/// <summary> /// Remove Authorization Delegate /// </summary> private void RemoveDelegate() { // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Users //Sql Storage connection string string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password"; //Create an instance of SqlAzManStorage class IAzManStorage storage = new SqlAzManStorage(sqlConnectionString); IAzManStore mystore = storage.GetStore("My Store"); //or storage["My Store"] IAzManApplication myapp = mystore.GetApplication("My Application"); IAzManItem myop = myapp.GetItem("My Operation"); //Retrieve current user identity (delegating user) WindowsIdentity userIdentity = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()); //for Windows Applications //WindowsIdentity userIdentity = this.Request.LogonUserIdentity; //for ASP.NET Applications //Retrieve delegate user Login NTAccount delegateUserLogin = new NTAccount("DOMAIN", "delegateuseraccount"); //Retrieve delegate user SID SecurityIdentifier delegateSID = (SecurityIdentifier)delegateUserLogin.Translate(typeof(SecurityIdentifier)); IAzManSid delegateNetSqlAzManSID = new SqlAzManSID(delegateSID); //Estabilish delegate authorization (only Allow or Deny) RestrictedAuthorizationType delegateAuthorization = RestrictedAuthorizationType.Allow; //Remove delegate and all custom attributes myop.DeleteDelegateAuthorization(userIdentity, delegateNetSqlAzManSID, delegateAuthorization); }
private void RefreshActiveDirectoryObjectsList() { DataTable dtADList = new DataTable("Active Directory Objects List"); dtADList.Columns.Add("sAMAccountName", typeof(string)); dtADList.Columns.Add("Name", typeof(string)); dtADList.Columns.Add("objectClass", typeof(string)); dtADList.Columns.Add("objectSid", typeof(string)); if (this.searchResultCollection != null) { foreach (SearchResult sr in this.searchResultCollection) { DirectoryEntry de = sr.GetDirectoryEntry(); DataRow dr = dtADList.NewRow(); dr["sAMAccountName"] = de.Properties["sAMAccountName"] != null && de.Properties["sAMAccountName"].Count > 0 ? (string)de.Properties["sAMAccountName"][0] : String.Empty; dr["Name"] = (string)de.InvokeGet("displayname"); dr["objectClass"] = de.SchemaClassName; dr["objectSid"] = new SqlAzManSID((byte[])de.Properties["objectSid"].Value).StringValue; dtADList.Rows.Add(dr); } } this.gvLDAPQueryResults.DataSource = dtADList; this.gvLDAPQueryResults.DataBind(); this.EmptyGridFix(this.gvLDAPQueryResults); }
/// <summary> /// Adds the specified user names to the specified roles for the configured applicationName. /// </summary> /// <param name="usernames">A string array of user names to be added to the specified roles.</param> /// <param name="roleNames">A string array of the role names to add the specified user names to.</param> public override void AddUsersToRoles(string[] usernames, string[] roleNames) { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { try { storage.OpenConnection(); storage.BeginTransaction(); IAzManApplication application = storage[this.storeName][this.applicationName]; foreach (string roleName in roleNames) { IAzManItem role = application.GetItem(roleName); if (role.ItemType != ItemType.Role) { throw new ArgumentException(String.Format("{0} must be a Role.", roleName)); } foreach (string username in usernames) { IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User); WhereDefined whereDefined = WhereDefined.LDAP; if (this.userLookupType == "LDAP") { string fqun = this.getFQUN(username); NTAccount ntaccount = new NTAccount(fqun); if (ntaccount == null) { throw SqlAzManException.UserNotFoundException(username, null); } IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier))))); if (sid == null) { throw SqlAzManException.UserNotFoundException(username, null); } role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null); } else { var dbuser = application.GetDBUser(username); IAzManSid sid = dbuser.CustomSid; role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null); } } } storage.CommitTransaction(); //Rebuild StorageCache this.InvalidateCache(false); } catch { storage.RollBackTransaction(); throw; } finally { storage.CloseConnection(); } } }
protected void btnOk_Click(object sender, EventArgs e) { try { IAzManStoreGroup storeGroup = this.store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), this.txtName.Text.Trim(), this.txtDescription.Text.Trim(), String.Empty, (this.rbtBasic.Checked ? GroupType.Basic : GroupType.LDapQuery)); this.Session["FindChildNodeText"] = storeGroup.Name; this.closeWindow(true); } catch (Exception ex) { this.ShowError(ex.Message); } }
private void btnOk_Click(object sender, EventArgs e) { this.HourGlass(true); try { this.storeGroup = this.store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), this.txtName.Text.Trim(), this.txtDescription.Text.Trim(), String.Empty, (this.rbtBasic.Checked ? GroupType.Basic : GroupType.LDapQuery)); this.HourGlass(false); this.DialogResult = DialogResult.OK; } catch (Exception ex) { this.HourGlass(false); this.DialogResult = DialogResult.None; this.ShowError(ex.Message, Globalization.MultilanguageResource.GetString("frmNewStoreGroup_Msg20")); } }
