/// <summary> /// Gets and bulk updates roles. Called when the "Get and bulk update roles" button is pressed. /// Expects the CreateRole method to be run first. /// </summary> private bool GetAndBulkUpdateRoles() { // Prepare the parameters string where = "RoleName LIKE N'MyNewRole%'"; // Get the data DataSet roles = RoleInfoProvider.GetRoles(where, null); if (!DataHelper.DataSourceIsEmpty(roles)) { // Loop through the individual items foreach (DataRow roleDr in roles.Tables[0].Rows) { // Create object from DataRow RoleInfo modifyRole = new RoleInfo(roleDr); // Update the properties modifyRole.DisplayName = modifyRole.DisplayName.ToUpper(); // Save the changes RoleInfoProvider.SetRoleInfo(modifyRole); } return(true); } return(false); }
public RoleInfo GetRole(string RoleName, string SiteName, string[] Columns = null) { return(RoleInfoProvider.GetRoles() .OnSite(new CMS.DataEngine.SiteInfoIdentifier(SiteName)) .ColumnsNullHandled(Columns) .FirstOrDefault()); }
/// <summary> /// Returns where condition for specialized role conditions or <c>null</c> in case no roles were selected. /// </summary> /// <param name="selector">Condition to use (ANY/ALL)</param> /// <param name="selectedRoles">Values separated with semicolon</param> /// <remarks> /// <c>null</c> is returned in order to allow calling <see cref="WhereConditionBase{TParent}.WhereNot"/> on method's result /// (empty <see cref="WhereCondition"/> would cause appending "NOT" to SQL query). /// </remarks> private WhereCondition GetRolesSelectorCondition(string selector, string selectedRoles) { if (String.IsNullOrEmpty(selectedRoles)) { return(null); } string[] roles = selectedRoles.Split(';'); var globalRolesCondition = GetGlobalRolesCondition(roles); var roleCondition = GetSiteRolesCondition(roles).Or(globalRolesCondition); var query = UserRoleInfoProvider.GetUserRoles() .Column("UserID") .WhereIn("RoleID", RoleInfoProvider.GetRoles() .Column("RoleID") .Where(roleCondition)) .Where(new WhereCondition() .WhereNull("ValidTo") .Or() .WhereGreaterThan("ValidTo", DateTime.Now)) .GroupBy("UserID"); if (selector.Equals(UniGrid.ALL, StringComparison.OrdinalIgnoreCase)) { query.Having(condition => condition.WhereEquals(new CountColumn("RoleID"), roles.Length)); } var userIdColumn = SessionInsteadOfUser ? "SessionUserID" : "UserID"; return(new WhereCondition().WhereIn(userIdColumn, query)); }
public HttpResponseMessage GetRoles() { ObjectQuery <RoleInfo> roles; try { //the roles are got roles = RoleInfoProvider.GetRoles().OrderByDescending("RoleDisplayName"); //puts the relevant information into a new object to represent the role List <Object> roleList = roles.Select( roleInfo => new { RoleId = roleInfo.RoleID, RoleName = roleInfo.RoleName, RoleDisplayName = roleInfo.DisplayName }).OrderBy(role => role.RoleDisplayName) .ToList <Object>(); //everything is OK, the roles are also returned return(Request.CreateResponse(HttpStatusCode.OK, new { roleList = roleList })); } catch (Exception e) { return(Request.CreateResponse(HttpStatusCode.ServiceUnavailable, new { errorMessage = e.Message })); } }
/// <summary> /// Returns the dataset with roles for specified site. /// </summary> /// <param name="users">Determines whether to return only roles to which the user is assigned</param> private DataSet GetRoleDataset(bool users) { string siteWhere = (siteId.ToString() == siteSelector.GlobalRecordValue) ? "SiteID IS NULL" : "SiteID = " + siteId; string where = "(RoleID " + (users ? "" : "NOT ") + "IN (SELECT RoleID FROM CMS_UserRole WHERE UserID = " + userId + ")) AND " + siteWhere + " AND RoleGroupID IS NULL"; // Exclude generic roles string genericWhere = null; ArrayList genericRoles = RoleInfoProvider.GetGenericRoles(); if (genericRoles.Count != 0) { foreach (string role in genericRoles) { genericWhere += "'" + SqlHelperClass.GetSafeQueryString(role, false) + "',"; } if (genericWhere != null) { genericWhere = genericWhere.TrimEnd(','); } where += " AND ( RoleName NOT IN (" + genericWhere + ") )"; } return(RoleInfoProvider.GetRoles("RoleDisplayName, RoleID", where, "RoleDisplayName", 0)); }
