protected void Button1_Click(object sender, EventArgs e)
{
IAzManStorage storage = new SqlAzManStorage("data source=(local);Initial Catalog=NetSqlAzManStorage;user id=sa;password="******"Store Stress Test", "Application0", "Role0", this.Request.LogonUserIdentity, DateTime.Now, false).ToString();
this.TextBox1.Text += storage.CheckAccess("Store Stress Test", "Application0", "Operation0", this.Request.LogonUserIdentity, DateTime.Now, false).ToString();
}
//Application0.Security.CheckAccessHelper chk = new Application0.Security.CheckAccessHelper("data source=.;Initial Catalog=NetSqlAzManStorage;Integrated Security=SSPI", this.Request.LogonUserIdentity);
// this.TextBox1.Text = chk.CheckAccess(Application0.Security.CheckAccessHelper.Operation.Operation0).ToString();
}
/// <summary>
/// Check Access from your Application [FOR Windows Users ONLY].
/// </summary>
/// <param name="dbUserName">DB Username</param>
private void CheckAccessPermissionsForDBUsers(string dbUserName)
{
// REMBER:
// Modify dbo.GetDBUsers Table-Function to customize DB User list.
// USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Readers
//Sql Storage connection string
string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password";
//Create an instance of SqlAzManStorage class
IAzManStorage storage = new SqlAzManStorage(sqlConnectionString);
//Retrieve DB User identity from dbo.GetDBUsers Table-Function
IAzManDBUser dbUser = storage.GetDBUser(dbUserName);
AuthorizationType auth = storage.CheckAccess("My Store", "My Application", "My Operation", dbUser, DateTime.Now, true);
switch (auth)
{
case AuthorizationType.AllowWithDelegation:
//Yes, I can ... and I can delegate
break;
case AuthorizationType.Allow:
//Yes, I can
break;
case AuthorizationType.Neutral:
case AuthorizationType.Deny:
//No, I cannot
break;
}
}
private void btnACL_Click(object sender, EventArgs e)
{
try
{
//string[] users = DirectoryServicesUtils.GetAllDomainUsers();
//IAzManStorage storage = new SqlAzManStorage("data source=.;Initial Catalog=NetSqlAzManStorage;Integrated Security = SSPI;");
//IAzManDBUser dbUser1 = storage.GetDBUser(new SqlAzManSID(this.GetBytesFromInt32(1), true));
//IAzManDBUser dbUser2 = storage.GetDBUser(new SqlAzManSID(this.GetBytesFromInt32(2), true));
//AuthorizationType auth1 = storage.CheckAccess("Eidos", "DB Persone", "Accesso", dbUser1, DateTime.Now, false);
//AuthorizationType auth2 = storage.CheckAccess("Eidos", "DB Persone", "Accesso", dbUser1, DateTime.Now, false);
//string cs = "data source=(local);Initial Catalog=NetSqlAzManStorage;Integrated Security=SSPI";
string cs = "data source=.;Initial Catalog=NetSqlAzManStorage;Integrated Security=SSPI";
var ctx = new[] { new KeyValuePair<string, object>("Value1", "111"), new KeyValuePair<string, object>("Value2", "222") };
IAzManStorage storage = new SqlAzManStorage(cs);
//DateTime dt = new DateTime(2009, 05, 01);
//AuthorizationType authz = storage.CheckAccess("Eidos", "DB Persone", "Super utente senza dati retributivi", WindowsIdentity.GetCurrent(), dt, false);
//authz = upcTest.CheckAccess("Super utente senza dati retributivi", dt);
//MessageBox.Show(authz.ToString());
DateTime t1, t2;
////return;
t1 = DateTime.Now;
StorageCache sc = new StorageCache(cs);
sc.BuildStorageCache();
//t2 = DateTime.Now;
////MessageBox.Show((t2 - t1).TotalMilliseconds.ToString());
//t1 = DateTime.Now;
//UserPermissionCache uupc = new UserPermissionCache(storage, "Eidos", "DB Persone", WindowsIdentity.GetCurrent(), true, true);
t2 = DateTime.Now;
//MessageBox.Show((t2 - t1).TotalMilliseconds.ToString());
