public static void Start()
{
loadBalancer = new ServiceHost(typeof(LoadBalancerService));
RolesConfig rc = new RolesConfig();
loadBalancer.Authorization.ServiceAuthorizationManager = new CustomAuthorizationManager();
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>();
policies.Add(new CustomAuthorizationPolicy());
loadBalancer.Authorization.ExternalAuthorizationPolicies = policies.AsReadOnly();
loadBalancer.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
loadBalancer.Description.Behaviors.Remove(typeof(ServiceDebugBehavior));
loadBalancer.Description.Behaviors.Add(new ServiceDebugBehavior()
{
IncludeExceptionDetailInFaults = true
});
loadBalancer.Open();
wokerService = new ServiceHost(typeof(WorkerLB));
wokerService.Open();
Console.WriteLine("Load Balancer server is running...");
}
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
DbConfig.Initialize();
RolesConfig.Initialize();
}
public void RemoveSomeRole(string rolename)
{
if (Thread.CurrentPrincipal.IsInRole("Configure"))
{
RolesConfig.RemoveRole(rolename);
Console.WriteLine(" izvršeno RemoveRole.");
}
else
{
Console.WriteLine("Nemam dozvolu za RemoveRole.");
}
}
public void AddNewRole(string rolename)
{
if (Thread.CurrentPrincipal.IsInRole("Configure"))
{
RolesConfig.AddRole(rolename);
Console.WriteLine(" izvršeno AddRole.");
}
else
{
Console.WriteLine("Nemam dozvolu za AddRole.");
}
}
public void RemoveSomePermissions(string rolename, params string[] permissions)
{
if (Thread.CurrentPrincipal.IsInRole("Configure"))
{
RolesConfig.RemovePermissions(rolename, permissions);
Console.WriteLine(" izvršeno RemovePermissions.");
}
else
{
Console.WriteLine("Nemam dozvolu za RemovePermissios.");
}
}
public AuthMiddleware(
RequestDelegate requestDelegate,
IConfigurationManager <OpenIdConnectConfiguration> openIdCfgMan,
AppConfig config,
IUserManagementClient userManagementClient,
ILogger <AuthMiddleware> logger,
ILoggerFactory loggerFactory)
{
this.requestDelegate = requestDelegate;
this.openIdCfgMan = openIdCfgMan;
this.config = config;
this.logger = logger;
this.loggerFactory = loggerFactory;
this.authRequired = this.config.Global.AuthRequired;
this.rolesConfig = this.config.Global.ClientAuth.Roles;
this.tokenValidationInitialized = false;
this.userManagementClient = userManagementClient;
this.permissions = this.GetPermissions();
// This will show in development mode, or in case auth is turned off
if (!this.authRequired)
{
this.logger.LogWarning("### AUTHENTICATION IS DISABLED! ###");
this.logger.LogWarning("### AUTHENTICATION IS DISABLED! ###");
this.logger.LogWarning("### AUTHENTICATION IS DISABLED! ###");
}
else
{
this.logger.LogInformation("Auth config is {config}", this.config);
this.InitializeTokenValidationAsync(CancellationToken.None).Wait();
}
// TODO ~devis: this is a temporary solution for public preview only
// TODO ~devis: remove this approach and use the service to service authentication
// https://github.com/Azure/pcs-auth-dotnet/issues/18
// https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11
this.logger.LogWarning("### Service to service authentication is not available in public preview ###");
this.logger.LogWarning("### Service to service authentication is not available in public preview ###");
this.logger.LogWarning("### Service to service authentication is not available in public preview ###");
}
