public bool AccessCheckWithArg(string audit, Operations op, WindowsIdentity clientIdentity, string argName, object argValue) { try { // first step is to create an AzMan context for the client // this looks at the security identifiers (SIDs) in the user's // access token and maps them onto AzMan roles, tasks, and operations IAzClientContext ctx = app.InitializeClientContextFromToken( (ulong)clientIdentity.Token.ToInt64(), null); // next step is to see if this user is authorized for // the requested operation. Note that AccessCheck allows // you to check multiple operations at once if you desire object[] scopes = { "" }; object[] operations = { (int)op }; object[] argNames = { argName }; object[] argValues = { argValue }; object[] results = (object[])ctx.AccessCheck(audit, scopes, operations, argNames, argValues, null, null, null); int result = (int)results[0]; return(0 == result); } catch (COMException x) { throw new AzManException("AccessCheckWithArg failed", x); } }
private bool AzManTestCheckAccess() { WindowsIdentity identity = WindowsIdentity.GetCurrent(); string applicationName = "Application Test"; string[] operations = new string[] { this.txtOperation.Text }; HybridDictionary businessRuleParameters = new HybridDictionary(); AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, AzManStorePath, null); IAzApplication azApp = store.OpenApplication(applicationName, null); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken((UInt64)identity.Token, null); // costruisce il vettore dei valori e dei delle regole di business Object[] names = new Object[0]; Object[] values = new Object[0]; Object[] operationIds = new Object[operations.Length]; for (Int32 index = 0; index < operations.Length; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } Object[] internalScopes = new Object[1]; Object[] result = (Object[])clientCtx.AccessCheck("AuditString", internalScopes, operationIds, names, values, null, null, null); foreach (Int32 accessAllowed in result) { if (accessAllowed != 0) { return(false); } } return(true); }
/// <devdoc> /// Checks access to specified a set of tasks in a specified application in a specified scope. /// </devdoc> private bool CheckAccessTasks(string auditIdentifier, WindowsIdentity identity, string[] tasks) { string[] scopes = new string[] { this.scopeName }; IAzApplication azApp = null; try { IAzClientContext clientCtx = GetClientContext(identity, this.applicationName, out azApp); object[] operationIds = GetTaskOperations(azApp, tasks); object[] internalScopes = null; if (scopes != null) { internalScopes = new object[1]; internalScopes[0] = scopes[0]; } object[] result = (object[])clientCtx.AccessCheck(auditIdentifier, internalScopes, operationIds, null, null, null, null, null); foreach (int accessAllowed in result) { if (accessAllowed != 0) { return(false); } } } catch (COMException comEx) { throw new SecurityException(comEx.Message, comEx); } return(true); }
/// <devdoc> /// Gets the client context for the call based on the identity, system and parameters. /// </devdoc> private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp) { lock (contextLock) { AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, this.storeLocation, null); azApp = store.OpenApplication(applicationName, null); } ulong tokenHandle = (ulong)identity.Token.ToInt64(); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null); return(clientCtx); }
/// <devdoc> /// Gets the client context for the call based on the identity, system and parameters. /// </devdoc> private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp) { WindowsIdentity winIdentity = identity as WindowsIdentity; if (winIdentity == null) { throw new ArgumentException(SR.WindowsIdentityOnly); } AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, data.StoreLocation, null); azApp = store.OpenApplication(applicationName, null); Debug.Assert(azApp != null, "could not open the application"); ulong tokenHandle = (ulong)winIdentity.Token.ToInt64(); IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null); Debug.Assert(clientCtx != null, "could not get the context"); return(clientCtx); }
