Example #1
0
        public List <RBACUserInfo> GetAllUserNamesAndIDs()
        {
            List <RBACUserInfo> result = new List <RBACUserInfo>();

            try
            {
                // Get dataset of filtered users from DB (Note: this will contain more info than from the RBAC method)
                Dictionary <string, object> sqlParams = new Dictionary <string, object>();
                DataSet _dsUsers = _DAL_RBAC.GetDatasetFromSQL(
                    "select CONVERT(VARBINARY(85), UserID) AS DBUserSid, UserID, UserName, DomainUserName, FullName, CustomerID from Users order by UserName", sqlParams, true);
                _dsUsers.Tables[0].TableName = "Users";

                if (_dsUsers.Tables[0].Rows.Count == 0)
                {
                    _dsUsers.Dispose();
                    return(null);
                }

                RBACUserInfo rbacUser = null;
                foreach (DataRow nextRow in _dsUsers.Tables["Users"].Rows)
                {
                    // Create user from info in data row
                    rbacUser                = rbacUser = new RBACUserInfo();
                    rbacUser.UserName       = Convert.ToString(nextRow["UserName"]);
                    rbacUser.FullName       = Convert.ToString(nextRow["FullName"]);
                    rbacUser.DomainUserName = Convert.ToString(nextRow["DomainUserName"]);

                    if (nextRow["DBUserSid"] != DBNull.Value)
                    {
                        rbacUser.DBUserCustomSID = (nextRow["DBUserSid"] as byte[]);
                    }

                    if (nextRow["CustomerID"] != DBNull.Value)
                    {
                        rbacUser.PEMDefaultCustomerID = Convert.ToInt32(nextRow["CustomerID"]);
                    }

                    // Add user to result list
                    result.Add(rbacUser);
                }

                // Free DB resources
                _dsUsers.Dispose();
                return(result);
            }
            catch
            {
                return(null);
            }
        }
Example #2
0
        public override string[] GetRolesForUser(string username)
        {
            List <string> results = new List <string>();

            RBACUserInfo rbacUser = GetRBACUserFromCacheOrDB(username);

            if (rbacUser == null)
            {
                return(results.ToArray());
            }

            List <RBACItemInfo> grantedItems = _RBACInterface.GetGrantedItemsForUser(rbacUser, false);

            foreach (RBACItemInfo nextItem in grantedItems)
            {
                results.Add(nextItem.ItemName);
            }

            return(results.ToArray());
        }
Example #3
0
        public ApplicationLogonResponse LogonAsRBACUser(string username, string password)
        {
            // Create response object
            ApplicationLogonResponse responseObj = new ApplicationLogonResponse();

            try
            {
                // Try to get RBAC user
                RBACUserInfo rbacUserInfo = GetUser(username);
                if (rbacUserInfo == null)
                {
                    responseObj.ErrorMsg = "Username not found in system";
                    return(responseObj);
                }

                // Check to make sure passwords match
                if (string.Compare(rbacUserInfo.Password_PlainText, password) != 0)
                {
                    responseObj.ErrorMsg = "Incorrect username or password";
                    return(responseObj);
                }

                // Create a new RBAC Session ID
                string SessionId = System.Guid.NewGuid().ToString();

                // Create a new record in SessionDetails table
                Dictionary <string, object> sqlParams = new Dictionary <string, object>();
                sqlParams.Clear();
                sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
                sqlParams.Add("@SessionID", SessionId);
                int result = _DAL_RBAC.ExecuteNonQuery(
                    "insert into SessionDetails (UserId, SessionID, SessionExpTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
                    " values (@UserId, @SessionID, DATEADD(hour,12,getdate()), @UserId, getdate(), @UserId, getdate())", sqlParams, true);

                // Create a new record in LoginDetails table
                sqlParams.Clear();
                sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
                sqlParams.Add("@SessionID", SessionId);
                result = _DAL_RBAC.ExecuteNonQuery(
                    "insert into LoginDetails (Userid, SessionID, LoginTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
                    " values (@UserId, @SessionID, getdate(), @UserId, getdate(), @UserId, getdate())", sqlParams, true);

                // Get all granted items of the user
                List <RBACItemInfo>     grantedItemsForUser = GetGrantedItemsForUser(rbacUserInfo, false);
                List <RBACItemInfo>     itemsToRemove       = new List <RBACItemInfo>();
                List <RBACCustomerInfo> allCustomers        = GetCustomers();
                List <RBACCustomerInfo> grantedCustomers    = new List <RBACCustomerInfo>();

                // Look through each item. If its actually a customer, we will use a customized object instead
                foreach (RBACItemInfo nextItem in grantedItemsForUser)
                {
                    if (nextItem.ItemName.StartsWith("Customer:"))
                    {
                        itemsToRemove.Add(nextItem);
                        RBACCustomerInfoPredicate customerPredicate = new RBACCustomerInfoPredicate(nextItem.ItemID);
                        RBACCustomerInfo          customerObj       = allCustomers.Find(customerPredicate.CompareByRbacID);
                        if (customerObj != null)
                        {
                            grantedCustomers.Add(customerObj);
                        }
                    }
                }
                foreach (RBACItemInfo nextItem in itemsToRemove)
                {
                    grantedItemsForUser.Remove(nextItem);
                }

