public override bool IsAuthorized(IAuthorizationRequest request) { VerifyArgument.IsNotNull("request", request); bool authorized; Tuple<bool, DateTime> authorizedRequest; if(_cachedRequests.TryGetValue(request.Key, out authorizedRequest) && DateTime.Now.Subtract(authorizedRequest.Item2) < _timeOutPeriod) { authorized = authorizedRequest.Item1; } else { authorized = IsAuthorizedImpl(request); } // Only in the case when permissions change and we need to still fetch results ;) if(!authorized && (request.RequestType == WebServerRequestType.HubConnect || request.RequestType == WebServerRequestType.EsbFetchExecutePayloadFragment)) { // TODO : Check that the ResultsCache contains data to fetch for the user ;) var identity = request.User.Identity; if(ResultsCache.Instance.ContainsPendingRequestForUser(identity.Name)) { authorized = true; } } else { // normal execution authorizedRequest = new Tuple<bool, DateTime>(authorized, DateTime.Now); _cachedRequests.AddOrUpdate(request.Key, authorizedRequest, (tuple, tuple1) => authorizedRequest); } return authorized; }
public IAuthorizationReply Authorize(IAuthorizationRequest authorizationRequest) { var authorizationReply = new AuthorizationReply(); ITgtToken tgtToken = this.DecryptTgt(authorizationRequest.TgtBytes); this._traceManager.Trace("TGS: TGT Decrypted", tgtToken); IEnumerable<User> users = this.UnitOfWork.Repository<User, int>() .Query() .Filter(p => p.Email.Equals(tgtToken.ClientId, StringComparison.OrdinalIgnoreCase)) .Get(); User user = users.FirstOrDefault(); if (user != null) { IAuthenticator authenticator = this.DecryptAuthenticator(user, authorizationRequest.AutheticatorBytes, tgtToken.SessionKey); this._traceManager.Trace("TGS: Authenticator decrypted", authenticator); var sessionKey = new byte[SessionKeyLength]; this.GetRandomBytes(sessionKey); IServiceTicket serviceTicket = this.CreateServiceTicket(tgtToken, sessionKey); IServiceToken serviceToken = this.CreateServiceToken(sessionKey); this._traceManager.Trace("TGS: Authorization reply created", serviceTicket, serviceToken); authorizationReply.ServiceTicket = this.EncryptServiceTicket(serviceTicket); authorizationReply.ServiceToken = this.EncryptServiceToken(serviceToken, tgtToken.SessionKey, user); this._traceManager.Trace("TGS: Authorization reply encrypted", Tuple.Create(authorizationReply.ServiceTicket, authorizationReply.ServiceToken)); } return authorizationReply; }
public override bool IsAuthorized(IAuthorizationRequest request) { VerifyArgument.IsNotNull("request", request); bool authorized; authorized = _cachedRequests.TryGetValue(request.Key, out Tuple <bool, DateTime> authorizedRequest) && DateTime.Now.Subtract(authorizedRequest.Item2) < _timeOutPeriod ? authorizedRequest.Item1 : IsAuthorizedImpl(request); if (!authorized && (request.RequestType == WebServerRequestType.HubConnect || request.RequestType == WebServerRequestType.EsbFetchExecutePayloadFragment)) { var identity = request.User.Identity; if (ResultsCache.Instance.ContainsPendingRequestForUser(identity.Name)) { authorized = true; } } else { authorizedRequest = new Tuple <bool, DateTime>(authorized, DateTime.Now); _cachedRequests.AddOrUpdate(request.Key, authorizedRequest, (tuple, tuple1) => authorizedRequest); } if (!authorized) { _perfCounter?.Increment(); } return(authorized); }
public static bool Matches(this WindowsGroupPermission permission, IAuthorizationRequest request) { if (permission.IsServer) { return(true); } var resourcePath = HttpUtility.UrlDecode(request?.ResourcePath?.Replace('/', '\\') ?? ""); if (string.IsNullOrEmpty(resourcePath)) { return(true); } var p1 = resourcePath; if (p1.StartsWith(EnvironmentVariables.ResourcePath)) { p1 = p1.Replace(EnvironmentVariables.ResourcePath, ""); } var permissionResourcePath = permission.ResourcePath; if (permissionResourcePath is null) { return(false); } var p2 = "\\" + permissionResourcePath; var pathMatches = p1.StartsWith(p2, StringComparison.InvariantCultureIgnoreCase); return(pathMatches); }
