private static string GetInternalLogonType(LogonType logonType) { if (logonType == 2) { return("Delegated"); } return(logonType.ToString()); }
/// <summary> /// 用户身份认证 /// </summary> /// <param name="strUserValue">用户数据值</param> /// <param name="eunmValueType">用户数据值类型</param> /// <param name="strPwdTypeGuid">用户所使用的密码类型</param> /// <param name="strUserPwd">用户所使用的登录口令(明码,待转换)</param> private void InitLogOnUserInfo(string strUserValue, LogonType eunmValueType, string strPwdTypeGuid, string strUserPwd) { ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strUserValue.Trim()), "对不起,没有确定的用户登录信息!"); _StrUserLogOnName = strUserValue; try { string strPwd = SecurityCalculate.PwdCalculate(strPwdTypeGuid, strUserPwd); string strOriginal = @" SELECT OU_USERS.PARENT_GUID, OU_USERS.USER_GUID, OU_USERS.DISPLAY_NAME, OU_USERS.OBJ_NAME, OU_USERS.ALL_PATH_NAME, OU_USERS.INNER_SORT, OU_USERS.GLOBAL_SORT, OU_USERS.ORIGINAL_SORT, OU_USERS.SIDELINE, OU_USERS.START_TIME, OU_USERS.END_TIME, USERS.LOGON_NAME, OU_USERS.DESCRIPTION, USERS.RANK_CODE, RANK_DEFINE.SORT_ID, RANK_DEFINE.NAME, RANK_DEFINE.VISIBLE FROM OU_USERS, USERS LEFT JOIN RANK_DEFINE ON USERS.RANK_CODE = RANK_DEFINE.CODE_NAME WHERE OU_USERS.USER_GUID = USERS.GUID AND USERS." + TSqlBuilder.Instance.CheckQuotationMark(eunmValueType.ToString(), false) + @" = {0} {1} {2} AND OU_USERS.STATUS = 1 AND DATEDIFF(DAY, OU_USERS.START_TIME, GETDATE()) >= 0 AND DATEDIFF(DAY, GETDATE(), OU_USERS.END_TIME) >= 0 " ; string strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true), " AND USERS.USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(strPwd, true), strPwdTypeGuid == string.Empty ? string.Empty : " AND USERS.PWD_TYPE_GUID = " + TSqlBuilder.Instance.CheckQuotationMark(strPwdTypeGuid, true)); using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias)) { Database database = DatabaseFactory.Create(context); DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql + " AND USERS.POSTURAL <> 1 "); if (ds.Tables[0].Rows.Count > 0) { SetImpersonateUser(); if (_StrUserLogOnName != strUserValue) { strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(_StrUserLogOnName, true), string.Empty, string.Empty); ds = database.ExecuteDataSet(CommandType.Text, strSql); } } else { DataSet posDS = database.ExecuteDataSet(CommandType.Text, strSql); ExceptionHelper.TrueThrow(posDS.Tables[0].Rows.Count > 0, "对不起,您的帐号[" + strUserValue + "]目前被禁用了!\n\n请联系管理员!"); } InitData(ds); } } catch (System.Exception ex) { //ExceptionManager.Publish(ex); throw ex; } }
public AuditEvent(MailboxSession session, MailboxAuditOperations operation, COWSettings settings, OperationResult result, LogonType logonType, bool externalAccess) { EnumValidator.ThrowIfInvalid <MailboxAuditOperations>(operation); EnumValidator.ThrowIfInvalid <OperationResult>(result, "result"); EnumValidator.ThrowIfInvalid <LogonType>(logonType, "logonType"); Util.ThrowOnNullArgument(session, "session"); Util.ThrowOnNullArgument(settings, "settings"); this.MailboxSession = session; this.AuditOperation = operation; this.COWSettings = settings; this.OperationSucceeded = result; this.LogonType = logonType; this.ExternalAccess = externalAccess; this.CreationTime = DateTime.UtcNow; this.RecordId = CombGuidGenerator.NewGuid(this.CreationTime); this.OrganizationId = (string.IsNullOrEmpty(session.OrganizationId.ToString()) ? "First Org" : session.OrganizationId.ToString()); this.MailboxGuid = session.MailboxGuid; this.OperationName = operation.ToString(); this.LogonTypeName = logonType.ToString(); }
/// <summary> /// Logon a user with the specified credentials. /// </summary> /// <param name="credentials">Credentials for logon. See <see cref="NetworkCredential"/>.</param> /// <param name="logontype">See <see cref="LogonType"/>.</param> /// <returns>The <see cref="WindowsIdentity"/> of the logged on account.</returns> /// <permission cref="SecurityPermission">Demand for <see cref="SecurityPermissionFlag.ControlPrincipal"/> permission flag.