コード例 #1
0
        /// <summary>
        /// Logins the specified user.
        /// </summary>
        /// <param name="user">The user.</param>
        public void Login(IPrincipal user)
        {
            var identity = user.Identity;

#if DEBUG
            WriteClaimsInfo(user.Identity as ClaimsIdentity);
#endif
            if (!identity.IsAuthenticated)
            {
                return;
            }
            var userName = string.Format("{0}\\{1}", Context.Domain.Name, identity.Name);
            try
            {
                var virtualUser = AuthenticationManager.BuildVirtualUser(userName, true);
                var roles       = Context.Domain.GetRoles();
                if (roles != null)
                {
                    var groups = GetGroups(user.Identity as ClaimsIdentity);
                    foreach (var role in from role in roles
                             let roleName = GetRoleName(role.Name)
                                            where groups.Contains(roleName.ToLower()) && !virtualUser.Roles.Contains(role)
                                            select role)
                    {
                        virtualUser.Roles.Add(role);
                    }
                    foreach (
                        var role2 in
                        virtualUser.Roles.SelectMany(
                            role1 =>
                            RolesInRolesManager.GetRolesForRole(role1, true)
                            .Where(role2 => !virtualUser.Roles.Contains(role2))))
                    {
                        virtualUser.Roles.Add(role2);
                    }

                    // Setting the user to be an admin.
                    virtualUser.RuntimeSettings.IsAdministrator =
                        groups.Contains(Settings.GetSetting("ADFS.Authenticator.AdminUserRole", "Admins"));
                }

                AuthenticationManager.Login(virtualUser);
            }
            catch (ArgumentException ex)
            {
                Log.Error("ADFS::Login Failed!", ex, this);
            }
        }
コード例 #2
0
ファイル: RemoveRoleCommand.cs プロジェクト: vsegrad/Console
        protected override void ProcessRecord()
        {
            if (!this.CanFindAccount(Identity, AccountType.Role))
            {
                return;
            }

            var name = ParameterSetName == "Id" ? Identity.Name : Instance.Name;

            if (!ShouldProcess(name, "Remove role"))
            {
                return;
            }

            var role = Role.FromName(name);

            if (!role.IsEveryone)
            {
                var usersInRoles = Roles.GetUsersInRole(name);
                if (usersInRoles.Any())
                {
                    Roles.RemoveUsersFromRole(usersInRoles, name);
                }

                if (RolesInRolesManager.RolesInRolesSupported)
                {
                    var rolesInRole = RolesInRolesManager.GetRolesForRole(role, false);
                    if (rolesInRole.Any())
                    {
                        RolesInRolesManager.RemoveRolesFromRole(rolesInRole, role);
                    }
                }

                Roles.DeleteRole(name, true);
            }
            else
            {
                WriteError(typeof(SecurityException), $"Cannot remove role '{name}'.",
                           ErrorIds.InsufficientSecurityRights, ErrorCategory.PermissionDenied, name);
            }
        }
コード例 #3
0
        /// <summary>
        /// Logins the specified user.
        /// </summary>
        /// <param name="user">The user.</param>
        public void Login(IPrincipal principal)
        {
            var identity          = principal.Identity;
            var allowLoginToShell = false;

#if DEBUG
            WriteClaimsInfo(principal.Identity as ClaimsIdentity);
#endif
            if (!identity.IsAuthenticated)
            {
                return;
            }
            var userName = string.Format("{0}\\{1}", Context.Domain.Name, identity.Name);
            try
            {
                var virtualUser = AuthenticationManager.BuildVirtualUser(userName, true);

                var roles = Context.Domain.GetRoles();
                if (roles != null)
                {
                    var groups = GetGroups(principal.Identity as ClaimsIdentity);
                    foreach (var role in from role in roles
                             let roleName = GetRoleName(role.Name)
                                            where groups.Contains(roleName.ToLower()) && !virtualUser.Roles.Contains(role)
                                            select role)
                    {
                        virtualUser.Roles.Add(role);
                    }
                    foreach (
                        var role2 in
                        virtualUser.Roles.SelectMany(
                            role1 =>
                            RolesInRolesManager.GetRolesForRole(role1, true)
                            .Where(role2 => !virtualUser.Roles.Contains(role2))))
                    {
                        virtualUser.Roles.Add(role2);
                    }

                    // Setting the user to be an admin.
                    //TODO = case sensitive
                    virtualUser.RuntimeSettings.IsAdministrator =
                        groups.Contains(Settings.GetSetting("ADFS.Authenticator.AdminUserRole", "Sitecore Local Administrators"), StringComparer.OrdinalIgnoreCase);

                    if (virtualUser.RuntimeSettings.IsAdministrator)
                    {
                        allowLoginToShell = true;
                    }
                }
                virtualUser.Profile.Email = "*****@*****.**";
                AuthenticationManager.Login(virtualUser);
                var tracker = Tracker.Current;
                if (tracker != null)
                {
                    tracker.Session.Identify(virtualUser.Identity.Name);
                }
            }
            catch (ArgumentException ex)
            {
                Log.Error("ADFS::Login Failed!", ex, this);
            }
        }