public static List <string> ReadWinUsers(string aStoreName, string RoleName) { try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = GetAuthStoreLocation(aStoreName); //0 = The authorization store is opened for use by the Update method and the AccessCheck method. store.Initialize(0, storeLocation, null); List <string> members = new List <string>(); IAzRole iAzRole = null; foreach (IAzApplication3 toApplication in store.Applications) { if (RoleName.Equals("Administrator")) { iAzRole = toApplication.OpenRole(RoleName); } else { iAzRole = toApplication.OpenRole("_" + RoleName); } foreach (string member in iAzRole.MembersName) { members.Add(member); } return(members); } return(members); } catch (COMException ce) { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); return(null); } }
public static List <string> ReadOperations(string aStoreName) { try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = GetAuthStoreLocation(aStoreName); //0 = The authorization store is opened for use by the Update method and the AccessCheck method. store.Initialize(0, storeLocation, null); List <string> operations = new List <string>(); foreach (IAzApplication3 toApplication in store.Applications) { foreach (IAzOperation operation in toApplication.Operations) { if (!operations.Contains(operation.Name)) { operations.Add(operation.Name); } } } return(operations); } catch (COMException ce) { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); return(null); } }
internal static void AddAdministrator(string aStoreName) { try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName); //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE store.Initialize(4, storeLocation, null); foreach (IAzApplication3 application in store.Applications) { //Create a new role assignment IAzRoleAssignments roleAssignments = application.RoleAssignments; bool hasAdministrator = false; foreach (IAzRoleAssignment roleassignment in roleAssignments) { if (roleassignment.Name.Equals("Administrator")) { hasAdministrator = true; } } if (!hasAdministrator) { IAzRoleAssignment newRoleAssignment = application.CreateRoleAssignment("Administrator"); newRoleAssignment.AddRoleDefinition("Administrator"); newRoleAssignment.Submit(); application.Submit(); } } } catch (COMException ce) { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); } }
/// <summary> /// Read all roles for this specific application /// </summary> /// <param name="aStoreName"></param> /// <param name="aPath"></param> /// <returns></returns> public static List <string> ReadRoles(string aStoreName) { try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = GetAuthStoreLocation(aStoreName); //0 = The authorization store is opened for use by the Update method and the AccessCheck method. store.Initialize(0, storeLocation, null); List <string> roles = new List <string>(); foreach (IAzApplication3 toApplication in store.Applications) { foreach (IAzRoleDefinition role in toApplication.RoleDefinitions) { if (role.Name.StartsWith("_")) { roles.Add(role.Name.Substring(1)); } else if (role.Name.Equals("Administrator")) { roles.Add(role.Name); AzManWriter.AddAdministrator(aStoreName); } } } return(roles); } catch (COMException ce) { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); return(null); } }
public static bool DeleteWindowsUserFromRole(string role, string aStoreName, string windowsUser) { bool success; try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName); if (role != "Administrator") { role = "_" + role; } //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE store.Initialize(4, storeLocation, null); foreach (IAzApplication3 application in store.Applications) { IAzRole iAzRole = application.OpenRole(role); iAzRole.DeleteMemberName(windowsUser); iAzRole.Submit(); application.Submit(); } success = true; } catch (Exception) { success = false; } return(success); }
public static bool DeleteRole(string deleteRole, string aStoreName) { bool success = false; try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName); string roleName = "_" + deleteRole; //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE store.Initialize(4, storeLocation, null); foreach (IAzApplication3 application in store.Applications) { //Delete role assignment application.DeleteRoleAssignment(roleName); //Delete role definition application.DeleteRoleDefinition(roleName); application.Submit(); } success = true; } catch (COMException ce) { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); } catch (Exception) { success = false; } return(success); }
public static bool AddWindowsUserToRole(string role, string aStoreName, string windowsUser) { bool success = false; try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName); if (role != "Administrator") { role = "_" + role; } //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE store.Initialize(4, storeLocation, null); foreach (IAzApplication3 application in store.Applications) { IAzRole iAzRole = application.OpenRole(role); iAzRole.AddMemberName(windowsUser); iAzRole.Submit(); application.Submit(); } success = true; } catch (COMException ce) { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); } catch (Exception) { success = false; } return(success); }
public void Dispose() { if (null == app) { return; } Marshal.ReleaseComObject(app); Marshal.ReleaseComObject(store); app = null; store = null; }
