public static List <string> ReadWinUsers(string aStoreName, string RoleName)
{
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = GetAuthStoreLocation(aStoreName);
//0 = The authorization store is opened for use by the Update method and the AccessCheck method.
store.Initialize(0, storeLocation, null);
List <string> members = new List <string>();
IAzRole iAzRole = null;
foreach (IAzApplication3 toApplication in store.Applications)
{
if (RoleName.Equals("Administrator"))
{
iAzRole = toApplication.OpenRole(RoleName);
}
else
{
iAzRole = toApplication.OpenRole("_" + RoleName);
}
foreach (string member in iAzRole.MembersName)
{
members.Add(member);
}
return(members);
}
return(members);
}
catch (COMException ce)
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
return(null);
}
}
public static List <string> ReadOperations(string aStoreName)
{
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = GetAuthStoreLocation(aStoreName);
//0 = The authorization store is opened for use by the Update method and the AccessCheck method.
store.Initialize(0, storeLocation, null);
List <string> operations = new List <string>();
foreach (IAzApplication3 toApplication in store.Applications)
{
foreach (IAzOperation operation in toApplication.Operations)
{
if (!operations.Contains(operation.Name))
{
operations.Add(operation.Name);
}
}
}
return(operations);
}
catch (COMException ce)
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
return(null);
}
}
internal static void AddAdministrator(string aStoreName)
{
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
//4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
store.Initialize(4, storeLocation, null);
foreach (IAzApplication3 application in store.Applications)
{
//Create a new role assignment
IAzRoleAssignments roleAssignments = application.RoleAssignments;
bool hasAdministrator = false;
foreach (IAzRoleAssignment roleassignment in roleAssignments)
{
if (roleassignment.Name.Equals("Administrator"))
{
hasAdministrator = true;
}
}
if (!hasAdministrator)
{
IAzRoleAssignment newRoleAssignment = application.CreateRoleAssignment("Administrator");
newRoleAssignment.AddRoleDefinition("Administrator");
newRoleAssignment.Submit();
application.Submit();
}
}
}
catch (COMException ce)
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
}
}
/// <summary>
/// Read all roles for this specific application
/// </summary>
/// <param name="aStoreName"></param>
/// <param name="aPath"></param>
/// <returns></returns>
public static List <string> ReadRoles(string aStoreName)
{
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = GetAuthStoreLocation(aStoreName);
//0 = The authorization store is opened for use by the Update method and the AccessCheck method.
store.Initialize(0, storeLocation, null);
List <string> roles = new List <string>();
foreach (IAzApplication3 toApplication in store.Applications)
{
foreach (IAzRoleDefinition role in toApplication.RoleDefinitions)
{
if (role.Name.StartsWith("_"))
{
roles.Add(role.Name.Substring(1));
}
else if (role.Name.Equals("Administrator"))
{
roles.Add(role.Name);
AzManWriter.AddAdministrator(aStoreName);
}
}
}
return(roles);
}
catch (COMException ce)
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
return(null);
}
}
public static bool DeleteWindowsUserFromRole(string role, string aStoreName, string windowsUser)
{
bool success;
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
if (role != "Administrator")
{
role = "_" + role;
}
//4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
store.Initialize(4, storeLocation, null);
foreach (IAzApplication3 application in store.Applications)
{
IAzRole iAzRole = application.OpenRole(role);
iAzRole.DeleteMemberName(windowsUser);
iAzRole.Submit();
application.Submit();
}
success = true;
}
catch (Exception)
{
success = false;
}
return(success);
}
public static bool DeleteRole(string deleteRole, string aStoreName)
{
bool success = false;
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
string roleName = "_" + deleteRole;
//4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
store.Initialize(4, storeLocation, null);
foreach (IAzApplication3 application in store.Applications)
{
//Delete role assignment
