//ip, port na kome je server //serviceName je treci parametar u string.format prilikom kreiranja adrese //Type typeofsrcClass povratna vrednost typeof(npr. ClientConnection) -> kaze u kojoj klasi su iplementirane // metode iz interfejsa INTERFACE public Server2(string ip, string port, string serviceName, Type typeOfSrcClass) { string temp = null; //na osnovu vrste servisa,uzimamo serverski personalni sertifikat. if (typeof(INTERFACE) == typeof(IBankConnection)) { temp = "mbbank"; } else if (typeof(INTERFACE) == typeof(IOperatorConnection)) { temp = "mboperator_1"; } else if (typeof(INTERFACE) == typeof(IGatewayConnection)) { temp = "mbgateway"; } else { temp = "mbclient_1"; } bool uspesnoStartovanje = false; this.ipAddress = IPFinder.GetIPAddress(); //ime naseg window usera, ujedno i naseg cert. string srvCertName = Formatter.ParseName(WindowsIdentity.GetCurrent().Name); this.connectedPort = Int32.Parse(port); do { NetTcpBinding binding = new NetTcpBinding(); //tip auth binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate; string address = String.Format("net.tcp://{0}:{1}/{2}", ip, connectedPort.ToString(), serviceName); host = new ServiceHost(typeOfSrcClass); host.AddServiceEndpoint(typeof(INTERFACE), binding, address); //nacin auth host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust; host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; //uzimamo nas cert host.Credentials.ServiceCertificate.Certificate = Manager.GetCertificateFormStorage(StoreName.My, StoreLocation.LocalMachine, srvCertName); try { host.Open(); uspesnoStartovanje = true; Console.WriteLine(serviceName + " startovan na " + this.ipAddress + ":" + this.connectedPort); } catch (Exception) { uspesnoStartovanje = false; this.connectedPort++; } } while (!uspesnoStartovanje); }
ChannelFactory <INTERFACE> factory; //kanal koji ce da kreira proxy /* * CN - naziv sertifikata gde se nalazi javni kljuc servica * ip, port na koje se nalazi servis */ public Client(string CN, string ip, string port, string serviceName) { //ovo radimo zato sto smo mi admini i admin nema svoj sertifikat vec ga ima client,i onda se predstavimo kao client da bi uzeli taj sert. string srvCertCN = CN; //ime servsa - ujedno i naziv njegovog cert. string temp = null; var stackFrame = new StackFrame(1); var callingMethod = stackFrame.GetMethod(); var callingClass = callingMethod.DeclaringType; string[] splited = callingClass.FullName.ToString().Split('.'); if (splited[0] == "Client") { temp = "mbclient_1"; } else if (splited[0] == "Operator") { temp = "mboperator_1"; } else if (splited[0] == "Gateway") { temp = "mbgateway"; } else { temp = "mbbank"; } NetTcpBinding binding = new NetTcpBinding(); binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate; //auth se vrsi pomocu cert. binding.OpenTimeout = new TimeSpan(0, 10, 0); binding.CloseTimeout = new TimeSpan(0, 10, 0); binding.SendTimeout = new TimeSpan(0, 10, 0); binding.ReceiveTimeout = new TimeSpan(0, 10, 0); //iz foldera trusted people uzima javni kljuc serverskog cert. X509Certificate2 srvCert = Manager.GetCertificateFormStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, srvCertCN); //srvcertcn //endpoing koji client treba da pogodi. sastoji se od uri-ja kao prvog param. i drugog param. - javnog kljuca iz cert koji smo gore uzeli. taj ljkuc nam kaze //da na serveru treba da nas ocekuje cert koji pored tog javnog kljuca ima i neki svoj privatni EndpointAddress address = new EndpointAddress(new Uri(String.Format("net.tcp://{0}:{1}/{2}", ip, port, serviceName)), new X509CertificateEndpointIdentity(srvCert)); //kreiramo kanal factory = new ChannelFactory <INTERFACE>(binding, address); //izvlacimo nase klijentsko ime i nas sertifikat string cliCertCN = Formatter.ParseName(WindowsIdentity.GetCurrent().Name); //nacin auth. factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust; //poojma nemam factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; //iz personal foldera uzimamo nas sertifikat sa privatnim i javnim kljucem factory.Credentials.ClientCertificate.Certificate = Manager.GetCertificateFormStorage(StoreName.My, StoreLocation.LocalMachine, cliCertCN);//cliCertCN,sada je temp zato sto se lazno predstavljamo kao client //kreiramo proxy proxy = factory.CreateChannel(); }
public CustomPrincipal(WindowsIdentity winIndentity) { this.identity = winIndentity; foreach (IdentityReference group in this.identity.Groups) { SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); var name = sid.Translate(typeof(NTAccount)); string groupName = Formatter.ParseName(name.ToString()); if (groupName == "Reader" || groupName == "AlarmGenerator" || groupName == "AlarmAdmin") { roles.Add(groupName, RolesConfig.GetPermissions(groupName)); } } }
private Dictionary <string, string[]> roles = new Dictionary <string, string[]>(); //uloge sa permisijama se spajaju public CustomPrincipal(WindowsIdentity winIdentity) //ovde je problem negde { /// define list of roles based on custom roles string[] rolesTypes = Enum.GetNames(typeof(Role)); foreach (IdentityReference group in winIdentity.Groups) { SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); var name = sid.Translate(typeof(NTAccount)); string groupName = Formatter.ParseName(name.ToString()); foreach (string g in Enum.GetNames(typeof(Role))) { if (g.ToString().Equals(groupName)) { if (!roles.ContainsKey(groupName)) { roles.Add(groupName, RolesConfig.GetPermissions(g.ToString())); break; } } } } }