private void btnOK_Click(object sender, EventArgs e)
{
if (String.IsNullOrWhiteSpace(textBoxPrincipalRealm.Text))
{
MessageBox.Show(this,
Properties.Resources.CredentialsEditorForm_MustProvideARealm, Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (String.IsNullOrWhiteSpace(textBoxUsername.Text))
{
MessageBox.Show(this,
Properties.Resources.CredentialsEditorForm_MustProvideAUsername, Properties.Resources.MessageBox_ErrorString,
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
SecurityPrincipal p = new SecurityPrincipal(typeof(AuthenticationCredentials), textBoxPrincipalName.Text, textBoxPrincipalRealm.Text);
if (_checkPrincipal(p) || (MessageBox.Show(this,
String.Format(Properties.Resources.CredentialsEditorForm_PrincipalAlreadyExists, textBoxPrincipalName.Text, textBoxPrincipalRealm.Text),
Properties.Resources.MessageBox_ErrorString, MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes))
{
Principal = p;
Username = textBoxUsername.Text;
Password = textBoxPassword.Text;
Domain = textBoxDomain.Text;
DialogResult = DialogResult.OK;
Close();
}
}
}
/// <summary>
/// switches the current security principal to our custom security principal which works
/// with the security information read from the database and passed along here
/// </summary>
/// <param name="SecurityGroups">the list of secuiryt groups the user belongs too</param>
/// <param name="SecurityRights">the list of security rights the user has</param>
/// <param name="UserInfo">list of information we have about the user itself</param>
/// <returns>returns the current IPrincipal object so it can be restored after a log off of the user; returns null if we don't switch the security principal</returns>
private static IPrincipal SetSecurityPrincipal(Hashtable SecurityGroups, Hashtable SecurityRights, Hashtable UserInfo)
{
// set that we want to use authentication within the current app-domain; this means
// a thread will have a IPrincipal associated which is then used by the .NET
// security classes when checking role based security
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
// we switch to the new security principal only if we didn't do so already; this
// protects us from the consumer calling this method multiple times
if (!(Thread.CurrentPrincipal is SecurityPrincipal))
{
// create a new instance of the security principal which we can do only within
// a class memebr as we marked the constructor private
SecurityPrincipal TheSecurityPrincipal = SetSecurityValues(SecurityGroups, SecurityRights, UserInfo);
// get a reference to the current security principal so the caller can keep hold of it
IPrincipal CurrentSecurityPrincipal = Thread.CurrentPrincipal;
// set the security principal for the current thread to the newly created one
Thread.CurrentPrincipal = TheSecurityPrincipal;
// return the current security principal;
return(CurrentSecurityPrincipal);
}
// return null if we don't switch the security principal
else
{
return(null);
}
}
private void AddCredential(SecurityPrincipal principal, AuthenticationCredentials creds)
{
ListViewItem item = new ListViewItem(String.Format("{0}@{1}", principal.Name, principal.Realm));
item.SubItems.Add(creds.Username);
item.SubItems.Add(creds.Domain);
}
public IHttpActionResult GetRecordCount(string modelName)
{
// Proxy all other requests
SecurityPrincipal securityPrincipal = RequestContext.Principal as SecurityPrincipal;
if ((object)securityPrincipal == null || (object)securityPrincipal.Identity == null || !securityPrincipal.IsInRole("Viewer,Administrator"))
{
return(BadRequest($"User \"{RequestContext.Principal?.Identity.Name}\" is unauthorized."));
}
object record;
using (DataContext dataContext = new DataContext("systemSettings"))
{
try
{
Type type = typeof(Meter).Assembly.GetType("SOE.Model." + modelName);
record = dataContext.Table(type).QueryRecordCount();
}
catch (Exception ex)
{
return(BadRequest(ex.ToString()));
}
}
return(Ok(record));
}
/// <summary>
/// Gets a list of all the roles for the configured applicationName.
/// </summary>
/// <returns>A string array containing the names of all the roles stored in the data source for the configured applicationName.</returns>
public override string[] GetAllRoles()
{
// Get all the groups in Active Directory.
List <System.DirectoryServices.Protocols.SearchResultEntry> entries = ad.GetEntries("(objectCategory = group)");
// Check that entries were returned.
if (entries != null)
{
// There are entries in the list.
// Create a list to hold the names of the roles found.
