protected override bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext == null) { throw new ArgumentNullException("httpContext"); } IPrincipal user = httpContext.User; if (!user.Identity.IsAuthenticated) { return(false); } AuthorizationType authorization = AzManStore.CheckAccess(Store, Application.ToString().Replace('_', ' '), Item.ToString().Replace('_', ' '), AzManStore.GetDBUser(User), DateTime.Now, false, null); if (authorization == AuthorizationType.Allow || authorization == AuthorizationType.AllowWithDelegation) { return(true); } else { return(false); } }
/// <summary> /// Determines if user is authorized to view the resource that is indicated by /// this <see cref="IAzManItem"/> task. If the user is not authorized for the task or /// authorization cannot be determined, return false. /// </summary> /// <param name="task">Instance of <see cref="IAzManItem"/> to examine.</param> /// <returns>True if authorized, otherwise returns false.</returns> private bool AccessAllowed(IAzManItem task) { // item must be of type Task. if (task.ItemType != ItemType.Task) { return(false); } // Does the task have a defined (external) Url defined? // If it does then access rights are based upon the task if (task.Attributes.ContainsKey(Constants.Menu.Url)) { return(task.CheckAccess(_dbUser, DateTime.Now, null) == AuthorizationType.Allow); } // Does this task have a child item of type ItemType.Operation foreach (var azManItem in task.Members) { if (azManItem.Value.ItemType == ItemType.Operation) { // If an operation was associated with this task, return access rights // based on that operation. return(azManItem.Value.CheckAccess(_dbUser, DateTime.Now, null) == AuthorizationType.Allow); } } // At this point, the remaining possibility is that the task has attributes that // point to an operation in a different application. This would be indicated by // the task haveing two attributes defined: "application" and "operation" if (task.Attributes.ContainsKey(Constants.Menu.Application) && task.Attributes.ContainsKey(Constants.Menu.Operation)) { return(_storage.CheckAccess(task.Application.Store.Name, task.Attributes[Constants.Menu.Application].Value, task.Attributes[Constants.Menu.Operation].Value, _dbUser, DateTime.Now, true, null) == AuthorizationType.Allow); } // If made it to this point, there is something not defined correctly so // return a false since cannot determine access rights. return(false); }
/// <summary> /// Retrive a complete Authorization for the current user and populate the string array /// from .NetSqlAzMan store /// </summary> /// <param name="userName">User name identifying the current user</param> /// <returns>Array of strings containing all of the permissions from .NetSqlAzMan store</returns> private bool CheckAccess(IAzManDBUser dbUser, string app, string role, IAzManStorage storage) { var result = false; //IAzManDBUser dbUser = storage.GetDBUser(dbUserName); AuthorizationType auth = storage.CheckAccess("CATS", app, role, dbUser, DateTime.Now, false); switch (auth) { case AuthorizationType.AllowWithDelegation: case AuthorizationType.Allow: result = true; break; case AuthorizationType.Neutral: case AuthorizationType.Deny: result = false; break; } return(result); }