public HttpResponseMessage GetRole(int roleId) { try { List <Object> roles = RoleInfoProvider.GetRoles() .WhereEquals("RoleID", roleId) .Select( row => new { //puts the relevant information into a new object representing the role RoleId = row.RoleID, RoleName = row.RoleName, RoleDisplayName = row.DisplayName } ).ToList <Object>(); if (roles.First() != null) { //everything is OK, the role is also returned return(Request.CreateResponse(HttpStatusCode.OK, new { role = roles.First() })); } return(Request.CreateResponse(HttpStatusCode.BadRequest, "No role with the given roleId exists.")); } catch (Exception e) { return(Request.CreateResponse(HttpStatusCode.ServiceUnavailable, new { errorMessage = e.Message })); } }
/// <summary> /// Reloads data. /// </summary> public override void ReloadData() { base.ReloadData(); // Get roles for current user LoadCurrentRoles(); string where = CreateWhereCondition(); usRoles.WhereCondition = where; // Show message or uniselector? RoleInfo role = RoleInfoProvider.GetRoles().Where(where).Columns("RoleID").TopN(1).FirstOrDefault(); if (role == null) { usRoles.Visible = false; lblRole.Visible = true; } else { usRoles.Visible = true; lblRole.Visible = false; } // Enable or disable buttons according to state of user's approval process if ((CurrentMember != null) && (CurrentMember.MemberGroupID > 0)) { // Current user cannot approve/reject him self if (IsLiveSite && (CurrentMember.MemberUserID == MembershipContext.AuthenticatedUser.UserID)) { // Member can nothing btnApprove.Enabled = false; btnReject.Enabled = false; } else if (CurrentMember.MemberStatus == GroupMemberStatus.Approved) { // Member can be rejected btnApprove.Enabled = false; btnReject.Enabled = true; } else if (CurrentMember.MemberStatus == GroupMemberStatus.Rejected) { // Member can be approved btnApprove.Enabled = true; btnReject.Enabled = false; } else if (CurrentMember.MemberStatus == GroupMemberStatus.WaitingForApproval) { // Member can be rejected and approved btnApprove.Enabled = true; btnReject.Enabled = true; } } InitializeForm(); usRoles.Value = currentValues; }
private ObjectQuery <RoleInfo> GetBoardRoles(params string[] columns) { var roles = RoleInfoProvider.GetRoles() .Columns(columns) .WhereIn("RoleID", BoardRoleInfoProvider.GetBoardRoles() .Column("RoleID") .WhereEquals("BoardID", BoardID)); return(roles); }
public async Task RoleDeletion_OneRoleIsCreatedWithID_AfterDeletingRole_NoRoleInfoExists() { int idToBeDeleted = role.Id; await store.DeleteAsync(role); CMSAssert.All( () => Assert.AreNotEqual(0, idToBeDeleted), () => Assert.AreEqual(0, RoleInfoProvider.GetRoles().Count)); }
/// <summary> /// Deletes domain objects that exist in CMS and doesn't exist in AD. /// </summary> /// <param name="usersChanged">Records removed users for CMS event log.</param> /// <param name="rolesChanged">Records removed roles for CMS event log.