private bool ValidateACLPrincipal(string principalName, string userName) { if (_allowedSecurityTypes.Contains(AllowedSecurityTypes.Users) && principalName.Equals(userName, StringComparison.OrdinalIgnoreCase)) { return(true); } if (_allowedSecurityTypes.Contains(AllowedSecurityTypes.Roles)) { string[] userSecurityRoles; if (Convert.ToBoolean(ConfigurationManager.AppSettings["NeverInteractiveAuth"]) == true) { userSecurityRoles = TokenUtilities.GetRolesForUserFromGraph(userName); } else { userSecurityRoles = TokenUtilities.GetAllClaimsFromToken(userName, "roles"); } if (userSecurityRoles.Contains(principalName, StringComparer.OrdinalIgnoreCase)) { return(true); } } return(false); }
protected void Page_Load(object sender, EventArgs e) { // On initial load, redirects to AAD for an auth token. // On second load (redirect from AAD), redeems the auth token for an access token. string error = null; string errorDesc = null; if (Request.Params.AllKeys.Contains("error")) { error = Request.Params.GetValues("error")[0]; errorDesc = Request.Params.GetValues("error_description")[0]; } else if (Request.Params.AllKeys.Contains("code")) { string code = Request.Params.GetValues("code")[0]; authResult = TokenUtilities.GetAuthenticationResultFromAuthCode(code); } if (authResult == null) { RedirectToAuthority(); } else { HttpCookie cookie = new HttpCookie("RSTypeAuthCookie"); cookie.Values.Add("IsInteractiveAuth", "true"); HttpContext.Current.Response.Cookies.Set(cookie); FormsAuthentication.SetAuthCookie(authResult.UserInfo.DisplayableId, true); Response.Redirect("/Reports"); } }
private bool IsSecurityOverride(string userName) { if (_securityOverrides[AllowedSecurityTypes.Users].Contains(userName, StringComparer.OrdinalIgnoreCase)) { return(true); } if (_securityOverrides[AllowedSecurityTypes.Roles].Count > 0) { string[] userSecurityRoles; if (Convert.ToBoolean(ConfigurationManager.AppSettings["NeverInteractiveAuth"]) == true) { userSecurityRoles = TokenUtilities.GetRolesForUserFromGraph(userName); } else { userSecurityRoles = TokenUtilities.GetAllClaimsFromToken(userName, "roles"); } if (userSecurityRoles.Intersect(_securityOverrides[AllowedSecurityTypes.Roles], StringComparer.OrdinalIgnoreCase).Count() >= 1) { return(true); } } return(false); }
/// <summary> /// Called when authenticating to the API (non-interactive redirect). Uses the resource owner grant flow to obtain a token. /// </summary> public bool LogonUser(string userName, string password, string authority) { AuthenticationResult authResult = null; if (!string.IsNullOrEmpty(userName) && !string.IsNullOrEmpty(password)) { authResult = TokenUtilities.GetAuthenticationResultFromUserCredentials(userName, password, ConfigurationManager.AppSettings["ClientId"]); } if (authResult == null) { return(false); } else { HttpCookie cookie = new HttpCookie("RSTypeAuthCookie"); cookie.Values.Add("IsInteractiveAuth", "false"); HttpContext.Current.Response.Cookies.Set(cookie); return(true); } }