/// <summary> /// Create a Full Storage through .NET code /// </summary> private void CreateFullStorage() { // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Administrators //Sql Storage connection string string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password"; //Create an instance of SqlAzManStorage class IAzManStorage storage = new SqlAzManStorage(sqlConnectionString); //Open Storage Connection storage.OpenConnection(); //Begin a new Transaction storage.BeginTransaction(AzManIsolationLevel.ReadUncommitted); //Create a new Store IAzManStore newStore = storage.CreateStore("My Store", "Store description"); //Create a new Basic StoreGroup IAzManStoreGroup newStoreGroup = newStore.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), "My Store Group", "Store Group Description", String.Empty, GroupType.Basic); //Retrieve current user SID IAzManSid mySid = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User); //Add myself as sid of "My Store Group" IAzManStoreGroupMember storeGroupMember = newStoreGroup.CreateStoreGroupMember(mySid, WhereDefined.Local, true); //Create a new Application IAzManApplication newApp = newStore.CreateApplication("New Application", "Application description"); //Create a new Role IAzManItem newRole = newApp.CreateItem("New Role", "Role description", ItemType.Role); //Create a new Task IAzManItem newTask = newApp.CreateItem("New Task", "Task description", ItemType.Task); //Create a new Operation IAzManItem newOp = newApp.CreateItem("New Operation", "Operation description", ItemType.Operation); //Add "New Operation" as a sid of "New Task" newTask.AddMember(newOp); //Add "New Task" as a sid of "New Role" newRole.AddMember(newTask); //Create an authorization for myself on "New Role" IAzManAuthorization auth = newRole.CreateAuthorization(mySid, WhereDefined.Local, mySid, WhereDefined.Local, AuthorizationType.AllowWithDelegation, null, null); //Create a custom attribute IAzManAttribute <IAzManAuthorization> attr = auth.CreateAttribute("New Key", "New Value"); //Create an authorization for DB User "Andrea" on "New Role" IAzManAuthorization auth2 = newRole.CreateAuthorization(mySid, WhereDefined.Local, storage.GetDBUser("Andrea").CustomSid, WhereDefined.Local, AuthorizationType.AllowWithDelegation, null, null); //Commit transaction storage.CommitTransaction(); //Close connection storage.CloseConnection(); }
private void AddAuthorizationDataRow(IAzManAuthorization authorization) { DataRow dr = this.dtAuthorizations.NewRow(); dr["AuthorizationID"] = authorization.AuthorizationId; string displayName; MemberType memberType = authorization.GetMemberInfo(out displayName); string ownerName; MemberType ownerType = authorization.GetOwnerInfo(out ownerName); dr["MemberType"] = this.RenderMemberType(memberType, authorization.SID); dr["MemberTypeEnum"] = memberType; dr["Owner"] = ownerName; dr["Name"] = displayName; dr["OwnerSID"] = authorization.Owner; if (authorization.SidWhereDefined == WhereDefined.Database) { dr["ObjectSID"] = new SqlAzManSID(authorization.SID.BinaryValue, true); } else { dr["ObjectSID"] = authorization.SID; } switch (authorization.SidWhereDefined.ToString()) { case "LDAP": dr["WhereDefined"] = Globalization.MultilanguageResource.GetString("WhereDefined_LDAP"); break; case "Local": dr["WhereDefined"] = Globalization.MultilanguageResource.GetString("WhereDefined_Local"); break; case "Database": dr["WhereDefined"] = Globalization.MultilanguageResource.GetString("WhereDefined_DB"); break; case "Store": dr["WhereDefined"] = Globalization.MultilanguageResource.GetString("WhereDefined_Store"); break; case "Application": dr["WhereDefined"] = Globalization.MultilanguageResource.GetString("WhereDefined_Application"); break; } dr["WhereDefinedEnum"] = authorization.SidWhereDefined; dr["AuthorizationType"] = this.RenderAuthorizationType(authorization.AuthorizationType); dr["AuthorizationTypeEnum"] = authorization.AuthorizationType; dr["ValidFrom"] = authorization.ValidFrom.HasValue ? (object)authorization.ValidFrom.Value : DBNull.Value; dr["ValidTo"] = authorization.ValidTo.HasValue ? (object)authorization.ValidTo.Value : DBNull.Value; this.dtAuthorizations.Rows.Add(dr); }
private void SaveRecord() { try { _Storage.BeginTransaction(AzManIsolationLevel.ReadUncommitted); IAzManStoreGroup storeGroup = _Store.CreateStoreGroup( SqlAzManSID.NewSqlAzManSid(), txtName.Text.Trim(), txtDescription.Text.Trim(), String.Empty, (radBasic.Checked ? GroupType.Basic : GroupType.LDapQuery)); _Storage.CommitTransaction(); _IsDirty = true; } catch (Exception ex) { _Storage.RollBackTransaction(); throw ex; } }