</param> private static void DeleteNonExistingObjects(CumulatedChanges usersChanged, CumulatedChanges rolesChanged) { // Remove CMS (domain) roles that do not exist in AD anymore IQueryable <RoleInfo> excessiveRoles = RoleInfoProvider .GetRoles() .WhereTrue("RoleIsDomain") .WhereNotEquals("RoleGUID", Guid.Empty) .WhereGreaterThan("RoleID", 0) .Columns("RoleID", "RoleGUID", "RoleName") .Where(x => !PrincipalProvider.Exists(x.RoleGUID)); foreach (var role in excessiveRoles) { // Delete role RoleInfoProvider.DeleteRoleInfo(role.RoleID); // Store deleted role GUID and name for EventLog rolesChanged.Add(role.RoleGUID, role.RoleDisplayName, ChangeActionEnum.Deleted); // Add message to log MessageLog.LogEvent(ResHelper.GetString("Log_DeletingRole", role.RoleDisplayName)); } // Remove CMS (domain) users that do not exist in AD anymore IQueryable <UserInfo> excessiveUsers = UserInfoProvider .GetUsers() .WhereTrue("UserIsDomain") .WhereNotEquals("UserGUID", Guid.Empty) .WhereGreaterThan("UserID", 0) .Columns("UserID", "UserGUID", "UserName") .Where(x => !PrincipalProvider.Exists(x.UserGUID)); foreach (var user in excessiveUsers) { // Delete user UserInfoProvider.DeleteUser(user.UserID); // Store deleted user GUID and name for EventLog usersChanged.Add(user.UserGUID, user.UserName, ChangeActionEnum.Deleted); // Add message to log MessageLog.LogEvent(ResHelper.GetString("Log_DeletingUser", user.UserName)); } }
/// <summary> /// Gets and bulk updates roles. Called when the "Get and bulk update roles" button is pressed. /// Expects the CreateRole method to be run first. /// </summary> private bool GetAndBulkUpdateRoles() { // Prepare the parameters string where = "RoleName LIKE N'MyNewRole%'"; // Get the data from database var roles = RoleInfoProvider.GetRoles().Where(where); // Loop through the individual items foreach (RoleInfo modifyRole in roles) { // Update the properties modifyRole.DisplayName = modifyRole.DisplayName.ToUpper(); // Save the changes RoleInfoProvider.SetRoleInfo(modifyRole); } // Return TRUE if any object was found and updated, FALSE otherwise return(roles.Count > 0); }
/// <summary> /// Helper to Get or create the given Role /// </summary> /// <param name="RoleCodeName">Role Code Name</param> /// <param name="RoleDisplayName">Role Display Name</param> /// <param name="RoleDescription">Role Description</param> /// <returns>The RoleInfo</returns> private RoleInfo GetOrCreateRole(string RoleCodeName, string RoleDisplayName, string RoleDescription, int?SiteID) { if (SiteID.HasValue) { // Get Site Specific Role RoleInfo Role = RoleInfoProvider.GetRoleInfo(RoleCodeName, SiteID.Value); if (Role == null) { Role = new RoleInfo() { RoleDisplayName = RoleDisplayName, RoleName = RoleCodeName, RoleDescription = RoleDescription, SiteID = SiteID.Value, RoleIsDomain = false }; RoleInfoProvider.SetRoleInfo(Role); } return(Role); } else { // Get Global Role RoleInfo Role = RoleInfoProvider.GetRoles().WhereEquals("RoleName", RoleCodeName).WhereNull("SiteID").FirstOrDefault(); if (Role == null) { Role = new RoleInfo() { RoleDisplayName = RoleDisplayName, RoleName = RoleCodeName, RoleDescription = RoleDescription, RoleIsDomain = false }; RoleInfoProvider.SetRoleInfo(Role); } return(Role); } }
private static void ImportWorker_DoWork(object sender, DoWorkEventArgs e) { try { BackgroundWorker worker = (BackgroundWorker)sender; // Save import profile if (ImportProfile.SaveImportProfile && !ImportProfile.UsesConsole) { SaveFile(SaveImportProfile); } // Decide whether to import if (!ImportProfile.ImportNow && !ImportProfile.UsesConsole) { return; } using (new CMSActionContext() { LogEvents = false, ContinuousIntegrationAllowObjectSerialization = false }) { #region "Initialization" // Import canceled if (worker.CancellationPending) { e.Cancel = true; return; } DateTime start = DateTime.Now; // Initialize CMS context CMSInit(); if (ImportProfile.UsesConsole) { // Ensure object in case they are not present in import profile EnsureObjects(); } if (ImportProfile.ImportUsersOnlyFromSelectedRoles) { // Narrow down imported users according to imported roles ImportProfile.Users.Clear(); } // Import