List <string> roleNames = new List <string>();
// Create groups from the entries.
foreach (System.DirectoryServices.Protocols.SearchResultEntry entry in entries)
{
SecurityPrincipal securityPrincipal = new SecurityPrincipal(ad, entry);
roleNames.Add(securityPrincipal.SAMAccountName);
}
return(roleNames.ToArray());
}
else
{
// No entries were returned.
return(new string[] { });
}
}
/// <summary>
/// Gets a list of all the roles for the configured applicationName.
/// </summary>
/// <returns>A string array containing the names of all the roles stored in the data source for the configured applicationName.</returns>
public override string[] GetAllRoles()
{
// Create a wildcard group name that corresponds to groups maintained by this application.
string wildcardGroupName = GetGroupName("*");
// Search Active Directory for groups corresponding to roles managed by this application.
List <System.DirectoryServices.Protocols.SearchResultEntry> entries = ad.GetEntriesBySAMAccountName(wildcardGroupName);
// Check that entries were returned.
if (entries != null)
{
// There are entries in the list.
// Create a list to hold the names of the roles found.
List <String> roleNames = new List <String>();
// Create groups from the entries.
foreach (System.DirectoryServices.Protocols.SearchResultEntry entry in entries)
{
SecurityPrincipal securityPrincipal = new SecurityPrincipal(ad, entry);
if (securityPrincipal.IsGroup)
{
// Get the name of the role from the group name.
roleNames.Add(GetRoleName(securityPrincipal.SAMAccountName));
}
}
return(roleNames.ToArray());
}
else
{
// No entries were returned.
return(new string[] { });
}
}
private void ShowSecurityDialog(DisplayType displayType, string errorMessage = null)
{
SecurityPortal securityDialog = new SecurityPortal(displayType);
ISecurityProvider securityProvider = SecurityPrincipal.Identity.Provider;
// Show authentication failure reason if one was defined and user didn't force another message
if ((object)errorMessage == null && (object)securityProvider != null)
{
errorMessage = securityProvider.AuthenticationFailureReason;
}
if (!string.IsNullOrWhiteSpace(errorMessage))
{
securityDialog.ProviderFailure = true;
securityDialog.DisplayErrorMessage(errorMessage);
}
// Show the WPF security dialog
if (!securityDialog.ShowDialog().GetValueOrDefault())
{
// User chose to cancel security action. If the secure window has no parent,
// this is root window so exit application, otherwise just close the window
if ((object)this.Owner == null)
{
m_shutdownRequested = true;
Application.Current.Shutdown();
}
else
{
this.Close();
}
}
SecurityPrincipal = securityDialog.SecurityPrincipal;
}
/// <summary>
/// Called once by common code after initialization. If an authentication middle-ware
/// responds directly to specifically known paths it must override this virtual,
/// compare the request path to it's known paths, provide any response information
/// as appropriate, and true to stop further processing.
/// </summary>
/// <returns>
/// Returning false will cause the common code to call the next middle-ware in line.
/// Returning true will cause the common code to begin the async completion journey
/// without calling the rest of the middle-ware pipeline.
/// </returns>
public override Task <bool> InvokeAsync()
{
// Use Cases:
//
// (1) Access resource marked as anonymous - let pipeline continue
// (2) Access resource as authenticated user - let pipeline continue
// --- remaining use cases are unauthorized ---
// (3) Access AuthTest with Basic scheme or unsupported browser - respond with 403 and abort pipeline
// (4) Access resource marked for auth failure redirection - respond with 302 and abort pipeline
// (5) Access all other resources - respond with 401 and abort pipeline
//
// Unauthorized response logic:
// if use case == 3, respond with 403 (prevents browser prompt for credentials)
// else if use case == 4, respond with 302 (go back home)
// else respond with 401
return(Task.Run(() =>
{
SecurityPrincipal securityPrincipal = Request.User as SecurityPrincipal;
string urlPath = Request.Path.Value;
// If request is for an anonymous resource or user is properly authenticated, allow
// request to propagate through the Owin pipeline
if (Options.IsAnonymousResource(urlPath) || securityPrincipal?.Identity.IsAuthenticated == true)
{
return false; // Let pipeline continue
}
// Abort pipeline with appropriate response
if (Options.IsAuthFailureRedirectResource(urlPath))
{
string urlQueryString = Request.QueryString.HasValue ? "?" + Request.QueryString.Value : "";
