/// <summary> /// Remove Authorization Delegate /// </summary> private void RemoveDelegate() { // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Users //Sql Storage connection string string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password"; //Create an instance of SqlAzManStorage class IAzManStorage storage = new SqlAzManStorage(sqlConnectionString); IAzManStore mystore = storage.GetStore("My Store"); //or storage["My Store"] IAzManApplication myapp = mystore.GetApplication("My Application"); IAzManItem myop = myapp.GetItem("My Operation"); //Retrieve current user identity (delegating user) WindowsIdentity userIdentity = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()); //for Windows Applications //WindowsIdentity userIdentity = this.Request.LogonUserIdentity; //for ASP.NET Applications //Retrieve delegate user Login NTAccount delegateUserLogin = new NTAccount("DOMAIN", "delegateuseraccount"); //Retrieve delegate user SID SecurityIdentifier delegateSID = (SecurityIdentifier)delegateUserLogin.Translate(typeof(SecurityIdentifier)); IAzManSid delegateNetSqlAzManSID = new SqlAzManSID(delegateSID); //Estabilish delegate authorization (only Allow or Deny) RestrictedAuthorizationType delegateAuthorization = RestrictedAuthorizationType.Allow; //Remove delegate and all custom attributes myop.DeleteDelegateAuthorization(userIdentity, delegateNetSqlAzManSID, delegateAuthorization); }
/// <summary> /// Creates the delegation [DB Users]. /// </summary> /// <param name="delegatingUser">The delegating user.</param> /// <param name="delegateUser">The delegate user.</param> /// <param name="authorizationType">Type of the authorization.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> /// <returns>IAzManAuthorization</returns> public IAzManAuthorization CreateDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo) { //DateTime range check if (validFrom.HasValue && validTo.HasValue) { if (validFrom.Value > validTo.Value) throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied."); } string delegatedName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal); //Check if user has AllowWithDelegation permission on this Item. if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation) { string msg = String.Format("Create Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue); throw new SqlAzManException(msg); } WhereDefined sidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP; if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot create a Delegate defined on local in Administrator Mode"); } IAzManSid owner = delegatingUser.CustomSid; string ownerName = delegatingUser.UserName; WhereDefined ownerSidWhereDefined = WhereDefined.Database; int? authorizationId = 0; this.db.CreateDelegate(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, delegateUser.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), ref authorizationId); IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, authorizationId.Value, owner, ownerSidWhereDefined, delegateUser, sidWhereDefined, (AuthorizationType)authorizationType, validFrom, validTo, this.ens); this.raiseDelegateCreated(this, result); if (this.ens != null) this.ens.AddPublisher(result); return result; }
/// <summary> /// Removes the delegate [DB Users]. /// </summary> /// <param name="delegatingUser">The delegating user.</param> /// <param name="delegateUser">The delegate user.</param> /// <param name="authorizationType">Type of the authorization.</param> public void DeleteDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType) { string delegatedName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal); //Check if user has AllowWithDelegation permission on this Item. if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation) { string msg = String.Format("Remove Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue); throw new SqlAzManException(msg); } WhereDefined memberWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP; if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && memberWhereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot remove Delegates defined on local in Administrator Mode"); } IAzManSid owner = delegatingUser.CustomSid; string ownerName = delegatingUser.UserName; foreach (IAzManAuthorization auth in this.GetAuthorizations(owner, delegateUser)) { if ((byte)auth.AuthorizationType == (byte)authorizationType) { int affectedRecords = db.DeleteDelegate(auth.AuthorizationId, owner.BinaryValue); if (affectedRecords != 0) this.raiseDelegateDeleted(this, delegatingUser.CustomSid, delegateUser, authorizationType); } } }
private void raiseDelegateDeleted(IAzManItem item, IAzManSid delegatingUserSid, IAzManSid delegateUserSid, RestrictedAuthorizationType authorizationType) { if (this.DelegateDeleted != null) this.DelegateDeleted(item, delegatingUserSid, delegateUserSid, authorizationType); }