public override bool IsAuthorized(IAuthorizationRequest request) { VerifyArgument.IsNotNull("request", request); bool authorized; Tuple <bool, DateTime> authorizedRequest; if (_cachedRequests.TryGetValue(request.Key, out authorizedRequest) && DateTime.Now.Subtract(authorizedRequest.Item2) < _timeOutPeriod) { authorized = authorizedRequest.Item1; } else { authorized = IsAuthorizedImpl(request); } // Only in the case when permissions change and we need to still fetch results ;) if (!authorized && (request.RequestType == WebServerRequestType.HubConnect || request.RequestType == WebServerRequestType.EsbFetchExecutePayloadFragment)) { // TODO : Check that the ResultsCache contains data to fetch for the user ;) var identity = request.User.Identity; if (ResultsCache.Instance.ContainsPendingRequestForUser(identity.Name)) { authorized = true; } } else { // normal execution authorizedRequest = new Tuple <bool, DateTime>(authorized, DateTime.Now); _cachedRequests.AddOrUpdate(request.Key, authorizedRequest, (tuple, tuple1) => authorizedRequest); } return(authorized); }
//Note: uses authorize request public async Task <BaseResponse <Auth> > Authorize(IAuthorizationRequest request) { var serviceFeeId = Guid.NewGuid(); var baseRequest = _baseRequestFactory.CreateBaseRequest(Guid.NewGuid(), DateTime.Now, Utilities.Constants.RequestTypes.Authorization, new AuthorizationRequestMessage(request, serviceFeeId, _configuration.GetSection("Credentials"))); return(await _requestHandlerRepository.SendRequestAsync <BaseResponse <Auth> >(baseRequest._requestMessage.GetResponseRootName(), baseRequest)); }
public async Task <string> AuthorizeAsync(IAuthorizationRequest request) { await ValidateRequestAsync(request); await AuthenticateUserAsync(); VerifyScopesAreValid(); await GenerateAuthorizationCodeAsync(); return(GenerateAuthorizationUrl()); }
private async Task ValidateRequestAsync(IAuthorizationRequest request) { _request = request; if (_request.ResponseType != "code") { throw new UnsupportedResponseTypeException("The only supported response type is 'code'."); } var application = await _findApplicationService.FindByClientIdAsync(_request.ClientId); if (application == null) { throw new InvalidClientException("No application with that client ID could be found.", request.State); } // Make sure the provided scopes actually exists within this application. if (_request.Scope != null) { var scopes = _request.Scope.Split(" "); foreach (var scope in scopes) { var allScopes = InbuiltScopes.All.Concat(application.Scopes.Select(s => s.Name)); if (!allScopes.Contains(scope)) { throw new InvalidScopeException("The provided scope is invalid.", request.State); } } } // Make sure the provided redirect uri is identical to the registered redirect uri. var redirectUri = _request.RedirectUri ?? application.RedirectUri; if (redirectUri != application.RedirectUri) { throw new InvalidGrantException("The provided redirect URI does not match the one on record.", request.State); } }
static string GetResource(IAuthorizationRequest request) { var resource = request.QueryString["rid"]; if (string.IsNullOrEmpty(resource)) { switch (request.RequestType) { case WebServerRequestType.WebExecuteWorkflow: resource = GetWebExecuteName(request.Url.AbsolutePath); break; case WebServerRequestType.WebBookmarkWorkflow: resource = GetWebBookmarkName(request.Url.AbsolutePath); break; case WebServerRequestType.WebExecuteInternalService: resource = GetWebExecuteName(request.Url.AbsolutePath); break; } } return(string.IsNullOrEmpty(resource) ? null : resource); }
