//ip, port na kome je server
//serviceName je treci parametar u string.format prilikom kreiranja adrese
//Type typeofsrcClass povratna vrednost typeof(npr. ClientConnection) -> kaze u kojoj klasi su iplementirane
// metode iz interfejsa INTERFACE
public Server2(string ip, string port, string serviceName, Type typeOfSrcClass)
{
string temp = null;
//na osnovu vrste servisa,uzimamo serverski personalni sertifikat.
if (typeof(INTERFACE) == typeof(IBankConnection))
{
temp = "mbbank";
}
else if (typeof(INTERFACE) == typeof(IOperatorConnection))
{
temp = "mboperator_1";
}
else if (typeof(INTERFACE) == typeof(IGatewayConnection))
{
temp = "mbgateway";
}
else
{
temp = "mbclient_1";
}
bool uspesnoStartovanje = false;
this.ipAddress = IPFinder.GetIPAddress();
//ime naseg window usera, ujedno i naseg cert.
string srvCertName = Formatter.ParseName(WindowsIdentity.GetCurrent().Name);
this.connectedPort = Int32.Parse(port);
do
{
NetTcpBinding binding = new NetTcpBinding();
//tip auth
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
string address = String.Format("net.tcp://{0}:{1}/{2}", ip, connectedPort.ToString(), serviceName);
host = new ServiceHost(typeOfSrcClass);
host.AddServiceEndpoint(typeof(INTERFACE), binding, address);
//nacin auth
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
//uzimamo nas cert
host.Credentials.ServiceCertificate.Certificate = Manager.GetCertificateFormStorage(StoreName.My, StoreLocation.LocalMachine, srvCertName);
try
{
host.Open();
uspesnoStartovanje = true;
Console.WriteLine(serviceName + " startovan na " + this.ipAddress + ":" + this.connectedPort);
}
catch (Exception)
{
uspesnoStartovanje = false;
this.connectedPort++;
}
} while (!uspesnoStartovanje);
}
ChannelFactory <INTERFACE> factory; //kanal koji ce da kreira proxy
/*
* CN - naziv sertifikata gde se nalazi javni kljuc servica
* ip, port na koje se nalazi servis
*/
public Client(string CN, string ip, string port, string serviceName)
{
//ovo radimo zato sto smo mi admini i admin nema svoj sertifikat vec ga ima client,i onda se predstavimo kao client da bi uzeli taj sert.
string srvCertCN = CN; //ime servsa - ujedno i naziv njegovog cert.
string temp = null;
var stackFrame = new StackFrame(1);
var callingMethod = stackFrame.GetMethod();
var callingClass = callingMethod.DeclaringType;
string[] splited = callingClass.FullName.ToString().Split('.');
if (splited[0] == "Client")
{
temp = "mbclient_1";
}
else if (splited[0] == "Operator")
{
temp = "mboperator_1";
}
else if (splited[0] == "Gateway")
{
temp = "mbgateway";
}
else
{
temp = "mbbank";
}
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate; //auth se vrsi pomocu cert.
binding.OpenTimeout = new TimeSpan(0, 10, 0);
binding.CloseTimeout = new TimeSpan(0, 10, 0);
binding.SendTimeout = new TimeSpan(0, 10, 0);
binding.ReceiveTimeout = new TimeSpan(0, 10, 0);
//iz foldera trusted people uzima javni kljuc serverskog cert.
X509Certificate2 srvCert = Manager.GetCertificateFormStorage(StoreName.TrustedPeople, StoreLocation.LocalMachine, srvCertCN); //srvcertcn
//endpoing koji client treba da pogodi. sastoji se od uri-ja kao prvog param. i drugog param. - javnog kljuca iz cert koji smo gore uzeli. taj ljkuc nam kaze
//da na serveru treba da nas ocekuje cert koji pored tog javnog kljuca ima i neki svoj privatni
EndpointAddress address = new EndpointAddress(new Uri(String.Format("net.tcp://{0}:{1}/{2}", ip, port, serviceName)), new X509CertificateEndpointIdentity(srvCert));
//kreiramo kanal
factory = new ChannelFactory <INTERFACE>(binding, address);
//izvlacimo nase klijentsko ime i nas sertifikat
string cliCertCN = Formatter.ParseName(WindowsIdentity.GetCurrent().Name);
//nacin auth.
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
//poojma nemam
factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
//iz personal foldera uzimamo nas sertifikat sa privatnim i javnim kljucem
factory.Credentials.ClientCertificate.Certificate = Manager.GetCertificateFormStorage(StoreName.My, StoreLocation.LocalMachine, cliCertCN);//cliCertCN,sada je temp zato sto se lazno predstavljamo kao client
//kreiramo proxy
proxy = factory.CreateChannel();
}
public CustomPrincipal(WindowsIdentity winIndentity)
{
this.identity = winIndentity;
foreach (IdentityReference group in this.identity.Groups)
{
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
string groupName = Formatter.ParseName(name.ToString());
if (groupName == "Reader" || groupName == "AlarmGenerator" || groupName == "AlarmAdmin")
{
roles.Add(groupName, RolesConfig.GetPermissions(groupName));
}
}
}
private Dictionary <string, string[]> roles = new Dictionary <string, string[]>(); //uloge sa permisijama se spajaju
public CustomPrincipal(WindowsIdentity winIdentity) //ovde je problem negde
{
/// define list of roles based on custom roles
string[] rolesTypes = Enum.GetNames(typeof(Role));
foreach (IdentityReference group in winIdentity.Groups)
{
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
string groupName = Formatter.ParseName(name.ToString());
foreach (string g in Enum.GetNames(typeof(Role)))
{
if (g.ToString().Equals(groupName))
{
if (!roles.ContainsKey(groupName))
{
roles.Add(groupName, RolesConfig.GetPermissions(g.ToString()));
break;
}
}
}
}
}
