/// <summary>
/// Perform the GET operation
/// </summary>
public TModel Get <TModel>(Guid key, Guid?versionKey, IntegrationQueryOptions options = null) where TModel : IdentifiedData
{
try
{
var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"));
amiClient.Client.Requesting += IntegrationQueryOptions.CreateRequestingHandler(options);
amiClient.Client.Credentials = this.GetCredentials(amiClient.Client);
if (amiClient.Client.Credentials == null)
{
return(null);
}
switch (typeof(TModel).Name)
{
case "SecurityUser":
return(amiClient.GetUser(key) as TModel);
default:
throw new NotSupportedException($"AMI servicing not supported for {typeof(TModel).Name}");
}
}
catch (Exception ex)
{
this.m_tracer.TraceError("Error contacting AMI: {0}", ex);
throw;
}
}
public Object UpdateSecurityUser([RestMessage(RestMessageFormat.SimpleJson)] SecurityUserInfo user)
{
var localSecSrv = ApplicationContext.Current.GetService <IRepositoryService <SecurityUser> >();
var amiServ = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"));
if (user.PasswordOnly)
{
var idp = ApplicationContext.Current.GetService <IIdentityProviderService>();
idp.ChangePassword(user.Entity.UserName.ToLower(), user.Entity.Password, AuthenticationContext.Current.Principal);
return(AuthenticationContext.Current.Session);
}
else
{
// Session
amiServ.Client.Credentials = new TokenCredentials(AuthenticationContext.Current.Principal);
var remoteUser = amiServ.GetUser(user.Entity.Key.Value);
remoteUser.Entity.Email = user.Entity.Email;
remoteUser.Entity.PhoneNumber = user.Entity.PhoneNumber;
// Save the remote user in the local
localSecSrv.Save(remoteUser.Entity);
amiServ.UpdateUser(remoteUser.Entity.Key.Value, remoteUser);
return(remoteUser.Entity);
}
}
/// <summary>
/// Gets the security user.
/// </summary>
/// <param name="key">The key.</param>
/// <returns>Returns the security user for the given key or null if no security user is found.</returns>
public SecurityUser GetSecurityUser(Guid key)
{
try
{
var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"));
amiClient.Client.Requesting += IntegrationQueryOptions.CreateRequestingHandler(null);
amiClient.Client.Credentials = this.GetCredentials(amiClient.Client);
return(amiClient.GetUser(key)?.Entity);
}
catch (Exception ex)
{
this.m_tracer.TraceError("Error contacting AMI: {0}", ex);
throw;
}
}
public SecurityUser UpdateSecurityUser([RestMessage(RestMessageFormat.SimpleJson)] SecurityUser user)
{
var localSecSrv = ApplicationContext.Current.GetService <ISecurityRepositoryService>();
var amiServ = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"));
// Session
amiServ.Client.Credentials = new TokenCredentials(AuthenticationContext.Current.Principal);
var remoteUser = amiServ.GetUser(user.Key.ToString());
remoteUser.User.Email = user.Email;
remoteUser.User.PhoneNumber = user.PhoneNumber;
// Save the remote user in the local
localSecSrv.SaveUser(remoteUser.User);
amiServ.UpdateUser(remoteUser.UserId.Value, remoteUser);
return(remoteUser.User);
}
internal static void UserInfo(GenericUserParms parms)
{
if (parms.UserName == null)
{
throw new InvalidOperationException("Must specify a user");
}
foreach (var un in parms.UserName)
{
var user = m_client.GetUsers(o => o.UserName == un).CollectionItem.FirstOrDefault() as SecurityUserInfo;
if (user == null)
{
throw new KeyNotFoundException($"User {un} not found");
}
DisplayUtil.PrintPolicies(user,
new string[] { "Name", "SID", "Email", "Phone", "Invalid Logins", "Lockout", "Last Login", "Created", "Updated", "De-Activated", "Roles" },
u => u.UserName,
u => u.Key,
u => u.Email,
u => u.PhoneNumber,
u => u.InvalidLoginAttempts,
u => u.LockoutXml,
u => u.LastLoginTimeXml,
u => String.Format("{0} ({1})", u.CreationTimeXml, m_client.GetUser(m_client.GetProvenance(u.CreatedByKey.Value).UserKey.Value).Entity.UserName),
u => String.Format("{0} ({1})", u.UpdatedTimeXml, m_client.GetUser(m_client.GetProvenance(u.UpdatedByKey.Value).UserKey.Value).Entity.UserName),
u => String.Format("{0} ({1})", u.ObsoletionTimeXml, m_client.GetUser(m_client.GetProvenance(u.ObsoletedByKey.Value).UserKey.Value).Entity.UserName),
u => String.Join(" , ", user.Roles)
);
}
}
internal static void ApplicationInfo(GenericApplicationParms parms)
{
