private bool ValidateACLPrincipal(string principalName, string userName)
{
if (_allowedSecurityTypes.Contains(AllowedSecurityTypes.Users) && principalName.Equals(userName, StringComparison.OrdinalIgnoreCase))
{
return(true);
}
if (_allowedSecurityTypes.Contains(AllowedSecurityTypes.Roles))
{
string[] userSecurityRoles;
if (Convert.ToBoolean(ConfigurationManager.AppSettings["NeverInteractiveAuth"]) == true)
{
userSecurityRoles = TokenUtilities.GetRolesForUserFromGraph(userName);
}
else
{
userSecurityRoles = TokenUtilities.GetAllClaimsFromToken(userName, "roles");
}
if (userSecurityRoles.Contains(principalName, StringComparer.OrdinalIgnoreCase))
{
return(true);
}
}
return(false);
}
protected void Page_Load(object sender, EventArgs e)
{
// On initial load, redirects to AAD for an auth token.
// On second load (redirect from AAD), redeems the auth token for an access token.
string error = null;
string errorDesc = null;
if (Request.Params.AllKeys.Contains("error"))
{
error = Request.Params.GetValues("error")[0];
errorDesc = Request.Params.GetValues("error_description")[0];
}
else if (Request.Params.AllKeys.Contains("code"))
{
string code = Request.Params.GetValues("code")[0];
authResult = TokenUtilities.GetAuthenticationResultFromAuthCode(code);
}
if (authResult == null)
{
RedirectToAuthority();
}
else
{
HttpCookie cookie = new HttpCookie("RSTypeAuthCookie");
cookie.Values.Add("IsInteractiveAuth", "true");
HttpContext.Current.Response.Cookies.Set(cookie);
FormsAuthentication.SetAuthCookie(authResult.UserInfo.DisplayableId, true);
Response.Redirect("/Reports");
}
}
private bool IsSecurityOverride(string userName)
{
if (_securityOverrides[AllowedSecurityTypes.Users].Contains(userName, StringComparer.OrdinalIgnoreCase))
{
return(true);
}
if (_securityOverrides[AllowedSecurityTypes.Roles].Count > 0)
{
string[] userSecurityRoles;
if (Convert.ToBoolean(ConfigurationManager.AppSettings["NeverInteractiveAuth"]) == true)
{
userSecurityRoles = TokenUtilities.GetRolesForUserFromGraph(userName);
}
else
{
userSecurityRoles = TokenUtilities.GetAllClaimsFromToken(userName, "roles");
}
if (userSecurityRoles.Intersect(_securityOverrides[AllowedSecurityTypes.Roles], StringComparer.OrdinalIgnoreCase).Count() >= 1)
{
return(true);
}
}
return(false);
}
/// <summary>
/// Called when authenticating to the API (non-interactive redirect). Uses the resource owner grant flow to obtain a token.
/// </summary>
public bool LogonUser(string userName, string password, string authority)
{
AuthenticationResult authResult = null;
if (!string.IsNullOrEmpty(userName) && !string.IsNullOrEmpty(password))
{
authResult = TokenUtilities.GetAuthenticationResultFromUserCredentials(userName, password, ConfigurationManager.AppSettings["ClientId"]);
}
if (authResult == null)
{
return(false);
}
else
{
HttpCookie cookie = new HttpCookie("RSTypeAuthCookie");
cookie.Values.Add("IsInteractiveAuth", "false");
HttpContext.Current.Response.Cookies.Set(cookie);
return(true);
}
}
