/// <summary> /// Gets a list of users in the specified role for the configured applicationName. /// </summary> /// <param name="roleName">The name of the role to get the list of users for.</param> /// <returns> /// A string array containing the names of all the users who are members of the specified role for the configured applicationName. /// </returns> public override string[] GetUsersInRole(string roleName) { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { IAzManApplication application = storage[this.storeName][this.applicationName]; IAzManItem role = application[roleName]; if (role.ItemType != ItemType.Role) { throw new ArgumentException(String.Format("{0} must be a Role.", roleName), "roleName"); } IAzManAuthorization[] authz = role.GetAuthorizations(); List <string> users = new List <string>(); foreach (IAzManAuthorization auth in authz) { if (auth.AuthorizationType == AuthorizationType.Allow || auth.AuthorizationType == AuthorizationType.AllowWithDelegation) { if (auth.SidWhereDefined == WhereDefined.Local || auth.SidWhereDefined == WhereDefined.LDAP) { string displayName; auth.GetMemberInfo(out displayName); users.Add(displayName); } else if (auth.SidWhereDefined == WhereDefined.Database) { users.Add(application.GetDBUser(auth.SID).UserName); } } } return(users.ToArray()); } }
/// <summary> /// Adds the specified user names to the specified roles for the configured applicationName. /// </summary> /// <param name="usernames">A string array of user names to be added to the specified roles.</param> /// <param name="roleNames">A string array of the role names to add the specified user names to.</param> public override void AddUsersToRoles(string[] usernames, string[] roleNames) { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { try { storage.OpenConnection(); storage.BeginTransaction(); IAzManApplication application = storage[this.storeName][this.applicationName]; foreach (string roleName in roleNames) { IAzManItem role = application.GetItem(roleName); if (role.ItemType != ItemType.Role) { throw new ArgumentException(String.Format("{0} must be a Role.", roleName)); } foreach (string username in usernames) { IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User); WhereDefined whereDefined = WhereDefined.LDAP; if (this.userLookupType == "LDAP") { string fqun = this.getFQUN(username); NTAccount ntaccount = new NTAccount(fqun); if (ntaccount == null) { throw SqlAzManException.UserNotFoundException(username, null); } IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier))))); if (sid == null) { throw SqlAzManException.UserNotFoundException(username, null); } role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null); } else { var dbuser = application.GetDBUser(username); IAzManSid sid = dbuser.CustomSid; role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null); } } } storage.CommitTransaction(); //Rebuild StorageCache this.InvalidateCache(false); } catch { storage.RollBackTransaction(); throw; } finally { storage.CloseConnection(); } } }
/// <summary> /// Gets the DB user. /// </summary> /// <param name="dbUserName">Name of the db user.</param> /// <returns></returns> /// <remarks>Thread-Safe</remarks> public virtual IAzManDBUser GetDBUser(string dbUserName) { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { IAzManApplication application = storage[this.storeName][this.applicationName]; return(application.GetDBUser(dbUserName)); } }
private void DBUserList_FormClosed(object sender, FormClosedEventArgs e) { var form = (DBUsersList)sender; if (form.SelectedItems != null) { if (form.SelectedItems.Count > 0) { var item = form.SelectedItems[0]; if (item != null) { IAzManDBUser dbUser = _Application.GetDBUser(item.SubItems[0].Text); txtUser.Tag = dbUser; txtUser.Text = dbUser.UserName; txtDetails.Text = String.Empty; tvwResults.Nodes.Clear(); } } } }
/// <summary> /// Gets a value indicating whether the specified user is in the specified role for the configured applicationName. /// </summary> /// <param name="username">The user name to search for.</param> /// <param name="roleName">The role to search in.</param> /// <returns> /// true if the specified user is in the specified role for the configured applicationName; otherwise, false. /// </returns> public override bool IsUserInRole(string username, string roleName) { if (this.userLookupType == "LDAP") { WindowsIdentity wid = null; if (String.Compare(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).Name, this.getFQUN(username), true) == 0) { wid = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()); } if (wid == null) { wid = new WindowsIdentity(this.getUpn(this.getFQUN(username))); //Kerberos Protocol Transition: Works in W2K3 native domain only } if (!this.useWCFCacheService) { return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now) where t.Type == ItemType.Role && (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation) && t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase) select t).Count() > 0); } else { using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient()) { try { return((from t in csc.GetAuthorizedItemsForWindowsUsers(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now, null) where t.Type == NetSqlAzManWCFCacheService.ItemType.Role && (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation) && t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase) select t).Count() > 0); } finally { ((IDisposable)csc).Dispose(); } } } } else { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { IAzManApplication application = storage[this.storeName][this.applicationName]; IAzManDBUser dbUser = application.GetDBUser(username); if (!this.useWCFCacheService) { return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, dbUser.CustomSid.StringValue, DateTime.Now) where t.Type == ItemType.Role && (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation) && t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase) select t).Count() > 0); } else { using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient()) { try { return((from t in csc.GetAuthorizedItemsForDatabaseUsers(this.storeName, this.applicationName, dbUser.CustomSid.StringValue, DateTime.Now, null) where t.Type == NetSqlAzManWCFCacheService.ItemType.Role && (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation) && t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase) select t).Count() > 0); } finally { ((IDisposable)csc).Dispose(); } } } } } }