byte[] pathBytes = Encoding.UTF8.GetBytes(urlPath + urlQueryString);
string base64Path = Convert.ToBase64String(pathBytes);
string encodedPath = WebUtility.UrlEncode(base64Path);
Response.Redirect($"{Options.LoginPage}?redir={encodedPath}");
}
else
{
Response.StatusCode = (int)HttpStatusCode.Unauthorized;
}
// Add current identity to unauthorized response header
string currentIdentity = securityPrincipal?.Identity.Name ?? "anonymous";
object value;
if (Request.Environment.TryGetValue("OriginalPrincipal", out value))
{
IPrincipal originalPrincpal = value as IPrincipal;
if ((object)originalPrincpal != null && (object)originalPrincpal.Identity != null)
{
currentIdentity = AdjustedUserName(originalPrincpal.Identity.Name);
}
}
Response.Headers.Add("CurrentIdentity", new[] { currentIdentity });
Response.ReasonPhrase = SecurityPrincipal.GetFailureReasonPhrase(securityPrincipal, AuthorizationHeader?.Scheme, AssemblyInfo.EntryAssembly.Debuggable);
return true; // Abort pipeline
}));
}
public bool CheckUserInGroup(string group)
{
string serverName = ConfigurationManager.AppSettings["ADServer"];
string userName = ConfigurationManager.AppSettings["ADUserName"];
string password = ConfigurationManager.AppSettings["ADPassword"];
bool result = false;
SecureString securePwd = null;
if (password != null)
{
securePwd = new SecureString();
foreach (char chr in password.ToCharArray())
{
securePwd.AppendChar(chr);
}
}
try
{
ActiveDirectory adConnectGroup = new ActiveDirectory(serverName, userName, securePwd);
SearchResultEntry groupResult = adConnectGroup.GetEntryByCommonName(group);
Group grp = new Group(adConnectGroup, groupResult);
SecurityPrincipal userPrincipal = grp.Members.Find(sp => sp.SAMAccountName.ToLower() == System.Web.HttpContext.Current.User.Identity.Name.ToLower());
if (userPrincipal != null)
{
result = true;
}
}
catch
{
result = false;
}
return(result);
}
private void TxtUsernameKeyDown(object sender, KeyEventArgs e)
{
// if this is a debugging session login automattically
if (System.Diagnostics.Debugger.IsAttached)
{
// this has to be removed after development
if (e.Control && e.Alt)
{
if (txtUsername.Text == "")
{
txtUsername.Text = "su";
}
UserInformation userInfo = null;
if (BLL.Settings.UseNewUserManagement)
{
userInfo = Auth.Authenticate(txtUsername.Text);
if (userInfo == null)
{
//errorLogger.SaveError(0, 1, 1, 2, "Login Attempt", "Warehouse", new InvalidCredentialException("Invalid credentials, Username = " + username));
//return false;
}
Thread.CurrentPrincipal = SecurityPrincipal.CreateSecurityPrincipal(userInfo);
}
User usr = new User();
usr.Where.UserName.Value = txtUsername.Text;
usr.Query.Load();
LogUserIn(usr);
}
}
}
private void editCredentialToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewCredentials.SelectedItems.Count > 0)
{
KeyValuePair <SecurityPrincipal, ICredentialObject> pair = (KeyValuePair <SecurityPrincipal, ICredentialObject>)listViewCredentials.SelectedItems[0].Tag;
using (CredentialEditorForm frm = new CredentialEditorForm((p) => !p.Equals(pair.Key) && CheckPrincipal(p)))
{
frm.Principal = pair.Key;
AuthenticationCredentials c = pair.Value as AuthenticationCredentials;
frm.Username = c.Username;
frm.Password = c.Password;
frm.Domain = c.Domain;
if (frm.ShowDialog(this) == DialogResult.OK)
{
SecurityPrincipal p = frm.Principal;
AuthenticationCredentials creds = new AuthenticationCredentials(frm.Username, frm.Domain, frm.Password);
_credentials[p] = creds;
UpdateCredentials();
OnCredentialsUpdated();
}
}
}
}
/// <summary>
/// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="IHttpHandler" /> interface.
/// </summary>
/// <param name="context">An <see cref="HttpContext" /> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>
public void ProcessRequest(HttpContext context)
{
HttpResponse response = context.Response;
HttpResponseCancellationToken cancellationToken = new HttpResponseCancellationToken(response);
NameValueCollection requestParameters = context.Request.QueryString;
SecurityPrincipal securityPrincipal = context.User as SecurityPrincipal;
response.ClearContent();
response.Clear();
response.AddHeader("Content-Type", CsvContentType);
response.AddHeader("Content-Disposition", "attachment;filename=" + GetModelFileName(requestParameters["ModelName"]));
response.BufferOutput = true;
try
{
CopyModelAsCsvToStream(securityPrincipal, requestParameters, response.OutputStream, response.Flush, cancellationToken);
}
catch (Exception ex)
{
LogExceptionHandler?.Invoke(ex);
throw;
}
finally
{
response.End();
}
}
/// <summary>
/// Updates the system fields.