private void ImportFromAzMan(string azManStorePath, string netSqlAzManStoreName) { Microsoft.Interop.Security.AzRoles.AzAuthorizationStore azstore = null; string tempFileName = Path.Combine(Environment.GetEnvironmentVariable("temp", EnvironmentVariableTarget.Machine), String.Format("AzMan{0}.xml", Guid.NewGuid())); try { this.storage.BeginTransaction(AzManIsolationLevel.ReadUncommitted); string storeDescription = String.Format("Store imported from AzMan Store:" + " ({0}) - {1}", azManStorePath, DateTime.Now.ToString()); IAzManStore store = this.storage.CreateStore(netSqlAzManStoreName, storeDescription); azstore = new AzAuthorizationStoreClass(); if (this.rbtStoreFile.Checked) { this.FileUpload1.SaveAs(tempFileName); azManStorePath = String.Format("msxml://{0}", tempFileName); } azstore.Initialize(2, azManStorePath, null); #region Store Groups //Store Groups foreach (IAzApplicationGroup azStoreGroup in azstore.ApplicationGroups) { //Store Groups Definition if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), azStoreGroup.Name, azStoreGroup.Description, String.Empty, GroupType.Basic); } else if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_LDAP_QUERY) { //LDap store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), azStoreGroup.Name, azStoreGroup.Description, azStoreGroup.LdapQuery, GroupType.LDapQuery); } } //Store Groups Members foreach (IAzApplicationGroup azStoreGroup in azstore.ApplicationGroups) { if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic IAzManStoreGroup storeGroup = store.GetStoreGroup(azStoreGroup.Name); //Store Group Members - Members Store Group object[] azStoreGroupMembers = azStoreGroup.AppMembers as object[]; if (azStoreGroupMembers != null) { foreach (string azStoreGroupMember in azStoreGroupMembers) { IAzManStoreGroup member = store.GetStoreGroup(azStoreGroupMember); storeGroup.CreateStoreGroupMember(member.SID, WhereDefined.Store, true); } } //Store Group Non-Members - Non-Members Store Group object[] azStoreGroupNonMembers = azStoreGroup.AppNonMembers as object[]; if (azStoreGroupNonMembers != null) { foreach (string azStoreGroupNonMember in azStoreGroupNonMembers) { IAzManStoreGroup nonMember = store.GetStoreGroup(azStoreGroupNonMember); storeGroup.CreateStoreGroupMember(nonMember.SID, WhereDefined.Store, false); } } //Store Group Members - Windows NT Account object[] azStoreGroupWindowsMembers = azStoreGroup.Members as object[]; if (azStoreGroupWindowsMembers != null) { foreach (string azStoreWindowsMember in azStoreGroupWindowsMembers) { IAzManSid sid = new SqlAzManSID(azStoreWindowsMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); storeGroup.CreateStoreGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, true); } } //Store Group NonMembers - Windows NT Account object[] azStoreGroupWindowsNonMembers = azStoreGroup.NonMembers as object[]; if (azStoreGroupWindowsNonMembers != null) { foreach (string azStoreWindowsNonMember in azStoreGroupWindowsNonMembers) { IAzManSid sid = new SqlAzManSID(azStoreWindowsNonMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); storeGroup.CreateStoreGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, false); } } } } #endregion Store Groups #region Applications //Applications foreach (IAzApplication azApplication in azstore.Applications) { IAzManApplication application = store.CreateApplication(azApplication.Name, azApplication.Description); #region Application Groups //Store Groups foreach (IAzApplicationGroup azApplicationGroup in azApplication.ApplicationGroups) { //Application Groups Definition if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic application.CreateApplicationGroup(SqlAzManSID.NewSqlAzManSid(), azApplicationGroup.Name, azApplicationGroup.Description, String.Empty, GroupType.Basic); } else if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_LDAP_QUERY) { //LDap application.CreateApplicationGroup(SqlAzManSID.NewSqlAzManSid(), azApplicationGroup.Name, azApplicationGroup.Description, azApplicationGroup.LdapQuery, GroupType.LDapQuery); } } //Application Groups Members foreach (IAzApplicationGroup azApplicationGroup in azApplication.ApplicationGroups) { if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic IAzManApplicationGroup applicationGroup = application.GetApplicationGroup(azApplicationGroup.Name); //Application Group Members - Members Group object[] azStoreGroupMembers = azApplicationGroup.AppMembers as object[]; if (azStoreGroupMembers != null) { foreach (string azGroupMember in azStoreGroupMembers) { IAzManStoreGroup storemember; try { storemember = store.GetStoreGroup(azGroupMember); } catch (SqlAzManException) { storemember = null; } IAzManApplicationGroup appmember; try { appmember = application.GetApplicationGroup(azGroupMember); } catch (SqlAzManException) { appmember = null; } if (storemember != null) { applicationGroup.CreateApplicationGroupMember(storemember.SID, WhereDefined.Store, true); } else { applicationGroup.CreateApplicationGroupMember(appmember.SID, WhereDefined.Application, true); } } } //Application Group Non-Members - Non-Members Group object[] azStoreGroupNonMembers = azApplicationGroup.AppNonMembers as object[]; if (azStoreGroupNonMembers != null) { foreach (string azGroupNonMember in azStoreGroupNonMembers) { IAzManStoreGroup storenonMember; try { storenonMember = store.GetStoreGroup(azGroupNonMember); } catch (SqlAzManException) { storenonMember = null; } IAzManApplicationGroup appnonMember; try { appnonMember = application.GetApplicationGroup(azGroupNonMember); } catch (SqlAzManException) { appnonMember = null; } if (storenonMember != null) { applicationGroup.CreateApplicationGroupMember(storenonMember.SID, WhereDefined.Store, false); } else { applicationGroup.CreateApplicationGroupMember(appnonMember.SID, WhereDefined.Application, false); } } } //Application Group Members - Windows NT Account object[] azApplicationGroupWindowsMembers = azApplicationGroup.Members as object[]; if (azApplicationGroupWindowsMembers != null) { foreach (string azApplicationWindowsMember in azApplicationGroupWindowsMembers) { IAzManSid sid = new SqlAzManSID(azApplicationWindowsMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); applicationGroup.CreateApplicationGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, true); } } //Application Group NonMembers - Windows NT Account object[] azApplicationGroupWindowsNonMembers = azApplicationGroup.NonMembers as object[]; if (azApplicationGroupWindowsNonMembers != null) { foreach (string azApplicationWindowsNonMember in azApplicationGroupWindowsNonMembers) { IAzManSid sid = new SqlAzManSID(azApplicationWindowsNonMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); applicationGroup.CreateApplicationGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, false); } } } } #endregion Application Groups //Without Scopes IAzTasks tasks = azApplication.Tasks as IAzTasks; if (tasks != null) { foreach (IAzTask azTask in tasks) { if (azTask.IsRoleDefinition == 1) { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Role); } else { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Task); } } } IAzOperations operations = azApplication.Operations as IAzOperations; if (operations != null) { foreach (IAzOperation azOperation in operations) { application.CreateItem(azOperation.Name, azOperation.Description, ItemType.Operation); } } //Build Item Hierarchy if (tasks != null) { foreach (IAzTask azTask in tasks) { this.SetHirearchy(null, azApplication, azTask.Name, application); } } //Scopes foreach (IAzScope azScope in azApplication.Scopes) { azApplication.OpenScope(azScope.Name, null); IAzTasks tasksOfScope = azScope.Tasks as IAzTasks; if (tasksOfScope != null) { foreach (IAzTask azTask in tasksOfScope) { if (azTask.IsRoleDefinition == 1) { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Role); } else { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Task); } } } //Build Item Hierarchy if (tasksOfScope != null) { foreach (IAzTask azTask in tasksOfScope) { this.SetHirearchy(azScope, azApplication, azTask.Name, application); } } } //Authorizations on Roles without Scopes AuthorizationType defaultAuthorization = AuthorizationType.AllowWithDelegation; IAzRoles azRoles = azApplication.Roles; foreach (IAzRole azRole in azRoles) { IAzManItem item; try { item = application.GetItem(azRole.Name); } catch (SqlAzManException) { item = null; } if (item == null) { item = application.CreateItem(azRole.Name, azRole.Description, ItemType.Role); } //Store & Application Groups Authorizations foreach (string member in (object[])azRole.AppMembers) { IAzManStoreGroup storeGroup; try { storeGroup = application.Store.GetStoreGroup(member); } catch (SqlAzManException) { storeGroup = null; } IAzManApplicationGroup applicationGroup; try { applicationGroup = application.GetApplicationGroup(member); } catch (SqlAzManException) { applicationGroup = null; } if (storeGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, storeGroup.SID, WhereDefined.Store, defaultAuthorization, null, null); } else if (applicationGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, applicationGroup.SID, WhereDefined.Application, defaultAuthorization, null, null); } } //Windows Users & Groups Authorizations foreach (string sSid in (object[])azRole.Members) { IAzManSid sid = new SqlAzManSID(sSid); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, defaultAuthorization, null, null); } } //Authorizations on Roles with Scopes foreach (IAzScope azScope in azApplication.Scopes) { IAzRoles azRolesWithScopes = azScope.Roles; foreach (IAzRole azRole in azRolesWithScopes) { IAzManItem item; try { item = application.GetItem(azRole.Name); } catch (SqlAzManException) { item = null; } if (item == null) { item = application.CreateItem(azRole.Name, azRole.Description, ItemType.Role); } //Store & Application Groups Authorizations foreach (string member in (object[])azRole.AppMembers) { IAzManStoreGroup storeGroup; try { storeGroup = application.Store.GetStoreGroup(member); } catch (SqlAzManException) { storeGroup = null; } IAzManApplicationGroup applicationGroup; try { applicationGroup = application.GetApplicationGroup(member); } catch (SqlAzManException) { applicationGroup = null; } if (storeGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, storeGroup.SID, WhereDefined.Store, defaultAuthorization, null, null); } else if (applicationGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, applicationGroup.SID, WhereDefined.Application, defaultAuthorization, null, null); } } //Windows Users & Groups Authorizations foreach (string sSid in (object[])azRole.Members) { IAzManSid sid = new SqlAzManSID(sSid); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, defaultAuthorization, null, null); } } } //try //{ // azstore.CloseApplication(azApplication.Name, 0); //} //catch //{ // //PorkAround: COM Is a mistery //} } #endregion Applications if (storage.TransactionInProgress) { storage.CommitTransaction(); } } catch { if (storage.TransactionInProgress) { storage.RollBackTransaction(); } throw; } finally { if (azstore != null) { System.Runtime.InteropServices.Marshal.ReleaseComObject(azstore); File.Delete(tempFileName); azstore = null; } } }
/// <summary> /// Adds the specified user names to the specified roles for the configured applicationName. /// </summary> /// <param name="usernames">A string array of user names to be added to the specified roles.</param> /// <param name="roleNames">A string array of the role names to add the specified user names to.</param> public override void AddUsersToRoles(string[] usernames, string[] roleNames) { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { try { storage.OpenConnection(); storage.BeginTransaction(); IAzManApplication application = storage[this.storeName][this.applicationName]; foreach (string roleName in roleNames) { IAzManItem role = application.GetItem(roleName); if (role.ItemType != ItemType.Role) throw new ArgumentException(String.Format("{0} must be a Role.", roleName)); foreach (string username in usernames) { IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User); WhereDefined whereDefined = WhereDefined.LDAP; if (this.userLookupType == "LDAP") { string fqun = this.getFQUN(username); NTAccount ntaccount = new NTAccount(fqun); if (ntaccount == null) throw SqlAzManException.UserNotFoundException(username, null); IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier))))); if (sid == null) throw SqlAzManException.UserNotFoundException(username, null); role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null); } else { var dbuser = application.GetDBUser(username); IAzManSid sid = dbuser.CustomSid; role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null); } } } storage.CommitTransaction(); //Rebuild StorageCache this.InvalidateCache(false); } catch { storage.RollBackTransaction(); throw; } finally { storage.CloseConnection(); } } }
private IAzManSid[] getCachedLDAPQueryResults(IAzManApplicationGroup applicationGroup) { string key = "applicationGroup " + applicationGroup.ApplicationGroupId.ToString(); if (!this.ldapQueryResults.ContainsKey(key)) { lock (ldapQueryResults) { if (!this.ldapQueryResults.ContainsKey(key)) { //LDAP Group var ldapQueryResult = applicationGroup.ExecuteLDAPQuery(); if (ldapQueryResult != null) { IAzManSid[] membersResults = new IAzManSid[ldapQueryResult.Count]; for (int i = 0; i < ldapQueryResult.Count; i++) { membersResults[i] = new SqlAzManSID((byte[])ldapQueryResult[i].Properties["objectSid"][0]); } this.ldapQueryResults.Add(key, membersResults); } } } } return (IAzManSid[])this.ldapQueryResults[key]; }
private void ImportFromAzMan(string azManStorePath, string netSqlAzManStoreName) { Microsoft.Interop.Security.AzRoles.AzAuthorizationStore azstore = null; try { this.SetMessage(Globalization.MultilanguageResource.GetString("frmImportFromAzMan_Msg50")); this.storage.BeginTransaction(AzManIsolationLevel.ReadUncommitted); string storeDescription = String.Format(Globalization.MultilanguageResource.GetString("frmImportFromAzMan_Msg60") +" ({0}) - {1}", azManStorePath, DateTime.Now.ToString()); IAzManStore store = this.storage.CreateStore(netSqlAzManStoreName, storeDescription); azstore = new AzAuthorizationStoreClass(); this.SetMessage(String.Format(Globalization.MultilanguageResource.GetString("frmImportFromAzMan_Msg70") +" '{0}'", azManStorePath)); azstore.Initialize(2, azManStorePath, null); #region Store Groups //Store Groups foreach (IAzApplicationGroup azStoreGroup in azstore.ApplicationGroups) { //Store Groups Definition this.SetMessage(String.Format("Store