public bool QuotaCheckAndUpdate(UserContext userContext, UserQuota quota) { bool flag; lock (this.syncObject) { if (this.CheckConcurrentRequestQuota(quota.MaxConcurrentRequests)) { if (this.CheckRequestPerTimeSlotQuota(quota.MaxRequestsPerTimeSlot, quota.TimeSlotSize)) { Usage usage = this; usage.concurrentRequests = usage.concurrentRequests + 1; this.requests.Increment(quota.TimeSlotSize); TraceHelper.Current.UserQuotaSucceeded(userContext.Name); TraceHelper.Current.DebugMessage(string.Concat("Usage.QuotaCheckAndUpdate called. Concurrent requests = ", this.concurrentRequests)); flag = true; } else { DataServiceController.Current.QuotaSystem.UserQuotaViolation.Increment(); TraceHelper.Current.UserQuotaViolation(userContext.Name, "MaxRequestPerTimeSlot quota violation"); DataServiceController.Current.PerfCounters.UserQuotaViolationsPerSec.Increment(); flag = false; } } else { DataServiceController.Current.QuotaSystem.UserQuotaViolation.Increment(); TraceHelper.Current.UserQuotaViolation(userContext.Name, "MaxConcurrentRequest quota violation"); DataServiceController.Current.PerfCounters.UserQuotaViolationsPerSec.Increment(); flag = false; } } return(flag); }
public bool IsAuthorized(UserContext userContext, Uri resourceUri) { SenderInfo senderInfo = new SenderInfo(userContext.GetIdentity(), userContext.ClientCertificate, resourceUri); CustomAuthorizationHandler.CustomContext customContext = null; TraceHelper.Current.MethodCall0("CustomAuthorizationHandler", "IsAuthorized"); try { using (OperationTracerWithTimeout operationTracerWithTimeout = new OperationTracerWithTimeout(new Action <string>(TraceHelper.Current.CustomAuthzCallStart), new Action <string>(TraceHelper.Current.CustomAuthzCallEnd), "AuthorizeUser", new Action <string>(TraceHelper.Current.CustomAuthzExceedTimeLimit), 30)) { UserQuota userQuotum = null; WindowsIdentity windowsIdentity = this.customAuthorization.AuthorizeUser(senderInfo, out userQuotum); if (windowsIdentity != null) { if (userQuotum != null) { TraceHelper.Current.UserQuotaInformation(userContext.Name, userQuotum.MaxConcurrentRequests, userQuotum.MaxRequestsPerTimeSlot, userQuotum.TimeSlotSize); customContext = new CustomAuthorizationHandler.CustomContext(windowsIdentity, userQuotum); } else { object[] nullQuota = new object[2]; nullQuota[0] = "CustomAuthorization.AuthorizeUser"; nullQuota[1] = Resources.NullQuota; throw new InvalidOperationException(ExceptionHelpers.GetExceptionMessage(Resources.MethodReturnedInvalidOutput, nullQuota)); } } else { object[] nullWindowsIdentity = new object[2]; nullWindowsIdentity[0] = "CustomAuthorization.AuthorizeUser"; nullWindowsIdentity[1] = Resources.NullWindowsIdentity; throw new InvalidOperationException(ExceptionHelpers.GetExceptionMessage(Resources.MethodReturnedInvalidOutput, nullWindowsIdentity)); } } } catch (Exception exception1) { Exception exception = exception1; if (!exception.IsSevereException()) { exception.Trace(null); } else { throw; } } this.customContextStore.StoreContext(customContext); if (customContext == null || customContext.Identity == null) { TraceHelper.Current.AuthorizeUserRequestFailed(userContext.Name, userContext.AuthenticationType); return(false); } else { TraceHelper.Current.AuthorizeUserRequestSucceeded(userContext.Name); return(true); } }
/// <summary> /// Authorize a user. /// </summary> /// <param name="senderInfo">Sender information</param> /// <param name="userQuota">User quota value</param> /// <returns>User context in which to execute PowerShell cmdlet</returns> public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota) { var maxConcurrentRequests = ConfigurationManager.AppSettings["MaxConcurrentRequests"]; var maxRequestsPerTimeslot = ConfigurationManager.AppSettings["MaxRequestsPerTimeslot"]; var timeslotSize = ConfigurationManager.AppSettings["TimeslotSize"]; userQuota = new UserQuota( maxConcurrentRequests != null ? int.Parse(maxConcurrentRequests, CultureInfo.CurrentUICulture) : DefaultMaxConcurrentRequests, maxRequestsPerTimeslot != null ? int.Parse(maxRequestsPerTimeslot, CultureInfo.CurrentUICulture) : DefaultMaxRequestsPerTimeslot, timeslotSize != null ? int.Parse(timeslotSize, CultureInfo.CurrentUICulture) : DefaultTimeslotSize); return(WindowsIdentity.GetCurrent()); }