canceled if (worker.CancellationPending) { e.Cancel = true; return; } // Initialize cumulative changed users and roles storages var rolesChanged = new CumulatedChanges(WellKnownEventLogEventsEnum.RolesCreated, WellKnownEventLogEventsEnum.RolesUpdated, WellKnownEventLogEventsEnum.RolesDeleted); var usersChanged = new CumulatedChanges(WellKnownEventLogEventsEnum.UsersCreated, WellKnownEventLogEventsEnum.UsersUpdated, WellKnownEventLogEventsEnum.UsersDeleted); #endregion // Delete non-existing objects (this also prevents conflicting code names) if (ImportProfile.DeleteNotExistingObjects) { DeleteNonExistingObjects(usersChanged, rolesChanged); } #region "Role import" foreach (var siteInfo in ImportProfile .Sites .Select(site => SiteInfoProvider.GetSiteInfo(site.Key)) .Where(info => info != null)) { foreach (Guid groupGuid in ImportProfile.Groups) { // Import canceled if (worker.CancellationPending) { e.Cancel = true; return; } // Try to get group IPrincipalObject group = PrincipalProvider.GetPrincipalObject(groupGuid); // If group is still null if (group == null) { MessageLog.LogEvent(ResHelper.GetString("Log_SkippingNonExistingObject")); warnings++; // If deleting of not existing objects is enabled if (ImportProfile.DeleteNotExistingObjects) { DeleteRole(siteInfo, groupGuid); } } else { // Get role description string roleDescription = String.Empty; if (ImportProfile.ImportRoleDescription && (group.Description != null)) { roleDescription = group.Description; } // Get correct role name format string roleCodeName = group.GetCMSCodeName(true); // Get role display name string roleDisplayName = group.GetCMSDisplayName(); // Get safe role name roleCodeName = ValidationHelper.GetSafeRoleName(roleCodeName, siteInfo.SiteName); if (!String.IsNullOrEmpty(roleCodeName)) { // Add message to log MessageLog.LogEvent(ResHelper.GetString("Log_ImportingRole", roleDisplayName, CMS.Helpers.ResHelper.LocalizeString(siteInfo.DisplayName))); // Import role ImportRole(roleCodeName, roleDisplayName, siteInfo.SiteID, roleDescription, groupGuid, ImportProfile.UpdateObjectData, rolesChanged); if (ImportProfile.ImportUsersOnlyFromSelectedRoles) { ImportProfile.Users.AddRange(PrincipalProvider.GetUsersOf(group).Select(u => u.Identifier)); } } else { // Add message to log MessageLog.LogEvent(ResHelper.GetString("Log_SkippingEmptyRolename", group.Identifier)); warnings++; } } } } // Log created and updated and removed roles to EventLog rolesChanged.WriteEventsToEventLog(); #endregion #region "User import" foreach (var user in ImportProfile .Users .Distinct() .Select(userGuid => PrincipalProvider.GetPrincipalObject(userGuid))) { // Import canceled if (worker.CancellationPending) { e.Cancel = true; return; } if (user == null) { MessageLog.LogEvent(ResHelper.GetString("Log_SkippingNonExistingObject")); continue; } string domainName = user.GetCMSCodeName(true); if (!String.IsNullOrEmpty(domainName)) { // Get user info object UserInfo userInfo = (UserInfoProvider.GetUserInfoByGUID((Guid)user.Identifier) ?? UserInfoProvider.GetUserInfo(domainName)); bool newUser = (userInfo == null); // When is desired to import new users only from selected roles if (newUser && ImportProfile.ImportNewUsersOnlyFromSelectedRoles) { // Skip users that does not belong to one of selected role bool skip = ImportProfile.Groups.Cast <Guid>().All(groupGuid => !user.IsPrincipalInGroup(groupGuid)); if (skip) { MessageLog.LogEvent(ResHelper.GetString("Log_SkippingDoesNotBelongToSelectedRole", domainName)); continue; } } if (ImportProfile.UpdateObjectData || newUser) { if (userInfo == null) { userInfo = new UserInfo(); // Add message to log MessageLog.LogEvent(ResHelper.GetString("Log_ImportingUser", domainName)); } else { // Add message to log MessageLog.LogEvent(ResHelper.GetString("Log_UpdatingUser", domainName)); } using (var transaction = new CMSTransactionScope()) { if (newUser) { userInfo.UserIsDomain = true; userInfo.UserGUID = (Guid)user.Identifier; // Set privilege level UserPrivilegeLevelEnum privilegeLevel = ImportProfile.ConfigureAsCMSEditor ? UserPrivilegeLevelEnum.Editor : UserPrivilegeLevelEnum.None; userInfo.SiteIndependentPrivilegeLevel = privilegeLevel; } if (userInfo.UserIsDomain) { // Set user's properties userInfo.UserIsExternal = true; userInfo.UserName = domainName; userInfo.Enabled = ValidationHelper.GetBoolean(user.Enabled, true); // Bind properties foreach (KeyValuePair <string, string> property in ImportProfile.UserProperties) { // Get attribute object attribute = user.GetProperty(property.Value); if (attribute != null) { try { string attrValue; // Get string representation of the attribute if (attribute is float || attribute is double || attribute is decimal) { attrValue = String.Format(CultureInfo.InvariantCulture, "{0}", attribute); } else if (attribute.GetType() == typeof(byte[])) { attrValue = PrincipalProvider.GetSID(attribute); } else if (attribute.GetType().BaseType == typeof(MarshalByRefObject)) { attrValue = PrincipalProvider.GetTimeFromInterval(attribute); } else { attrValue = attribute.ToString(); } // Set property userInfo.SetValue(property.Key, LimitLengthForField(attrValue, property.Key)); } catch { MessageLog.LogEvent(ResHelper.GetString("Log_ErrorParsingAttr", property.Value)); warnings++; } } else { FormFieldInfo field = UserFormInfo.GetFormField(property.Key); userInfo.SetValue(property.Key, field.GetPropertyValue(FormFieldPropertyEnum.DefaultValue)); } } // Create full name if empty if (String.IsNullOrEmpty(userInfo.FullName)) { userInfo.FullName = user.GetCMSDisplayName(); } // Store user info object and its user-settings if (userInfo.ChangedColumns().Any()) { // Store created/updated user for EventLog // User name is used, because AD accounts does not have to have first and/or given name specified (e.g. Guest, …) usersChanged.Add(userInfo.UserGUID, userInfo.UserName, newUser ? ChangeActionEnum.Created : ChangeActionEnum.Updated); UserInfoProvider.SetUserInfo(userInfo); } } else { MessageLog.LogEvent(ResHelper.GetString("Log_UserIsNotDomain", userInfo.UserName)); warnings++; } transaction.Commit(); } } else { MessageLog.LogEvent(ResHelper.GetString("Log_SkippingExistingUser", domainName)); } // Import canceled if (worker.CancellationPending) { e.Cancel = true; return; } // Assign user to sites and roles (for domain users only) if (!userInfo.UserIsDomain) { continue; } #region "Membership (roles) synchronization" if (!newUser && !ImportProfile.UpdateMemberships && !ImportProfile.UpdateMemberships) { // No membership synchronization will be performed continue; } // Initialize collection to cumulate membership changes var memberShipChanges = new CumulatedRolesMembership(); // Load all user roles from DB var userRoles = new HashSet <RoleInfo>(newUser ? Enumerable.Empty <RoleInfo>() // non-existing user cannot be present in a single role (in DB) : RoleInfoProvider .GetRoles() .WhereIn("RoleID", UserRoleInfoProvider .GetUserRoles() .WhereEquals("UserID", userInfo.UserID) .Column("RoleID")) .Columns("RoleID", "RoleGUID", "RoleDisplayName", "RoleIsDomain")); // Store user's roles before membership synchronization memberShipChanges.SetRolesBefore(userRoles); foreach (KeyValuePair <string, List <Guid> > site in ImportProfile.Sites) { // Get site info object var siteInfo = SiteInfoProvider.GetSiteInfo(site.Key); if (siteInfo != null) { try { // Add user to this site UserSiteInfoProvider.AddUserToSite(userInfo, siteInfo); } catch (Exception ex) { MessageLog.LogEvent(ResHelper.GetString("Log_GeneralWarning", ex.Message)); warnings++; } // Assign user to roles already existing in CMS if (newUser || ImportProfile.UpdateMemberships) { SetMemberships(user, userInfo, siteInfo, userRoles, site); } // Remove user from roles they is member no more if (!newUser && ImportProfile.UpdateMemberships) { RemoveExcessiveMemberships(user, userInfo, userRoles); } } else { MessageLog.LogEvent(ResHelper.GetString("Log_SiteNotExist", site.Key)); warnings++; } } // Store user's roles after membership synchronization memberShipChanges.SetRolesAfter(userRoles); // Log created and removed memberships to EventLog memberShipChanges.WriteEventsToEventLog(userInfo.UserName); #endregion } else { // Add message to log MessageLog.LogEvent(ResHelper.GetString("Log_SkippingEmptyUsername", user.Identifier)); warnings++; } } // Log created and updated and deleted users to EventLog usersChanged.WriteEventsToEventLog(); #endregion // Import canceled if (worker.CancellationPending) { e.Cancel = true; return; } TimeSpan duration = DateTime.Now - start; if (!worker.CancellationPending) { // Add message to log MessageLog.LogEvent(warnings == 0 ? ResHelper.GetString("Log_ImportComplete", duration.Hours, duration.Minutes, duration.Seconds) : ResHelper.GetString("Log_ImportCompleteWithWarnings", warnings, duration.Hours, duration.Minutes, duration.Seconds)); } } } catch (Exception ex) { MessageLog.LogError(ResHelper.GetString("Error_General"), ex); } }
/// <summary> /// Reloads data. /// </summary> public override void ReloadData() { base.ReloadData(); // Get member object info if ((this.MemberID > 0)) { this.gmi = GroupMemberInfoProvider.GetGroupMemberInfo(this.MemberID); } // Get roles for current user LoadCurrentRoles(); string where = CreateWhereCondition(); usRoles.WhereCondition = where; // Show message or uniselector? if (DataHelper.DataSourceIsEmpty(RoleInfoProvider.GetRoles("RoleID", where, null, 1))) { usRoles.Visible = false; lblRole.Visible = true; } else { usRoles.Visible = true; lblRole.Visible = false; } // Enable or disable buttons according to state of user's approval process if (gmi != null) { // Current user cannot approve/reject him self if (IsLiveSite && (gmi.MemberUserID == CMSContext.CurrentUser.UserID)) { // Member can nothing btnApprove.Enabled = false; btnReject.Enabled = false; } else if (gmi.MemberStatus == GroupMemberStatus.Approved) { // Member can be rejected btnApprove.Enabled = false; btnReject.Enabled = true; } else if (gmi.MemberStatus == GroupMemberStatus.Rejected) { // Member can be approved btnApprove.Enabled = true; btnReject.Enabled = false; } else if (gmi.MemberStatus == GroupMemberStatus.WaitingForApproval) { // Member can be rejected and approved btnApprove.Enabled = true; btnReject.Enabled = true; } } InitializeForm(); usRoles.Value = currentValues; }
public override async Task ProcessRequestAsync(HttpContext context) { try { ClientCredential credential = new ClientCredential(Constants.AzureActiveDirectory.ClientId, Constants.AzureActiveDirectory.ApplicationKey); var authContext = new AuthenticationContext(string.Format(Constants.AzureActiveDirectory.AuthorityUrl, Constants.AzureActiveDirectory.TenantId)); var code = ValidationHelper.GetString(HttpContext.Current.Request.QueryString["code"], string.Empty); AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential, string.Format(Constants.AzureActiveDirectory.GraphUrl, "")); var adClient = new ActiveDirectoryClient( new Uri(string.Format(Constants.AzureActiveDirectory.GraphUrl, result.TenantId)), async() => await GetAppTokenAsync(result.TenantId)); var adUser = (User) await adClient.Users.Where(x => x.UserPrincipalName.Equals(result.UserInfo.DisplayableId)) .Expand(x => x.MemberOf) .ExecuteSingleAsync(); var user = UserInfoProvider.GetUsers() .Where("AzureADUsername", QueryOperator.Equals, adUser.UserPrincipalName) .FirstOrDefault(); var groupsToAdd = adUser.MemberOf.OfType <Group>() .Select(x => x.DisplayName) .Where(x => Constants.AzureActiveDirectory.GroupsToSync.Contains(x)); var groupsToRemove = Constants.AzureActiveDirectory.GroupsToSync .Where(x => !groupsToAdd.Contains(x)); // check if any of the Azure Active Directory groups are matching by name any Kentico roles // if not save an error message in ErrorLog and return bool isGroupMatchRole = false; foreach (var group in groupsToAdd) { var roleInfo = RoleInfoProvider.GetRoles() .OnSite(SiteContext.CurrentSiteID) .Where("RoleDisplayName", QueryOperator.Equals, group).ToList <RoleInfo>(); if (roleInfo.Count > 0) { isGroupMatchRole = true; break; } } if (!isGroupMatchRole) { var logerr = $"Attempted login on {DateTime.Now} by user {adUser.UserPrincipalName},[{adUser.DisplayName}] memberOf {groupsToAdd.ToList<string>().Join(",")}"; EventLogProvider.LogEvent(EventType.ERROR, "Login user through Azure Active Directory", "AZUREADLOGINFAILURE", eventDescription: logerr); var returnUrlWithError = ValidationHelper.GetString(this.Context.Request.Params["state"], string.Empty); URLHelper.Redirect(URLHelper.GetAbsoluteUrl($"{returnUrlWithError}?logonresult=Failed&firstname={adUser.DisplayName}&lastname={string.Empty}&lastlogoninfo={logerr}")); return; } if (user == null) { user = new CMS.Membership.UserInfo(); user.UserName = adUser.UserPrincipalName; user.FirstName = adUser.GivenName; user.LastName = adUser.Surname; user.FullName = adUser.DisplayName; user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault()); user.SetValue("AzureADUsername", adUser.UserPrincipalName); user.IsExternal = true; //None 0 User has no privilege level //Editor 1 User is able to use administration interface //Admin 2 User can use all applications except the global applications and functionality //GlobalAdmin 3 User can use all applications and functionality without any exceptions user.SiteIndependentPrivilegeLevel = CMS.Base.UserPrivilegeLevelEnum.Editor; user.Enabled = true; UserInfoProvider.SetUserInfo(user); UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName); foreach (var group in groupsToAdd) { UserInfoProvider.AddUserToRole(user.UserName, RoleInfoProvider.GetRoles() .OnSite(SiteContext.CurrentSiteID) .Where("RoleDisplayName", QueryOperator.Equals, group) .FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName); } } else { user.FirstName = adUser.GivenName; user.LastName = adUser.Surname; user.FullName = adUser.DisplayName; user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault()); user.IsExternal = true; UserInfoProvider.SetUserInfo(user); UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName); foreach (var group in groupsToAdd) { UserInfoProvider.AddUserToRole(user.UserName, RoleInfoProvider.GetRoles() .OnSite(SiteContext.CurrentSiteID) .Where("RoleDisplayName", QueryOperator.Equals, group) .FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName); } foreach (var group in groupsToRemove) { UserInfoProvider.RemoveUserFromRole(user.UserName, RoleInfoProvider.GetRoles() .OnSite(SiteContext.CurrentSiteID) .Where("RoleDisplayName", QueryOperator.Equals, group) .FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName); } } AuthenticationHelper.AuthenticateUser(user.UserName, false); MembershipActivityLogger.LogLogin(user.UserName, DocumentContext.CurrentDocument); var returnUrl = ValidationHelper.GetString(context.Request.Params["state"], string.Empty); URLHelper.Redirect(URLHelper.GetAbsoluteUrl(returnUrl)); } catch (Exception exception) { EventLogProvider.LogException("AzureActiveDirectory", "Login", exception); } }