/// </summary>
/// <param name="targetContext">The target context.</param>
/// <param name="targetItem">The target item.</param>
/// <param name="sourceItem">The source item.</param>
protected ListItem UpdateSystemFields(ClientContext targetContext, ListItem targetItem, ListItem sourceItem)
{
Logger.Log("Into UpdateSystemFields for " + sourceItem.DisplayName);
if (sourceItem != null && targetItem != null)
{
try
{
var securityPrincipal = new SecurityPrincipal(Logger, RetryCount, Delay);
FieldUserValue author = securityPrincipal.GetTargetUserFromUserMapping(targetContext, ((FieldUserValue)sourceItem[Constants.Author]));
FieldUserValue editor = securityPrincipal.GetTargetUserFromUserMapping(targetContext, ((FieldUserValue)sourceItem[Constants.Editor]));
targetItem[Constants.Author] = author; //authorUpn.Substring(authorUpn.LastIndexOf('|') + 1)
targetItem[Constants.Editor] = editor; //((FieldUserValue)sourceItem["Editor"]).LookupValue
targetItem[Constants.Created] = (DateTime)sourceItem[Constants.Created];
targetItem[Constants.Modified] = (DateTime)sourceItem[Constants.Modified];
//targetItem.Update();
targetItem.UpdateOverwriteVersion();
//targetContext.Load(targetItem);
//targetContext.ExecuteQuery();
targetContext.ExecuteQueryWithIncrementalRetry(RetryCount, Delay);
}
catch (Exception ex)
{
Logger.LogError("Error in AddContent for " + sourceItem.DisplayName + Environment.NewLine + ex.Message);
//throw ex;
}
}
return(targetItem);
}
/// <summary>
/// Evaluates if menu item should be visible to current user with access to <see cref="Roles"/>.
/// </summary>
/// <param name="parameter">
/// Data used by the <see cref="MenuCommand"/>. If the <see cref="MenuCommand"/> does not require
/// data to be passed, this object can be set to <c>null</c>.
/// </param>
/// <returns><c>true</c> if this <see cref="MenuCommand"/> can be executed; otherwise, <c>false</c>.</returns>
public bool CanExecute(object parameter)
{
SecurityPrincipal currentPrincipal = CommonFunctions.CurrentPrincipal;
return(currentPrincipal.Identity.IsAuthenticated &&
(string.IsNullOrEmpty(Roles) || Roles == "*" || currentPrincipal.IsInRole(Roles)));
}
public IHttpActionResult CreateRecord(string modelName, [FromBody] JObject record)
{
// Proxy all other requests
SecurityPrincipal securityPrincipal = RequestContext.Principal as SecurityPrincipal;
if ((object)securityPrincipal == null || (object)securityPrincipal.Identity == null || !securityPrincipal.IsInRole("Administrator"))
{
return(BadRequest($"User \"{RequestContext.Principal?.Identity.Name}\" is unauthorized."));
}
using (DataContext dataContext = new DataContext("systemSettings"))
{
try
{
Type type = typeof(Meter).Assembly.GetType("SOE.Model." + modelName);
object obj = record.ToObject(type);
dataContext.Table(typeof(Meter).Assembly.GetType("SOE.Model." + modelName)).AddNewRecord(obj);
}
catch (Exception ex)
{
return(BadRequest(ex.ToString()));
}
}
return(Ok());
}
private static void CachePrincipal(Guid sessionID, SecurityPrincipal principal)
{
if (s_authorizationCache.TryAdd(sessionID, principal))
{
SecurityProviderCache.AutoRefresh(principal.Identity.Provider);
}
}
public Form1()
{
InitializeComponent();
rbacCombo1.SelectedIndex = 2;
string conStr = "DRIVER={MySQL ODBC 5.1 Driver};SERVER=192.168.10.3;PORT=3306;DATABASE=RBAC;USER=LT_DB;PASSWORD=She!byGT;OPTION=3";
IDbConnection con = (IDbConnection) new OdbcConnection(conStr);
con.Open();
try
{
//rbacButton1.GroupUniqueID = rbacButton1.GroupUniqueID;
dbl = new DataLayer(con, DataLayer.DatabaseType.MySql);
bool d = SecurityPrincipal.InitSecuritySystem(dbl, "Admin", "Admin");
rbacButton1.oError += new nKnight.RBACControl.OnRBACButtonError(rbacButton1_oError);
rbacTextBox1.oError += new nKnight.RBACControl.OnTextBoxError(rbacTextBox1_oError);
