMan(string azManStorePath, int n) { this.Clessidra(true); this.StartTimer(); WindowsIdentity id = WindowsIdentity.GetCurrent(); NTAccount userName = new NTAccount(id.Name); IAzAuthorizationStore store = new AzAuthorizationStoreClass(); store.Initialize(0, azManStorePath, null); object o = null; this.pb.Maximum = n - 1; for (int a = 0; a < n; a++) { IAzApplication app = store.CreateApplication("Application" + a.ToString(), null); app.Submit(0, null); this.pb.Value = a; Application.DoEvents(); //IAzClientContext ctx = app.InitializeClientContextFromToken((UInt64)id.Token, null); for (int i = 0; i < n; i++) { IAzOperation op = app.CreateOperation("Operation" + i.ToString(), o); op.OperationID = i + 1; op.Submit(0, null); IAzTask task = app.CreateTask("Task" + i.ToString(), null); task.AddOperation(op.Name, null); task.Submit(0, null); IAzTask roleTask = app.CreateTask("Role" + i.ToString(), null); roleTask.IsRoleDefinition = 1; roleTask.AddTask("Task" + i.ToString(), null); roleTask.Submit(0, null); IAzRole role = app.CreateRole("Role" + i.ToString(), null); role.AddTask("Role" + i.ToString(), null); role.AddMember(id.User.Value, null); //add current user role.Submit(0, null); } } this.StopTimer(this.txtAzManElapsed); this.Clessidra(false); }
/// <devdoc> /// Checks access to specified a set of operations in a specified application in a specified scope. /// </devdoc> private bool CheckAccessOperations(AzManAuthorizationProviderData data, string auditIdentifier, IIdentity identity, string[] operations) { string[] scopes = new string[] { data.Scope }; IAzApplication azApp = null; try { IAzClientContext clientCtx = GetClientContext(data, identity, data.Application, out azApp); Debug.Assert(azApp != null); object[] operationIds = new object[operations.Length]; for (int index = 0; index < operations.Length; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } object[] internalScopes = null; if (scopes != null) { internalScopes = new object[1]; internalScopes[0] = scopes[0]; } object[] result = (object[])clientCtx.AccessCheck(auditIdentifier, internalScopes, operationIds, null, null, null, null, null); foreach (int accessAllowed in result) { if (accessAllowed != 0) { return(false); } } } catch (COMException comEx) { throw new SecurityException(comEx.Message, comEx); } return(true); }
/// <summary> /// Check access permission for user /// </summary> /// <returns>void</returns> public bool CheckAccessPermissions(object[] operationIds) { bool bCheckAccess = false; AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass(); AzManStore.Initialize(0, ConfigurationManager.ConnectionStrings[AuthorizationManagerConstants.AZMANPOLICYSTORECONNECTIONSTRING].ConnectionString, null); IAzApplication azApp = AzManStore.OpenApplication(AuthorizationManagerConstants.AZMANAPPLICATION, null); // Get the current user context IPrincipal userPrincipal = HttpContext.Current.User; WindowsIdentity userIdentity = userPrincipal.Identity as WindowsIdentity; IAzClientContext clientContext = azApp.InitializeClientContextFromToken((ulong)userIdentity.Token, null); // Check if user has access to the operations // The first argument, "Auditstring", is a string that is used if you // have run-time auditing turned on object[] result = (object[])clientContext.AccessCheck("CheckAccessPermission", new object[1], operationIds, null, null, null, null, null); // Test the integer array we got back to see which operations are // authorized int accessAllowed = (int)result[0]; if (accessAllowed != 0) { // current user not authorized to perform operation bCheckAccess = false; } else { // current user authorized to perform operation bCheckAccess = true; } return(bCheckAccess); }
private void TestSuAzMan(string azManStorePath, int max) { WindowsIdentity id = WindowsIdentity.GetCurrent(); IAzAuthorizationStore store = new AzAuthorizationStoreClass(); store.Initialize(0, azManStorePath, null); int rnd = 0; // new Random().Next(max); IAzApplication app = store.OpenApplication("Application" + rnd.ToString(), null); IAzClientContext ctx = app.InitializeClientContextFromToken((ulong)id.Token.ToInt64(), null); string opName = "Operation" + rnd.ToString(); IAzOperation op = app.OpenOperation(opName, null); object[] parameterNames = new object[1] { "chiave" }; object[] parameterValues = new object[1] { "valore" }; object[] oRes = (object[])ctx.AccessCheck("Test", null, new object[] { op.OperationID }, parameterNames, parameterValues, null, null, null); foreach (int accessAllowed in oRes) { if (accessAllowed != 0) { break; } } store.CloseApplication("Application" + rnd.ToString(), 0); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(op); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(app); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(store); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(ctx); op = null; ctx = null; app = null; store = null; }
/// <devdoc> /// Gets the client context for the call based on the identity, system and parameters. /// </devdoc> private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp) { lock (contextLock) { AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, this.storeLocation, null); azApp = store.OpenApplication(applicationName, null); } ulong tokenHandle = (ulong)identity.Token.ToInt64(); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null); return clientCtx; }
