public static VHostOption Parse2Conf(this DomainEntity domain) { TranscodeOption transcodeOption = domain.TranscodeList?.Parse2Conf(); SecurityOption securityOption = domain.SecurePolicy?.Parse2Conf(); VHostOption vHostOption = new VHostOption(domain.SourceDomain); vHostOption.TranscodeOptions = new List <TranscodeOption>(); if (transcodeOption != null) { vHostOption.TranscodeOptions.Add(transcodeOption); } vHostOption.security = securityOption; vHostOption.http_hooks = domain.SecurePolicy?.Parse2HookConf(); if (domain.RecordTemplate != null) { if (vHostOption.http_hooks == null) { vHostOption.http_hooks = new HttpHookerOption(); } vHostOption.dvr = domain.RecordTemplate?.Parse2Conf(); vHostOption.http_hooks.on_dvr += $" {ConfigurationValue.DefaultCallbackDomain}api/State/DvrCallback"; } //todo:在这增加拉流设置拉流功能. return(vHostOption); }
/// <summary> /// Initializes a new instance of the <see cref="EntityIterator" /> class. /// </summary> /// <param name="identifiers">The identifiers.</param> /// <param name="writable">if set to <c>true</c> [writable].</param> /// <param name="securityOption">The security options.</param> /// <param name="retrievalFunction">The function to be performed when iteration starts.</param> /// <param name="activationFunction">The activation function.</param> /// <param name="bulkFieldLoadAction">The bulk field load action.</param> /// <param name="sourceEntityIsWritable">The source entity is writable.</param> /// <exception cref="System.ArgumentNullException">identifiers</exception> public EntityIterator(IEnumerable <EntityRef> identifiers, bool writable, SecurityOption securityOption, Func <List <ActivationData> > retrievalFunction, Func <ActivationData, IEntity> activationFunction, Action <IEntity> bulkFieldLoadAction, bool?sourceEntityIsWritable = null) { if (identifiers == null) { throw new ArgumentNullException("identifiers"); } if (retrievalFunction == null) { throw new ArgumentNullException("retrievalFunction"); } if (activationFunction == null) { throw new ArgumentNullException("activationFunction"); } if (bulkFieldLoadAction == null) { throw new ArgumentNullException("bulkFieldLoadAction"); } ///// // Set constructor references. ///// _identifiers = identifiers; _writable = writable; _retrievalFunction = retrievalFunction; _activationFunction = activationFunction; _bulkFieldLoadAction = bulkFieldLoadAction; _securityOption = securityOption; _sourceEntityIsWritable = sourceEntityIsWritable; }
//[ChildActionOnly] //public PartialViewResult _MemberList() //{ // AllMembers am = new AllMembers(); // return PartialView(am.GetMembers()); //} private bool UserCan(SecurityOption role) { ClaimsPrincipal claimsPrincipal = AuthenticationManager.User; string id = claimsPrincipal.Identity.GetUserId(); if (UserManager.IsInRole(id, "SuperUser")) { return(true); } switch (role) { case SecurityOption.CanCreateUser: if (UserManager.IsInRole(id, "MemberAdmin")) { return(true); } break; case SecurityOption.CanCreateTrip: if (UserManager.IsInRole(id, "TripAdmin")) { return(true); } break; default: return(false); } return(false); }
public static void AddCustomAuthentication(this IServiceCollection services, IConfiguration configuration) { SecurityOption securityOption = new SecurityOption(); configuration.GetSection("Jwt").Bind(securityOption); services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { string maClef = securityOption.Key; options.SaveToken = true; options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(maClef)), ValidateAudience = false, ValidateIssuer = false, ValidateActor = false, ValidateLifetime = true }; });; }
private TcpClientSession CreateSecureTcpSession() { SslStreamTcpSession sslStreamTcpSession = new SslStreamTcpSession(); SecurityOption securityOption2 = sslStreamTcpSession.Security = new SecurityOption(); securityOption2.EnabledSslProtocols = m_SecureProtocols; return(sslStreamTcpSession); }
public static SecurityOption Parse2Conf(this SecurePolicyEntity secureEntity) { SecurityOption option = new SecurityOption(); option.enabled = "off"; option.settings = new List <SecuritySetting>(); return(option); }