/// <devdoc> /// Checks access to specified a set of operations in a specified application in a specified scope. /// </devdoc> private bool CheckAccessOperations(AzManAuthorizationProviderData data, string auditIdentifier, IIdentity identity, string[] operations) { string[] scopes = new string[] { data.Scope }; IAzApplication azApp = null; try { IAzClientContext clientCtx = GetClientContext(data, identity, data.Application, out azApp); Debug.Assert(azApp != null); object[] operationIds = new object[operations.Length]; for (int index = 0; index < operations.Length; index++) { operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID; } object[] internalScopes = null; if (scopes != null) { internalScopes = new object[1]; internalScopes[0] = scopes[0]; } object[] result = (object[])clientCtx.AccessCheck(auditIdentifier, internalScopes, operationIds, null, null, null, null, null); foreach (int accessAllowed in result) { if (accessAllowed != 0) { return(false); } } } catch (COMException comEx) { throw new SecurityException(comEx.Message, comEx); } return(true); }
/// <summary> /// Check access permission for user /// </summary> /// <returns>void</returns> public bool CheckAccessPermissions(object[] operationIds) { bool bCheckAccess = false; AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass(); AzManStore.Initialize(0, ConfigurationManager.ConnectionStrings[AuthorizationManagerConstants.AZMANPOLICYSTORECONNECTIONSTRING].ConnectionString, null); IAzApplication azApp = AzManStore.OpenApplication(AuthorizationManagerConstants.AZMANAPPLICATION, null); // Get the current user context IPrincipal userPrincipal = HttpContext.Current.User; WindowsIdentity userIdentity = userPrincipal.Identity as WindowsIdentity; IAzClientContext clientContext = azApp.InitializeClientContextFromToken((ulong)userIdentity.Token, null); // Check if user has access to the operations // The first argument, "Auditstring", is a string that is used if you // have run-time auditing turned on object[] result = (object[])clientContext.AccessCheck("CheckAccessPermission", new object[1], operationIds, null, null, null, null, null); // Test the integer array we got back to see which operations are // authorized int accessAllowed = (int)result[0]; if (accessAllowed != 0) { // current user not authorized to perform operation bCheckAccess = false; } else { // current user authorized to perform operation bCheckAccess = true; } return(bCheckAccess); }
private void TestSuAzMan(string azManStorePath, int max) { WindowsIdentity id = WindowsIdentity.GetCurrent(); IAzAuthorizationStore store = new AzAuthorizationStoreClass(); store.Initialize(0, azManStorePath, null); int rnd = 0; // new Random().Next(max); IAzApplication app = store.OpenApplication("Application" + rnd.ToString(), null); IAzClientContext ctx = app.InitializeClientContextFromToken((ulong)id.Token.ToInt64(), null); string opName = "Operation" + rnd.ToString(); IAzOperation op = app.OpenOperation(opName, null); object[] parameterNames = new object[1] { "chiave" }; object[] parameterValues = new object[1] { "valore" }; object[] oRes = (object[])ctx.AccessCheck("Test", null, new object[] { op.OperationID }, parameterNames, parameterValues, null, null, null); foreach (int accessAllowed in oRes) { if (accessAllowed != 0) { break; } } store.CloseApplication("Application" + rnd.ToString(), 0); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(op); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(app); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(store); System.Runtime.InteropServices.Marshal.FinalReleaseComObject(ctx); op = null; ctx = null; app = null; store = null; }
/// <summary> /// Logo Image - Displays the logo of the company /// </summary> /// <summary> /// Message Label - Displays messages to the user /// </summary> /// <summary> /// Approve Link - Link to a page which lists all expense /// reports which need to be approved /// </summary> /// <summary> /// Submit Link - Link to a page which allows a user /// to create a new expense report to submit /// </summary> /// <summary> /// Administration Link - Link to a page which allows an /// administrator to change application settings /// </summary> /// <summary> /// Approve Image - Display an icon that links to a page /// which lists all expense reports which need to be approved /// </summary> /// <summary> /// Administration Image - Displays an icon that links /// to a page which allows an administrator to change /// application settings /// </summary> /// <summary> /// Submit Image - Displays an icon that links /// to a page which allows a user to create a new expense /// report to submit /// </summary> /// <summary> /// Title