//return;
//t1 = DateTime.Now;
//UserPermissionCache upcTest = new UserPermissionCache(storage, "Eidos", "DB Persone", WindowsIdentity.GetCurrent(), true, true, ctx);
//t2 = DateTime.Now;
//MessageBox.Show((t2 - t1).TotalMilliseconds.ToString());
//t1 = DateTime.Now;
//for (int i = 0; i < 1000; i++)
//{
// upcTest.CheckAccess("Accesso", DateTime.Now);
//}
//t2 = DateTime.Now;
//MessageBox.Show((t2 - t1).TotalMilliseconds.ToString());
string ssid = WindowsIdentity.GetCurrent().GetUserBinarySSid();
string[] gsid = WindowsIdentity.GetCurrent().GetGroupsBinarySSid();
//t1 = DateTime.Now;
//for (int i = 0; i < 1000; i++)
//{
// sc.CheckAccess("Eidos", "DB Persone", "Gestore", ssid, gsid, DateTime.Now, false);
//}
//t2 = DateTime.Now;
//MessageBox.Show((t2 - t1).TotalMilliseconds.ToString());
//sr.CacheServiceClient csc = new NetSqlAzMan_WinTest.sr.CacheServiceClient();
//csc.Open();
//t1 = DateTime.Now;
////for (int i = 0; i < 1000; i++)
////{
////var aauu = csc.CheckAccessForWindowsUsersWithoutAttributesRetrieve("ZZEntDataSvcs", "CommissionFeeTax", "Editor", ssid, gsid, DateTime.Now, false, null);
//var aauu = sc.CheckAccess("Eidos", "DB Persone", "Accesso", ssid, gsid, DateTime.Now, false, null);
// //csc.GetAuthorizedItemsForWindowsUsers("Eidos", "DB Persone", ssid, gsid, DateTime.Now, null);
////}
//t2 = DateTime.Now;
////MessageBox.Show((t2 - t1).TotalMilliseconds.ToString());
//csc.Close();
//t1 = DateTime.Now;
//for (int i = 0; i < 1000; i++)
//{
// storage.CheckAccess("Eidos", "DB Persone", "Gestore", WindowsIdentity.GetCurrent(), DateTime.Now, false);
//}
//t2 = DateTime.Now;
//MessageBox.Show((t2 - t1).TotalMilliseconds.ToString());
//return;
//DateTime dt = DateTime.Now;
//foreach (string user in users)
//{
// WindowsIdentity win = new WindowsIdentity(user);
// sc.CheckAccess("Eidos", "DB Persone", "Gestore", win.GetUserBinarySSid(), win.GetGroupsBinarySSid(), DateTime.Now, false);
//}
//TimeSpan ts = DateTime.Now.Subtract(dt);
//var seconds = ts.TotalSeconds;
//
//upcTest.CheckAccess("Accesso", DateTime.Now);
List<KeyValuePair<string, string>> attributes1;
List<KeyValuePair<string, string>> attributes2;
List<KeyValuePair<string, string>> attributes3;
//int h;
foreach (var store in storage.Stores)
{
foreach (var application in store.Value.Applications)
{
UserPermissionCache upc = new UserPermissionCache(storage, store.Value.Name, application.Value.Name, WindowsIdentity.GetCurrent(), true, true, ctx);
foreach (var item in application.Value.Items)
{
this.textBox1.Text += String.Format("Store: {0}\tApplication: {1}\tItem: {2}\r\n", store.Key, application.Key, item.Key);
AuthorizationType auth1 = sc.CheckAccess(store.Value.Name, application.Value.Name, item.Value.Name, WindowsIdentity.GetCurrent().GetUserBinarySSid(), WindowsIdentity.GetCurrent().GetGroupsBinarySSid(), DateTime.Now, false, out attributes1, ctx);
AuthorizationType auth2 = storage.CheckAccess(store.Value.Name, application.Value.Name, item.Value.Name, WindowsIdentity.GetCurrent(), DateTime.Now, false, out attributes2, ctx);
AuthorizationType auth3 = upc.CheckAccess(item.Value.Name, DateTime.Now, out attributes3);
//if (item.Key == "Method1")
// h = 9;
this.detectedDifferences(auth1, attributes1, auth2, attributes2);
this.detectedDifferences(auth2, attributes2, auth3, attributes3);
this.detectedDifferences(auth1, attributes1, auth3, attributes3);
}
}
}
MessageBox.Show("Done");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
/// <summary>
/// Check Access from your Application [FOR Windows Users ONLY].