rbacCheckBox1.oError += new nKnight.RBACControl.OnRBACCheckBoxError(rbacCheckBox1_oError);
rbacMaskedTextBox1.oError += new nKnight.RBACControl.OnRBACMaskedTextBoxError(rbacMaskedTextBox1_oError);
rbacRadioButton1.oError += new nKnight.RBACControl.OnRBACRadioButtonError(rbacRadioButton1_oError);
rbacCombo1.oError += new nKnight.RBACControl.OnRBACCComboError(rbacCombo1_oError);
rbacCheckListBox1.oError += new nKnight.RBACControl.OnRBACCheckListBoxError(rbacCheckListBox1_oError);
rbacLinkLabel1.oError += new nKnight.RBACControl.OnRBACLinkLabelError(rbacLinkLabel1_oError);
nKnightDateTimePicker1.oError += new nKnight.RBACControl.OnRBACDtPickerError(nKnightDateTimePicker1_oError);
nKnightGridView1.oError += new nKnight.RBACControl.OnRBACGridError(nKnightGridView1_oError);
nKnightButton1.oError += new nKnight.RBACControl.OnRBACButtonError(nKnightButton1_oError);
nKnightRadioButton2.oError += new nKnight.RBACControl.OnRBACRadioButtonError(nKnightRadioButton2_oError);
//rbacButton1.Click += new EventHandler(rbacButton1_Click);
}
catch (Exception ex) { MessageBox.Show(ex.Message); }
}
/// <summary>
/// Enables processing of HTTP web requests by a custom handler that implements the <see cref="IHostedHttpHandler"/> interface.
/// </summary>
/// <param name="request">HTTP request message.</param>
/// <param name="response">HTTP response message.</param>
/// <param name="cancellationToken">Propagates notification from client that operations should be canceled.</param>
public Task ProcessRequestAsync(HttpRequestMessage request, HttpResponseMessage response, CancellationToken cancellationToken)
{
NameValueCollection requestParameters = request.RequestUri.ParseQueryString();
response.Content = new PushStreamContent(async(stream, content, context) =>
{
try
{
SecurityPrincipal securityPrincipal = request.GetRequestContext().Principal as SecurityPrincipal;
await CopyModelAsCsvToStreamAsync(securityPrincipal, requestParameters, stream, cancellationToken);
}
finally
{
stream.Close();
}
}, new MediaTypeHeaderValue(CsvContentType));
response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment")
{
FileName = requestParameters["FileName"] ?? "Export.csv"
};
#if MONO
return(Task.FromResult(false));
#else
return(Task.CompletedTask);
#endif
}
/// <summary>
/// Called when authorization is required.
/// </summary>
/// <param name="filterContext">The filter context.</param>
public void OnAuthorization(AuthorizationContext filterContext)
{
SecurityPrincipal securityPrincipal = filterContext.HttpContext.User as SecurityPrincipal;
if ((object)securityPrincipal == null || (object)securityPrincipal.Identity == null)
{
filterContext.Result = new HttpUnauthorizedResult($"Authentication failed for user \"{filterContext.HttpContext.User?.Identity.Name}\".");
filterContext.HttpContext.User = null;
return;
}
// Get current user name
string username = securityPrincipal.Identity.Name;
// Verify that the current thread principal has been authenticated.
if (!securityPrincipal.Identity.IsAuthenticated)
{
filterContext.Result = new HttpUnauthorizedResult($"User \"{username}\" is not authenticated.");
filterContext.HttpContext.User = null;
}
else if (AllowedRoles.Length > 0 && !AllowedRoles.Any(role => securityPrincipal.IsInRole(role)))
{
filterContext.Result = new HttpUnauthorizedResult($"Access is denied for user \"{username}\": minimum required roles = {AllowedRoles.ToDelimitedString(", ")}.");
filterContext.HttpContext.User = null;
}
else
{
ThreadPool.QueueUserWorkItem(start => AuthorizationCache.CacheAuthorization(username, SecuritySettingsCategory));
}
}
/// <summary>
/// Enables processing of HTTP web requests by a custom handler that implements the <see cref="IHostedHttpHandler"/> interface.