public static Account ToAccount(this User info, UserQuota quota) { return(new Account { Storage = new Storage { Total = quota.Quota, Remaining = quota.Available, Used = quota.Quota - quota.Available }, Email = info.Emails != null ? info.Emails.Preferred : String.Empty, Name = info.Name }); }
public static void ProcessingRequestHandler(object source, DataServiceProcessingPipelineEventArgs args) { UserData userDatum = null; TraceHelper.Current.DebugMessage("QuotaSystem.ProcessingRequestHandler entered"); if (args != null && args.OperationContext != null) { TraceHelper.CorrelateWithClientRequestId(args.OperationContext); } UserContext userContext = new UserContext(CurrentRequestHelper.Identity, CurrentRequestHelper.Certificate); if (!DataServiceController.Current.IsRequestProcessingStarted(userContext)) { UserDataCache.UserDataEnvelope userDataEnvelope = DataServiceController.Current.UserDataCache.Get(userContext); using (userDataEnvelope) { UserQuota userQuota = DataServiceController.Current.GetUserQuota(userContext); if (args != null) { Guid activityId = EtwActivity.GetActivityId(); args.OperationContext.ResponseHeaders.Add("request-id", activityId.ToString()); } if (userDataEnvelope.Data.Usage.QuotaCheckAndUpdate(userContext, userQuota)) { DataServiceController.Current.UserDataCache.TryLockKey(userContext, out userDatum); } else { throw new DataServiceException(0x193, ExceptionHelpers.GetDataServiceExceptionMessage(HttpStatusCode.Forbidden, Resources.UserQuotaExceeded, new object[0])); } } DataServiceController.Current.SetRequestProcessingState(userContext, true); TraceHelper.Current.RequestProcessingStart(); DataServiceController.Current.UserDataCache.Trace(); TraceHelper.Current.DebugMessage("QuotaSystem.ProcessingRequestHandler exited"); return; } else { TraceHelper.Current.DebugMessage("QuotaSystem.ProcessingRequestHandler IsRequestProcessingStarted returned true"); return; } }
/// <summary> /// Authorizes a user /// </summary> /// <param name="senderInfo">User information</param> /// <param name="quota">Returns user quota</param> /// <returns>WindowsIdentity, if the user is authorized else throws an exception</returns> public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota quota) { if ((senderInfo == null) || (senderInfo.Principal == null) || (senderInfo.Principal.Identity == null)) { throw new ArgumentNullException("senderInfo"); } if (senderInfo.Principal.Identity.IsAuthenticated == false) { throw new ArgumentException("User is not authenticated"); } RbacUser.RbacUserInfo userInfo = null; if (senderInfo.Principal.WindowsIdentity != null) { userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.WindowsIdentity); } else { userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.Identity); } return(RbacSystem.Current.AuthorizeUser(userInfo, out quota)); }
public string GetProperty(string propertyName, string format, CultureInfo formatProvider, UserInfo accessingUser, Scope accessLevel, ref bool propertyNotFound) { var outputFormat = string.Empty; if (format == string.Empty) { outputFormat = "g"; } var lowerPropertyName = propertyName.ToLowerInvariant(); if (accessLevel == Scope.NoSettings) { propertyNotFound = true; return(PropertyAccess.ContentLocked); } propertyNotFound = true; var result = string.Empty; var isPublic = true; switch (lowerPropertyName) { case "url": propertyNotFound = false; result = PropertyAccess.FormatString(PortalAlias.HTTPAlias, format); break; case "fullurl": //return portal alias with protocol propertyNotFound = false; result = PropertyAccess.FormatString(Globals.AddHTTP(PortalAlias.HTTPAlias), format); break; case "passwordreminderurl": //if regsiter page defined in portal settings, then get that page url, otherwise return home page. propertyNotFound = false; var reminderUrl = Globals.AddHTTP(PortalAlias.HTTPAlias); if (RegisterTabId > Null.NullInteger) { reminderUrl = Globals.RegisterURL(string.Empty, string.Empty); } result = PropertyAccess.FormatString(reminderUrl, format); break; case "portalid": propertyNotFound = false; result = (PortalId.ToString(outputFormat, formatProvider)); break; case "portalname": propertyNotFound = false; result = PropertyAccess.FormatString(PortalName, format); break; case "homedirectory": propertyNotFound = false; result = PropertyAccess.FormatString(HomeDirectory, format); break; case "homedirectorymappath": isPublic = false; propertyNotFound = false; result = PropertyAccess.FormatString(HomeDirectoryMapPath, format); break; case "logofile": propertyNotFound = false; result = PropertyAccess.FormatString(LogoFile, format); break; case "footertext": propertyNotFound = false; var footerText = FooterText.Replace("[year]", DateTime.Now.Year.ToString()); result = PropertyAccess.FormatString(footerText, format); break; case "expirydate": isPublic = false; propertyNotFound = false; result = (ExpiryDate.ToString(outputFormat, formatProvider)); break; case "userregistration": isPublic = false; propertyNotFound = false; result = (UserRegistration.ToString(outputFormat, formatProvider)); break; case "banneradvertising": isPublic = false; propertyNotFound = false; result = (BannerAdvertising.ToString(outputFormat, formatProvider)); break; case "currency": propertyNotFound = false; result = PropertyAccess.FormatString(Currency, format); break; case "administratorid": isPublic = false; propertyNotFound = false; result = (AdministratorId.ToString(outputFormat, formatProvider)); break; case "email": propertyNotFound = false; result = PropertyAccess.FormatString(Email, format); break; case "hostfee": isPublic = false; propertyNotFound = false; result = (HostFee.ToString(outputFormat, formatProvider)); break; case "hostspace": isPublic = false; propertyNotFound = false; result = (HostSpace.ToString(outputFormat, formatProvider)); break; case "pagequota": isPublic = false; propertyNotFound = false; result = (PageQuota.ToString(outputFormat, formatProvider)); break; case "userquota": isPublic = false; propertyNotFound = false; result = (UserQuota.ToString(outputFormat, formatProvider)); break; case "administratorroleid": isPublic = false; propertyNotFound = false; result = (AdministratorRoleId.ToString(outputFormat, formatProvider)); break; case "administratorrolename": isPublic = false; propertyNotFound = false; result = PropertyAccess.FormatString(AdministratorRoleName, format); break; case "registeredroleid": isPublic = false; propertyNotFound = false; result = (RegisteredRoleId.ToString(outputFormat, formatProvider)); break; case "registeredrolename": isPublic = false; propertyNotFound = false; result = PropertyAccess.FormatString(RegisteredRoleName, format); break; case "description": propertyNotFound = false; result = PropertyAccess.FormatString(Description, format); break; case "keywords": propertyNotFound = false; result = PropertyAccess.FormatString(KeyWords, format); break; case "backgroundfile": propertyNotFound = false; result = PropertyAccess.FormatString(BackgroundFile, format); break; case "admintabid": isPublic = false; propertyNotFound = false; result = AdminTabId.ToString(outputFormat, formatProvider); break; case "supertabid": isPublic = false; propertyNotFound = false; result = SuperTabId.ToString(outputFormat, formatProvider); break; case "splashtabid": isPublic = false; propertyNotFound = false; result = SplashTabId.ToString(outputFormat, formatProvider); break; case "hometabid": isPublic = false; propertyNotFound = false; result = HomeTabId.ToString(outputFormat, formatProvider); break; case "logintabid": isPublic = false; propertyNotFound = false; result = LoginTabId.ToString(outputFormat, formatProvider); break; case "registertabid": isPublic = false; propertyNotFound = false; result = RegisterTabId.ToString(outputFormat, formatProvider); break; case "usertabid": isPublic = false; propertyNotFound = false; result = UserTabId.ToString(outputFormat, formatProvider); break; case "defaultlanguage": propertyNotFound = false; result = PropertyAccess.FormatString(DefaultLanguage, format); break; case "users": isPublic = false; propertyNotFound = false; result = Users.ToString(outputFormat, formatProvider); break; case "pages": isPublic = false; propertyNotFound = false; result = Pages.ToString(outputFormat, formatProvider); break; case "contentvisible": isPublic = false; break; case "controlpanelvisible": isPublic = false; propertyNotFound = false; result = PropertyAccess.Boolean2LocalizedYesNo(ControlPanelVisible, formatProvider); break; } if (!isPublic && accessLevel != Scope.Debug) { propertyNotFound = true; result = PropertyAccess.ContentLocked; } return(result); }
