/// <summary>
/// Creates the system account.
/// </summary>
/// <param name="identifier">The identifier.</param>
/// <param name="displayName">The display name.</param>
/// <param name="emailAddress">The email address.</param>
/// <param name="identityProviderName">Name of the identity provider.</param>
/// <param name="identityProviderUri">The identity provider URI.</param>
/// <returns>
/// A SystemAccount.
/// </returns>
public SystemAccount CreateSystemAccount(string identifier, string displayName, EmailAddress emailAddress, string identityProviderName, string identityProviderUri )
{
var account = new SystemAccount ( identifier, displayName, emailAddress, identityProviderName, identityProviderUri );
_repository.MakePersistent ( account );
return account;
}
/// <summary>
/// Creates the system account.
/// </summary>
/// <param name="identifier">The identifier.</param>
/// <param name="displayName">The display name.</param>
/// <param name="emailAddress">The email address.</param>
/// <param name="identityProviderName">Name of the identity provider.</param>
/// <param name="identityProviderUri">The identity provider URI.</param>
/// <returns>
/// A SystemAccount.
/// </returns>
public SystemAccount CreateSystemAccount(string identifier, string displayName, EmailAddress emailAddress, string identityProviderName, string identityProviderUri)
{
var account = new SystemAccount(identifier, displayName, emailAddress, identityProviderName, identityProviderUri);
_repository.MakePersistent(account);
return(account);
}
/// <summary>
/// Initializes a new instance of the <see cref="SystemAccountRole"/> class.
/// </summary>
/// <param name="systemAccount">The system account.</param>
/// <param name="systemRole">The system role.</param>
protected internal SystemAccountRole(SystemAccount systemAccount, SystemRole systemRole)
{
Check.IsNotNull(systemAccount, "System account is required.");
Check.IsNotNull(systemRole, "System role is required.");
_systemAccount = systemAccount;
_systemRole = systemRole;
}
/// <summary>
/// Initializes a new instance of the <see cref="SystemAccountRole"/> class.
/// </summary>
/// <param name="systemAccount">The system account.</param>
/// <param name="systemRole">The system role.</param>
protected internal SystemAccountRole( SystemAccount systemAccount, SystemRole systemRole )
{
Check.IsNotNull ( systemAccount, "System account is required." );
Check.IsNotNull ( systemRole, "System role is required." );
_systemAccount = systemAccount;
_systemRole = systemRole;
}
/// <summary>
/// Initializes a new instance of the <see cref="SystemUsageEvent"/> class.
/// </summary>
/// <param name="systemAccount">The system account.</param>
/// <param name="ipAddress">The ip address.</param>
/// <param name="eventType">Type of the event.</param>
protected internal SystemUsageEvent(
SystemAccount systemAccount,
string ipAddress,
EventType eventType)
{
_systemAccount = systemAccount;
_ipAddress = ipAddress;
_eventType = eventType;
_usageTimestamp = DateTimeOffset.UtcNow;
}
/// <summary>
/// Initializes a new instance of the <see cref="SystemUsageEvent"/> class.
/// </summary>
/// <param name="systemAccount">The system account.</param>
/// <param name="ipAddress">The ip address.</param>
/// <param name="eventType">Type of the event.</param>
protected internal SystemUsageEvent(
SystemAccount systemAccount,
string ipAddress,
EventType eventType )
{
_systemAccount = systemAccount;
_ipAddress = ipAddress;
_eventType = eventType;
_usageTimestamp = DateTimeOffset.UtcNow;
}
protected virtual void SetupSystemAccountProvider()
{
var systemAccount = new SystemAccount ( "{2342-23434593-345345-345-345-3}","sytemuser displayname", new EmailAddress("*****@*****.**"), "uri:FakeProvider","FakeProvider" );
using ( ITransaction trans = Session.BeginTransaction () )
{
Session.SaveOrUpdate ( systemAccount );
trans.Commit ();
}
var systemAccountProviderMock = new Mock<ISystemAccountProvider> ();
systemAccountProviderMock
.SetupGet ( x => x.SystemAccount )
.Returns ( systemAccount );
StructureMapContainer.Configure ( s => s
.For<ISystemAccountProvider> ()
.Singleton ()
.Use ( systemAccountProviderMock.Object ) );
}
/// <summary>
/// Exercises the emergency access.
