public AuthorizeUsingAzManProviderBuilder(IConfigureSecuritySettings context, string azManAuthorizationProviderName) : base(context) { azManProviderData = new AzManAuthorizationProviderData { Name = azManAuthorizationProviderName }; base.SecuritySettings.AuthorizationProviders.Add(azManProviderData); }
/// <summary> /// /// </summary> /// <param name="azManAuthorizationProviderData"></param> public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData) { if (azManAuthorizationProviderData == null) { throw new ArgumentNullException("azManAuthorizationProviderData"); } this.scope = azManAuthorizationProviderData.Scope; this.application = azManAuthorizationProviderData.Application; this.storeLocation = azManAuthorizationProviderData.StoreLocation; this.auditIdentifier = azManAuthorizationProviderData.AuditIdentifierPrefix; Rename(azManAuthorizationProviderData.Name); }
/// <summary> /// /// </summary> /// <param name="azManAuthorizationProviderData"></param> public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData) { if (azManAuthorizationProviderData == null) { throw new ArgumentNullException("azManAuthorizationProviderData"); } this.scope = azManAuthorizationProviderData.Scope; this.application = azManAuthorizationProviderData.Application; this.storeLocation = azManAuthorizationProviderData.StoreLocation; this.auditIdentifier = azManAuthorizationProviderData.AuditIdentifierPrefix; Rename(azManAuthorizationProviderData.Name); }
public void Setup() { AzManAuthorizationProviderData azManProviderdata = new AzManAuthorizationProviderData(); azManProviderdata.Name = "AzMan Provider"; SecuritySettings settings = new SecuritySettings(); settings.AuthorizationProviders.Add(azManProviderdata); registrations = settings.GetRegistrations(null); }
public void Properties() { AzManAuthorizationProviderData data = new AzManAuthorizationProviderData(); data.Name = nodeName; data.TypeName = nodeType; data.Application = applicationName; data.StoreLocation = storeLocation; data.AuditIdentifierPrefix = auditIdPrefix; Assert.AreEqual(nodeName, data.Name); Assert.AreEqual(nodeType, data.TypeName); Assert.AreEqual(applicationName, data.Application); Assert.AreEqual(storeLocation, data.StoreLocation); Assert.AreEqual(auditIdPrefix, data.AuditIdentifierPrefix); }
public void Properties() { AzManAuthorizationProviderData data = new AzManAuthorizationProviderData(); data.Name = nodeName; data.TypeName = nodeType; data.Application = applicationName; data.StoreLocation = storeLocation; data.AuditIdentifierPrefix = auditIdPrefix; Assert.AreEqual(nodeName, data.Name); Assert.AreEqual(nodeType, data.TypeName); Assert.AreEqual(applicationName, data.Application); Assert.AreEqual(storeLocation, data.StoreLocation); Assert.AreEqual(auditIdPrefix, data.AuditIdentifierPrefix); }
private object[] GetTaskOperations(AzManAuthorizationProviderData data, IAzApplication azApp, string[] tasks) { string[] scopes = new string[] { data.Scope }; StringCollection operations = new StringCollection(); foreach (String task in tasks) { IAzScope scope = null; if ((scopes != null) && (scopes[0].Length > 0)) { scope = azApp.OpenScope(scopes[0], null); } IAzTask azTask = null; if (scope != null) { azTask = scope.OpenTask(task, null); } else { azTask = azApp.OpenTask(task, null); } Array ops = azTask.Operations as Array; Debug.Assert(ops != null); foreach (String op in ops) { operations.Add(op); } } if (operations.Count == 0) { throw new ConfigurationException(SR.NoOperations); } object[] operationIds = new object[operations.Count]; for (int index = 0; index < operations.Count; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } return(operationIds); }
/// <devdoc> /// Gets the client context for the call based on the identity, system and parameters. /// </devdoc> private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp) { WindowsIdentity winIdentity = identity as WindowsIdentity; if (winIdentity == null) { throw new ArgumentException(SR.WindowsIdentityOnly); } AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, data.StoreLocation, null); azApp = store.OpenApplication(applicationName, null); Debug.Assert(azApp != null, "could not open the application"); ulong tokenHandle = (ulong)winIdentity.Token.ToInt64(); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null); Debug.Assert(clientCtx != null, "could not get the context"); return(clientCtx); }
