public UserRoles GetUserRoles(IPrincipal principal)
{
UserRoles roles = UserRoles.AccessDenied;
if (principal.Identity is WindowsIdentity)
{
WindowsPrincipal winPrincipal = new WindowsPrincipal(principal.Identity as WindowsIdentity);
// if a user account is in Administrator group, it must also be an hpc admin
if (winPrincipal.IsInRole(WindowsBuiltInRole.Administrator) || winPrincipal.IsInRole(AuthenticationUtil.HpcAdminMirrorSid))
{
roles |= UserRoles.Administrator;
}
if (winPrincipal.IsInRole(AuthenticationUtil.HpcJobAdministratorSid))
{
roles |= UserRoles.JobAdministrator;
}
if (winPrincipal.IsInRole(AuthenticationUtil.HpcJobOperatorsSid))
{
roles |= UserRoles.JobOperator;
}
// HpcUsers are users and PowerUsers are users...
if (winPrincipal.IsInRole(AuthenticationUtil.HpcUsersSid) || winPrincipal.IsInRole(WindowsBuiltInRole.PowerUser))
{
roles |= UserRoles.User;
}
}
else if (principal.IsHpcAadPrincipal())
{
ClaimsPrincipal claimPrincipal = (ClaimsPrincipal)principal;
if (claimPrincipal.IsInRole(AuthenticationUtil.HpcAdminGroupName))
{
roles |= UserRoles.Administrator;
}
if (claimPrincipal.IsInRole(AuthenticationUtil.HpcUserGroupName))
{
roles |= UserRoles.User;
}
if (claimPrincipal.IsInRole(AuthenticationUtil.HpcJobAdministratorsGroupName))
{
roles |= UserRoles.JobAdministrator;
}
if (claimPrincipal.IsInRole(AuthenticationUtil.HpcJobOperatorsGroupName))
{
roles |= UserRoles.JobOperator;
}
}
else if (WcfChannelModule.IsX509Identity(principal.Identity))
{
roles |= UserRoles.Administrator;
}
return(roles);
}
/// <summary>
/// Check access
/// </summary>
/// <param name="context">indicating the security context</param>
/// <returns>whether the access is allowed</returns>
public virtual bool CheckAccess(ServiceSecurityContext context)
{
if (SoaHelper.IsOnAzure())
{
// Skip this check on Azure.
return(true);
}
if (context == null)
{
return(false);
}
if (WcfChannelModule.IsX509Identity(context.PrimaryIdentity))
{
return(true);
}
WindowsIdentity user = context.WindowsIdentity;
return(this.CheckAccess(user));
}
