public async Task UpsertAsync(SecuritySetting updatedSettings)
{
var filter = Builders <SecuritySettingsEntity> .Filter.Eq(x => x.UserId, updatedSettings.UserId);
var update = Builders <SecuritySettingsEntity> .Update
.Set(s => s.Posts, (SecuritySettingsSectionEntity)updatedSettings.Posts)
.Set(s => s.Friends, (SecuritySettingsSectionEntity)updatedSettings.Friends);
await context.SecuritySettings
.UpdateOneAsync(filter, update, new UpdateOptions { IsUpsert = true });
}
public Task <string> OpenAsync(CancellationToken cancellationToken)
{
var endpoint = this.serviceContext.CodePackageActivationContext.GetEndpoint("RestEndpoint");
var fabricBrsSecuritySetting = SecuritySetting.GetClusterSecurityDetails();
var listeningAddress = String.Format(CultureInfo.InvariantCulture, "{0}://+:{1}/", fabricBrsSecuritySetting.EndpointProtocol, endpoint.Port);
var publishUri = listeningAddress.Replace("+", FabricRuntime.GetNodeContext().IPAddressOrFQDN);
this.owinHttpServer = new OwinHttpServer(this.statefulService, fabricBrsSecuritySetting, cancellationToken);
this.owinHttpServer.StartOwinHttpServer(listeningAddress);
return(Task.FromResult(publishUri));
}
public UserRepository(IOptions <SecuritySetting> setting, HotelDbContext context) : base(context)
{
_securitySetting = setting.Value;
_context = context;
}
internal ClientCertAuthorizationHandler(SecuritySetting fabricBrSecuritySetting)
{
this.fabricBrSecuritySetting = fabricBrSecuritySetting;
}
public static int Main(string[] args)
{
FabricEvents.ExtensionsEvents traceSource = new FabricEvents.ExtensionsEvents(FabricEvents.Tasks.BackupRestoreService);
int status = 0;
var codePackageActivationContext = FabricRuntime.GetActivationContext();
var configStore = NativeConfigStore.FabricGetConfigStore();
var serverAuthCredentialTypeName = configStore.ReadUnencryptedString(BackupRestoreContants.SecurityConfigSectionName, BackupRestoreContants.ServerAuthCredentialTypeName);
var serverAuthCredentialType = CredentialType.None;
EndpointResourceDescription endpoint = null;
try
{
endpoint = codePackageActivationContext.GetEndpoint(BackupRestoreContants.RestEndPointName);
}
catch (FabricElementNotFoundException)
{
traceSource.WriteWarning(TraceType, "Endpoint not found for EndpointName{0}", BackupRestoreContants.RestEndPointName);
throw;
}
if (!string.IsNullOrEmpty(serverAuthCredentialTypeName) && !Enum.TryParse(serverAuthCredentialTypeName, out serverAuthCredentialType))
{
traceSource.WriteWarning(TraceType, "Unable to convert configuration value serverAuthCredentialTypeName {0} for {1} type.", serverAuthCredentialTypeName, serverAuthCredentialType);
}
if (serverAuthCredentialType == CredentialType.X509 || serverAuthCredentialType == CredentialType.Claims)
{
// Get server auth details
var aclServerAuthX509StoreName = configStore.ReadUnencryptedString(BackupRestoreContants.FabricNodeConfigSectionName, BackupRestoreContants.ServerAuthX509StoreName);
var aclCertValueFindTypeName = configStore.ReadUnencryptedString(BackupRestoreContants.FabricNodeConfigSectionName, BackupRestoreContants.ServerAuthX509FindType);
var aclCertValue = configStore.ReadUnencryptedString(BackupRestoreContants.FabricNodeConfigSectionName, BackupRestoreContants.ServerAuthX509FindValue);
var aclCertValueSecondary = configStore.ReadUnencryptedString(BackupRestoreContants.FabricNodeConfigSectionName, BackupRestoreContants.ServerAuthX509FindValueSecondary);
var storeName = StoreName.My;
var x509FindType = X509FindType.FindByThumbprint;
X509Certificate2 certificate = null;
if (!string.IsNullOrEmpty(aclServerAuthX509StoreName) && !Enum.TryParse(aclServerAuthX509StoreName, out storeName))
{
traceSource.WriteWarning(TraceType, "Unable to Convert configuration aclServerAuthX509StoreName value {0} for {1} type.", aclServerAuthX509StoreName, storeName.GetType().ToString());
throw new InvalidEnumArgumentException(string.Format("Unable to Convert configuration aclCertValueFindTypeName value {0} for {1} type.", aclServerAuthX509StoreName, x509FindType.GetType()));
}
if (!string.IsNullOrEmpty(aclCertValueFindTypeName) && !Enum.TryParse(aclCertValueFindTypeName, out x509FindType))
{
traceSource.WriteWarning(TraceType, "Unable to Convert configuration aclCertValueFindTypeName value {0} for {1} type.", aclServerAuthX509StoreName, x509FindType.GetType().ToString());
throw new InvalidEnumArgumentException(string.Format("Unable to Convert configuration aclCertValueFindTypeName value {0} for {1} type.", aclServerAuthX509StoreName, x509FindType.GetType()));
}
if (!string.IsNullOrWhiteSpace(aclCertValue))
{
// Get certificate.