application.DeleteRoleAssignment(roleName);
//Delete role definition
application.DeleteRoleDefinition(roleName);
application.Submit();
}
success = true;
}
catch (COMException ce)
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
}
catch (Exception)
{
success = false;
}
return(success);
}
public static bool AddWindowsUserToRole(string role, string aStoreName, string windowsUser)
{
bool success = false;
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
if (role != "Administrator")
{
role = "_" + role;
}
//4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
store.Initialize(4, storeLocation, null);
foreach (IAzApplication3 application in store.Applications)
{
IAzRole iAzRole = application.OpenRole(role);
iAzRole.AddMemberName(windowsUser);
iAzRole.Submit();
application.Submit();
}
success = true;
}
catch (COMException ce)
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
}
catch (Exception)
{
success = false;
}
return(success);
}
public void Dispose()
{
if (null == app)
{
return;
}
Marshal.ReleaseComObject(app);
Marshal.ReleaseComObject(store);
app = null;
store = null;
}
public static bool CreateRole(string role, string aStoreName)
{
bool success = false;
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
string roleName = "_" + role;
//4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
store.Initialize(4, storeLocation, null);
foreach (IAzApplication3 application in store.Applications)
{
//Create a new role definition
IAzRoleDefinition newRole = application.CreateRoleDefinition(roleName);
//Create a new role assignment
IAzRoleAssignment newRoleAssignment = application.CreateRoleAssignment(roleName);
newRole.Submit();
newRoleAssignment.AddRoleDefinition(roleName);
newRoleAssignment.Submit();
application.Submit();
}
success = true;
}
catch (COMException ce)
{
if (ce.ErrorCode.Equals(-2147024713))
{
MessageBox.Show(null, "Role already exist in this application.", "Role already exist");
}
else
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
}
}
catch (Exception ex)
{
if (ex is UnauthorizedAccessException)
{
MessageBox.Show("Access denied to " + aStoreName + "AuthStore.xml. Maybe it is read-only?", "", MessageBoxButtons.OK);
}
else
{
MessageBox.Show("Could not create role. Maybe it already exists?", "", MessageBoxButtons.OK);
}
success = false;
}
return(success);
}
public AzManHelper(string connectionString, string appName)
{
this.appName = appName;
try {
// load and initialize the AzMan runtime
store = new AzAuthorizationStore();
store.Initialize(0, connectionString, null);
// drill down to our application
app = store.OpenApplication(appName, null);
}
catch (COMException x) {
throw new AzManException("Failed to initizlize AzManHelper", x);
}
catch (System.IO.FileNotFoundException x) {
throw new AzManException(string.Format("Failed to load AzMan policy from {0} - make sure your connection string is correct.", connectionString), x);
}
}
public AZOperation[] CheckAccess(string _userName, string _domain, AZOperation[] _operations)
{
if (null == _azStore)
{
_azStore = new AzAuthorizationStore();
_azStore.Initialize(0, Globals.Configuration.AzManagerStoreConnectionString, null);
}
IAzApplication azApp = _azStore.OpenApplication("CustomerService");
try
{
IAzClientContext context = azApp.InitializeClientContextFromName(_userName, _domain, null);
object[] operationIds = new object[_operations.Length];
for (int i = 0; i < _operations.Length; i++)
{
operationIds[i] = _operations[i].ID;
}
object[] result = (object[])context.AccessCheck("Auditstring",
new object[1], operationIds, null, null, null, null, null);
for (int j = 0; j < result.Length; j++)
{
if (int.Parse(result[j].ToString()) != 0)
{
_operations[j].Result = false;
}
else
{
_operations[j].Result = true;
}
}
return _operations;
}
catch
{
throw;
}
}
private void InitializeProvider(string providerName, string applicationName, string storeLocation)
{
if (!_storeDictionary.ContainsKey(storeLocation))
{
try
{
AzAuthorizationStore store = new AzAuthorizationStore();
store.Initialize(0, storeLocation, null);
_storeDictionary.Add(storeLocation, store);
AddFileSystemWatcher(storeLocation);
}
catch (Exception ex)
{
