static PrincipalList()
{
principals = new System.Collections.Generic.Dictionary <string, DateTime>();
// Retrieve the stored SID list from the settings.
string[] storedSIDs = Settings.SIDs;
if (storedSIDs != null)
{
for (int i = 0; i < storedSIDs.Length; i++)
{
PrincipalList.AddSID(storedSIDs[i], DateTime.Now.AddMinutes(Settings.AdminRightsTimeout * -1));
}
}
Settings.SIDs = null;
}
public static void AddPrincipal(WindowsIdentity userIdentity, DateTime?expirationTime, string remoteAddress)
{
// TODO: Only do this if the principal is not a member of the group?
/*
#if DEBUG
* ApplicationLog.WriteInformationEvent(string.Format("User is a member of {0:N0} groups.", userIdentity.Groups.Count), EventID.DebugMessage);
#endif
*
#if DEBUG
* ApplicationLog.WriteInformationEvent("Checking local allowed/denied list.", EventID.DebugMessage);
#endif
*/
bool userIsAuthorized = Shared.UserIsAuthorized(userIdentity, Settings.LocalAllowedEntities, Settings.LocalDeniedEntities);
#if DEBUG
ApplicationLog.WriteInformationEvent(string.Format("User is authorized: {0}", userIsAuthorized), EventID.DebugMessage);
#endif
if (!string.IsNullOrEmpty(remoteAddress))
{ // Request is from a remote computer. Check the remote authorization list.
/*
#if DEBUG
* ApplicationLog.WriteInformationEvent("Checking remote allowed/denied list.", EventID.DebugMessage);
#endif
*/
userIsAuthorized &= Shared.UserIsAuthorized(userIdentity, Settings.RemoteAllowedEntities, Settings.RemoteDeniedEntities);
/*
#if DEBUG
* ApplicationLog.WriteInformationEvent(string.Format("User is authorized: {0}", userIsAuthorized), EventID.DebugMessage);
#endif
*/
}
if (
(LocalAdminGroup != null) &&
(userIdentity.User != null) &&
(userIdentity.Groups != null) &&
(userIsAuthorized)
)
{
PrincipalList.AddSID(userIdentity, expirationTime, remoteAddress);
AddPrincipalToAdministrators(userIdentity.User, /* expirationTime, */ remoteAddress);
}
}