// Token: 0x06001244 RID: 4676 RVA: 0x00039740 File Offset: 0x00037940 public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota userQuota) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Enter."); WindowsIdentity current; try { if (this.IsBlockedPswsDirectInvocation()) { AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", "UnAuthorized. Blocked Psws direct invocation", false); throw new InvalidOperationException(Strings.InvalidPswsDirectInvocationBlocked); } CultureInfo cultureInfo = null; if (PswsAuthZHelper.TryParseCultureInfo(HttpContext.Current.Request.Headers, out cultureInfo)) { ExTraceGlobals.PublicPluginAPITracer.TraceDebug <string>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Set thread culture to be {0}", cultureInfo.Name); Thread.CurrentThread.CurrentCulture = cultureInfo; Thread.CurrentThread.CurrentUICulture = cultureInfo; } IThrottlingPolicy throttlingPolicy = null; PswsAuthZUserToken authZUserToken = null; AuthZLogHelper.ExecuteWSManPluginAPI("PswsAuthorization.AuthorizeUser", false, true, delegate() { UserToken userToken = HttpContext.Current.CurrentUserToken(); authZUserToken = PswsAuthZHelper.GetAuthZPluginUserToken(userToken); if (authZUserToken != null) { throttlingPolicy = authZUserToken.GetThrottlingPolicy(); } }); ExAssert.RetailAssert(authZUserToken != null, "UnAuthorized. The user token is invalid (null)."); ExAssert.RetailAssert(throttlingPolicy != null, "UnAuthorized. Unable to get the user quota."); PswsBudgetManager.Instance.HeartBeat(authZUserToken); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveRunspaces, PswsBudgetManager.Instance.TotalActiveRunspaces); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.ServerActiveUsers, PswsBudgetManager.Instance.TotalActiveUsers); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.UserBudgetOnStart, PswsBudgetManager.Instance.GetWSManBudgetUsage(authZUserToken)); userQuota = new UserQuota((int)(throttlingPolicy.PswsMaxConcurrency.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxConcurrency.Value), (int)(throttlingPolicy.PswsMaxRequest.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequest.Value), (int)(throttlingPolicy.PswsMaxRequestTimePeriod.IsUnlimited ? 2147483647U : throttlingPolicy.PswsMaxRequestTimePeriod.Value)); ExTraceGlobals.PublicPluginAPITracer.TraceDebug <Unlimited <uint>, Unlimited <uint>, Unlimited <uint> >((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] User quota: PswsMaxConcurrenty={0}, PswsMaxRequest={1}, PswsMaxRequestTimePeriod={2}.", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, true); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.AuthorizeUser, authZUserToken.UserNameForLogging); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.GetQuota, string.Format("PswsMaxConcurrenty={0};PswsMaxRequest={1};PswsMaxRequestTimePeriod={2}", throttlingPolicy.PswsMaxConcurrency, throttlingPolicy.PswsMaxRequest, throttlingPolicy.PswsMaxRequestTimePeriod)); string ruleName = null; if (this.ConnectionBlockedByClientAccessRules(authZUserToken, out ruleName)) { throw new ClientAccessRulesBlockedConnectionException(ruleName); } current = WindowsIdentity.GetCurrent(); } catch (Exception ex) { ExTraceGlobals.PublicPluginAPITracer.TraceError <Exception>((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exception: {0}", ex); AuthZLogger.SafeAppendGenericError("PswsAuthorization.AuthorizeUser", ex, new Func <Exception, bool>(KnownException.IsUnhandledException)); TaskLogger.LogRbacEvent(TaskEventLogConstants.Tuple_PswsPublicAPIFailed, null, new object[] { "PswsAuthorization.AuthorizeUser", ex.ToString() }); AuthZLogger.SafeSetLogger(RpsAuthZMetadata.IsAuthorized, false); PswsErrorHandling.SendErrorToClient((ex is ClientAccessRulesBlockedConnectionException) ? PswsErrorCode.ClientAccessRuleBlock : PswsErrorCode.AuthZUserError, ex, null); throw; } finally { ExTraceGlobals.PublicPluginAPITracer.TraceDebug((long)this.GetHashCode(), "[PswsAuthorization.AuthorizeUser] Exit."); } return(current); }
public CustomContext(WindowsIdentity identity, UserQuota quota) { this.Identity = new SafeRefCountedContainer <WindowsIdentity>(identity); this.UserQuota = quota; this.CmdletsExecuted = 0; }