/// </summary>
/// <param name="request">HTTP request message.</param>
/// <param name="response">HTTP response message.</param>
/// <param name="cancellationToken">Propagates notification from client that operations should be canceled.</param>
public Task ProcessRequestAsync(HttpRequestMessage request, HttpResponseMessage response, CancellationToken cancellationToken)
{
NameValueCollection requestParameters = request.RequestUri.ParseQueryString();
response.Content = new PushStreamContent((stream, content, context) =>
{
try
{
SecurityPrincipal securityPrincipal = request.GetRequestContext().Principal as SecurityPrincipal;
CopyModelAsCsvToStream(securityPrincipal, requestParameters, stream, null, cancellationToken);
}
catch (Exception ex)
{
LogExceptionHandler?.Invoke(ex);
throw;
}
finally
{
stream.Close();
}
},
new MediaTypeHeaderValue(CsvContentType));
response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment")
{
FileName = GetModelFileName(requestParameters["ModelName"])
};
#if MONO
return(Task.FromResult(false));
#else
return(Task.CompletedTask);
#endif
}
public GetAuthenticationCredentialsForm(SecurityPrincipal principal)
{
InitializeComponent();
comboBoxSaveType.SelectedIndex = 0;
lblDescription.Text = String.Format(Properties.Resources.GetAuthenticationCredentialsForm_TitleFormat,
principal.Name, principal.Realm);
}
public void Initialize_WithUser()
{
var principal = new SecurityPrincipal("TheUser", null, null, null);
Assert.That(principal.User, Is.EqualTo("TheUser"));
Assert.That(principal.Role, Is.Null);
Assert.That(principal.SubstitutedUser, Is.Null);
Assert.That(principal.SubstitutedRole, Is.Null);
}
public static void SignIn(UserModel user, AccessTokenModel token)
{
var principal = new SecurityPrincipal(new GenericIdentity(token.UserName), new string[] { "Roles" });
principal.Access.User = user;
principal.Access.Token = token;
Thread.CurrentPrincipal = principal;
}
public userManagement()
{
InitializeComponent();
IDbConnection con = (IDbConnection) new OdbcConnection(conStr);
con.Open();
dbl = new DataLayer(con, DataLayer.DatabaseType.MySql);
bool d = SecurityPrincipal.InitSecuritySystem(dbl, "Admin", "Admin");
}
public IHttpActionResult GetRecords(string id, string modelName)
{
// Proxy all other requests
SecurityPrincipal securityPrincipal = RequestContext.Principal as SecurityPrincipal;
if ((object)securityPrincipal == null || (object)securityPrincipal.Identity == null || !securityPrincipal.IsInRole("Viewer,Administrator"))
{
return(BadRequest($"User \"{RequestContext.Principal?.Identity.Name}\" is unauthorized."));
}
object record;
string idList = "";
try
{
if (id != "all")
{
string[] ids = id.Split(',');
if (ids.Count() > 0)
{
idList = $"ID IN ({ string.Join(",", ids.Select(x => int.Parse(x)))})";
}
}
}
catch (Exception)
{
return(BadRequest("The id field must be a comma separated integer list."));
}
using (DataContext dataContext = new DataContext("systemSettings"))
{
try
{
Type type = typeof(Meter).Assembly.GetType("SOE.Model." + modelName);
if (idList.Length == 0)
{
record = dataContext.Table(type).QueryRecords();
}
else
{
record = dataContext.Table(type).QueryRecordsWhere(idList);
}
}
catch (Exception ex)
{
return(BadRequest(ex.ToString()));
}
}
return(Ok(record));
}
/// <summary>
/// Called once by common code after initialization. If an authentication middle-ware
/// responds directly to specifically known paths it must override this virtual,
/// compare the request path to it's known paths, provide any response information
/// as appropriate, and true to stop further processing.
/// </summary>
/// <returns>
/// Returning false will cause the common code to call the next middle-ware in line.
/// Returning true will cause the common code to begin the async completion journey
/// without calling the rest of the middle-ware pipeline.