throw new AuthorizationException(string.Format("Failed to open authorization store. ProviderName = {0}, ApplicationName = {1}, StoreLocation = {2}.", providerName, applicationName, storeLocation), ex);
}
}
if (!_applicationDictionary.ContainsKey(providerName))
{
try
{
IAzApplication2 application = ((IAzAuthorizationStore2)_storeDictionary[storeLocation]).OpenApplication2(applicationName, null);
_applicationDictionary.Add(providerName, application);
_operationDictionary.Add(providerName, new Dictionary <string, int>());
foreach (IAzOperation o in application.Operations)
{
_operationDictionary[providerName].Add(o.Name, o.OperationID);
}
}
catch (Exception ex)
{
throw new AuthorizationException(string.Format("Failed to open application. ProviderName = {0}, ApplicationName = {1}, StoreLocation = {2}.", providerName, applicationName, storeLocation), ex);
}
}
}
public AZOperation[] ShowOperations(string[] _OperationNames)
{
if (null == _azStore)
{
_azStore = new AzAuthorizationStore();
_azStore.Initialize(0, Globals.Configuration.AzManagerStoreConnectionString, null);
}
IAzApplication azApp = _azStore.OpenApplication("CustomerService");
List<AZOperation> _Operations = new List<AZOperation>();
foreach (string opName in _OperationNames)
{
IAzOperation op = azApp.OpenOperation(opName, null);
AZOperation operationAux = new AZOperation();
operationAux.ID = op.OperationID;
operationAux.Name = op.Name;
_Operations.Add(operationAux);
}
return _Operations.ToArray();
}
public void Dispose()
{
if (null != _azStore)
_azStore = null;
}
public static void SaveRole(List <string> anOperations, string aRole, string aStoreName, List <string> allTreeOperations)
{
try
{
//Make sure all operations exist in Azman
List <string> allOperations = AzManReader.ReadOperations(aStoreName);
List <string> excludedOperations = new List <string>();
if (allOperations != null)
{
List <string> addOperations = new List <string>();
foreach (string operation in anOperations)
{
if (allOperations.Contains(operation))
{
addOperations.Add(operation);
}
}
foreach (string operation in allOperations)
{
if (!allTreeOperations.Contains(operation))
{
excludedOperations.Add(operation);
}
}
//read OK and Cancel operations
List <string> oKAndCancelOperations = AzManReader.ReadOkCancelAndCloseOperations(aStoreName);
if (oKAndCancelOperations != null)
{
foreach (string operation in allOperations)
{
if (oKAndCancelOperations.Contains(operation))
{
excludedOperations.Remove(operation);
}
}
addOperations.AddRange(excludedOperations);
//save down the operations into the role in AuthStore
AzAuthorizationStore store = new AzAuthorizationStore();
string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
string roleName = "_" + aRole;
//4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
store.Initialize(4, storeLocation, null);
foreach (IAzApplication3 application in store.Applications)
{
foreach (IAzRoleDefinition role in application.RoleDefinitions)
{
if (role.Name != roleName)
{
continue;
}
//remove all existing operations in the role
foreach (string operation in role.Operations)
{
role.DeleteOperation(operation);
}
//Role needs to be submitted after deleting operations otherwise Azman freaks out
role.Submit();
//Save all selected operations to the role
foreach (string operationString in addOperations)
{
role.AddOperation(operationString);
}
foreach (string oKOrCancelOperation in oKAndCancelOperations)
{
role.AddOperation(oKOrCancelOperation);
}
//Submit role so changes are saved
role.Submit();
MessageBox.Show("Setting for " + aRole + " has been saved.", "Role Settings Saved", MessageBoxButtons.OK);
}
//Submit everything just to be sure
application.Submit();
}
store.Submit();
}
}
}
catch (COMException ce)
{
MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
}
catch (Exception ex)
{
if (ex is UnauthorizedAccessException)
{
MessageBox.Show("Access denied to " + aStoreName + "AuthStore.xml. Maybe it is read-only?", "", MessageBoxButtons.OK);
}
else
{
MessageBox.Show("Failed to save configuration", "", MessageBoxButtons.OK);
}
}
}
private static void MergeStores(string fromStoreLocation, string toStoreLocation)
{
LogEntry entry = new LogEntry();
entry.Severity = TraceEventType.Verbose;
