/// <summary> /// Authorizes a user /// </summary> /// <param name="senderInfo">User information</param> /// <param name="quota">Returns user quota</param> /// <returns>WindowsIdentity, if the user is authorized else throws an exception</returns> public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota quota) { if ((senderInfo == null) || (senderInfo.Principal == null) || (senderInfo.Principal.Identity == null)) { throw new ArgumentNullException("senderInfo"); } if (senderInfo.Principal.Identity.IsAuthenticated == false) { throw new ArgumentException("User is not authenticated"); } RbacUser.RbacUserInfo userInfo = null; if (senderInfo.Principal.WindowsIdentity != null) { userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.WindowsIdentity); } else { userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.Identity); } return RbacSystem.Current.AuthorizeUser(userInfo, out quota); }
/// <summary> /// Finds group for a PSPrincipal /// </summary> /// <param name="principal">PSPrincipal instance</param> /// <returns>Group associated with the identity</returns> private RbacGroup FindGroup(PSPrincipal principal) { if (principal == null) { throw new ArgumentNullException("principal"); } if (principal.Identity == null) { throw new ArgumentException("Null identity passed"); } if (principal.Identity.IsAuthenticated == false) { throw new UnauthorizedAccessException(); } PSIdentity powerShellIdentity = principal.Identity; GenericIdentity identity = new GenericIdentity(powerShellIdentity.Name, powerShellIdentity.AuthenticationType); RbacUser.RbacUserInfo userInfo = new RbacUser.RbacUserInfo(identity, powerShellIdentity.CertificateDetails); RbacUser user = this.Users.Find(item => item.UserInfo.Equals(userInfo)); if (user == null) { throw new ArgumentException("User not found: name=" + userInfo.Name + ", authentication=" + userInfo.AuthenticationType); } RbacGroup group = this.Groups.Find(item => item.Name == user.Group.Name); if (group == null) { throw new ArgumentException("group not found = " + user.Group.Name); } return group; }