/// </returns>
public override async Task <bool> InvokeAsync()
{
// Use Cases:
//
// (1) Access resource marked as anonymous - let pipeline continue
// (2) Access resource as authenticated user - let pipeline continue
// --- remaining use cases are unauthorized ---
// (3) Access resource as result of a redirect from the OIDC Auth Server
// (4) Access resource marked for auth failure redirection - respond with 302 and abort pipeline
// (5) Access all other resources - respond with 401 and abort pipeline
SecurityPrincipal securityPrincipal = Request.User as SecurityPrincipal;
string urlPath = Request.Path.Value;
// If the resources contains a code make an Attempt to Authorize via OIDC Auth server
NameValueCollection queryParameters = System.Web.HttpUtility.ParseQueryString(Request.QueryString.Value);
bool useAlternateSecurityProvider = Options.IsAlternateSecurityProviderResource(Request.Path.Value);
useAlternateSecurityProvider = useAlternateSecurityProvider || (Options.AuthTestPage == Request.Path.Value && Request.QueryString.HasValue && queryParameters.AllKeys.Contains("useAlternate"));
if (Request.User is not null && Request.User.IsInRole("logout"))
{
string identityName = Request.User.Identity.Name;
string bodyMessage = Guid.TryParse(identityName, out Guid sessionID) && LogOut(sessionID)
? "Logout complete"
: "Unable to locate the user session";
using TextWriter writer = new StreamWriter(Response.Body, Encoding.UTF8, 4096, true);
await writer.WriteAsync(bodyMessage);
Response.StatusCode = 200;
return(true); // Abort pipeline
}
// If the user is properly Authenticated but a redirect is requested send that redirect
if (securityPrincipal?.Identity.IsAuthenticated == true && securityPrincipal.Identity.Provider.IsRedirectRequested)
{
Response.Redirect(securityPrincipal.Identity.Provider.RequestedRedirect ?? "/");
return(true);
}
// If request is for an anonymous resource or user is properly authenticated, allow
// request to propagate through the Owin pipeline
if (Options.IsAnonymousResource(urlPath) || securityPrincipal?.Identity.IsAuthenticated == true)
{
return(false); // Let pipeline continue
}
// Abort pipeline with appropriate response
if (Options.IsAuthFailureRedirectResource(urlPath) && !IsAjaxCall())
{
byte[] pathBytes;
string base64Path, encodedPath, referrer = null;
if (Request.Headers.TryGetValue("Referer", out string[] values) && values.Length == 1)
public void Initialize_WithUserAndRoleAndSubstitutedUserAndSubstitedRole()
{
var role = new SecurityPrincipalRole("TheGroup", null);
var substitutedRole = new SecurityPrincipalRole("SomeGroup", null);
var principal = new SecurityPrincipal("TheUser", role, "SomeUser", substitutedRole);
Assert.That(principal.User, Is.EqualTo("TheUser"));
Assert.That(principal.Role, Is.SameAs(role));
Assert.That(principal.SubstitutedUser, Is.EqualTo("SomeUser"));
Assert.That(principal.SubstitutedRole, Is.SameAs(substitutedRole));
}
private void SecureForm_Load(object sender, EventArgs e)
{
try
{
// Don't proceed if the form is opened in design mode
if (DesignMode)
{
return;
}
// Check if the resource is excluded from being secured
string resource = GetResourceName();
if (!SecurityProviderUtility.IsResourceSecurable(resource))
{
return;
}
// Set up security provider for passthrough authentication
ISecurityProvider securityProvider = SecurityProviderCache.CreateProvider(WindowsIdentity.GetCurrent().Name);
securityProvider.PassthroughPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
securityProvider.Authenticate();
// Setup the security principal for role-based security
SecurityIdentity securityIdentity = new SecurityIdentity(securityProvider);
SecurityPrincipal = new SecurityPrincipal(securityIdentity);
// Verify that the current thread principal has been authenticated
if (!SecurityPrincipal.Identity.IsAuthenticated)
{
throw new SecurityException($"Authentication failed for user '{SecurityPrincipal.Identity.Name}'");
}
// Perform a top-level permission check on the resource being accessed
if (!SecurityProviderUtility.IsResourceAccessible(resource, SecurityPrincipal))
{
throw new SecurityException($"Access to '{resource}' is denied");
}
// Set up the current thread principal
// NOTE: Provided for backwards compatibility;
// recommended to use the SecurityPrincipal instead
Thread.CurrentPrincipal = SecurityPrincipal;
}
catch (Exception ex)
{
if (ExceptionHandler is null)
{
throw;
}
ExceptionHandler(ex);
}
}
/// <summary>
/// Manages the security principal.