public AuthorizationRequestMessage(IAuthorizationRequest authorizationRequest, Guid serviceFeeId = default(Guid), IConfiguration configuration = null) { //Missing custom fields for now MerchantCode = authorizationRequest.MerchantCode; MerchantAccountCode = authorizationRequest.MerchantAccountCode; PaymentAccountNumber = authorizationRequest.PaymentAccountNumber; ExpirationDate = authorizationRequest.ExpirationDate; SecurityCode = authorizationRequest.SecurityCode; Amount = (uint)authorizationRequest.Amount; TransactionType = authorizationRequest.TransactionType; TransIndustryType = authorizationRequest.TransIndustryType; TransCatCode = authorizationRequest.TransCatCode; AcctType = authorizationRequest.AcctType; InvoiceNum = authorizationRequest.InvoiceNum; PONum = authorizationRequest.PONum; CustomerAccountCode = authorizationRequest.CustomerAccountCode; AccountHolderName = authorizationRequest.AccountHolderName; HolderType = authorizationRequest.HolderType; AccountStreet = authorizationRequest.AccountStreet; AccountZip = authorizationRequest.AccountZip; Token = authorizationRequest.Token; ContractId = authorizationRequest.ContractId; SettlementDelay = authorizationRequest.SettlementDelay; FeeAmount = authorizationRequest.FeeAmount; PartialAuthorization = authorizationRequest.PartialAuthorization; if (authorizationRequest.ServiceFeeAmount.HasValue) { ServiceFee = new ServiceFee() { Amount = authorizationRequest.ServiceFeeAmount.Value, ServiceUser = configuration["userName"], ServicePassword = configuration["password"], ServiceFeeID = serviceFeeId }; } }
static WebName GetResource(IAuthorizationRequest request) { WebName resource = new WebNameResourceId(request.QueryString["rid"]); if (resource.IsValid) { return(resource); } switch (request.RequestType) { case WebServerRequestType.WebExecuteService: return(GetWebExecuteName(request.Url.AbsolutePath)); case WebServerRequestType.WebBookmarkWorkflow: return(GetWebBookmarkName(request.Url.AbsolutePath)); case WebServerRequestType.WebExecuteInternalService: return(GetWebExecuteName(request.Url.AbsolutePath)); case WebServerRequestType.Unknown: return(null); case WebServerRequestType.WebGetDecisions: return(null); case WebServerRequestType.WebGetDialogs: return(null); case WebServerRequestType.WebGetServices: return(null); case WebServerRequestType.WebGetSources: return(null); case WebServerRequestType.WebGetSwitch: return(null); case WebServerRequestType.WebGet: return(null); case WebServerRequestType.WebGetContent: return(null); case WebServerRequestType.WebGetImage: return(null); case WebServerRequestType.WebGetScript: return(null); case WebServerRequestType.WebGetView: return(null); case WebServerRequestType.WebInvokeService: return(null); case WebServerRequestType.WebExecuteSecureWorkflow: return(null); case WebServerRequestType.WebExecutePublicWorkflow: return(null); case WebServerRequestType.WebExecuteGetLogFile: return(null); case WebServerRequestType.WebExecuteGetRootLevelApisJson: return(null); case WebServerRequestType.WebExecuteGetApisJsonForFolder: return(null); case WebServerRequestType.HubConnect: return(null); case WebServerRequestType.EsbOnConnected: return(null); case WebServerRequestType.EsbOnDisconnected: return(null); case WebServerRequestType.EsbOnReconnected: return(null); case WebServerRequestType.EsbAddDebugWriter: return(null); case WebServerRequestType.EsbFetchExecutePayloadFragment: return(null); case WebServerRequestType.EsbExecuteCommand: return(null); case WebServerRequestType.EsbAddItemMessage: return(null); case WebServerRequestType.EsbSendMemo: return(null); case WebServerRequestType.EsbFetchResourcesAffectedMemo: return(null); case WebServerRequestType.EsbSendDebugState: return(null); case WebServerRequestType.EsbWrite: return(null); case WebServerRequestType.ResourcesSendMemo: return(null); default: return(null); } }