private void CheckNodeAccess(TreeNode tn) { var tag = (ItemType)tn.Tag; string sItemType = String.Empty; switch (tag) { case ItemType.Role: sItemType = "Role"; break; case ItemType.Task: sItemType = "Task"; break; case ItemType.Operation: sItemType = "Operation"; break; } AuthorizationType auth = AuthorizationType.Neutral; string sAuth = String.Empty; DateTime chkStart = DateTime.Now; TimeSpan elapsedTime = TimeSpan.Zero; DateTime chkEnd = DateTime.Now; List <KeyValuePair <string, string> > attributes = null; //Cache Build if (chkUserPermisisonCache.Checked && _UserPermissionCache == null) { txtDetails.Text += "Building UserPermissionCache ... " + Environment.NewLine; _UserPermissionCache = new UserPermissionCache(_Storage, _Store.Name, _Application.Name, _DbUser, true, false); chkEnd = DateTime.Now; elapsedTime = (TimeSpan)chkEnd.Subtract(chkStart); txtDetails.Text += String.Format("[{0} mls.]\r\n", elapsedTime.TotalMilliseconds) + Environment.NewLine; } else if (chkStorageCache.Checked && _StorageCache == null) { txtDetails.Text += "Building StorageCache ... " + Environment.NewLine; _StorageCache = new StorageCache(_Storage.ConnectionString); _StorageCache.BuildStorageCache(_Store.Name, _Application.Name); chkEnd = DateTime.Now; elapsedTime = (TimeSpan)chkEnd.Subtract(chkStart); txtDetails.Text += String.Format("[{0} mls.]\r\n", elapsedTime.TotalMilliseconds) + Environment.NewLine; } chkStart = DateTime.Now; elapsedTime = TimeSpan.Zero; txtDetails.Text += String.Format("{0} {1} '{2}' ... ", "Check Access Test on", sItemType, tn.Text); try { if (chkUserPermisisonCache.Checked) { auth = _UserPermissionCache.CheckAccess( tn.Text, !String.IsNullOrEmpty(txtValidFor.Text) ? Convert.ToDateTime(txtValidFor.Text) : DateTime.Now, out attributes); } else if (this.chkStorageCache.Checked) { auth = _StorageCache.CheckAccess( _Store.Name, _Application.Name, tn.Text, _DbUser.CustomSid.StringValue, !String.IsNullOrEmpty(txtValidFor.Text) ? Convert.ToDateTime(txtValidFor.Text) : DateTime.Now, false, out attributes); } else { auth = _Storage.CheckAccess( _Store.Name, _Application.Name, tn.Text, _DbUser, !String.IsNullOrEmpty(txtValidFor.Text) ? Convert.ToDateTime(txtValidFor.Text) : DateTime.Now, false, out attributes); } chkEnd = DateTime.Now; elapsedTime = (TimeSpan)chkEnd.Subtract(chkStart); sAuth = "Neutral"; switch (auth) { case AuthorizationType.AllowWithDelegation: sAuth = "Allow with Delegation"; break; case AuthorizationType.Allow: sAuth = "Allow"; break; case AuthorizationType.Deny: sAuth = "Deny"; break; case AuthorizationType.Neutral: sAuth = "Neutral"; break; } //tn.ToolTip = sAuth; txtDetails.Text += String.Format("{0} [{1} mls.]", sAuth, elapsedTime.TotalMilliseconds) + Environment.NewLine; if (attributes != null && attributes.Count > 0) { txtDetails.Text += String.Format(" {0} attribute(s) found:", attributes.Count) + Environment.NewLine; int attributeIndex = 0; foreach (KeyValuePair <string, string> attr in attributes) { txtDetails.Text += String.Format(" {0}) Key: {1} Value: {2}", ++attributeIndex, attr.Key, attr.Value) + Environment.NewLine; } } } catch (Exception ex) { sAuth = "Check Access Test Error"; txtDetails.Text += String.Format("{0} [{1} mls.]", ex.Message, elapsedTime.TotalMilliseconds) + Environment.NewLine; } tn.Text = String.Format("{0} - ({1})", tn.Text, sAuth.ToUpper()); foreach (TreeNode tnChild in tn.Nodes) { CheckNodeAccess(tnChild); } }
/// <summary> /// Retrive a complete Authorization for the current user and populate the string array /// from .NetSqlAzMan store /// </summary> /// <param name="userName">User name identifying the current user</param> /// <returns>Array of strings containing all of the permissions from .NetSqlAzMan store</returns> private bool CheckAccess(IAzManDBUser dbUser, string app, string role, IAzManStorage storage) { var result = false; //IAzManDBUser dbUser = storage.GetDBUser(dbUserName); AuthorizationType auth = storage.CheckAccess("CATS", app, role, dbUser, DateTime.Now, false); switch (auth) { case AuthorizationType.AllowWithDelegation: case AuthorizationType.Allow: result = true; break; case AuthorizationType.Neutral: case AuthorizationType.Deny: result = false; break; } return result; }