/// <summary> /// Initializes a new instance of the <see cref="EntityIterator" /> class. /// </summary> /// <param name="identifiers">The identifiers.</param> /// <param name="writable"> /// if set to <c>true</c> [writable]. /// </param> /// <param name="securityOption">The security options.</param> /// <param name="retrievalFunction">The function to be performed when iteration starts.</param> /// <exception cref="System.ArgumentNullException">identifiers</exception> public BulkEntityIterator(IEnumerable <EntityRef> identifiers, bool writable, SecurityOption securityOption, Func <List <IEntity> > retrievalFunction) { if (identifiers == null) { throw new ArgumentNullException("identifiers"); } if (retrievalFunction == null) { throw new ArgumentNullException("retrievalFunction"); } ///// // Set constructor references. ///// _identifiers = identifiers; _writable = writable; _retrievalFunction = retrievalFunction; _securityOption = securityOption; }
/// <summary> /// Loads structured data for the specified entity. /// </summary> /// <param name="entityIds">The IDs of the entities to load.</param> /// <param name="request">The description of fields and related entities to load.</param> /// <param name="securityOption">How to handle access denied situations.</param> /// <returns>The requested data.</returns> /// <exception cref="PlatformSecurityException"> /// Thrown if the user lacks read access to the given entities and <paramref name="securityOption"/> is <see cref="SecurityOption.DemandAll"/>. /// </exception> public IEnumerable <EntityData> GetEntitiesData(IEnumerable <EntityRef> entityIds, EntityMemberRequest request, SecurityOption securityOption = SecurityOption.SkipDenied) { try { if (entityIds == null) { throw new ArgumentNullException("entityIds"); } if (entityIds.Any(e => e == null)) { throw new ArgumentNullException("entityIds", "One of the entityIds was null."); } request = ValidateRequest(request); // Create context Context context = new Context(); // Load top-level entities IEntityRef[] members = RequestedMembers(request, context); IEnumerable <IEntity> entities = Entity.Get(entityIds, false, securityOption, true, members); // Fill data IEnumerable <EntityData> result = PackageEntities(context, request, entities, true); var list = result.Where(e => e != null).ToList(); return(list); } catch (Exception ex) { if (entityIds != null) { string.Join(", ", entityIds); } EventLog.Application.WriteError("Failed GetEntitiesData:\n{0}\nRequest:\n{1}\n\nException:\n{2}", entityIds, request == null ? "null" : request.Debug(), ex); throw; } }
/// <summary> /// Converts an unsecured BulkRequestResult to a secured EntityData structure. /// </summary> public static IEnumerable <EntityData> BuildAndSecureResults(BulkRequestResult data, IEnumerable <long> entities, SecurityOption securityOption) { // Get readability (security) for all entities in the unsecured result set var readability = BulkRequestResultSecurityHelper.GetEntityReadability(Factory.EntityAccessControlService, data); // Prepare for recursive walk var context = new Context { Readability = readability, RawData = data, BulkSqlQuery = data.BulkSqlQuery }; if (securityOption == SecurityOption.DemandAll) { if (context.RawData.RootEntitiesList.Any(id => !context.Readability(id))) { throw new PlatformSecurityException( RequestContext.GetContext().Identity.Name, new [] { Permissions.Read }, context.RawData.RootEntitiesList .Where(id => !context.Readability(id)) .Select(id => new EntityRef(id))); } } else if (securityOption != SecurityOption.SkipDenied) { throw new ArgumentException( string.Format("Unknown security option {0}", securityOption), "securityOption"); } IEnumerable <EntityData> result = GetRootEntities(context, entities); return(result); }
public JwtTokenGenerator(IOptions <SecurityOption> option) { this.securityOption = option.Value; }
