// [PolicyPermission(System.Security.Permissions.SecurityAction.Demand, PolicyId = PermissionPolicyIdentifiers.CreateDevice)]
internal static void AddDevice(AddDeviceParms parms)
{
var policies = new List <SecurityPolicyInfo>();
if (parms.GrantPolicies?.Count > 0)
{
policies = parms.GrantPolicies.OfType <String>().Select(o => m_client.GetPolicies(r => r.Oid == o).CollectionItem.FirstOrDefault()).OfType <SecurityPolicy>().Select(o => new SecurityPolicyInfo(o)).ToList();
}
if (parms.DenyPolicies?.Count > 0)
{
policies = policies.Union(parms.DenyPolicies.OfType <String>().Select(o => m_client.GetPolicies(r => r.Oid == o).CollectionItem.FirstOrDefault()).OfType <SecurityPolicy>().Select(o => new SecurityPolicyInfo(o))).ToList();
}
policies.ForEach(o => o.Grant = parms.GrantPolicies?.Contains(o.Oid) == true ? Core.Model.Security.PolicyGrantType.Grant : PolicyGrantType.Deny);
if (policies.Count != (parms.DenyPolicies?.Count ?? 0) + (parms.GrantPolicies?.Count ?? 0))
{
throw new InvalidOperationException("Could not find one or more policies");
}
if (String.IsNullOrEmpty(parms.Secret))
{
parms.Secret = BitConverter.ToString(Guid.NewGuid().ToByteArray()).Replace("-", "");
Console.WriteLine("Device secret: {0}", parms.Secret);
}
m_client.CreateDevice(new SecurityDeviceInfo()
{
Policies = policies,
Entity = new Core.Model.Security.SecurityDevice()
{
Name = parms.DeviceId.OfType <String>().First(),
DeviceSecret = parms.Secret,
}
});
Console.WriteLine("CREATE {0}", parms.DeviceId[0]);
}
public async Task <ActionResult> JoinRealmAsync(JoinRealmModel model)
{
HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
this.Response.Cookies.Remove("access_token");
if (ModelState.IsValid)
{
model.Address = model.Address.HasTrailingBackSlash() ? model.Address.RemoveTrailingBackSlash() : model.Address;
model.Address = model.Address.HasTrailingForwardSlash() ? model.Address.RemoveTrailingForwardSlash() : model.Address;
Realm realm = unitOfWork.RealmRepository.Get(r => r.Address == model.Address && r.ObsoletionTime != null).AsEnumerable().SingleOrDefault();
// remove any leading or trailing spaces
model.Address = model.Address.Trim();
// HACK: the UrlAttribute class thinks that http://localhost is not a valid url...
if (model.Address.StartsWith("http://localhost"))
{
model.Address = model.Address.Replace("http://localhost", "http://127.0.0.1");
}
else if (model.Address.StartsWith("https://localhost"))
{
model.Address = model.Address.Replace("https://localhost", "https://127.0.0.1");
}
// is the user attempting to join a realm which they have already left?
if (realm != null)
{
realm.Map(model);
realm.ObsoletionTime = null;
unitOfWork.RealmRepository.Update(realm);
unitOfWork.Save();
}
else
{
realm = unitOfWork.RealmRepository.Create();
realm.Map(model);
realm.DeviceId = Environment.MachineName + "-" + Guid.NewGuid().ToString().ToUpper();
realm.DeviceSecret = Guid.NewGuid().ToString().ToUpper();
var activeRealms = unitOfWork.RealmRepository.AsQueryable().Where(r => r.ObsoletionTime == null).AsEnumerable();
foreach (var activeRealm in activeRealms)
{
activeRealm.ObsoletionTime = DateTime.UtcNow;
unitOfWork.RealmRepository.Update(activeRealm);
}
unitOfWork.RealmRepository.Add(realm);
unitOfWork.Save();
}
try
{
var result = await this.SignInManager.PasswordSignInAsync(model.Username, model.Password, false, false);
switch (result)
{
case SignInStatus.Success:
using (var amiServiceClient = new AmiServiceClient(new RestClientService(Constants.Ami, this.HttpContext, this.SignInManager.AccessToken)))
{
var synchronizers = amiServiceClient.GetRoles(r => r.Name == "SYNCHRONIZERS").CollectionItem.FirstOrDefault();
var device = amiServiceClient.GetRoles(r => r.Name == "DEVICE").CollectionItem.FirstOrDefault();
var securityUserInfo = new SecurityUserInfo
{
Password = realm.DeviceSecret,
Roles = new List <SecurityRoleInfo>
{
device,
synchronizers
},
UserName = realm.DeviceId,
User = new SecurityUser
{
Key = Guid.NewGuid(),
UserClass = UserClassKeys.ApplicationUser,
UserName = realm.DeviceId,
SecurityHash = Guid.NewGuid().ToString()
},
};
amiServiceClient.CreateUser(securityUserInfo);
var securityDeviceInfo = new SecurityDeviceInfo
{
Device = new SecurityDevice
{
DeviceSecret = realm.DeviceSecret,
Name = realm.DeviceId
}
};
amiServiceClient.CreateDevice(securityDeviceInfo);
}
MvcApplication.MemoryCache.Set(RealmConfig.RealmCacheKey, true, ObjectCache.InfiniteAbsoluteExpiration);
break;
default:
// always sign out the user when joining the realm
SignInManager.AuthenticationManager.SignOut();
var addedRealm = unitOfWork.RealmRepository.Get(r => r.Address == model.Address).FirstOrDefault();
if (addedRealm != null)
{
unitOfWork.RealmRepository.Delete(addedRealm.Id);
unitOfWork.Save();
}
ModelState.AddModelError("", Locale.IncorrectUsernameOrPassword);
return(View(model));
}
this.TempData["success"] = Locale.RealmJoinedSuccessfully;
return(RedirectToAction("Login", "Account"));
}
catch (Exception e)
{
Trace.TraceError($"Unable to join realm: {e}");
var addedRealm = unitOfWork.RealmRepository.Get(r => r.Address == model.Address).Single();
unitOfWork.RealmRepository.Delete(addedRealm.Id);
unitOfWork.Save();
}
finally
{
// always sign out the user when joining the realm
HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
}
}
TempData["error"] = Locale.UnableToJoinRealm;
return(View(model));
}