public abstract bool IsAuthorized(IAuthorizationRequest request);
public override bool IsAuthorized(IAuthorizationRequest request) { return false; }
bool IsAuthorizedImpl(IAuthorizationRequest request) { var result = false; switch (request.RequestType) { case WebServerRequestType.WebGetDecisions: case WebServerRequestType.WebGetDialogs: case WebServerRequestType.WebGetServices: case WebServerRequestType.WebGetSources: case WebServerRequestType.WebGetSwitch: result = IsAuthorized(request.User, AuthorizationContext.View, GetResource(request)); break; case WebServerRequestType.WebGet: case WebServerRequestType.WebGetContent: case WebServerRequestType.WebGetImage: case WebServerRequestType.WebGetScript: case WebServerRequestType.WebGetView: result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request)); break; case WebServerRequestType.WebInvokeService: var authorizationContext = IsWebInvokeServiceSave(request.Url.AbsolutePath) ? AuthorizationContext.Contribute : AuthorizationContext.View; result = IsAuthorized(request.User, authorizationContext, GetResource(request)); break; case WebServerRequestType.WebExecuteService: case WebServerRequestType.WebExecuteSecureWorkflow: case WebServerRequestType.WebExecutePublicWorkflow: case WebServerRequestType.WebBookmarkWorkflow: result = IsAuthorized(request.User, AuthorizationContext.Execute, GetResource(request)); break; case WebServerRequestType.WebExecuteInternalService: result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request)); break; case WebServerRequestType.HubConnect: result = IsAuthorizedToConnect(request.User); break; case WebServerRequestType.WebExecuteGetLogFile: case WebServerRequestType.EsbSendMemo: case WebServerRequestType.EsbFetchResourcesAffectedMemo: case WebServerRequestType.EsbAddDebugWriter: case WebServerRequestType.EsbExecuteCommand: case WebServerRequestType.EsbSendDebugState: case WebServerRequestType.EsbWrite: case WebServerRequestType.EsbOnConnected: case WebServerRequestType.EsbFetchExecutePayloadFragment: case WebServerRequestType.ResourcesSendMemo: case WebServerRequestType.WebExecuteGetRootLevelApisJson: case WebServerRequestType.WebExecuteGetApisJsonForFolder: result = IsAuthorizedToConnect(request.User); break; case WebServerRequestType.Unknown: break; case WebServerRequestType.EsbOnDisconnected: break; case WebServerRequestType.EsbOnReconnected: break; case WebServerRequestType.EsbAddItemMessage: break; default: break; } if (!result) { var user = "******"; if (request.User.Identity != null) { user = request.User.Identity.Name; DumpPermissionsOnError(request.User); } Dev2Logger.Error("AUTH ERROR FOR USER : " + user, GlobalConstants.WarewolfError); } return(result); }
public override bool IsAuthorized(IAuthorizationRequest request) => false;