public static bool CreateRole(string role, string aStoreName) { bool success = false; try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName); string roleName = "_" + role; //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE store.Initialize(4, storeLocation, null); foreach (IAzApplication3 application in store.Applications) { //Create a new role definition IAzRoleDefinition newRole = application.CreateRoleDefinition(roleName); //Create a new role assignment IAzRoleAssignment newRoleAssignment = application.CreateRoleAssignment(roleName); newRole.Submit(); newRoleAssignment.AddRoleDefinition(roleName); newRoleAssignment.Submit(); application.Submit(); } success = true; } catch (COMException ce) { if (ce.ErrorCode.Equals(-2147024713)) { MessageBox.Show(null, "Role already exist in this application.", "Role already exist"); } else { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); } } catch (Exception ex) { if (ex is UnauthorizedAccessException) { MessageBox.Show("Access denied to " + aStoreName + "AuthStore.xml. Maybe it is read-only?", "", MessageBoxButtons.OK); } else { MessageBox.Show("Could not create role. Maybe it already exists?", "", MessageBoxButtons.OK); } success = false; } return(success); }
public AzManHelper(string connectionString, string appName) { this.appName = appName; try { // load and initialize the AzMan runtime store = new AzAuthorizationStore(); store.Initialize(0, connectionString, null); // drill down to our application app = store.OpenApplication(appName, null); } catch (COMException x) { throw new AzManException("Failed to initizlize AzManHelper", x); } catch (System.IO.FileNotFoundException x) { throw new AzManException(string.Format("Failed to load AzMan policy from {0} - make sure your connection string is correct.", connectionString), x); } }
public AZOperation[] CheckAccess(string _userName, string _domain, AZOperation[] _operations) { if (null == _azStore) { _azStore = new AzAuthorizationStore(); _azStore.Initialize(0, Globals.Configuration.AzManagerStoreConnectionString, null); } IAzApplication azApp = _azStore.OpenApplication("CustomerService"); try { IAzClientContext context = azApp.InitializeClientContextFromName(_userName, _domain, null); object[] operationIds = new object[_operations.Length]; for (int i = 0; i < _operations.Length; i++) { operationIds[i] = _operations[i].ID; } object[] result = (object[])context.AccessCheck("Auditstring", new object[1], operationIds, null, null, null, null, null); for (int j = 0; j < result.Length; j++) { if (int.Parse(result[j].ToString()) != 0) { _operations[j].Result = false; } else { _operations[j].Result = true; } } return _operations; } catch { throw; } }
private void InitializeProvider(string providerName, string applicationName, string storeLocation) { if (!_storeDictionary.ContainsKey(storeLocation)) { try { AzAuthorizationStore store = new AzAuthorizationStore(); store.Initialize(0, storeLocation, null); _storeDictionary.Add(storeLocation, store); AddFileSystemWatcher(storeLocation); } catch (Exception ex) { throw new AuthorizationException(string.Format("Failed to open authorization store. ProviderName = {0}, ApplicationName = {1}, StoreLocation = {2}.", providerName, applicationName, storeLocation), ex); } } if (!_applicationDictionary.ContainsKey(providerName)) { try { IAzApplication2 application = ((IAzAuthorizationStore2)_storeDictionary[storeLocation]).OpenApplication2(applicationName, null); _applicationDictionary.Add(providerName, application); _operationDictionary.Add(providerName, new Dictionary <string, int>()); foreach (IAzOperation o in application.Operations) { _operationDictionary[providerName].Add(o.Name, o.OperationID); } } catch (Exception ex) { throw new AuthorizationException(string.Format("Failed to open application. ProviderName = {0}, ApplicationName = {1}, StoreLocation = {2}.", providerName, applicationName, storeLocation), ex); } } }
public AZOperation[] ShowOperations(string[] _OperationNames) { if (null == _azStore) { _azStore = new AzAuthorizationStore(); _azStore.Initialize(0, Globals.Configuration.AzManagerStoreConnectionString, null); } IAzApplication azApp = _azStore.OpenApplication("CustomerService"); List<AZOperation> _Operations = new List<AZOperation>(); foreach (string opName in _OperationNames) { IAzOperation op = azApp.OpenOperation(opName, null); AZOperation operationAux = new AZOperation(); operationAux.ID = op.OperationID; operationAux.Name = op.Name; _Operations.Add(operationAux); } return _Operations.ToArray(); }
public void Dispose() { if (null != _azStore) _azStore = null; }
public static void SaveRole(List <string> anOperations, string aRole, string aStoreName, List <string> allTreeOperations) { try { //Make sure all operations exist in Azman List <string> allOperations = AzManReader.ReadOperations(aStoreName); List <string> excludedOperations = new List <string>(); if (allOperations != null) { List <string> addOperations = new List <string>(); foreach (string operation in anOperations) { if (allOperations.Contains(operation)) { addOperations.Add(operation); } } foreach (string operation in allOperations) { if (!allTreeOperations.Contains(operation)) { excludedOperations.Add(operation); } } //read OK and Cancel operations List <string> oKAndCancelOperations = AzManReader.ReadOkCancelAndCloseOperations(aStoreName); if (oKAndCancelOperations != null) { foreach (string operation in allOperations) { if (oKAndCancelOperations.Contains(operation)) { excludedOperations.Remove(operation); } } addOperations.AddRange(excludedOperations); //save down the operations into the role in AuthStore AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName); string roleName = "_" + aRole; //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE store.Initialize(4, storeLocation, null); foreach (IAzApplication3 application in store.Applications) { foreach (IAzRoleDefinition role in application.RoleDefinitions) { if (role.Name != roleName) { continue; } //remove all existing operations in the role foreach (string operation in role.Operations) { role.DeleteOperation(operation); } //Role needs to be submitted after deleting operations otherwise Azman freaks out role.Submit(); //Save all selected operations to the role foreach (string operationString in addOperations) { role.AddOperation(operationString); } foreach (string oKOrCancelOperation in oKAndCancelOperations) { role.AddOperation(oKOrCancelOperation); } //Submit role so changes are saved role.Submit(); MessageBox.Show("Setting for " + aRole + " has been saved.", "Role Settings Saved", MessageBoxButtons.OK); } //Submit everything just to be sure application.Submit(); } store.Submit(); } } } catch (COMException ce) { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); } catch (Exception ex) { if (ex is UnauthorizedAccessException) { MessageBox.Show("Access denied to " + aStoreName + "AuthStore.xml. Maybe it is read-only?", "", MessageBoxButtons.OK); } else { MessageBox.Show("Failed to save configuration", "", MessageBoxButtons.OK); } } }
private static void MergeStores(string fromStoreLocation, string toStoreLocation) { LogEntry entry = new LogEntry(); entry.Severity = TraceEventType.Verbose; entry.Priority = -1; if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Merging authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"...", fromStoreLocation, toStoreLocation); Logger.Write(entry); } try { AzAuthorizationStore fromStore = new AzAuthorizationStore(); fromStore.Initialize(0, fromStoreLocation, null); AzAuthorizationStore toStore = new AzAuthorizationStore(); toStore.Initialize(AZ_AZSTORE_FLAG_BATCH_UPDATE, toStoreLocation, null); foreach (IAzApplication3 fromApplication in fromStore.Applications) { IAzApplication3 toApplication = (IAzApplication3)((IAzAuthorizationStore3)toStore).OpenApplication2(fromApplication.Name, null); var operationsDictionary = new Dictionary <string, IAzOperation>(); int nextOperationId = 0; foreach (IAzOperation toOperation in toApplication.Operations) { operationsDictionary.Add(toOperation.Name, toOperation); nextOperationId = Math.Max(nextOperationId, toOperation.OperationID); } foreach (IAzOperation fromOperation in fromApplication.Operations) { IAzOperation toOperation = null; if (operationsDictionary.ContainsKey(fromOperation.Name)) { toOperation = operationsDictionary[fromOperation.Name]; } else { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding new Operation \"{0}\"...", fromOperation.Name); Logger.Write(entry); } toOperation = toApplication.CreateOperation(fromOperation.Name); nextOperationId++; toOperation.OperationID = nextOperationId; } toOperation.Description = fromOperation.Description; toOperation.Submit(); } var tasksDictionary = new Dictionary <string, IAzTask>(); foreach (IAzTask toTask in toApplication.Tasks) { tasksDictionary.Add(toTask.Name, toTask); } foreach (IAzTask fromTask in fromApplication.Tasks) { IAzTask toTask = null; if (tasksDictionary.ContainsKey(fromTask.Name)) { toTask = tasksDictionary[fromTask.Name]; } else { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding new Task \"{0}\"...", fromTask.Name); Logger.Write(entry); } toTask = toApplication.CreateTask(fromTask.Name); } toTask.IsRoleDefinition = fromTask.IsRoleDefinition; toTask.Description = fromTask.Description; foreach (string taskOperation in fromTask.Operations) { if (!((object[])toTask.Operations).Contains(taskOperation)) { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding Operation \"{0}\" to Task \"{1}\"...", taskOperation, toTask.Name); Logger.Write(entry); } toTask.AddOperation(taskOperation); } } toTask.Submit(); } var rolesDictionary = new Dictionary <string, IAzRoleDefinition>(); foreach (IAzRoleDefinition toRole in toApplication.RoleDefinitions) { rolesDictionary.Add(toRole.Name, toRole); } foreach (IAzRoleDefinition fromRole in fromApplication.RoleDefinitions) { IAzRoleDefinition toRole = null; if (rolesDictionary.ContainsKey(fromRole.Name)) { toRole = rolesDictionary[fromRole.Name]; } else { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding new Role Definition \"{0}\"...", fromRole.Name); Logger.Write(entry); } toRole = toApplication.CreateRoleDefinition(fromRole.Name); } toRole.Description = toRole.Description; foreach (string roleOperation in fromRole.Operations) { if (!((object[])toRole.Operations).Contains(roleOperation)) { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding Operation \"{0}\" to Role Definition \"{1}\"...", roleOperation, toRole.Name); Logger.Write(entry); } toRole.AddOperation(roleOperation); } } foreach (string roleTask in fromRole.Tasks) { if (!((object[])toRole.Tasks).Contains(roleTask)) { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding Task \"{0}\" to Role Definition \"{1}\"...", roleTask, toRole.Name); Logger.Write(entry); } toRole.AddTask(roleTask); } } toRole.Submit(); } } if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Submitting changes..."); Logger.Write(entry); } toStore.Submit(); } catch (Exception ex) { AuthorizationException authException = new AuthorizationException(string.Format("Failed to merge authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"\n", fromStoreLocation, toStoreLocation), ex); entry.Severity = TraceEventType.Error; if (Logger.ShouldLog(entry)) { entry.Message = authException.ToString(); Logger.Write(entry); } throw authException; } }