private object[] GetTaskOperations(IAzApplication azApp, string[] tasks) { string[] scopes = new string[] { this.scopeName }; StringCollection operations = new StringCollection(); foreach (String task in tasks) { IAzScope scope = null; if ((scopes != null) && (scopes[0].Length > 0)) { scope = azApp.OpenScope(scopes[0], null); } IAzTask azTask = null; if (scope != null) { azTask = scope.OpenTask(task, null); } else { azTask = azApp.OpenTask(task, null); } Array ops = azTask.Operations as Array; foreach (String op in ops) { operations.Add(op); } } if (operations.Count == 0) { throw new ConfigurationErrorsException(Properties.Resources.NoOperations); } object[] operationIds = new object[operations.Count]; for (int index = 0; index < operations.Count; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } return operationIds; }
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application) { IAzTask azTask = null; if (azScope == null) azTask = azApplication.OpenTask(taskName, null); else azTask = azScope.OpenTask(taskName, null); IAzManItem item = application.GetItem(taskName); if (azTask != null) { //SubTasks object[] azSubTasks = azTask.Tasks as object[]; if (azSubTasks != null) { foreach (string azSubTask in azSubTasks) { IAzManItem subItem = application.GetItem(azSubTask); item.AddMember(subItem); //this.SetHirearchy(azScope, azApplication, azSubTask, application); } } //SubOperations object[] azSubOperations = azTask.Operations as object[]; if (azSubOperations != null) { foreach (string azSubOperation in azSubOperations) { IAzManItem subItem = application.GetItem(azSubOperation); item.AddMember(subItem); } } } }
private object[] GetTaskOperations(AzManAuthorizationProviderData data, IAzApplication azApp, string[] tasks) { string[] scopes = new string[] {data.Scope}; StringCollection operations = new StringCollection(); foreach (String task in tasks) { IAzScope scope = null; if ((scopes != null) && (scopes[0].Length > 0)) { scope = azApp.OpenScope(scopes[0], null); } IAzTask azTask = null; if (scope != null) { azTask = scope.OpenTask(task, null); } else { azTask = azApp.OpenTask(task, null); } Array ops = azTask.Operations as Array; Debug.Assert(ops != null); foreach (String op in ops) { operations.Add(op); } } if (operations.Count == 0) { throw new ConfigurationException(SR.NoOperations); } object[] operationIds = new object[operations.Count]; for (int index = 0; index < operations.Count; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } return operationIds; }
/// <devdoc> /// Gets the client context for the call based on the identity, system and parameters. /// </devdoc> private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp) { WindowsIdentity winIdentity = identity as WindowsIdentity; if (winIdentity == null) { throw new ArgumentException(SR.WindowsIdentityOnly); } AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, data.StoreLocation, null); azApp = store.OpenApplication(applicationName, null); Debug.Assert(azApp != null, "could not open the application"); ulong tokenHandle = (ulong) winIdentity.Token.ToInt64(); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null); Debug.Assert(clientCtx != null, "could not get the context"); return clientCtx; }
/// <devdoc> /// Gets the client context for the call based on the identity, system and parameters. /// </devdoc> private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp) { lock (contextLock) { AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, this.storeLocation, null); azApp = store.OpenApplication(applicationName, null); } ulong tokenHandle = (ulong)identity.Token.ToInt64(); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null); return(clientCtx); }
public AzApplicationScopeWrapper(IAzApplication application) { Guard.ArgumentIsNotNull(application, nameof(application)); _application = application; }
private void SetHirearchy(IAzScope azScope, IAzApplication azApplication, string taskName, IAzManApplication application) { IAzTask azTask = null; if (azScope == null) azTask = azApplication.OpenTask(taskName, null); else azTask = azScope.OpenTask(taskName, null); if (azTask != null) { IAzManItem item = application.GetItem(taskName); //SubTasks object[] azSubTasks = azTask.Tasks as object[]; if (azSubTasks != null) { foreach (string azSubTask in azSubTasks) { IAzManItem subItem = application.GetItem(azSubTask); var members = item.GetMembers(); if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0) item.AddMember(subItem); this.SetHirearchy(azScope, azApplication, azSubTask, application); } } //SubOperations object[] azSubOperations = azTask.Operations as object[]; if (azSubOperations != null) { foreach (string azSubOperation in azSubOperations) { IAzManItem subItem = application.GetItem(azSubOperation); var members = item.GetMembers(); if (members == null || members.Where(t => t.ItemId == subItem.ItemId).Count() == 0) item.AddMember(subItem); } } } }
/// <devdoc> /// Gets the client context for the call based on the identity, system and parameters. /// </devdoc> private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp) { WindowsIdentity winIdentity = identity as WindowsIdentity; if (winIdentity == null) { throw new ArgumentException(SR.WindowsIdentityOnly); } AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, data.StoreLocation, null); azApp = store.OpenApplication(applicationName, null); Debug.Assert(azApp != null, "could not open the application"); ulong tokenHandle = (ulong)winIdentity.Token.ToInt64(); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null); Debug.Assert(clientCtx != null, "could not get the context"); return(clientCtx); }