</permission> /// <exception cref="ArgumentException">Unable to logon</exception> public static WindowsIdentity LogonUser(NetworkCredential credentials, LogonType logontype) { // Parameter validation if (credentials == null) { throw new ArgumentException("credentials"); } // Demand permissions new SecurityPermission(SecurityPermissionFlag.ControlPrincipal).Demand(); // Assert permissions _assertedPermissions.Assert(); // initialize tokens IntPtr pExistingTokenHandle = IntPtr.Zero; IntPtr pDuplicateTokenHandle = IntPtr.Zero; string domain = credentials.Domain; if (domain == null || domain.Length == 0) { domain = Environment.MachineName; } bool returnValue = false; try { returnValue = Win32Native.LogonUser(credentials.UserName, domain, credentials.Password, (int)logontype, Win32Native.LOGON32_PROVIDER_DEFAULT, ref pExistingTokenHandle); if (returnValue && pExistingTokenHandle != IntPtr.Zero) { returnValue = Win32Native.DuplicateToken(pExistingTokenHandle, (int)Win32Native.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, ref pDuplicateTokenHandle); // did DuplicateToken fail? if (returnValue) { // create new identity using new primary token return(new WindowsIdentity(pDuplicateTokenHandle, "NTLM", WindowsAccountType.Normal, true)); } else { throw new Win32Exception(Marshal.GetLastWin32Error()); } } else { throw new Win32Exception(Marshal.GetLastWin32Error()); } } catch (Win32Exception wex) { //Add detailed description throw new ArgumentException(Resource.ResourceManager[Resource.MessageKey.LogonUserException, domain, credentials.UserName, logontype.ToString(), Environment.NewLine, wex.Message, Environment.MachineName, WindowsIdentity.GetCurrent().Name]); } finally { // close handles if (pExistingTokenHandle != IntPtr.Zero) { Win32Native.CloseHandle(pExistingTokenHandle); } if (pDuplicateTokenHandle != IntPtr.Zero) { Win32Native.CloseHandle(pDuplicateTokenHandle); } // Revert permission (Not strictly necessary but a good practice indeed.) System.Security.CodeAccessPermission.RevertAssert(); } }
/// <summary> /// 用户身份认证 /// </summary> /// <param name="strUserValue">用户数据值</param> /// <param name="eunmValueType">用户数据值类型</param> /// <param name="strPwdTypeGuid">用户所使用的密码类型</param> /// <param name="strUserPwd">用户所使用的登录口令(明码,待转换)</param> private void InitLogOnUserInfo(string strUserValue, LogonType eunmValueType, string strPwdTypeGuid, string strUserPwd) { ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strUserValue.Trim()), "对不起,没有确定的用户登录信息!"); _StrUserLogOnName = strUserValue; try { string strPwd = SecurityCalculate.PwdCalculate(strPwdTypeGuid, strUserPwd); string strOriginal = @" SELECT OU_USERS.PARENT_GUID, OU_USERS.USER_GUID, OU_USERS.DISPLAY_NAME, OU_USERS.OBJ_NAME, OU_USERS.ALL_PATH_NAME, OU_USERS.INNER_SORT, OU_USERS.GLOBAL_SORT, OU_USERS.ORIGINAL_SORT, OU_USERS.SIDELINE, OU_USERS.START_TIME, OU_USERS.END_TIME, USERS.LOGON_NAME, OU_USERS.DESCRIPTION, USERS.RANK_CODE, RANK_DEFINE.SORT_ID, RANK_DEFINE.NAME, RANK_DEFINE.VISIBLE FROM OU_USERS, USERS LEFT JOIN RANK_DEFINE ON USERS.RANK_CODE = RANK_DEFINE.CODE_NAME WHERE OU_USERS.USER_GUID = USERS.GUID AND USERS." + TSqlBuilder.Instance.CheckQuotationMark(eunmValueType.ToString(), false) + @" = {0} {1} {2} AND OU_USERS.STATUS = 1 AND DATEDIFF(DAY, OU_USERS.START_TIME, GETDATE()) >= 0 AND DATEDIFF(DAY, GETDATE(), OU_USERS.END_TIME) >= 0 "; string strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true), " AND USERS.USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(strPwd, true), strPwdTypeGuid == string.Empty ? string.Empty : " AND USERS.PWD_TYPE_GUID = " + TSqlBuilder.Instance.CheckQuotationMark(strPwdTypeGuid, true)); using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias)) { Database database = DatabaseFactory.Create(context); DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql + " AND USERS.POSTURAL <> 1 "); if (ds.Tables[0].Rows.Count > 0) { SetImpersonateUser(); if (_StrUserLogOnName != strUserValue) { strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(_StrUserLogOnName, true), string.Empty, string.Empty); ds = database.ExecuteDataSet(CommandType.Text, strSql); } } else { DataSet posDS = database.ExecuteDataSet(CommandType.Text, strSql); ExceptionHelper.TrueThrow(posDS.Tables[0].Rows.Count > 0, "对不起,您的帐号[" + strUserValue + "]目前被禁用了!\n\n请联系管理员!"); } InitData(ds); } } catch (System.Exception ex) { //ExceptionManager.Publish(ex); throw ex; } }