public UserRoles GetUserRoles(IPrincipal principal) { UserRoles roles = UserRoles.AccessDenied; if (principal.Identity is WindowsIdentity) { WindowsPrincipal winPrincipal = new WindowsPrincipal(principal.Identity as WindowsIdentity); // if a user account is in Administrator group, it must also be an hpc admin if (winPrincipal.IsInRole(WindowsBuiltInRole.Administrator) || winPrincipal.IsInRole(AuthenticationUtil.HpcAdminMirrorSid)) { roles |= UserRoles.Administrator; } if (winPrincipal.IsInRole(AuthenticationUtil.HpcJobAdministratorSid)) { roles |= UserRoles.JobAdministrator; } if (winPrincipal.IsInRole(AuthenticationUtil.HpcJobOperatorsSid)) { roles |= UserRoles.JobOperator; } // HpcUsers are users and PowerUsers are users... if (winPrincipal.IsInRole(AuthenticationUtil.HpcUsersSid) || winPrincipal.IsInRole(WindowsBuiltInRole.PowerUser)) { roles |= UserRoles.User; } } else if (principal.IsHpcAadPrincipal()) { ClaimsPrincipal claimPrincipal = (ClaimsPrincipal)principal; if (claimPrincipal.IsInRole(AuthenticationUtil.HpcAdminGroupName)) { roles |= UserRoles.Administrator; } if (claimPrincipal.IsInRole(AuthenticationUtil.HpcUserGroupName)) { roles |= UserRoles.User; } if (claimPrincipal.IsInRole(AuthenticationUtil.HpcJobAdministratorsGroupName)) { roles |= UserRoles.JobAdministrator; } if (claimPrincipal.IsInRole(AuthenticationUtil.HpcJobOperatorsGroupName)) { roles |= UserRoles.JobOperator; } } else if (WcfChannelModule.IsX509Identity(principal.Identity)) { roles |= UserRoles.Administrator; } return(roles); }
/// <summary> /// Check access /// </summary> /// <param name="context">indicating the security context</param> /// <returns>whether the access is allowed</returns> public virtual bool CheckAccess(ServiceSecurityContext context) { if (SoaHelper.IsOnAzure()) { // Skip this check on Azure. return(true); } if (context == null) { return(false); } if (WcfChannelModule.IsX509Identity(context.PrimaryIdentity)) { return(true); } WindowsIdentity user = context.WindowsIdentity; return(this.CheckAccess(user)); }