bool IsAuthorizedImpl(IAuthorizationRequest request) { var result = false; switch (request.RequestType) { case WebServerRequestType.WebGetDecisions: case WebServerRequestType.WebGetDialogs: case WebServerRequestType.WebGetServices: case WebServerRequestType.WebGetSources: case WebServerRequestType.WebGetSwitch: result = IsAuthorized(request.User, AuthorizationContext.View, GetResource(request)); break; case WebServerRequestType.WebGet: case WebServerRequestType.WebGetContent: case WebServerRequestType.WebGetImage: case WebServerRequestType.WebGetScript: case WebServerRequestType.WebGetView: result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request)); break; case WebServerRequestType.WebInvokeService: var authorizationContext = IsWebInvokeServiceSave(request.Url.AbsolutePath) ? AuthorizationContext.Contribute : AuthorizationContext.View; result = IsAuthorized(request.User, authorizationContext, GetResource(request)); break; case WebServerRequestType.WebExecuteWorkflow: case WebServerRequestType.WebExecuteSecureWorkflow: case WebServerRequestType.WebExecutePublicWorkflow: case WebServerRequestType.WebBookmarkWorkflow: result = IsAuthorized(request.User, AuthorizationContext.Execute, GetResource(request)); break; case WebServerRequestType.WebExecuteInternalService: result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request)); break; case WebServerRequestType.HubConnect: result = IsAuthorizedToConnect(request.User); break; case WebServerRequestType.WebExecuteGetLogFile: case WebServerRequestType.EsbSendMemo: case WebServerRequestType.EsbAddDebugWriter: case WebServerRequestType.EsbExecuteCommand: case WebServerRequestType.EsbSendDebugState: case WebServerRequestType.EsbWrite: case WebServerRequestType.EsbOnConnected: case WebServerRequestType.EsbFetchExecutePayloadFragment: case WebServerRequestType.ResourcesSendMemo: result = IsAuthorizedToConnect(request.User); break; } if (!result) { var user = "******"; // ReSharper disable ConditionIsAlwaysTrueOrFalse if (request.User.Identity != null) // ReSharper restore ConditionIsAlwaysTrueOrFalse { user = request.User.Identity.Name; DumpPermissionsOnError(request.User); } // ReSharper disable InvokeAsExtensionMethod Dev2Logger.Log.Error("AUTH ERROR FOR USER : " + user); // ReSharper restore InvokeAsExtensionMethod } return(result); }
public override bool IsAuthorized(IAuthorizationRequest request) { return(IsAuthorized(request.User, AuthorizationContext.Any, request.QueryString["rid"])); }
static string GetResource(IAuthorizationRequest request) { var resource = request.QueryString["rid"]; if(string.IsNullOrEmpty(resource)) { switch(request.RequestType) { case WebServerRequestType.WebExecuteService: resource = GetWebExecuteName(request.Url.AbsolutePath); break; case WebServerRequestType.WebBookmarkWorkflow: resource = GetWebBookmarkName(request.Url.AbsolutePath); break; case WebServerRequestType.WebExecuteInternalService: resource = GetWebExecuteName(request.Url.AbsolutePath); break; } } return string.IsNullOrEmpty(resource) ? null : resource; }
static string GetResource(IAuthorizationRequest request) { var resource = request.QueryString["rid"]; if (string.IsNullOrEmpty(resource)) { switch (request.RequestType) { case WebServerRequestType.WebExecuteService: resource = GetWebExecuteName(request.Url.AbsolutePath); break; case WebServerRequestType.WebBookmarkWorkflow: resource = GetWebBookmarkName(request.Url.AbsolutePath); break; case WebServerRequestType.WebExecuteInternalService: resource = GetWebExecuteName(request.Url.AbsolutePath); break; case WebServerRequestType.Unknown: break; case WebServerRequestType.WebGetDecisions: break; case WebServerRequestType.WebGetDialogs: break; case WebServerRequestType.WebGetServices: break; case WebServerRequestType.WebGetSources: break; case WebServerRequestType.WebGetSwitch: break; case WebServerRequestType.WebGet: break; case WebServerRequestType.WebGetContent: break; case WebServerRequestType.WebGetImage: break; case WebServerRequestType.WebGetScript: break; case WebServerRequestType.WebGetView: break; case WebServerRequestType.WebInvokeService: break; case WebServerRequestType.WebExecuteSecureWorkflow: break; case