/// </summary>
/// <param name="userIdentity">Windows User Identity.</param>
private void CheckAccessPermissionsForWindowsUsers(WindowsIdentity userIdentity, bool useCache)
{
// USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Readers
//Sql Storage connection string
string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password";
//Create an instance of SqlAzManStorage class
IAzManStorage storage = new SqlAzManStorage(sqlConnectionString);
//To Pass current user identity:
//WindowsIdentity.GetCurrent() -> for Windows Applications
//this.Request.LogonUserIdentity -> for ASP.NET Applications
List<KeyValuePair<string, string>> attributes;
AuthorizationType auth;
if (useCache)
{
//Build the cache Only one time per session/application/user
NetSqlAzMan.Cache.UserPermissionCache cache = new NetSqlAzMan.Cache.UserPermissionCache(storage, "My Store", "My Application", userIdentity, true, true);
//Then Check Access
auth = cache.CheckAccess("My Operation", DateTime.Now,out attributes);
}
else
{
auth = storage.CheckAccess("My Store", "My Application", "My Operation", userIdentity, DateTime.Now, true, out attributes);
}
switch (auth)
{
case AuthorizationType.AllowWithDelegation:
//Yes, I can ... and I can delegate
break;
case AuthorizationType.Allow:
//Yes, I can
break;
case AuthorizationType.Neutral:
case AuthorizationType.Deny:
//No, I cannot
break;
}
//Do something with attributes found
}
private void TestSuNetSqlAzMan(string connectionString, int max)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
int rnd = new Random().Next(max);
IAzManStorage storage = new SqlAzManStorage(connectionString);
storage.OpenConnection();
AuthorizationType res = storage.CheckAccess("Store Stress Test", "Application" + rnd.ToString(), "Operation" + rnd.ToString(), id, DateTime.Now, true, new KeyValuePair<string, object>("chiave","valore"));
//AuthorizationType res = storage.CheckAccess("Store Stress Test", "Application" + rnd.ToString(), "Operation" + rnd.ToString(), storage.GetDBUser("Andrea"), DateTime.Now, true, new KeyValuePair<string, object>("chiave", "valore"));
storage.CloseConnection();
storage.Dispose();
}
private AuthorizationType NetSqlAzManTestDirectCheckAccess()
{
WindowsIdentity userIdentity = this.Request.LogonUserIdentity;
IAzManStorage storage = new SqlAzManStorage(NetSqlAzManStorePath);
return storage.CheckAccess("Store Test", "Application Test", this.txtDirectItem.Text, userIdentity, DateTime.Now, true);
}
/// <summary>
/// Determines whether the specified control name has access.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="controlName">Name of the control.</param>
/// <param name="itemName">Name of the item.</param>
/// <returns>
/// <c>true</c> if the specified control name has access; otherwise, <c>false</c>.
/// </returns>
protected internal bool HasAccess(NetSqlAzManAuthorizationContext context, string controlName, string itemName)
{
if (!String.IsNullOrEmpty(context._storageConnectionString))
{
if (context.StorageCache != null)
{
//Storage Cache
AuthorizationType auth = AuthorizationType.Neutral;
if (context._windowIdentity != null)
auth = context.StorageCache.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._windowIdentity.GetUserBinarySSid(), context._windowIdentity.GetGroupsBinarySSid(), ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
else if (context._dbuserIdentity != null)
auth = context.StorageCache.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._dbuserIdentity.CustomSid.StringValue, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
return (auth == AuthorizationType.AllowWithDelegation) || (auth == AuthorizationType.Allow);
}
else
{
//Direct Access
using (SqlAzManStorage storage = new SqlAzManStorage(context._storageConnectionString))
{
AuthorizationType auth = AuthorizationType.Neutral;
if (context._windowIdentity != null)
auth = storage.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._windowIdentity, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
else if (context._dbuserIdentity != null)
auth = storage.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._dbuserIdentity, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
return (auth == AuthorizationType.AllowWithDelegation) || (auth == AuthorizationType.Allow);
}
}
}
else
{
throw new InvalidOperationException("NetSqlAzMan Storage connection string and NetSqlAzMan WCF Cache Service url cannot be both null");
}
}