/// </summary>
/// <param name="targetContext">The target context.</param>
/// <param name="targetItem">The target item.</param>
/// <param name="targetWeb">The target web.</param>
/// <param name="sourceItemRoleAssignment">The source item role assignment.</param>
private void ManageSecurityPrincipal(ClientContext targetContext, ListItem targetItem, Web targetWeb, RoleAssignment sourceItemRoleAssignment)
{
if (sourceItemRoleAssignment != null)
{
Task log = Logger.Log("Into ManageSecurityPrincipal for " + sourceItemRoleAssignment.Member);
try
{
var raMember = sourceItemRoleAssignment.Member;
var principalType = raMember.PrincipalType;
var roleType = sourceItemRoleAssignment.RoleDefinitionBindings[0].RoleTypeKind;
SecurityPrincipal securityPrincipal = new SecurityPrincipal(Logger, RetryCount, Delay);
var task = Task.Run(() =>
{
Principal principal = securityPrincipal.GetSecurityPrincipal(targetContext, raMember, principalType);
if (principal != null)
{
securityPrincipal.SetSecurityPrincipal(targetContext, targetItem, targetWeb, roleType, principal);
}
else
{
Logger.LogWarning("Security principal not found for " + raMember.LoginName +
Environment.NewLine +
"Item affected: " +
targetItem.DisplayName);
}
});
task.Wait();
if (task.Status == TaskStatus.RanToCompletion)
{
Logger.Log("Permission migration completed for " + targetItem.DisplayName);
}
else
{
Logger.LogError("Permission migration did not complete properly for " + targetItem.DisplayName +
Environment.NewLine +
"Task Status" +
task.Status.ToString());
}
}
catch (Exception ex)
{
log = Logger.LogError("Error in ManageSecurityPrincipal for " + sourceItemRoleAssignment.Member +
Environment.NewLine +
ex.Message);
//throw ex;
}
}
}
public static bool Login(string username, string password)
{
var userInfo = Auth.Authenticate(username, password);
if (userInfo == null)
{
errorLogger.SaveError(0, 1, 1, 2, "Login Attempt", "Warehouse", new InvalidCredentialException("Invalid credentials, Username = "******"Login Window", "Successful Login");
return(true);
}
/// <summary>
/// Gets a list of all the roles for the configured applicationName.
/// </summary>
/// <returns>A string array containing the names of all the roles stored in the data source for the configured applicationName.</returns>
public override string[] GetAllRoles()
{
// Get all the groups in Active Directory.
List<System.DirectoryServices.Protocols.SearchResultEntry> entries = ad.GetEntries("(objectCategory = group)");
// Check that entries were returned.
if (entries != null)
{
// There are entries in the list.
// Create a list to hold the names of the roles found.
List<string> roleNames = new List<string>();
// Create groups from the entries.
foreach (System.DirectoryServices.Protocols.SearchResultEntry entry in entries)
{
SecurityPrincipal securityPrincipal = new SecurityPrincipal(ad, entry);
roleNames.Add(securityPrincipal.SAMAccountName);
}
return roleNames.ToArray();
}
else
{
// No entries were returned.
return new string[] { };
}
}
public override void ExplicitVisit(SecurityPrincipal fragment)
{
_fragments.Add(fragment);
}
public override void Visit(SecurityPrincipal node) { this.action(node); }
/// <summary>
/// Gets a list of all the roles for the configured applicationName.
/// </summary>
/// <returns>A string array containing the names of all the roles stored in the data source for the configured applicationName.</returns>
public override string[] GetAllRoles()
{
// Create a wildcard group name that corresponds to groups maintained by this application.
string wildcardGroupName = GetGroupName("*");
// Search Active Directory for groups corresponding to roles managed by this application.
List<System.DirectoryServices.Protocols.SearchResultEntry> entries = ad.GetEntriesBySAMAccountName(wildcardGroupName);
// Check that entries were returned.
if (entries != null)
{
// There are entries in the list.
// Create a list to hold the names of the roles found.
List<String> roleNames = new List<String>();
// Create groups from the entries.
foreach (System.DirectoryServices.Protocols.SearchResultEntry entry in entries)
{
SecurityPrincipal securityPrincipal = new SecurityPrincipal(ad, entry);
if (securityPrincipal.IsGroup)
{
// Get the name of the role from the group name.
roleNames.Add(GetRoleName(securityPrincipal.SAMAccountName));
}
}
return roleNames.ToArray();
}
else
{
// No entries were returned.
return new string[] { };
}
}