entry.Priority = -1;
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Merging authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"...", fromStoreLocation, toStoreLocation);
Logger.Write(entry);
}
try
{
AzAuthorizationStore fromStore = new AzAuthorizationStore();
fromStore.Initialize(0, fromStoreLocation, null);
AzAuthorizationStore toStore = new AzAuthorizationStore();
toStore.Initialize(AZ_AZSTORE_FLAG_BATCH_UPDATE, toStoreLocation, null);
foreach (IAzApplication3 fromApplication in fromStore.Applications)
{
IAzApplication3 toApplication = (IAzApplication3)((IAzAuthorizationStore3)toStore).OpenApplication2(fromApplication.Name, null);
var operationsDictionary = new Dictionary <string, IAzOperation>();
int nextOperationId = 0;
foreach (IAzOperation toOperation in toApplication.Operations)
{
operationsDictionary.Add(toOperation.Name, toOperation);
nextOperationId = Math.Max(nextOperationId, toOperation.OperationID);
}
foreach (IAzOperation fromOperation in fromApplication.Operations)
{
IAzOperation toOperation = null;
if (operationsDictionary.ContainsKey(fromOperation.Name))
{
toOperation = operationsDictionary[fromOperation.Name];
}
else
{
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Adding new Operation \"{0}\"...", fromOperation.Name);
Logger.Write(entry);
}
toOperation = toApplication.CreateOperation(fromOperation.Name);
nextOperationId++;
toOperation.OperationID = nextOperationId;
}
toOperation.Description = fromOperation.Description;
toOperation.Submit();
}
var tasksDictionary = new Dictionary <string, IAzTask>();
foreach (IAzTask toTask in toApplication.Tasks)
{
tasksDictionary.Add(toTask.Name, toTask);
}
foreach (IAzTask fromTask in fromApplication.Tasks)
{
IAzTask toTask = null;
if (tasksDictionary.ContainsKey(fromTask.Name))
{
toTask = tasksDictionary[fromTask.Name];
}
else
{
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Adding new Task \"{0}\"...", fromTask.Name);
Logger.Write(entry);
}
toTask = toApplication.CreateTask(fromTask.Name);
}
toTask.IsRoleDefinition = fromTask.IsRoleDefinition;
toTask.Description = fromTask.Description;
foreach (string taskOperation in fromTask.Operations)
{
if (!((object[])toTask.Operations).Contains(taskOperation))
{
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Adding Operation \"{0}\" to Task \"{1}\"...", taskOperation, toTask.Name);
Logger.Write(entry);
}
toTask.AddOperation(taskOperation);
}
}
toTask.Submit();
}
var rolesDictionary = new Dictionary <string, IAzRoleDefinition>();
foreach (IAzRoleDefinition toRole in toApplication.RoleDefinitions)
{
rolesDictionary.Add(toRole.Name, toRole);
}
foreach (IAzRoleDefinition fromRole in fromApplication.RoleDefinitions)
{
IAzRoleDefinition toRole = null;
if (rolesDictionary.ContainsKey(fromRole.Name))
{
toRole = rolesDictionary[fromRole.Name];
}
else
{
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Adding new Role Definition \"{0}\"...", fromRole.Name);
Logger.Write(entry);
}
toRole = toApplication.CreateRoleDefinition(fromRole.Name);
}
toRole.Description = toRole.Description;
foreach (string roleOperation in fromRole.Operations)
{
if (!((object[])toRole.Operations).Contains(roleOperation))
{
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Adding Operation \"{0}\" to Role Definition \"{1}\"...", roleOperation, toRole.Name);
Logger.Write(entry);
}
toRole.AddOperation(roleOperation);
}
}
foreach (string roleTask in fromRole.Tasks)
{
if (!((object[])toRole.Tasks).Contains(roleTask))
{
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Adding Task \"{0}\" to Role Definition \"{1}\"...", roleTask, toRole.Name);
Logger.Write(entry);
}
toRole.AddTask(roleTask);
}
}
toRole.Submit();
}
}
if (Logger.ShouldLog(entry))
{
entry.Message = string.Format("Submitting changes...");
Logger.Write(entry);
}
toStore.Submit();
}
catch (Exception ex)
{
AuthorizationException authException = new AuthorizationException(string.Format("Failed to merge authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"\n", fromStoreLocation, toStoreLocation), ex);
entry.Severity = TraceEventType.Error;
if (Logger.ShouldLog(entry))
{
entry.Message = authException.ToString();
Logger.Write(entry);
}
throw authException;
}
}