Label - Displays the application title /// </summary> #endregion /// <summary> /// Page Load - This is executed when the page is first requested /// by the user and additionally when the user clicks a button on /// the form /// </summary> protected void Page_Load(object sender, System.EventArgs e) { // // Check for this is the first time the page is being loaded // only fill in the form if this is the first time otherwise // any user changes will be lost // if (!Page.IsPostBack) { // // Get the client context // IAzClientContext AzClient = ExpenseCommon.GetAzClientContext(); // // Use the client SAM name (\\domain\username) // to display the username // string AccountName = ExpenseCommon.GetClientSamName(); AccountName = AccountName.Substring((AccountName.IndexOf(@"\") + 1)); MSG.Text = string.Concat("Welcome ", AccountName, ":"); // // Get the user's role memberships from the // client context // object[] Roles = (object[])AzClient.GetRoles(null); // // Check for the user has no roles // if (Roles.Length == 0) { MSG.Text = string.Concat(MSG.Text, "<P>Sorry ", AccountName, " you have no Roles. <Br> Please contact your manager <Br></P>"); } else { // // Display links to the various actions the user // can perform depending on the user's role memberships // string Role; foreach (object oRole in Roles) { Role = (string)oRole; switch (Role) { case "Approver": // // User is an approver // Show link to the approval page // ApproveLink.Visible = true; break; case "Administrator": // // User is an administrator // Show link to the administration page // AdminLink.Visible = true; break; case "Submitter": // // User is an submitter // Show link to the expense submission page // SubmitLink.Visible = true; break; } } } } }
/// <summary> /// OK Button Click - When a user clicks the OK button /// save any changes and rediret them to the main page /// </summary> protected void OK_Click(object sender, System.EventArgs e) { // // // Get the client context from the session variables // IAzClientContext AzClient = ExpenseCommon.GetAzClientContext(); // // Check if the user has access to the administer // operation and then save application settings // // // Contains the scope of the access check request // which is set to the application level (null) // object[] scope = new Object[1]; scope[0] = (object)""; // // Contains all the operations associated with // changing the application settings // In this case the administer operation // object[] operations = new Object[1]; operations[0] = ExpenseCommon.AzopAdministrater; // // Contains all the parameter names associated with // application settings. These are organized as // name-value pairs and passed to the business rule // if one is defined. // // THEY MUST BE IN ALPHABETICAL ORDER (A-Z) // Object[] BRNames = new Object[3]; BRNames[0] = (object)ExpenseCommon.ParamAmount; BRNames[1] = (object)ExpenseCommon.ParamDate; BRNames[2] = (object)ExpenseCommon.ParamUserName; // // Contains all the paramenter values associted with // the application settings. // Object[] BRValues = new Object[3]; BRValues[0] = (object)0; BRValues[1] = (object)DateTime.Now.ToShortDateString(); BRValues[2] = (object)ExpenseCommon.GetClientSamName(); // // Run the access check on the administer operation // Passing the audit text, scope, operations and business rule parameters // object[] results = (object[])AzClient.AccessCheck("Change Application Settings", (object)scope, (object)operations, BRNames, BRValues, null, null, null); // // Check for success of the access check // bool bAuthorized = true; foreach (int iResCode in results) { // // Check for access denied // if (iResCode == ExpenseCommon.AccessDenied) { string errorMessage = AzClient.GetBusinessRuleString(); if (errorMessage != "") { Message.Text = "Admin Denied. " + errorMessage; } else { Message.Text = "Access Denied. You do not have sufficient permissions to perform this operation."; } bAuthorized = false; break; } // // Check for other error // else if (iResCode != ExpenseCommon.NoError) { Win32Exception ex = new Win32Exception(); Message.Text = "There was an error performing the AccessCheck: " + ex.Message; } } if (bAuthorized == true) { // // Save the Self Approval setting // ExpenseCommon.SetApproval(self_approval.Checked); // // Save the Maximum Number of Tranascitons setting // ExpenseCommon.SetMaxTransaction(Convert.ToInt32(max_trans.Text)); // // Redirect the user to the main page // Response.Redirect("../index.aspx", false); } else { // // Display reason for the access check failure // Message.Text = "Error Access Denied:" + AzClient.GetBusinessRuleString(); } }