if (parms.ApplictionId == null)
{
throw new InvalidOperationException("Must specify a application");
}
foreach (var un in parms.ApplictionId)
{
var device = m_client.GetApplications(o => o.Name == un).CollectionItem.FirstOrDefault() as SecurityApplicationInfo;
if (device == null)
{
throw new KeyNotFoundException($"Application {un} not found");
}
DisplayUtil.PrintPolicies(device,
new string[] { "Name", "SID", "Invalid Auth", "Lockout", "Last Auth", "Created", "Updated", "De-Activated" },
u => u.Name,
u => u.Key,
u => u.InvalidAuthAttempts,
u => u.LockoutXml,
u => u.LastAuthenticationXml,
u => String.Format("{0} ({1})", u.CreationTimeXml, m_client.GetUser(m_client.GetProvenance(u.CreatedByKey.Value).UserKey.Value).Entity.UserName),
u => String.Format("{0} ({1})", u.UpdatedTimeXml, m_client.GetUser(m_client.GetProvenance(u.UpdatedByKey.Value).UserKey.Value).Entity.UserName),
u => String.Format("{0} ({1})", u.ObsoletionTimeXml, m_client.GetUser(m_client.GetProvenance(u.ObsoletedByKey.Value).UserKey.Value).Entity.UserName)
);
}
}
internal static void RoleInfo(GenericRoleParms parms)
{
if (parms.RoleName == null)
{
throw new InvalidOperationException("Must specify a role");
}
var role = m_client.GetRoles(o => o.Name == parms.RoleName).CollectionItem.FirstOrDefault() as SecurityRoleInfo;
if (role == null)
{
throw new KeyNotFoundException($"Role {parms.RoleName} not found");
}
DisplayUtil.PrintPolicies(role,
new string[] { "Name", "SID", "Description", "Created", "Updated", "De-Activated" },
u => u.Name,
u => u.Key,
u => u.Description,
u => String.Format("{0} ({1})", u.CreationTimeXml, m_client.GetUser(m_client.GetProvenance(u.CreatedByKey.Value).UserKey.Value).Entity.UserName),
u => String.Format("{0} ({1})", u.UpdatedTimeXml, m_client.GetUser(m_client.GetProvenance(u.UpdatedByKey.Value).UserKey.Value).Entity.UserName),
u => String.Format("{0} ({1})", u.ObsoletionTimeXml, m_client.GetUser(m_client.GetProvenance(u.ObsoletedByKey.Value).UserKey.Value).Entity.UserName)
);
}
internal static void UserInfo(GenericUserParms parms)
{
if (parms.UserName == null)
{
throw new InvalidOperationException("Must specify a user");
}
foreach (var un in parms.UserName)
{
var user = m_client.GetUsers(o => o.UserName == un).CollectionItem.FirstOrDefault();
if (user == null)
{
throw new KeyNotFoundException($"User {un} not found");
}
Console.WriteLine("User: {0}", user.UserName);
Console.WriteLine("\tSID: {0}", user.UserId);
Console.WriteLine("\tEmail: {0}", user.Email);
Console.WriteLine("\tPhone: {0}", user.User.PhoneNumber);
Console.WriteLine("\tInvalid Logins: {0}", user.User.InvalidLoginAttempts);
Console.WriteLine("\tLockout: {0}", user.User.Lockout);
Console.WriteLine("\tLast Login: {0}", user.User.LastLoginTime);
Console.WriteLine("\tCreated: {0} ({1})", user.User.CreationTime, m_client.GetUser(user.User.CreatedByKey.ToString()).UserName);
if (user.User.UpdatedTime.HasValue)
{
Console.WriteLine("\tLast Updated: {0} ({1})", user.User.UpdatedTime, m_client.GetUser(user.User.UpdatedByKey.ToString()).UserName);
}
if (user.User.ObsoletionTime.HasValue)
{
Console.WriteLine("\tDeActivated: {0} ({1})", user.User.ObsoletionTime, m_client.GetUser(user.User.ObsoletedByKey.ToString()).UserName);
}
Console.WriteLine("\tGroups: {0}", String.Join(";", user.Roles.Select(o => o.Name)));
List <SecurityPolicyInfo> policies = m_client.GetPolicies(o => o.ObsoletionTime == null).CollectionItem.OrderBy(o => o.Oid).ToList();
policies.ForEach(o => o.Grant = (PolicyGrantType)10);
foreach (var rol in user.Roles)
{
foreach (var pol in m_client.GetRole(rol.Id.ToString()).Policies)
{
var existing = policies.FirstOrDefault(o => o.Oid == pol.Oid);
if (pol.Grant < existing.Grant)
{
existing.Grant = pol.Grant;
}
}
}
Console.WriteLine("\tEffective Policies:");
foreach (var itm in policies)
{
Console.Write("\t\t{0} : ", itm.Name);
if (itm.Grant == (PolicyGrantType)10) // Lookup parent
{
var parent = policies.LastOrDefault(o => itm.Oid.StartsWith(o.Oid + ".") && itm.Oid != o.Oid);
if (parent != null && parent.Grant <= PolicyGrantType.Grant)
{
Console.WriteLine("{0} (inherited from {1})", parent.Grant, parent.Name);
}
else
{
Console.WriteLine("Deny (automatic)");
}
}
else
{
Console.WriteLine("{0} (explicit)", itm.Grant);
}
}
}
}