// Static Methods
/// <summary>
/// Creates a new provider from data cached by the <see cref="SecurityProviderCache"/>.
/// </summary>
/// <param name="username">The username of the user for which to create a new provider.</param>
/// <returns>A new provider initialized from cached data.</returns>
public static ISecurityProvider CreateProvider(string username)
{
CacheContext cacheContext;
lock (s_cache)
{
cacheContext = s_cache.GetOrAdd(username, name => new CacheContext(SecurityProviderUtility.CreateProvider(username)));
}
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(cacheContext.Provider.UserData);
AutoRefresh(provider);
return(provider);
}
// Static Methods
/// <summary>
/// Validates that current provider is ready, creating it if necessary.
/// </summary>
/// <param name="username">User name of the user for whom the<see cref= "ISecurityProvider" /> is to be created; defaults to current user.</param>
public static void ValidateCurrentProvider(string username = null)
{
// Initialize the security principal from caller's windows identity if uninitialized, note that
// simply by checking current provider any existing cached security principal will be restored,
// if no current provider exists we create a new one
if ((object)CurrentProvider == null)
{
lock (typeof(SecurityProviderCache))
{
// Let's see if we won the race...
if ((object)CurrentProvider == null)
{
CurrentProvider = SecurityProviderUtility.CreateProvider(username);
}
}
}
}
/// <summary>
/// Attempts to reauthenticate the current thread principal
/// after their provider has been removed from the cache.
/// </summary>
/// <returns>True if the user successfully reauthenticated; false otherwise.</returns>
public static bool ReauthenticateCurrentPrincipal()
{
IPrincipal currentPrincipal;
SecurityIdentity identity;
ISecurityProvider provider = null;
string password = null;
bool authenticated;
currentPrincipal = Thread.CurrentPrincipal;
if ((object)currentPrincipal == null)
{
return(false);
}
identity = currentPrincipal.Identity as SecurityIdentity;
if ((object)identity != null)
{
provider = identity.Provider;
}
if ((object)provider != null)
{
password = provider.Password;
}
// Reset the current principal
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
if ((object)currentIdentity != null)
{
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
}
// Create a new provider associated with current identity
provider = SecurityProviderUtility.CreateProvider(currentPrincipal.Identity.Name);
// Re-authenticate user
authenticated = provider.Authenticate(password);
// Re-cache current provider for user
CurrentProvider = provider;
return(authenticated);
}
// Static Methods
/// <summary>
/// Creates a new provider from data cached by the <see cref="SecurityProviderCache"/>.
/// </summary>
/// <param name="username">The username of the user for which to create a new provider.</param>
/// <param name="passthroughPrincipal"><see cref="IPrincipal"/> obtained through alternative authentication mechanisms to provide authentication for the <see cref="ISecurityProvider"/>.</param>
/// <param name="autoRefresh">Indicates whether the provider should be automatically refreshed on a timer.</param>
/// <returns>A new provider initialized from cached data.</returns>
public static ISecurityProvider CreateProvider(string username, IPrincipal passthroughPrincipal = null, bool autoRefresh = true)
{
CacheContext cacheContext;
lock (s_cache)
{
cacheContext = s_cache.GetOrAdd(username, name => new CacheContext(SecurityProviderUtility.CreateProvider(username, passthroughPrincipal)));
}
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(cacheContext.Provider.UserData);
provider.PassthroughPrincipal = passthroughPrincipal;
if (autoRefresh)
{
AutoRefresh(provider);
}
return(provider);
}
/// <summary>
/// Determines whether the user is a member of either of the specified <paramref name="roles"/>.
/// </summary>
/// <param name="roles">Comma separated list of roles to check.</param>
/// <returns>true if the user is a member of either of the specified <paramref name="roles"/>, otherwise false.</returns>
public bool IsInRole(string roles)
{
if (!m_identity.Provider.UserData.IsDefined || !m_identity.Provider.IsUserAuthenticated ||
m_identity.Provider.UserData.IsDisabled || m_identity.Provider.UserData.IsLockedOut)
{
// No need to check user roles.
return(false);
}
// Check if user has any one of the specified roles.
foreach (string role in roles.Split(','))
{
if (m_identity.Provider.UserData.Roles.FirstOrDefault(currentRole => (SecurityProviderUtility.IsRegexMatch(m_identity.Provider.TranslateRole(role.Trim()), currentRole))) != null)
{
return(true);
}
}
return(false);
}