public void AzManAuthorizationProviderNodeTest() { string name = "some name"; string auditIdentifierPrefix = "pFix"; string storeLocation = "some store location"; string scope = "some scope"; AzManAuthorizationProviderData data = new AzManAuthorizationProviderData(); data.Name = name; data.AuditIdentifierPrefix = auditIdentifierPrefix; data.StoreLocation = storeLocation; data.Scope = scope; AzManAuthorizationProviderNode node = new AzManAuthorizationProviderNode(data); Assert.AreEqual(name, node.Name); Assert.AreEqual(auditIdentifierPrefix, node.AuditIdentifierPrefix); Assert.AreEqual(storeLocation, node.StoreLocation); Assert.AreEqual(scope, node.Scope); }
/// <devdoc> /// Checks access to specified a set of operations in a specified application in a specified scope. /// </devdoc> private bool CheckAccessOperations(AzManAuthorizationProviderData data, string auditIdentifier, IIdentity identity, string[] operations) { string[] scopes = new string[] { data.Scope }; IAzApplication azApp = null; try { IAzClientContext clientCtx = GetClientContext(data, identity, data.Application, out azApp); Debug.Assert(azApp != null); object[] operationIds = new object[operations.Length]; for (int index = 0; index < operations.Length; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } object[] internalScopes = null; if (scopes != null) { internalScopes = new object[1]; internalScopes[0] = scopes[0]; } object[] result = (object[])clientCtx.AccessCheck(auditIdentifier, internalScopes, operationIds, null, null, null, null, null); foreach (int accessAllowed in result) { if (accessAllowed != 0) { return(false); } } } catch (COMException comEx) { throw new SecurityException(comEx.Message, comEx); } return(true); }
/// <summary> /// Evaluates the specified authority against the specified context that is either a task or operation in Authorization Manager. If the context is an operation it should be prefixed by "O". /// </summary> /// <param name="principal">Principal object containing a windows identity.</param> /// <param name="context">Name of the task or operation to evaluate.</param> /// <returns><strong>True</strong> if AzMan evaluates to true, /// otherwise <strong>false</strong>.</returns> public bool Authorize(IPrincipal principal, string context) { ArgumentValidation.CheckForNullReference(principal, "principal"); ArgumentValidation.CheckForNullReference(context, "context"); SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context); AzManAuthorizationProviderData data = GetConfigurationData(); string auditIdentifier = data.AuditIdentifierPrefix + principal.Identity.Name + ":" + context; bool result = false; bool operation = false; if (context.IndexOf(OperationContextPrefix) == 0) { operation = true; context = context.Substring(OperationContextPrefix.Length); } if (operation) { string[] operations = new string[] { context }; result = CheckAccessOperations(data, auditIdentifier, principal.Identity, operations); } else { string[] tasks = new string[] { context }; result = CheckAccessTasks(data, auditIdentifier, principal.Identity, tasks); } if (result == false) { SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context); } return(result); }
public TestAuthorizationProviderConfigurationView(AzManAuthorizationProviderData data, ConfigurationContext context) : base(context) { this.data = data; }
/// <summary> /// Constructor for AzManAuthorizationProviderDataNode. /// </summary> /// <param name="azManAuthorizationProviderData">Configuration data for <see cref="AzManAuthorizationProvider"></see></param> public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData) : base(azManAuthorizationProviderData) { this.azManAuthorizationProviderData = azManAuthorizationProviderData; }
/// <summary> /// Constructor for AzManAuthorizationProviderDataNode. /// </summary> /// <param name="azManAuthorizationProviderData">Configuration data for <see cref="AzManAuthorizationProvider"></see></param> public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData) : base(azManAuthorizationProviderData) { this.azManAuthorizationProviderData = azManAuthorizationProviderData; }