var store = new X509Store(storeName, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
traceSource.WriteInfo(
TraceType,
"Finding applicable certificate for Acling. StoreName: {0}, StoreLocation: LocalMachine, X509FindType: {1}, X509FindValue: {2}.",
storeName,
x509FindType,
aclCertValue);
var certCollections = store.Certificates.Find(x509FindType, aclCertValue, false /*load self-signed cert*/);
if (certCollections.Count > 0)
{
certificate = certCollections[0];
}
else if (!string.IsNullOrWhiteSpace(aclCertValueSecondary))
{
traceSource.WriteInfo(
TraceType,
"Finding applicable certificate for Acling using Secondary cert config. StoreName: {0}, StoreLocation: LocalMachine, X509FindType: {1}, X509FindValue: {2}.",
storeName,
x509FindType,
aclCertValueSecondary);
var certCollectionsSecondary = store.Certificates.Find(x509FindType, aclCertValueSecondary, false /*load self-signed cert*/);
if (certCollectionsSecondary.Count > 0)
{
certificate = certCollectionsSecondary[0];
}
}
else
{
traceSource.WriteWarning(TraceType, "No matching certificate found. Thumbprint value: {0}, StoreName: {1}, StoreLocation: {2}", aclCertValue, aclServerAuthX509StoreName, StoreLocation.LocalMachine);
}
}
finally
{
store.Close();
}
}
else
{
traceSource.WriteWarning(TraceType, "Invalid configuration for certificate. Thumbprint value: {0}, StoreName: {1}, StoreLocation: {2}", aclCertValue, aclServerAuthX509StoreName, StoreLocation.LocalMachine);
}
if (certificate != null)
{
PortAclUtility.BindCertificate(endpoint.IpAddressOrFqdn, endpoint.Port, certificate.GetCertHash());
}
}
// Do URL ACLing
CodePackage codePackage = codePackageActivationContext.GetCodePackageObject("Code");
string daclString = "D:(A;;GX;;;NS)";
try
{
var runAsAccountName = configStore.ReadUnencryptedString(BackupRestoreContants.FabricNodeRunAsSectionName, BackupRestoreContants.RunAsAccountNameConfig);
if (!string.IsNullOrEmpty(runAsAccountName))
{
traceSource.WriteInfo(TraceType, "runAsAccountName for ACLing: {0} for CredentialType Windows", runAsAccountName);
daclString = GetAllowDaclFromUserName(runAsAccountName);
}
}
catch (IdentityNotMappedException ex)
{
traceSource.WriteWarning(TraceType, "Failed to resolve NTAccount: {0}, Exception: {1}", codePackage.EntryPointRunAsPolicy.UserName, ex);
throw;
}
catch (SystemException ex)
{
traceSource.WriteWarning(TraceType, "Failed to resolve NTAccount: {0}, Exception: {1}", codePackage.EntryPointRunAsPolicy.UserName, ex);
throw;
}
var fabricBrsSecuritySetting = SecuritySetting.GetClusterSecurityDetails();
var listeningAddress = String.Format(CultureInfo.InvariantCulture, "{0}://+:{1}/", fabricBrsSecuritySetting.EndpointProtocol, endpoint.Port);
traceSource.WriteInfo(TraceType, "ListeningAddress: {0} ,DaclString: {1} for ACLing", listeningAddress, daclString);
PortAclUtility.ReserveUrl(listeningAddress, daclString);
return(status);
}
public CryptProvider(SecuritySetting securitySetting)
{
_OriginalKey = securitySetting.Key;
_OriginalSalt = securitySetting.Salt;
}
public RegisterationUserController(UserManager <RegisterUser> userManager, SignInManager <RegisterUser> signInManager, IOptions <SecuritySetting> appSettings)
{
_userManager = userManager;
_singInManager = signInManager;
_appSettings = appSettings.Value;
}