Group: '{0}'", azStoreGroup.Name)); if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), azStoreGroup.Name, azStoreGroup.Description, String.Empty, GroupType.Basic); } else if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_LDAP_QUERY) { //LDap store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), azStoreGroup.Name, azStoreGroup.Description, azStoreGroup.LdapQuery, GroupType.LDapQuery); } } //Store Groups Members foreach (IAzApplicationGroup azStoreGroup in azstore.ApplicationGroups) { if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic IAzManStoreGroup storeGroup = store.GetStoreGroup(azStoreGroup.Name); //Store Group Members - Members Store Group this.SetMessage(String.Format("Store Group: '{0}' Members", storeGroup.Name)); object[] azStoreGroupMembers = azStoreGroup.AppMembers as object[]; if (azStoreGroupMembers != null) { foreach (string azStoreGroupMember in azStoreGroupMembers) { IAzManStoreGroup member = store.GetStoreGroup(azStoreGroupMember); storeGroup.CreateStoreGroupMember(member.SID, WhereDefined.Store, true); } } //Store Group Non-Members - Non-Members Store Group this.SetMessage(String.Format("Store Group: '{0}' Non-Members", storeGroup.Name)); object[] azStoreGroupNonMembers = azStoreGroup.AppNonMembers as object[]; if (azStoreGroupNonMembers != null) { foreach (string azStoreGroupNonMember in azStoreGroupNonMembers) { IAzManStoreGroup nonMember = store.GetStoreGroup(azStoreGroupNonMember); storeGroup.CreateStoreGroupMember(nonMember.SID, WhereDefined.Store, false); } } //Store Group Members - Windows NT Account this.SetMessage(String.Format("Store Group: '{0}' Windows account Members", storeGroup.Name)); object[] azStoreGroupWindowsMembers = azStoreGroup.Members as object[]; if (azStoreGroupWindowsMembers != null) { foreach (string azStoreWindowsMember in azStoreGroupWindowsMembers) { IAzManSid sid = new SqlAzManSID(azStoreWindowsMember); string memberName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); storeGroup.CreateStoreGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, true); } } //Store Group NonMembers - Windows NT Account this.SetMessage(String.Format("Store Group: '{0}' Windows account Non-Members", storeGroup.Name)); object[] azStoreGroupWindowsNonMembers = azStoreGroup.NonMembers as object[]; if (azStoreGroupWindowsNonMembers != null) { foreach (string azStoreWindowsNonMember in azStoreGroupWindowsNonMembers) { IAzManSid sid = new SqlAzManSID(azStoreWindowsNonMember); string memberName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); storeGroup.CreateStoreGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, false); } } } } #endregion Store Groups #region Applications //Applications foreach (IAzApplication azApplication in azstore.Applications) { this.SetMessage(String.Format("Application: '{0}'", azApplication.Name)); IAzManApplication application = store.CreateApplication(azApplication.Name, azApplication.Description); #region Application Groups //Store Groups foreach (IAzApplicationGroup azApplicationGroup in azApplication.ApplicationGroups) { //Application Groups Definition this.SetMessage(String.Format("Application Group: '{0}'", azApplicationGroup.Name)); if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic application.CreateApplicationGroup(SqlAzManSID.NewSqlAzManSid(), azApplicationGroup.Name, azApplicationGroup.Description, String.Empty, GroupType.Basic); } else if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_LDAP_QUERY) { //LDap application.CreateApplicationGroup(SqlAzManSID.NewSqlAzManSid(), azApplicationGroup.Name, azApplicationGroup.Description, azApplicationGroup.LdapQuery, GroupType.LDapQuery); } } //Application Groups Members foreach (IAzApplicationGroup azApplicationGroup in azApplication.ApplicationGroups) { if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic IAzManApplicationGroup applicationGroup = application.GetApplicationGroup(azApplicationGroup.Name); //Application Group Members - Members Group this.SetMessage(String.Format("Application Group: '{0}' Members", applicationGroup.Name)); object[] azStoreGroupMembers = azApplicationGroup.AppMembers as object[]; if (azStoreGroupMembers != null) { foreach (string azGroupMember in azStoreGroupMembers) { IAzManStoreGroup storemember; try { storemember = store.GetStoreGroup(azGroupMember); } catch (SqlAzManException) { storemember = null; } IAzManApplicationGroup appmember; try { appmember = application.GetApplicationGroup(azGroupMember); } catch (SqlAzManException) { appmember = null; } if (storemember != null) applicationGroup.CreateApplicationGroupMember(storemember.SID, WhereDefined.Store, true); else applicationGroup.CreateApplicationGroupMember(appmember.SID, WhereDefined.Application, true); } } //Application Group Non-Members - Non-Members Group this.SetMessage(String.Format("Application