/// <summary> /// Submit Decision Click - When the user clicks the Submit button, /// this submits the descision of the user, approve or reject, /// to the application data store. /// </summary> protected void SubmitDecision_Click(object sender, System.EventArgs e) { // // // Get the client context from the session variables // IAzClientContext AzClient = ExpenseCommon.GetAzClientContext(); // // Check if the user has access to the administer // operation and then save application settings // // // Contains the scope of the access check request // which is set to the application level (null) // object[] scope = new Object[1]; scope[0] = (object)""; // // Contains all the operations associated with // changing the application settings // In this case the approve operation // object[] operations = new Object[1]; operations[0] = ExpenseCommon.AzopApprove; // // Contains all the parameter names associated with // approving an expense. These are organized as // name-value pairs and passed to the business rule // if one is defined // Object[] BRNames = new Object[3]; BRNames[0] = (object)ExpenseCommon.ParamAmount; BRNames[1] = (object)ExpenseCommon.ParamDate; BRNames[2] = (object)ExpenseCommon.ParamUserName; // // Contains all the paramenter values associted with // approving an expense. // Object[] BRValues = new Object[3]; BRValues[0] = (object)ExpenseData["Amount"]; BRValues[1] = (object)ExpenseData["Date"]; BRValues[2] = (object)ExpenseCommon.GetClientSamName(); // // Run the access check on the administer operation // Passing the audit text, scope, operations and business rule parameters // object[] results = (object[])AzClient.AccessCheck("Approve Expense Report", (object)scope, (object)operations, BRNames, BRValues, null, null, null); // // Check for success of the access check // bool bAuthorized = true; foreach (int iResCode in results) { if (iResCode != ExpenseCommon.NoError) { bAuthorized = false; break; } } if (bAuthorized) { // // Check for the user has added comments // if (Comment.Text.Length > 0) { // // Attach the comment to the transaction // ExpenseData["Comment"] = string.Concat(ExpenseData["Comment"], "<p><b>Approver Comment: </b></p>", Comment.Text); ExpenseCommon.SaveTransaction(transID, ExpenseData); } // // Check for the user approved or rejected the expense // if (Decision.SelectedValue == "approve") { // // Approve the expense // ExpenseCommon.ApproveTransaction(transID); } else { // // Reject the expense // ExpenseCommon.RejectTransaction(transID); } // // Redirect the user to pending expenses list // Response.Redirect("List.aspx", true); } else { // // If the access check failed, display an error message to the user // Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString(); return; } }
/// <summary> /// Page Load - This is executed when the page is first requested /// by the user and additionally when the user clicks a button on /// the form /// </summary> protected void Page_Load(object sender, System.EventArgs e) { // // To prevent users from by-passing the portal page (index.aspx) // and going directly to this page, use URL Authorization // See <url> for details. // // // Get the transaction ID from the posted variables // if no transaction ID was posted, i.e. the user // went directly to this page and not from the List.aspx page, // show an error message // try { transID = Convert.ToInt32(Request.QueryString["transactionId"]); } catch (System.ArgumentNullException) { Message.Text = "There was an error retrieving the transaction ID."; return; } // // Get the expense report data from the transaction ID // and check that the transaction exists // ExpenseData = ExpenseCommon.GetTransData(transID); if (ExpenseData == null) { Message.Text = "There was an error retrieving the transaction data. <br>The specified transaction does not exist."; return; } // // Check for this is the first time the page is being loaded // only fill in the form if this is the first time otherwise // any user changes will be lost // if (!Page.IsPostBack) { // // Check if the approver is also the owner of the // expense report and either display the report // or a message depending on the Self Approval setting // of the application // // // Get the status of the transaction // string transStatus = string.Concat(ExpenseCommon.GetTransactionStatus(transID), ""); // // Check for the transaction has not been approved // if (transStatus == "") { // // Check if the current user is the owner of the expense report // if ((ExpenseCommon.GetClientSamName() == ExpenseData["SamName"])) { // // Check for Self Approval is allowed // if (ExpenseCommon.GetSelfApproval() == false) { // // Self approval is not allowed so do not display the // decision buttons and show an error message // Status.Text = string.Concat(Status.Text, "PENDING", "<P>You are not authorized to approve your own expense.</p>"); DecisionGroup.Visible = false; } else { // // Self Approval is allowed so display the // decision buttons and it's status // Status.Text = string.Concat(Status.Text, "PENDING"); DecisionGroup.Visible = true; } } else { // // The current user is not the owner of the expense report so // display the decision buttons // Status.Text = string.Concat(Status.Text, "PENDING"); DecisionGroup.Visible = true; } } else { // // The expense report has been reviewed already // Display it's status and do not show the decision buttons // Status.Text = string.Concat(Status.Text, transStatus); DecisionGroup.Visible = false; } // // Get the client context // IAzClientContext AzClient = ExpenseCommon.GetAzClientContext(); // // Check if the user has permission to list expenses // // // Contains the scope of the access check request // which is set to the application level (null) // object[] scope = new Object[1]; scope[0] = (object)""; // // Contains all the operations associated with // reading an expense // In this case the readExpense operation // object[] operations = new Object[1]; operations[0] = ExpenseCommon.AzopRead; // // Contains all the parameter names associated with // approving an expense. These are organized as // name-value pairs and passed to the business rule // if one is defined // // THEY MUST BE IN ALPHABETICAL ORDER (A-Z) // Object[] BRNames = new Object[3]; BRNames[0] = (object)ExpenseCommon.ParamAmount; BRNames[1] = (object)ExpenseCommon.ParamDate; BRNames[2] = (object)ExpenseCommon.ParamUserName; // // Contains all the paramenter values associted with // approving an expense. // Object[] BRValues = new Object[3]; BRValues[0] = (object)0; BRValues[1] = (object)DateTime.Now.ToShortDateString(); BRValues[2] = (object)ExpenseCommon.GetClientSamName(); // Contains the results from AccessCheck object[] results; try { // // Run the access check on the administer operation // Passing the audit text, scope, operations and business rule parameters // results = (object[])AzClient.AccessCheck("Read Expense Report", (object)scope, (object)operations, BRNames, BRValues, null, null, null); } catch (Exception ex) { Message.Text = "There was an error running AccessCheck: " + ex.Message; return; } // // Check for success of the access check // bool bAuthorized = true; foreach (int iResCode in results) { // // Check for access denied // if (iResCode == ExpenseCommon.AccessDenied) { string errorMessage = AzClient.GetBusinessRuleString(); if (errorMessage != "") { Message.Text = "Read Denied. " + errorMessage; } else { Message.Text = "Access Denied. You do not have sufficient permissions to perform this operation."; } bAuthorized = false; break; } // // Check for other error // else if (iResCode != ExpenseCommon.NoError) { Win32Exception ex = new Win32Exception(); Message.Text = "There was an error performing the AccessCheck: " + ex.Message; } } if (bAuthorized) { // // Display the expense report // DisplayExpense(); } else { // // Access Check failed so display an error message to the user // Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString(); return; } } }