/// <summary> /// Loads a graph of entities and returns the root. /// </summary> /// <param name="ids">The root entity of the graph.</param> /// <param name="preloadQuery">The entity member request of what related content to load.</param> /// <param name="securityOption"></param> /// <returns>An IEntity that represents the root node, or null if it could not be found.</returns> private IEnumerable <IEntity> GetImpl(IEnumerable <long> ids, string preloadQuery, SecurityOption securityOption) { CheckActivation( ); if (ids == null) { throw new ArgumentNullException("ids"); } if (preloadQuery == null) { throw new ArgumentNullException("preloadQuery"); } // Check IDs // (implemented within 'select' to participate in the single-pass only) Func <long, EntityRef> checkAndConvertId = id => { if (EntityId.IsTemporary(id)) { throw new InvalidOperationException("GraphEntityRepository cannot load temporary entities."); } return(new EntityRef(id)); }; var entityRefs = ids.Select(checkAndConvertId); EntityRequest request = new EntityRequest(entityRefs, preloadQuery, "GraphEntityRepository"); // Load data, unsecured, via EntityInfoService cache BulkRequestResult unsecuredResult = BulkResultCache.GetBulkResult(request); List <long> loadedRootEntities = unsecuredResult.RootEntitiesList; if (loadedRootEntities.Count == 0) { return(EmptyEntityList); } // Create the graph long tenantId = RequestContext.TenantId; var graph = new SecuredGraphEntityDataRepository(tenantId, unsecuredResult, EntityAccessControlService); // Secure the root entities IReadOnlyCollection <long> securedRootEntityIds = graph.SecureList(loadedRootEntities, securityOption); // Create wrappers IEnumerable <IEntity> result = securedRootEntityIds.Select(id => new GraphEntity(id, graph)); return(result); }
/// <summary> /// Returns a secured version of the list of entity IDs. /// </summary> /// <remarks> /// The first instance of an actual security check will result in security being calculated for the entire graph. /// The applicable user is noted, and if a different user attempts to access, then an exception is thrown. /// Note: this does not affect the cacheability, as caching happens at BulkRequestResult, which is unsecured. /// </remarks> /// <param name="list">The entities to secure</param> /// <param name="securityOption"></param> /// <param name="relTypeAndDir">Optionally, the relationship along which the entities were reached. Use negative for reverse.</param> /// <returns>The list to which the user has read permission.</returns> internal IReadOnlyCollection <long> SecureList(IReadOnlyCollection <long> list, SecurityOption securityOption, long relTypeAndDir = 0) { // Apply security bypass context if (SecurityBypassContext.IsActive) { return(list); } // If this relationship implies security, then immediately return results if (relTypeAndDir != 0) { RelationshipInfo relationshipInfo; if (_unsecuredGraphData.BulkSqlQuery.Relationships.TryGetValue(relTypeAndDir, out relationshipInfo)) { if (relationshipInfo.ImpliesSecurity) { return(list); } } // else assert false } // Determine if we have pre-calculated security if (_canRead == null) { // Security check on entire graph excluding implicitly secured) // Results returned as a predicate that performs fast lookup _canRead = BulkRequestResultSecurityHelper.GetEntityReadability(_entityAccessControlService, _unsecuredGraphData); _securedForUser = RequestContext.GetContext( ).Identity.Id; } else { // Ensure we are still accessing as the same user. long currentUser = RequestContext.GetContext( ).Identity.Id; if (currentUser != _securedForUser) { throw new InvalidOperationException("An entity graph may only be accessed by a single user."); } } if (securityOption == SecurityOption.DemandAll) { if (list.Any(id => !_canRead(id))) { // Security access has already failed, but for consistency of code paths, let Demand throw the exception. var ids = list.Select(id => new EntityRef(id)).ToList(); _entityAccessControlService.Demand(ids, new [] { Permissions.Read }); throw new Exception("Assert false - Demand should have thrown PlatformSecurityException"); } return(list); } else { List <long> result = list.Where(id => _canRead(id)).ToList( ); return(result); } }
public IEnumerable <EntityData> GetEntitiesData(IEnumerable <EntityRef> entities, EntityMemberRequest request, SecurityOption securityOption = SecurityOption.SkipDenied) { EntityRequest entityRequest = new EntityRequest { QueryType = QueryType.Basic, IgnoreResultCache = true, Entities = entities, Request = request }; return(BulkRequestRunner.GetEntitiesData(entityRequest)); }