/// <summary>
/// Evaluates the specified authority against the specified context.
/// </summary>
/// <param name="principal">Must be an <see cref="IPrincipal"/> object.</param>
/// <param name="ruleName">The name of the rule to evaluate.</param>
/// <returns><c>true</c> if the expression evaluates to true,
/// otherwise <c>false</c>.</returns>
public override bool Authorize(IPrincipal principal, string ruleName)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (ruleName == null || ruleName.Length == 0)
{
throw new ArgumentNullException("ruleName");
}
InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, ruleName);
BooleanExpression booleanExpression = GetParsedExpression(ruleName);
if (booleanExpression == null)
{
throw new InvalidOperationException(string.Format(Properties.Resources.AuthorizationRuleNotFoundMsg, ruleName));
}
bool result = booleanExpression.Evaluate(principal);
if (result == false)
{
InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, ruleName);
}
return(result);
}
/// <summary>
/// Checks a user's authorization against a given rule
/// </summary>
/// <param name="principal">The user to authorize</param>
/// <param name="context">The name of the rule to check</param>
/// <returns>boolean indicating whether the user is authorized</returns>
public override bool Authorize(System.Security.Principal.IPrincipal principal, string context)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (context == null || context.Length == 0)
{
throw new ArgumentNullException("context");
}
//SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context);
InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, context);
DataTable dt = SqlHelper.ExecuteDataTable(CommandType.Text, "select * from tbOper where cnvcOperName='" + principal.Identity.Name + "'");
if (dt.Rows.Count == 0)
{
return(false);
}
Oper oper = new Oper(dt);
object objOperFunc = SqlHelper.ExecuteScalar(CommandType.Text, "select count(*) from tbOperFunc where cnnOperID=" + oper.cnnOperID + " and cnvcFuncCode='" + context + "'");
object objDeptFunc = SqlHelper.ExecuteScalar(CommandType.Text, "select count(*) from tbDeptFunc where cnnDeptID=" + oper.cnnDeptID + " and cnvcFuncCode='" + context + "'");
int iOperFunc = Convert.ToInt32(objOperFunc);
int iDeptFunc = Convert.ToInt32(objDeptFunc);
bool result = iOperFunc + iDeptFunc > 0 ? true : false;
if (result == false)
{
//SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context);
InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, context);
}
return(result);
}
/// <summary>
/// Evaluates the specified authority against the specified context that is either a task or operation in Authorization Manager. If the context is an operation it should be prefixed by "O".
/// </summary>
/// <param name="principal">Principal object containing a windows identity.</param>
/// <param name="context">Name of the task or operation to evaluate.</param>
/// <returns><strong>True</strong> if AzMan evaluates to true,
/// otherwise <strong>false</strong>.</returns>
public override bool Authorize(IPrincipal principal, string context)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (context == null)
{
throw new ArgumentNullException("context");
}
WindowsIdentity winIdentity = principal.Identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(Properties.Resources.WindowsIdentityOnly);
}
// INSTRUMENTATION
//SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context);
string auditIdentifier = this.auditIdentifierPrefix + principal.Identity.Name + ":" + context;
bool result = false;
bool operation = false;
if (context.IndexOf(OperationContextPrefix) == 0)
{
operation = true;
context = context.Substring(OperationContextPrefix.Length);
}
if (operation)
{
string[] operations = new string[] { context };
result = CheckAccessOperations(auditIdentifier, winIdentity, operations);
}
else
{
string[] tasks = new string[] { context };
result = CheckAccessTasks(auditIdentifier, winIdentity, tasks);
}
InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, context);
if (result == false)
{
InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, context);
}
return(result);
}
/// <summary>
/// Evaluates the specified authority against the specified context.
/// </summary>
/// <param name="principal">Must be an <see cref="IPrincipal"/> object.</param>
/// <param name="ruleName">The name of the rule to evaluate.</param>
/// <returns><c>true</c> if the expression evaluates to true,
/// otherwise <c>false</c>.</returns>
public override bool Authorize(IPrincipal principal, string ruleName)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (ruleName == null || ruleName.Length == 0)
{
throw new ArgumentNullException("ruleName");
}
//get the rules from the cache
if (m_CacheManager.ContainsKey(CACHEKEY))
{
GetAuthorizationRulesFromCache();
}
else
{
GetAuthorizationRules();
}
InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, ruleName);
BooleanExpression booleanExpression = GetParsedExpression(ruleName);
if (booleanExpression == null)
{
throw new InvalidOperationException(string.Format("Authorization Rule Not Found", ruleName));
}
bool result = booleanExpression.Evaluate(principal);
if (result == false)
{
InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, ruleName);
}
return(result);
}
/// <summary>
/// Checks a user's authorization against a given rule
/// </summary>
/// <param name="principal">The user to authorize</param>
/// <param name="context">The name of the rule to check</param>
/// <returns>boolean indicating whether the user is authorized</returns>
public override bool Authorize(System.Security.Principal.IPrincipal principal, string context)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (context == null || context.Length == 0)
{
throw new ArgumentNullException("context");
}
if (mgr == null)
{
mgr = new DbRulesManager(database);
}
//SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context);
InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, context);
BooleanExpression expression = GetParsedExpression(context, mgr);
if (expression == null)
{
//todo : better exception
throw new ApplicationException(String.Format("Authorization Rule {0} not found in the database.", context));
}
bool result = expression.Evaluate(principal);
if (result == false)
{
//SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context);
InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, context);
}
return(result);
}