/// <summary> /// Comment TextBox - Allows a user to attach a comment /// to the expense report /// </summary> /// <summary> /// Date TextBox - Date the expense was incurred /// </summary> /// <summary> /// Amount TextBox - Amount of the expense /// </summary> /// <summary> /// Description TextBox - Descriptiong of the expense /// </summary> /// <summary> /// Message Label - Displays any messages to the user /// </summary> /// <summary> /// Submit Group Panel - Contains the UI controls to submit /// an expense /// </summary> /// <summary> /// Logo Link - Displays the company logo and links back to /// the main page of the application /// </summary> /// <summary> /// Title Label - Displays the title of the page /// </summary> /// <summary> /// Description Label - Identifies the description textbox /// </summary> /// <summary> /// Amount Label - Identifies the amount textbox /// </summary> /// <summary> /// Date Label - Identifies the date textbox /// </summary> /// <summary> /// Comment Label - Identifies the comment textbox /// </summary> /// <summary> /// Submit Button - The user clicks this button to submit the expense /// </summary> /// <summary> /// Return Link - Link back to the main page of the application /// </summary> /// <summary> /// Description Validator - Requires that a description is entered /// A description cannot be longer than 50 characters /// </summary> /// <summary> /// Date Validator - Checks that the user entered a valid date between /// the range of 01/01/1900 and 12/31/2999 /// </summary> /// <summary> /// Amount Validator - Checks that the user entered an amount /// </summary> /// <summary> /// Date Validator - Checks that the user entered a date /// </summary> /// <summary> /// Amount Validator - Checks that the user entered a valid amount /// The amount must be between 1 and 99999999999 /// </summary> #endregion /// <summary> /// Submit Button Click - When the user clicks the submit button /// this saves the expense report in the application data store /// </summary> protected void SubmitBtn_Click(object sender, System.EventArgs e) { // // // Get the client context from the session variables // IAzClientContext AzClient = ExpenseCommon.GetAzClientContext(); // // Check if the user has access to the administer // operation and then save application settings // // // Contains the scope of the access check request // which is set to the application level (null) // object[] scope = new Object[1]; scope[0] = (object)""; // // Contains all the operations associated with // changing the application settings // In this case the administer operation // object[] operations = new Object[1]; operations[0] = ExpenseCommon.AzopSubmit; // // Contains all the parameter names associated with // submitting an expense. These are organized as // name-value pairs and passed to the business rule // if one is defined // // THEY MUST BE IN ALPHABETICAL ORDER (A-Z) // Object[] BRNames = new Object[3]; BRNames[0] = (object)ExpenseCommon.ParamAmount; BRNames[1] = (object)ExpenseCommon.ParamDate; BRNames[2] = (object)ExpenseCommon.ParamUserName; // // Contains all the paramenter values associted with // the submitting an expense. // Object[] BRValues = new Object[3]; BRValues[0] = (object)Amount.Text; BRValues[1] = (object)Date.Text; BRValues[2] = (object)ExpenseCommon.GetClientSamName(); // Contains the results from the AccessCheck object[] results; try { // // Run the access check on the administer operation // Passing the audit text, scope, operations and business rule parameters // results = (object[])AzClient.AccessCheck("Change Application Settings", (object)scope, (object)operations, BRNames, BRValues, null, null, null); } catch (Exception ex) { MSG.Text = "There was an error running the AccessCheck: " + ex.Message; return; } // // Check for success of the access check // bool bAuthorized = true; foreach (int iResCode in results) { // // Check for access denied // if (iResCode == ExpenseCommon.AccessDenied) { string errorMessage = AzClient.GetBusinessRuleString(); if (errorMessage != "") { MSG.Text = "Submission Denied. " + errorMessage; } else { MSG.Text = "Access Denied. You do not have sufficient permissions to perform this operation."; } bAuthorized = false; break; } // // Check for other error // else if (iResCode != ExpenseCommon.NoError) { Win32Exception ex = new Win32Exception(); MSG.Text = "There was an error performing the AccessCheck: " + ex.Message; } } if (bAuthorized) { // // AccessCheck passed so submit the expense report // // // Store the expense report in a name-value collection // StringDictionary ExpenseData = new StringDictionary(); // // Save the user SAM name (\\domain\username) // string name = ExpenseCommon.GetClientSamName(); ExpenseData.Add("SamName", name); // // Save the user Friendly Name // name = name.Substring((name.IndexOf(@"\") + 1)); ExpenseData.Add("User", name); // // Save the transaction date // ExpenseData.Add("Date", Date.Text); // // Save the expense description // ExpenseData.Add("Description", Description.Text); // // Save the expense amount // ExpenseData.Add("Amount", Amount.Text); // // Attach any comments to the expense report // ExpenseData.Add("Comment", Comment.Text); // // Save the transaction // ExpenseCommon.SaveTransaction(ExpenseCommon.AssignNextTransaction(), ExpenseData); // // Show link to submit a new expense or // to return to the main page // MSG.Text = "Submission Sucessful.