                // Update the response object
                responseObj.SessionId      = SessionId;
                responseObj.Username       = rbacUserInfo.UserName;
                responseObj.DomainUsername = rbacUserInfo.DomainUserName;
                responseObj.FullName       = rbacUserInfo.FullName;
                responseObj.RbacUserId     = rbacUserInfo.DBUserCustomSID_AsInt;
                responseObj.GrantedItems.AddRange(grantedItemsForUser);
                responseObj.GrantedCustomers.AddRange(grantedCustomers);
            }
            catch (Exception ex)
            {
                responseObj.ErrorMsg = ex.Message;

                // Debug: Need to log this?
                System.Diagnostics.Debug.WriteLine(ex.ToString());
            }

            // Return the result object
            return(responseObj);
        }
Example #4
0
        public List <RBACItemInfo> GetGrantedItemsForUser(RBACUserInfo user, bool onlyExplicitGrants)
        {
            List <RBACItemInfo> result = new List <RBACItemInfo>();

            Dictionary <string, object> sqlParams = new Dictionary <string, object>();

            sqlParams.Add("@DBUserSid", user.DBUserCustomSID);
            sqlParams.Add("@ApplicationID", _ApplicationID);

            DataSet dsUserRights = _DAL_RBAC.GetDatasetFromSQL(
                "select t1.ItemId, t1.Name, t1.ItemType, t1.Description, t2.AuthorizationType, 'Direct' as Grantor " +
                "from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
                "where t1.ApplicationID = @ApplicationID " +
                " and t2.objectSid =  @DBUserSid " +
                " and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
                "union all  " +
                "select t4.ItemId, t4.Name, t4.ItemType, t4.Description, t5.AuthorizationType, 'Role' as Grantor " +
                "from  netsqlazman_ItemsHierarchyTable  t3, netsqlazman_ItemsTable t4, netsqlazman_AuthorizationsTable t5 " +
                "where t3.ItemId = t4.ItemId " +
                "and t5.AuthorizationType in (1, 3) " +
                "and t5.ItemId = t3.MemberOfItemId " +
                "and t3.MemberOfItemId in " +
                "( " +
                "select t1.ItemId " +
                "from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
                "where t1.ApplicationID = @ApplicationID and t2.objectSid = @DBUserSid " +
                "and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
                ") " +
                "order by 3 asc, 4 asc, 2 asc", sqlParams, true);



            //"select t1.ItemId, t1.Name, t1.ItemType, t1.Description, t2.AuthorizationType, 'Direct' as Grantor " +
            //"from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
            //"where t1.ApplicationID = @ApplicationID " +
            //" and t2.OwnerSid =  CONVERT(varchar(max),ownerSid,2) " + /*" and t2.objectSid = @DBUserSid " +*/
            //" and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
            //"union all  " +
            //"select t4.ItemId, t4.Name, t4.ItemType, t4.Description, t5.AuthorizationType, 'Role' as Grantor " +
            //"from  netsqlazman_ItemsHierarchyTable  t3, netsqlazman_ItemsTable t4, netsqlazman_AuthorizationsTable t5 " +
            //"where t3.ItemId = t4.ItemId " +
            //"and t5.AuthorizationType in (1, 3) " +
            //"and t5.ItemId = t3.MemberOfItemId " +
            //"and t3.MemberOfItemId in " +
            //"( " +
            //"select t1.ItemId " +
            //"from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
            //"where t1.ApplicationID = 73 and t2.OwnerSid = CONVERT(varchar(max),ownerSid,2) " + /*"where t1.ApplicationID = @ApplicationID and t2.objectSid = @DBUserSid " +*/
            //"and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
            //") " +
            //"order by 3 asc, 4 asc, 2 asc", sqlParams, true);

            //DataSet dsUserRights = _DAL_RBAC.GetDatasetFromSQL(
            //         "select t1.ItemId, t1.Name, t1.ItemType, t1.Description, t2.AuthorizationType, 'Direct' as Grantor " +
            //         "from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
            //         "where t1.ApplicationID = @ApplicationID " +
            //         " and t2.OwnerSid = @DBUserSid " + /*" and t2.objectSid = @DBUserSid " +*/
            //         " and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
            //         "union all  " +
            //         "select t4.ItemId, t4.Name, t4.ItemType, t4.Description, t5.AuthorizationType, 'Role' as Grantor " +
            //         "from  netsqlazman_ItemsHierarchyTable  t3, netsqlazman_ItemsTable t4, netsqlazman_AuthorizationsTable t5 " +
            //         "where t3.ItemId = t4.ItemId " +
            //         "and t5.AuthorizationType in (1, 3) " +
            //         "and t5.ItemId = t3.MemberOfItemId " +
            //         "and t3.MemberOfItemId in " +
            //         "( " +
            //         "select t1.ItemId " +
            //         "from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
            //         "where t1.ApplicationID = @ApplicationID and t2.OwnerSid = @DBUserSid " + /*"where t1.ApplicationID = @ApplicationID and t2.objectSid = @DBUserSid " +*/
            //         "and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
            //         ") " +
            //         "order by 3 asc, 4 asc, 2 asc", sqlParams, true);