/// </summary>
/// <param name="claimsPrincipal">The claims principal.</param>
/// <param name="systemAccount">The system account.</param>
public void ExerciseEmergencyAccess( IClaimsPrincipal claimsPrincipal, SystemAccount systemAccount )
{
Check.IsNotNull ( claimsPrincipal, "ClaimsPrincipal is required." );
Check.IsNotNull ( systemAccount, "SystemAccount is required." );
var emergencyPermissions = FindEmergencyAccessPermissions ();
IssueSystemPermissionClaims ( claimsPrincipal, emergencyPermissions, systemAccount );
}
private void IssueSystemPermissionClaims(
IPrincipal claimsPrincipal,
IEnumerable<SystemPermission> grantedPermissions,
SystemAccount systemAccount )
{
var identity = ( IClaimsIdentity )claimsPrincipal.Identity;
var exsitingPermissions = FindExistingSystemPermissionWellKnownNames ( identity );
var realm = _federationAuthenticationModule.Realm;
foreach ( var grantedPermission in grantedPermissions )
{
if ( !exsitingPermissions.Any ( x => x == grantedPermission.WellKnownName ) )
{
var claim = new Claim (
ClaimTypes.PermissionClaimType,
grantedPermission.WellKnownName,
realm );
identity.Claims.Add ( claim );
Logger.Debug ( "Principal ({0}) is issued the following claim ({1}).", systemAccount.Identifier, claim.ToString () );
}
else
{
Logger.Debug ( "Claim for permission ({0}) has already existed.", grantedPermission.WellKnownName );
}
}
}
/// <summary>
/// Issues the system permission claims.
/// </summary>
/// <param name="claimsPrincipal">The claims principal.</param>
/// <param name="systemAccount">The system account.</param>
public void IssueSystemPermissionClaims( IClaimsPrincipal claimsPrincipal, SystemAccount systemAccount )
{
Check.IsNotNull ( claimsPrincipal, "ClaimsPrincipal is required." );
Check.IsNotNull ( systemAccount, "SystemAccount is required." );
var grantedPermissions = systemAccount.FindGrantedPermissions ();
IssueSystemPermissionClaims ( claimsPrincipal, grantedPermissions, systemAccount );
}
/// <summary>
/// Issues the account key claims.
/// </summary>
/// <param name="claimsPrincipal">The claims principal.</param>
/// <param name="systemAccount">The system account.</param>
public void IssueAccountKeyClaims( IClaimsPrincipal claimsPrincipal, SystemAccount systemAccount )
{
Check.IsNotNull ( claimsPrincipal, "ClaimsPrincipal is required." );
Check.IsNotNull ( systemAccount, "SystemAccount is required." );
var realm = _federationAuthenticationModule.Realm;
var claim = new Claim (
ClaimTypes.AccountKeyClaimType, systemAccount.Key + string.Empty, realm );
var identity = ( IClaimsIdentity )claimsPrincipal.Identity;
identity.Claims.Add ( claim );
Logger.Debug ( "Principal ({0}) is issued the following claim ({1}).", systemAccount.Identifier, claim.ToString () );
}
/// <summary>
/// Destroys the system account.
/// </summary>
/// <param name="systemAccount">The system account.</param>
public void DestroySystemAccount(SystemAccount systemAccount)
{
// Note: System Account deletion is not currently supported.
throw new NotImplementedException();
}
/// <summary>
/// Revises the system acount.
/// </summary>
/// <param name="systemAccount">
/// The system account.
/// </param>
public virtual void ReviseSystemAcount( SystemAccount systemAccount )
{
SystemAccount = systemAccount;
}
/// <summary>
/// Destroys the system account.
/// </summary>
/// <param name="systemAccount">The system account.</param>
public void DestroySystemAccount( SystemAccount systemAccount )
{
// Note: System Account deletion is not currently supported.
throw new NotImplementedException ();
}