WebServerRequestType.WebExecutePublicWorkflow: break; case WebServerRequestType.WebExecuteGetLogFile: break; case WebServerRequestType.WebExecuteGetRootLevelApisJson: break; case WebServerRequestType.WebExecuteGetApisJsonForFolder: break; case WebServerRequestType.HubConnect: break; case WebServerRequestType.EsbOnConnected: break; case WebServerRequestType.EsbOnDisconnected: break; case WebServerRequestType.EsbOnReconnected: break; case WebServerRequestType.EsbAddDebugWriter: break; case WebServerRequestType.EsbFetchExecutePayloadFragment: break; case WebServerRequestType.EsbExecuteCommand: break; case WebServerRequestType.EsbAddItemMessage: break; case WebServerRequestType.EsbSendMemo: break; case WebServerRequestType.EsbFetchResourcesAffectedMemo: break; case WebServerRequestType.EsbSendDebugState: break; case WebServerRequestType.EsbWrite: break; case WebServerRequestType.ResourcesSendMemo: break; default: break; } } return(string.IsNullOrEmpty(resource) ? null : resource); }
bool IsAuthorizedImpl(IAuthorizationRequest request) { var result = false; switch(request.RequestType) { case WebServerRequestType.WebGetDecisions: case WebServerRequestType.WebGetDialogs: case WebServerRequestType.WebGetServices: case WebServerRequestType.WebGetSources: case WebServerRequestType.WebGetSwitch: result = IsAuthorized(request.User, AuthorizationContext.View, GetResource(request)); break; case WebServerRequestType.WebGet: case WebServerRequestType.WebGetContent: case WebServerRequestType.WebGetImage: case WebServerRequestType.WebGetScript: case WebServerRequestType.WebGetView: result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request)); break; case WebServerRequestType.WebInvokeService: var authorizationContext = IsWebInvokeServiceSave(request.Url.AbsolutePath) ? AuthorizationContext.Contribute : AuthorizationContext.View; result = IsAuthorized(request.User, authorizationContext, GetResource(request)); break; case WebServerRequestType.WebExecuteService: case WebServerRequestType.WebExecuteSecureWorkflow: case WebServerRequestType.WebExecutePublicWorkflow: case WebServerRequestType.WebBookmarkWorkflow: result = IsAuthorized(request.User, AuthorizationContext.Execute, GetResource(request)); break; case WebServerRequestType.WebExecuteInternalService: result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request)); break; case WebServerRequestType.HubConnect: result = IsAuthorizedToConnect(request.User); break; case WebServerRequestType.WebExecuteGetLogFile: case WebServerRequestType.EsbSendMemo: case WebServerRequestType.EsbAddDebugWriter: case WebServerRequestType.EsbExecuteCommand: case WebServerRequestType.EsbSendDebugState: case WebServerRequestType.EsbWrite: case WebServerRequestType.EsbOnConnected: case WebServerRequestType.EsbFetchExecutePayloadFragment: case WebServerRequestType.ResourcesSendMemo: case WebServerRequestType.WebExecuteGetRootLevelApisJson: case WebServerRequestType.WebExecuteGetApisJsonForFolder: result = IsAuthorizedToConnect(request.User); break; } if(!result) { var user = "******"; // ReSharper disable ConditionIsAlwaysTrueOrFalse if(request.User.Identity != null) // ReSharper restore ConditionIsAlwaysTrueOrFalse { user = request.User.Identity.Name; DumpPermissionsOnError(request.User); } // ReSharper disable InvokeAsExtensionMethod Dev2Logger.Log.Error( "AUTH ERROR FOR USER : " + user); // ReSharper restore InvokeAsExtensionMethod } return result; }
public override bool IsAuthorized(IAuthorizationRequest request) { return(false); }
public override bool IsAuthorized(IAuthorizationRequest request) { return IsAuthorized(request.User, AuthorizationContext.Any, request.QueryString["rid"]); }