<p><a href='Submit.aspx'>Submit new expense</a> | <a href='../index.aspx'>Return to Main Menu</a></p>"; // // Clear form for new entry // Description.Text = ""; Amount.Text = ""; Date.Text = ""; Comment.Text = ""; SubmitGroup.Visible = false; } }
/// <summary> /// Message Label - Displays any messages for the user /// </summary> /// <summary> /// Transaction List - Displays the transactions /// filtered by the ModeSelect drop down listbox /// </summary> /// <summary> /// Mode Select Drop Down ListBox - Filters which /// expense transactions are displayed in the transaction list /// </summary> /// <summary> /// Mode Label - Displays the filter on the transaction list /// </summary> /// <summary> /// Logo Link - Displays the company logo and links /// back to the main page of the application /// </summary> /// <summary> /// Title Label - Displays the page title /// </summary> /// <summary> /// Return Link - Displays a link back to the main /// page of the application /// </summary> #endregion /// <summary> /// Page Load - This is executed when the page is first requested /// by the user and additionally when the user clicks a button on /// the form /// </summary> protected void Page_Load(object sender, System.EventArgs e) { // // To prevent users from by-passing the portal page (index.aspx) // and going directly to this page, use URL Authorization // See <url> for details. // // // Check for this is the first time the page is being loaded // only fill in the form if this is the first time otherwise // any user changes will be lost // if (!Page.IsPostBack) { // // Get the client context // IAzClientContext AzClient = ExpenseCommon.GetAzClientContext(); // // Check if the user has permission to list expenses // // // Contains the scope of the access check request // which is set to the application level (null) // object[] scope = new Object[1]; scope[0] = (object)""; // // Contains all the operations associated with // listing an expense // In this case the list operation // object[] operations = new Object[1]; operations[0] = ExpenseCommon.AzopList; // // Contains all the parameter names. These are organized as // name-value pairs and passed to the business rule // if one is defined // // THEY MUST BE IN ALPHABETICAL ORDER (A-Z) // Object[] BRNames = new Object[3]; BRNames[0] = (object)ExpenseCommon.ParamUserName; BRNames[1] = (object)ExpenseCommon.ParamDate; BRNames[2] = (object)ExpenseCommon.ParamUserName; // // Contains all the paramenter values // Object[] BRValues = new Object[3]; BRValues[0] = (object)0; BRValues[1] = (object)DateTime.Now.ToShortDateString(); BRValues[2] = (object)ExpenseCommon.GetClientSamName(); // Contains the results from AccessCheck object[] results; try { // // Run the access check on the list operation // Passing the audit text, scope, operations and business rule parameters // results = (object[])AzClient.AccessCheck("List Expense Reports", (object)scope, (object)operations, BRNames, BRValues, null, null, null); } catch (Exception ex) { MSG.Text = "There was an error running AccessCheck: " + ex.Message; throw(ex); } // // Check for success of the access check // bool bAuthorized = true; foreach (int iResCode in results) { // // Check for access denied for each operation // if (iResCode == ExpenseCommon.AccessDenied) { string errorMessage = AzClient.GetBusinessRuleString(); if (errorMessage != "") { MSG.Text = "List Denied. " + errorMessage; } else { MSG.Text = "Access Denied. You do not have sufficient permissions to perform this operation."; } bAuthorized = false; break; } // // Check for other error // else if (iResCode != ExpenseCommon.NoError) { Win32Exception ex = new Win32Exception(iResCode, "There was an error performing the AccessCheck: "); } } if (bAuthorized) { // // List the expense reports // ListTransactions(); } else { // // Access Check failed so display an error message to the user // MSG.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString(); return; } } }