/// <summary>
/// Called when a client tries to change its user identity.
/// </summary>
protected virtual void SessionManager_ImpersonateUser(Session session, ImpersonateEventArgs args)
{
// check for a user name token
if (args.NewIdentity is AnonymousIdentityToken anonymousToken)
{
args.Identity = new RoleBasedIdentity(new UserIdentity(), GdsRole.ApplicationUser);
return;
}
// check for a user name token
if (args.NewIdentity is UserNameIdentityToken userNameToken)
{
#if UNITTESTONLY
if (VerifyPassword(userNameToken))
{
switch (userNameToken.UserName)
{
// Server configuration administrator, manages the GDS server security
case "sysadmin":
{
args.Identity = new SystemConfigurationIdentity(new UserIdentity(userNameToken));
Utils.Trace("SystemConfigurationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS administrator
case "appadmin":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationAdmin);
Utils.Trace("ApplicationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS user
case "appuser":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationUser);
Utils.Trace("ApplicationUser Token Accepted: {0}", args.Identity.DisplayName);
return;
}
}
}
#endif
}
// check for x509 user token.
if (args.NewIdentity is X509IdentityToken x509Token)
{
GdsRole role = GdsRole.ApplicationAdmin;
VerifyUserTokenCertificate(x509Token.Certificate);
Utils.Trace("X509 Token Accepted: {0} as {1}", args.Identity.DisplayName, role.ToString());
args.Identity = new RoleBasedIdentity(new UserIdentity(x509Token), role);
return;
}
throw new ServiceResultException(new ServiceResult(StatusCodes.BadUserAccessDenied));
}
private void SessionManager_ImpersonateUser(Session session, ImpersonateEventArgs args)
{
switch (args.NewIdentity)
{
// check for a user name token
case UserNameIdentityToken userNameToken:
{
if (VerifyPassword(userNameToken))
{
switch (userNameToken.UserName)
{
// Server configuration administrator, manages the GDS server security
case "sysadmin":
{
args.Identity = new SystemConfigurationIdentity(new UserIdentity(userNameToken));
Utils.Trace($"SystemConfigurationAdmin Token Accepted: {args.Identity.DisplayName}");
return;
}
// GDS administrator
case "appadmin":
{
//can register to GDS
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationAdmin);
Utils.Trace($"ApplicationAdmin Token Accepted: {args.Identity.DisplayName}");
return;
}
// GDS user
case "appuser":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationUser);
Utils.Trace($"ApplicationUser Token Accepted: {args.Identity.DisplayName}");
return;
}
}
}
break;
}
// check for x509 user token.
case X509IdentityToken x509Token:
{
const GdsRole role = GdsRole.ApplicationUser;
VerifyUserTokenCertificate(x509Token.Certificate);
// todo: is cert listed in admin list? then
// role = GdsRole.ApplicationAdmin;
Utils.Trace($"X509 Token Accepted: {args.Identity.DisplayName} as {role.ToString()}");
args.Identity = new RoleBasedIdentity(new UserIdentity(x509Token), role);
return;
}
}
}
/// <summary>
/// Called when a client tries to change its user identity.
/// </summary>
private void SessionManager_ImpersonateUser(Session session, ImpersonateEventArgs args)
{
// check for a user name token
UserNameIdentityToken userNameToken = args.NewIdentity as UserNameIdentityToken;
if (userNameToken != null)
{
if (VerifyPassword(userNameToken))
{
switch (userNameToken.UserName)
{
// Server configuration administrator, manages the GDS server security
case "sysadmin":
{
args.Identity = new SystemConfigurationIdentity(new UserIdentity(userNameToken));
Utils.LogInfo("SystemConfigurationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS administrator
case "appadmin":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationAdmin);
Utils.LogInfo("ApplicationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS user
case "appuser":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationUser);
Utils.LogInfo("ApplicationUser Token Accepted: {0}", args.Identity.DisplayName);
return;
}
}
}
}
// check for x509 user token.
X509IdentityToken x509Token = args.NewIdentity as X509IdentityToken;
if (x509Token != null)
{
GdsRole role = GdsRole.ApplicationUser;
VerifyUserTokenCertificate(x509Token.Certificate);
// todo: is cert listed in admin list? then
// role = GdsRole.ApplicationAdmin;
Utils.LogInfo("X509 Token Accepted: {0} as {1}", args.Identity.DisplayName, role.ToString());
args.Identity = new RoleBasedIdentity(new UserIdentity(x509Token), role);
return;
}
}
public RoleBasedIdentity(IUserIdentity identity, GdsRole role)
{
m_identity = identity;
m_role = role;
}
