Esempio n. 1
0
        /// <summary>
        /// Remove Authorization Delegate
        /// </summary>
        private void RemoveDelegate()
        {
            // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Users

            //Sql Storage connection string
            string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password";
            //Create an instance of SqlAzManStorage class
            IAzManStorage     storage = new SqlAzManStorage(sqlConnectionString);
            IAzManStore       mystore = storage.GetStore("My Store"); //or storage["My Store"]
            IAzManApplication myapp   = mystore.GetApplication("My Application");
            IAzManItem        myop    = myapp.GetItem("My Operation");
            //Retrieve current user identity (delegating user)
            WindowsIdentity userIdentity = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()); //for Windows Applications
            //WindowsIdentity userIdentity = this.Request.LogonUserIdentity; //for ASP.NET Applications
            //Retrieve delegate user Login
            NTAccount delegateUserLogin = new NTAccount("DOMAIN", "delegateuseraccount");
            //Retrieve delegate user SID
            SecurityIdentifier delegateSID            = (SecurityIdentifier)delegateUserLogin.Translate(typeof(SecurityIdentifier));
            IAzManSid          delegateNetSqlAzManSID = new SqlAzManSID(delegateSID);
            //Estabilish delegate authorization (only Allow or Deny)
            RestrictedAuthorizationType delegateAuthorization = RestrictedAuthorizationType.Allow;

            //Remove delegate and all custom attributes
            myop.DeleteDelegateAuthorization(userIdentity, delegateNetSqlAzManSID, delegateAuthorization);
        }
Esempio n. 2
0
        /// <summary>
        /// Creates the delegation [DB Users].
        /// </summary>
        /// <param name="delegatingUser">The delegating user.</param>
        /// <param name="delegateUser">The delegate user.</param>
        /// <param name="authorizationType">Type of the authorization.</param>
        /// <param name="validFrom">The valid from.</param>
        /// <param name="validTo">The valid to.</param>
        /// <returns>IAzManAuthorization</returns>
        public IAzManAuthorization CreateDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
        {
            //DateTime range check
            if (validFrom.HasValue && validTo.HasValue)
            {
                if (validFrom.Value > validTo.Value)
                    throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
            }
            string delegatedName;
            bool isLocal;
            DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal);
            //Check if user has AllowWithDelegation permission on this Item.
            if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation)
            {
                string msg = String.Format("Create Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue);
                throw new SqlAzManException(msg);
            }
            WhereDefined sidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
            if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local)
            {
                throw new SqlAzManException("Cannot create a Delegate defined on local in Administrator Mode");
            }
            IAzManSid owner = delegatingUser.CustomSid;
            string ownerName = delegatingUser.UserName;

            WhereDefined ownerSidWhereDefined = WhereDefined.Database;
            int? authorizationId = 0;
            this.db.CreateDelegate(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, delegateUser.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), ref authorizationId);
            IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, authorizationId.Value, owner, ownerSidWhereDefined, delegateUser, sidWhereDefined, (AuthorizationType)authorizationType, validFrom, validTo, this.ens);
            this.raiseDelegateCreated(this, result);
            if (this.ens != null)
                this.ens.AddPublisher(result);
            return result;
        }
Esempio n. 3
0
        /// <summary>
        /// Removes the delegate [DB Users].
        /// </summary>
        /// <param name="delegatingUser">The delegating user.</param>
        /// <param name="delegateUser">The delegate user.</param>
        /// <param name="authorizationType">Type of the authorization.</param>
        public void DeleteDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType)
        {
            string delegatedName;
            bool isLocal;
            DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal);

            //Check if user has AllowWithDelegation permission on this Item.
            if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation)
            {
                string msg = String.Format("Remove Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue);
                throw new SqlAzManException(msg);
            }
            WhereDefined memberWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
            if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && memberWhereDefined == WhereDefined.Local)
            {
                throw new SqlAzManException("Cannot remove Delegates defined on local in Administrator Mode");
            }
            IAzManSid owner = delegatingUser.CustomSid;
            string ownerName = delegatingUser.UserName;

            foreach (IAzManAuthorization auth in this.GetAuthorizations(owner, delegateUser))
            {
                if ((byte)auth.AuthorizationType == (byte)authorizationType)
                {
                    int affectedRecords = db.DeleteDelegate(auth.AuthorizationId, owner.BinaryValue);
                    if (affectedRecords != 0)
                        this.raiseDelegateDeleted(this, delegatingUser.CustomSid, delegateUser, authorizationType);
                }
            }
        }
Esempio n. 4
0
 private void raiseDelegateDeleted(IAzManItem item, IAzManSid delegatingUserSid, IAzManSid delegateUserSid, RestrictedAuthorizationType authorizationType)
 {
     if (this.DelegateDeleted != null)
         this.DelegateDeleted(item, delegatingUserSid, delegateUserSid, authorizationType);
 }