            foreach (DataRow dr in dsUserRights.Tables[0].Rows)
            {
                if ((onlyExplicitGrants == false) || (dr["Grantor"].ToString() == "Direct"))
                {
                    RBACItemInfo item = new RBACItemInfo();
                    item.ItemID      = Convert.ToInt32(dr["ItemId"]);
                    item.ItemName    = dr["Name"].ToString();
                    item.Description = Convert.ToString(dr["Description"]);
                    item.ItemType    = (RBACItemType)Enum.Parse(typeof(RBACItemType), dr["ItemType"].ToString());

                    bool alreadyExists = false;
                    foreach (RBACItemInfo nextItem in result)
                    {
                        if (nextItem.ItemID == item.ItemID)
                        {
                            alreadyExists = true;
                            break;
                        }
                    }
                    if (alreadyExists == false)
                    {
                        result.Add(item);
                    }
                }
            }
            return(result);
        }
Example #5
0
        public override bool IsUserInRole(string username, string roleName)
        {
            // First we will look at cached stuff.  If not found there, then we will search the DB (and update the cache)
            bool matchedFromCache = false;

            try
            {
                // Use a read lock for this operation
                _CacheLocker.EnterReadLock();

                if (_cachedRolesForUsernames.ContainsKey(username))
                {
                    List <string> cachedRolesForUsername = _cachedRolesForUsernames[username];
                    if ((cachedRolesForUsername != null) && (cachedRolesForUsername.Count > 0))
                    {
                        if (cachedRolesForUsername.IndexOf(roleName) != -1)
                        {
                            matchedFromCache = true;
                        }
                    }
                }
            }
            finally
            {
                // Release the read lock
                if (_CacheLocker.IsReadLockHeld)
                {
                    _CacheLocker.ExitReadLock();
                }
            }

            if (matchedFromCache == true)
            {
                return(true);
            }
            else
            {
                // Get the user
                RBACUserInfo rbacUser = GetRBACUserFromCacheOrDB(username);
                if (rbacUser == null)
                {
                    return(false);
                }

                // Not found in the cache yet, but let's see if access can be assumed from the "PEM" default CustomerID assigned to the user
                string defaultCustomerAccess = "Customer:" + rbacUser.PEMDefaultCustomerID.ToString();
                if (string.Compare(defaultCustomerAccess, roleName, true) == 0)
                {
                    try
                    {
                        // Use an exclusive lock when modifying the collection
                        _CacheLocker.EnterWriteLock();

                        // Is a match, so lets update the local cache
                        if (_cachedRolesForUsernames.ContainsKey(username) == false)
                        {
                            _cachedRolesForUsernames.Add(username, new List <string>());
                        }

                        if (_cachedRolesForUsernames[username].IndexOf(defaultCustomerAccess) != -1)
                        {
                            _cachedRolesForUsernames[username].Add(defaultCustomerAccess);
                        }

                        return(true);
                    }
                    finally
                    {
                        // Release the exclusive write lock
                        if (_CacheLocker.IsWriteLockHeld)
                        {
                            _CacheLocker.ExitWriteLock();
                        }
                    }
                }

                // We will get all granted items for the user, add them to the cache as needed, and also
                // check to see if any of them are the ones we are explicitly looking for
                bool grantedItemFound            = false;
                List <RBACItemInfo> grantedItems = _RBACInterface.GetGrantedItemsForUser(rbacUser, false);
                try
                {
                    // Use an exclusive lock when modifying the collection
                    _CacheLocker.EnterWriteLock();

                    foreach (RBACItemInfo nextItem in grantedItems)
                    {
                        // Update the local cache with this item
                        if (_cachedRolesForUsernames.ContainsKey(username) == false)
                        {
                            _cachedRolesForUsernames.Add(username, new List <string>());
                        }

                        // If the granted item isn't in the user's cache yet, add it now
                        if (_cachedRolesForUsernames[username].IndexOf(nextItem.ItemName) != -1)
                        {
                            _cachedRolesForUsernames[username].Add(nextItem.ItemName);
                        }

                        // If it matches the item we are looking for, then set a flag (but don't break out of loop)
                        if (string.Compare(nextItem.ItemName, roleName, true) == 0)
                        {
                            grantedItemFound = true;
                        }
                    }
                }
                finally
                {
                    // Release the exclusive write lock
                    if (_CacheLocker.IsWriteLockHeld)
                    {
                        _CacheLocker.ExitWriteLock();
                    }
                }

                // If granted item was found (and cache was updated), then return true
                if (grantedItemFound == true)
                {
                    return(true);
                }
            }

            // If we get this far, then user doesn't have access to requested role
            return(false);
        }