protected void Button1_Click(object sender, EventArgs e) { IAzManStorage storage = new SqlAzManStorage("data source=(local);Initial Catalog=NetSqlAzManStorage;user id=sa;password="******"Store Stress Test", "Application0", "Role0", this.Request.LogonUserIdentity, DateTime.Now, false).ToString(); this.TextBox1.Text += storage.CheckAccess("Store Stress Test", "Application0", "Operation0", this.Request.LogonUserIdentity, DateTime.Now, false).ToString(); } //Application0.Security.CheckAccessHelper chk = new Application0.Security.CheckAccessHelper("data source=.;Initial Catalog=NetSqlAzManStorage;Integrated Security=SSPI", this.Request.LogonUserIdentity); // this.TextBox1.Text = chk.CheckAccess(Application0.Security.CheckAccessHelper.Operation.Operation0).ToString(); }
/// <summary> /// Check Access from your Application [FOR Windows Users ONLY]. /// </summary> /// <param name="dbUserName">DB Username</param> private void CheckAccessPermissionsForDBUsers(string dbUserName) { // REMBER: // Modify dbo.GetDBUsers Table-Function to customize DB User list. // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Readers //Sql Storage connection string string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password"; //Create an instance of SqlAzManStorage class IAzManStorage storage = new SqlAzManStorage(sqlConnectionString); //Retrieve DB User identity from dbo.GetDBUsers Table-Function IAzManDBUser dbUser = storage.GetDBUser(dbUserName); AuthorizationType auth = storage.CheckAccess("My Store", "My Application", "My Operation", dbUser, DateTime.Now, true); switch (auth) { case AuthorizationType.AllowWithDelegation: //Yes, I can ... and I can delegate break; case AuthorizationType.Allow: //Yes, I can break; case AuthorizationType.Neutral: case AuthorizationType.Deny: //No, I cannot break; } }
private AuthorizationType NetSqlAzManTestDirectCheckAccess() { WindowsIdentity userIdentity = this.Request.LogonUserIdentity; IAzManStorage storage = new SqlAzManStorage(NetSqlAzManStorePath); return(storage.CheckAccess("Store Test", "Application Test", this.txtDirectItem.Text, userIdentity, DateTime.Now, true)); }
/// <summary> /// Determines whether the specified control name has access. /// </summary> /// <param name="context">The context.</param> /// <param name="controlName">Name of the control.</param> /// <param name="itemName">Name of the item.</param> /// <returns> /// <c>true</c> if the specified control name has access; otherwise, <c>false</c>. /// </returns> protected internal bool HasAccess(NetSqlAzManAuthorizationContext context, string controlName, string itemName) { if (!String.IsNullOrEmpty(context._storageConnectionString)) { if (context.StorageCache != null) { //Storage Cache AuthorizationType auth = AuthorizationType.Neutral; if (context._windowIdentity != null) { auth = context.StorageCache.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._windowIdentity.GetUserBinarySSid(), context._windowIdentity.GetGroupsBinarySSid(), ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters); } else if (context._dbuserIdentity != null) { auth = context.StorageCache.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._dbuserIdentity.CustomSid.StringValue, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters); } return((auth == AuthorizationType.AllowWithDelegation) || (auth == AuthorizationType.Allow)); } else { //Direct Access using (SqlAzManStorage storage = new SqlAzManStorage(context._storageConnectionString)) { AuthorizationType auth = AuthorizationType.Neutral; if (context._windowIdentity != null) { auth = storage.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._windowIdentity, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters); } else if (context._dbuserIdentity != null) { auth = storage.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._dbuserIdentity, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters); } return((auth == AuthorizationType.AllowWithDelegation) || (auth == AuthorizationType.Allow)); } } } else { throw new InvalidOperationException("NetSqlAzMan Storage connection string and NetSqlAzMan WCF Cache Service url cannot be both null"); } }