Group: '{0}' Non-Members", applicationGroup.Name)); object[] azStoreGroupNonMembers = azApplicationGroup.AppNonMembers as object[]; if (azStoreGroupNonMembers != null) { foreach (string azGroupNonMember in azStoreGroupNonMembers) { IAzManStoreGroup storenonMember; try { storenonMember = store.GetStoreGroup(azGroupNonMember); } catch (SqlAzManException) { storenonMember = null; } IAzManApplicationGroup appnonMember; try { appnonMember = application.GetApplicationGroup(azGroupNonMember); } catch (SqlAzManException) { appnonMember = null; } if (storenonMember != null) applicationGroup.CreateApplicationGroupMember(storenonMember.SID, WhereDefined.Store, false); else applicationGroup.CreateApplicationGroupMember(appnonMember.SID, WhereDefined.Application, false); } } //Application Group Members - Windows NT Account this.SetMessage(String.Format("Application Group: '{0}' Windows account Members", applicationGroup.Name)); object[] azApplicationGroupWindowsMembers = azApplicationGroup.Members as object[]; if (azApplicationGroupWindowsMembers != null) { foreach (string azApplicationWindowsMember in azApplicationGroupWindowsMembers) { IAzManSid sid = new SqlAzManSID(azApplicationWindowsMember); string memberName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); applicationGroup.CreateApplicationGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, true); } } //Application Group NonMembers - Windows NT Account this.SetMessage(String.Format("Application Group: '{0}' Windows account Non-Members", applicationGroup.Name)); object[] azApplicationGroupWindowsNonMembers = azApplicationGroup.NonMembers as object[]; if (azApplicationGroupWindowsNonMembers != null) { foreach (string azApplicationWindowsNonMember in azApplicationGroupWindowsNonMembers) { IAzManSid sid = new SqlAzManSID(azApplicationWindowsNonMember); string memberName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); applicationGroup.CreateApplicationGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, false); } } } } #endregion Application Groups //Without Scopes IAzTasks tasks = azApplication.Tasks as IAzTasks; if (tasks != null) { foreach (IAzTask azTask in tasks) { if (azTask.IsRoleDefinition == 1) { this.SetMessage(String.Format("Role: '{0}'", azTask.Name)); IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Role); } else { this.SetMessage(String.Format("Task: '{0}'", azTask.Name)); IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Task); } } } IAzOperations operations = azApplication.Operations as IAzOperations; if (operations != null) { foreach (IAzOperation azOperation in operations) { this.SetMessage(String.Format("Operation: '{0}'", azOperation.Name)); application.CreateItem(azOperation.Name, azOperation.Description, ItemType.Operation); } } //Build Item Hierarchy if (tasks != null) { foreach (IAzTask azTask in tasks) { this.SetMessage(String.Format("Task: '{0}'", azTask.Name)); this.SetHirearchy(null, azApplication, azTask.Name, application); } } //Scopes foreach (IAzScope azScope in azApplication.Scopes) { azApplication.OpenScope(azScope.Name, null); IAzTasks tasksOfScope = azScope.Tasks as IAzTasks; if (tasksOfScope != null) { foreach (IAzTask azTask in tasksOfScope) { if (azTask.IsRoleDefinition == 1) { this.SetMessage(String.Format("Role: '{0}'", azTask.Name)); IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Role); } else { this.SetMessage(String.Format("Task: '{0}'", azTask.Name)); IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Task); } } } //Build Item Hierarchy if (tasksOfScope != null) { foreach (IAzTask azTask in tasksOfScope) { this.SetMessage(String.Format("Task: '{0}'", azTask.Name)); this.SetHirearchy(azScope, azApplication, azTask.Name, application); } } } //Authorizations on Roles without Scopes AuthorizationType defaultAuthorization = AuthorizationType.AllowWithDelegation; IAzRoles azRoles = azApplication.Roles; foreach (IAzRole azRole in azRoles) { IAzManItem item; try { item = application.GetItem(azRole.Name); } catch (SqlAzManException) { item = null; } if (item == null) item = application.CreateItem(azRole.Name, azRole.Description, ItemType.Role); //Store & Application Groups Authorizations foreach (string member in (object[])azRole.AppMembers) { IAzManStoreGroup storeGroup; try { storeGroup = application.Store.GetStoreGroup(member); } catch (SqlAzManException) { storeGroup = null; } IAzManApplicationGroup applicationGroup; try { applicationGroup = application.GetApplicationGroup(member); } catch (SqlAzManException) { applicationGroup = null; } if (storeGroup != null) item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, storeGroup.SID, WhereDefined.Store, defaultAuthorization, null, null); else if (applicationGroup != null) item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, applicationGroup.SID, WhereDefined.Application, defaultAuthorization, null, null); } //Windows