protected async void Page_Load(object sender, EventArgs e) { try { ClientCredential credential = new ClientCredential(Constants.AzureActiveDirectory.ClientId, Constants.AzureActiveDirectory.AppKey); var authContext = new AuthenticationContext(string.Format(Constants.AzureActiveDirectory.Authority, Constants.AzureActiveDirectory.TenantId)); var code = ValidationHelper.GetString(HttpContext.Current.Request.QueryString["code"], string.Empty); AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential, string.Format(Constants.AzureActiveDirectory.GraphResourceUri, "")); var adClient = new ActiveDirectoryClient( new Uri(string.Format(Constants.AzureActiveDirectory.GraphResourceUri, result.TenantId)), async() => await GetAppTokenAsync(result.TenantId)); var adUser = (User) await adClient.Users.Where(x => x.UserPrincipalName.Equals(result.UserInfo.DisplayableId)) .Expand(x => x.MemberOf) .ExecuteSingleAsync(); var user = UserInfoProvider.GetUsers() .Where("AzureADUsername", QueryOperator.Equals, adUser.UserPrincipalName) .FirstOrDefault(); var groupsToAdd = adUser.MemberOf.OfType <Group>() .Select(x => x.DisplayName) .Where(x => Constants.AzureActiveDirectory.GroupsToSync.Contains(x)); var groupsToRemove = Constants.AzureActiveDirectory.GroupsToSync .Where(x => !groupsToAdd.Contains(x)); if (user == null) { user = new CMS.Membership.UserInfo(); user.UserName = adUser.UserPrincipalName; user.FirstName = adUser.GivenName; user.LastName = adUser.Surname; user.FullName = adUser.DisplayName; user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault()); user.SetValue("AzureADUsername", adUser.UserPrincipalName); user.IsExternal = true; user.Enabled = true; UserInfoProvider.SetUserInfo(user); UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName); foreach (var group in groupsToAdd) { UserInfoProvider.AddUserToRole(user.UserName, RoleInfoProvider.GetRoles() .OnSite(SiteContext.CurrentSiteID) .Where("RoleDisplayName", QueryOperator.Equals, group) .FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName); } } else { user.FirstName = adUser.GivenName; user.LastName = adUser.Surname; user.FullName = adUser.DisplayName; user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault()); user.IsExternal = true; UserInfoProvider.SetUserInfo(user); UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName); foreach (var group in groupsToAdd) { UserInfoProvider.AddUserToRole(user.UserName, RoleInfoProvider.GetRoles() .OnSite(SiteContext.CurrentSiteID) .Where("RoleDisplayName", QueryOperator.Equals, group) .FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName); } foreach (var group in groupsToRemove) { UserInfoProvider.RemoveUserFromRole(user.UserName, RoleInfoProvider.GetRoles() .OnSite(SiteContext.CurrentSiteID) .Where("RoleDisplayName", QueryOperator.Equals, group) .FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName); } } AuthenticationHelper.AuthenticateUser(user.UserName, false); MembershipActivityLogger.LogLogin(user.UserName, DocumentContext.CurrentDocument); } catch (Exception exception) { EventLogProvider.LogException("AzureActiveDirectory", "Login", exception); } var postLoginPage = DocumentHelper.GetDocuments() .WhereEquals("NodeAliasPath", Constants.AzureActiveDirectory.PostLoginPage) .FirstOrDefault(x => x.DocumentCulture.Equals(LocalizationContext.CurrentCulture.CultureCode, StringComparison.InvariantCultureIgnoreCase)); var returnUrl = HttpContext.Current.Request.GetReturnUrl(postLoginPage.GetRelativeUrl()); URLHelper.Redirect(URLHelper.GetAbsoluteUrl(returnUrl)); }