private void TestSuNetSqlAzMan(string connectionString, int max) { WindowsIdentity id = WindowsIdentity.GetCurrent(); int rnd = new Random().Next(max); IAzManStorage storage = new SqlAzManStorage(connectionString); storage.OpenConnection(); AuthorizationType res = storage.CheckAccess("Store Stress Test", "Application" + rnd.ToString(), "Operation" + rnd.ToString(), id, DateTime.Now, true, new KeyValuePair <string, object>("chiave", "valore")); //AuthorizationType res = storage.CheckAccess("Store Stress Test", "Application" + rnd.ToString(), "Operation" + rnd.ToString(), storage.GetDBUser("Andrea"), DateTime.Now, true, new KeyValuePair<string, object>("chiave", "valore")); storage.CloseConnection(); storage.Dispose(); }
/// <summary> /// Check Access from your Application [FOR Windows Users ONLY]. /// </summary> /// <param name="userIdentity">Windows User Identity.</param> private void CheckAccessPermissionsForWindowsUsers(WindowsIdentity userIdentity, bool useCache) { // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Readers //Sql Storage connection string string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password"; //Create an instance of SqlAzManStorage class IAzManStorage storage = new SqlAzManStorage(sqlConnectionString); //To Pass current user identity: //WindowsIdentity.GetCurrent() -> for Windows Applications //this.Request.LogonUserIdentity -> for ASP.NET Applications List <KeyValuePair <string, string> > attributes; AuthorizationType auth; if (useCache) { //Build the cache Only one time per session/application/user NetSqlAzMan.Cache.UserPermissionCache cache = new NetSqlAzMan.Cache.UserPermissionCache(storage, "My Store", "My Application", userIdentity, true, true); //Then Check Access auth = cache.CheckAccess("My Operation", DateTime.Now, out attributes); } else { auth = storage.CheckAccess("My Store", "My Application", "My Operation", userIdentity, DateTime.Now, true, out attributes); } switch (auth) { case AuthorizationType.AllowWithDelegation: //Yes, I can ... and I can delegate break; case AuthorizationType.Allow: //Yes, I can break; case AuthorizationType.Neutral: case AuthorizationType.Deny: //No, I cannot break; } //Do something with attributes found }
private void buildApplicationCacheMultiThread() { try { DateTime globalNow = DateTime.Now; this.storage.OpenConnection(); this.collectPermissionData(); List <ItemCheckAccessResult> results = new List <ItemCheckAccessResult>(); IAzManSid sid = this.windowsIdentity != null ? new SqlAzManSID(this.windowsIdentity.User) : this.dbUser.CustomSid; List <ManualResetEvent> waitHandles = new List <ManualResetEvent>(); Hashtable allResult = new Hashtable(); int index = 0; Exception lastException = null; foreach (String itemname in this.items) { var drAuthorization = this.dtAuthorizations.Where(t => t.ItemName == itemname).FirstOrDefault(); if (drAuthorization == null) { drAuthorization = new BuildUserPermissionCacheResult2() { ItemName = itemname, ValidFrom = null, ValidTo = null } } ; //string itemName = drAuthorization.ItemName; ManualResetEvent waitHandle = new ManualResetEvent(false); waitHandles.Add(waitHandle); //New Thread Pool ThreadPool.QueueUserWorkItem(new WaitCallback( delegate(object o) { IAzManStorage clonedStorage = new SqlAzManStorage(((SqlAzManStorage)this.storage).db.Connection.ConnectionString); int localIndex = (int)((object[])o)[0]; ManualResetEvent localWaitHandle = (ManualResetEvent)((object[])o)[1]; BuildUserPermissionCacheResult2 localAuth = (BuildUserPermissionCacheResult2)((object[])o)[2]; DateTime now = (DateTime)((object[])o)[3]; string itemName = localAuth.ItemName; try { clonedStorage.OpenConnection(); ItemCheckAccessResult result = new ItemCheckAccessResult(itemName); result.ValidFrom = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : DateTime.MinValue; result.ValidTo = localAuth.ValidTo.HasValue ? localAuth.ValidTo.Value : DateTime.MaxValue; List <KeyValuePair <string, string> > attributes = null; DateTime validFor = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : now; if (this.windowsIdentity != null) { if (this.retrieveAttributes) { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, out attributes, this.contextParameters); } else { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, this.contextParameters); } } else if (this.dbUser != null) { if (this.retrieveAttributes) { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, out attributes, this.contextParameters); } else { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, this.contextParameters); } } result.Attributes = attributes; //Thread safety lock (allResult.SyncRoot) { allResult.Add(localIndex, new object[] { itemName, result }); } } catch (Exception ex) { lastException = ex; } finally { clonedStorage.CloseConnection(); localWaitHandle.Set(); } }), new object[] { index, waitHandle, drAuthorization, globalNow }); index++; } if (lastException != null) { throw lastException; } int count = index; //Wait for all threads: http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework/topic28609.aspx if (Thread.CurrentThread.GetApartmentState() == ApartmentState.STA) { // WaitAll for multiple handles on an STA thread is not supported. // ...so wait on each handle individually. foreach (ManualResetEvent myWaitHandle in waitHandles) { myWaitHandle.WaitOne(); } } else { WaitHandle.WaitAll(waitHandles.ToArray()); } //Extends all results index = 0; for (int i = 0; i < count; i++) { object[] values = (object[])allResult[index++]; string itemName = (string)((object[])values)[0]; ItemCheckAccessResult result = (ItemCheckAccessResult)((object[])values)[1]; results.Add(result); this.extendResultToMembers(itemName, result, results); } this.checkAccessTimeSlice = results.ToArray(); } finally { this.storage.CloseConnection(); } }
private void buildApplicationCacheMultiThread() { try { DateTime globalNow = DateTime.Now; this.storage.OpenConnection(); this.collectPermissionData(); List<ItemCheckAccessResult> results = new List<ItemCheckAccessResult>(); IAzManSid sid = this.windowsIdentity != null ? new SqlAzManSID(this.windowsIdentity.User) : this.dbUser.CustomSid; List<ManualResetEvent> waitHandles = new List<ManualResetEvent>(); Hashtable allResult = new Hashtable(); int index = 0; Exception lastException = null; foreach (String itemname in this.items) { var drAuthorization = this.dtAuthorizations.Where(t => t.ItemName == itemname).FirstOrDefault(); if (drAuthorization == null) drAuthorization = new BuildUserPermissionCacheResult2() { ItemName = itemname, ValidFrom = null, ValidTo = null }; //string itemName = drAuthorization.ItemName; ManualResetEvent waitHandle = new ManualResetEvent(false); waitHandles.Add(waitHandle); //New Thread Pool ThreadPool.QueueUserWorkItem(new WaitCallback( delegate(object o) { IAzManStorage clonedStorage = new SqlAzManStorage(((SqlAzManStorage)this.storage).db.Connection.ConnectionString); int localIndex = (int)((object[])o)[0]; ManualResetEvent localWaitHandle = (ManualResetEvent)((object[])o)[1]; BuildUserPermissionCacheResult2 localAuth = (BuildUserPermissionCacheResult2)((object[])o)[2]; DateTime now = (DateTime)((object[])o)[3]; string itemName = localAuth.ItemName; try { clonedStorage.OpenConnection(); ItemCheckAccessResult result = new ItemCheckAccessResult(itemName); result.ValidFrom = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : DateTime.MinValue; result.ValidTo = localAuth.ValidTo.HasValue ? localAuth.ValidTo.Value : DateTime.MaxValue; List<KeyValuePair<string, string>> attributes = null; DateTime validFor = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : now; if (this.windowsIdentity != null) { if (this.retrieveAttributes) result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, out attributes, this.contextParameters); else result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, this.contextParameters); } else if (this.dbUser != null) { if (this.retrieveAttributes) result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, out attributes, this.contextParameters); else result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, this.contextParameters); } result.Attributes = attributes; //Thread safety lock (allResult.SyncRoot) { allResult.Add(localIndex, new object[] { itemName, result }); } } catch (Exception ex) { lastException = ex; } finally { clonedStorage.CloseConnection(); localWaitHandle.Set(); } }), new object[] { index, waitHandle, drAuthorization, globalNow }); index++; } if (lastException != null) throw lastException; int count = index; //Wait for all threads: http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework/topic28609.aspx if (Thread.CurrentThread.GetApartmentState() == ApartmentState.STA) { // WaitAll for multiple handles on an STA thread is not supported. // ...so wait on each handle individually. foreach (ManualResetEvent myWaitHandle in waitHandles) { myWaitHandle.WaitOne(); } } else { WaitHandle.WaitAll(waitHandles.ToArray()); } //Extends all results index = 0; for (int i = 0; i < count; i++) { object[] values = (object[])allResult[index++]; string itemName = (string)((object[])values)[0]; ItemCheckAccessResult result = (ItemCheckAccessResult)((object[])values)[1]; results.Add(result); this.extendResultToMembers(itemName, result, results); } this.checkAccessTimeSlice = results.ToArray(); } finally { this.storage.CloseConnection(); } }