Users & Groups Authorizations foreach (string sSid in (object[])azRole.Members) { IAzManSid sid = new SqlAzManSID(sSid); string memberName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, defaultAuthorization, null, null); } } //Authorizations on Roles with Scopes foreach (IAzScope azScope in azApplication.Scopes) { IAzRoles azRolesWithScopes = azScope.Roles; foreach (IAzRole azRole in azRolesWithScopes) { IAzManItem item; try { item = application.GetItem(azRole.Name); } catch (SqlAzManException) { item = null; } if (item == null) item = application.CreateItem(azRole.Name, azRole.Description, ItemType.Role); //Store & Application Groups Authorizations foreach (string member in (object[])azRole.AppMembers) { IAzManStoreGroup storeGroup; try { storeGroup = application.Store.GetStoreGroup(member); } catch (SqlAzManException) { storeGroup = null; } IAzManApplicationGroup applicationGroup; try { applicationGroup = application.GetApplicationGroup(member); } catch (SqlAzManException) { applicationGroup = null; } if (storeGroup != null) item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, storeGroup.SID, WhereDefined.Store, defaultAuthorization, null, null); else if (applicationGroup != null) item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, applicationGroup.SID, WhereDefined.Application, defaultAuthorization, null, null); } //Windows Users & Groups Authorizations foreach (string sSid in (object[])azRole.Members) { IAzManSid sid = new SqlAzManSID(sSid); string memberName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, defaultAuthorization, null, null); } } } //try //{ // azstore.CloseApplication(azApplication.Name, 0); //} //catch //{ // //PorkAround: COM Is a mistery //} } #endregion Applications this.SetMessage(Globalization.MultilanguageResource.GetString("frmImportFromAzMan_Msg80")); if (storage.TransactionInProgress) storage.CommitTransaction(); } catch { if (storage.TransactionInProgress) { this.SetMessage(Globalization.MultilanguageResource.GetString("frmImportFromAzMan_Msg90")); storage.RollBackTransaction(); } throw; } finally { if (azstore != null) { this.SetMessage(Globalization.MultilanguageResource.GetString("frmImportFromAzMan_Msg100")); System.Runtime.InteropServices.Marshal.ReleaseComObject(azstore); azstore = null; } this.SetMessage(Globalization.MultilanguageResource.GetString("Done_Msg10")); } }
protected void Application_Start(object sender, EventArgs e) { List <string> sqlDataSources = new List <string>(); if (!String.IsNullOrEmpty(ConfigurationManager.AppSettings["RootDSEPath"])) { SqlAzManStorage.RootDSEPath = ConfigurationManager.AppSettings["RootDSEPath"]; } NetSqlAzMan.DirectoryServices.DirectoryServicesUtils.SetActiveDirectoryLookUpCredential( ConfigurationManager.AppSettings["Active Directory LookUp Username"], ConfigurationManager.AppSettings["Active Directory LookUp Password"]); //Populate SQL Data Sources System.Threading.ThreadPool.QueueUserWorkItem(new System.Threading.WaitCallback( delegate(object o) { try { sqlDataSources.AddRange(this.GetSqlDataSources()); this.Application.Lock(); this.Application["SqlDataSources"] = sqlDataSources; this.Application.UnLock(); } catch { this.Application.Lock(); this.Application["SqlDataSources"] = null; this.Application.UnLock(); } } )); //Populate Active Directory Users & Groups System.Threading.ThreadPool.QueueUserWorkItem(new System.Threading.WaitCallback( delegate(object o) { try { DirectoryEntry root = Utility.NewDirectoryEntry("LDAP://" + SqlAzManStorage.RootDSEPath); DirectorySearcher deSearch = new DirectorySearcher(root); deSearch.Filter = "(|(&(objectClass=user)(objectCategory=person))(objectClass=group))"; SearchResultCollection searchResultCollection = deSearch.FindAll(); DataTable dtADList = null; dtADList = new DataTable("Active Directory Objects List"); dtADList.Columns.Add("sAMAccountName", typeof(string)); dtADList.Columns.Add("Name", typeof(string)); dtADList.Columns.Add("objectClass", typeof(string)); dtADList.Columns.Add("objectSid", typeof(string)); dtADList.Columns.Add("ADSPath", typeof(string)); if (searchResultCollection != null) { foreach (SearchResult sr in searchResultCollection) { DirectoryEntry de = sr.GetDirectoryEntry(); DataRow dr = dtADList.NewRow(); dr["sAMAccountName"] = (string)de.Properties["sAMAccountName"][0]; dr["Name"] = (string)de.InvokeGet("displayname"); dr["objectClass"] = de.SchemaClassName; dr["objectSid"] = new SqlAzManSID((byte[])de.Properties["objectSid"].Value).StringValue; dr["ADSPath"] = de.Path; dtADList.Rows.Add(dr); } } DataView dv = dtADList.DefaultView; dv.Sort = "sAMAccountName"; this.Application.Lock(); this.Application["Active Directory List"] = dv; this.Application.UnLock(); } catch { this.Application.Lock(); this.Application["Active Directory List"] = null; this.Application.UnLock(); } })); }