public AuthorisationDC GetUserAuthorisationInfo(string token, string appID, string[] adGroups, string staffCode, string firstName, string lastName, IRepository <ADRoleLookup> adRoleLookupRepository, IRepository <StaffAttributes> staffAttributesRepository) { try { #region Parameter validation //Validate for parameters which cannot be null if (null == token) { throw new ArgumentNullException("token"); } if (null == adGroups) { throw new ArgumentNullException("adGroups"); } if (null == staffCode) { throw new ArgumentNullException("staffCode"); } if (null == adRoleLookupRepository) { throw new ArgumentNullException("adRoleLookupRepository"); } #endregion // Call overload with injected objects string[] MatchingRoles = GetRolesForADGroups(staffCode, staffCode, appID, "", adGroups, adRoleLookupRepository); //***************************CHANGE TO GET ROLES FROM STAFF ATTRIBUTES******************************** //*****************THE ONLY ROLE IN AD IS NOW ONE GIVING ACCESS TO THE APPLICATION USED BY LANDING PAGE******************** Guid StaffCodeGuid = Guid.Parse(staffCode); List <StaffAttributes> attributes = staffAttributesRepository.Find(new Specification <StaffAttributes>(x => x.ApplicationAttribute.IsRole && x.LookupValue == "Yes" && x.StaffCode == StaffCodeGuid), x => x.ApplicationAttribute.AttributeName, "ApplicationAttribute", "Application", "ApplicationAttribute.ApplicationAttributeExtension").ToList(); MatchingRoles = MatchingRoles.Concat <string>(attributes.Select(x => x.ApplicationAttribute.AttributeName)).ToArray(); //add pseudo Staff Maintenance role if user is staff admin. This role in used in custom Authorization checks if (attributes.Where(x => x.ApplicationAttribute.ApplicationAttributeExtension.Any(y => y.IsStaffAdmin == true)).Count() > 0) { List <String> matchingRolesList = new List <string>(MatchingRoles); matchingRolesList.Add(FrameworkRoles.STAFF_MAINTAINANCE); MatchingRoles = matchingRolesList.ToArray(); } //Return user information AuthorisationDC returnObject = new AuthorisationDC() { Roles = MatchingRoles.AsEnumerable <string>(), UserID = staffCode, UserName = firstName + " " + lastName }; return(returnObject); } catch (Exception e) { //Prevent exception from propogating across the service interface ExceptionManager.ShieldException(e); return(null); } }
/// <summary> /// Gets authorisation information relating to the current user /// </summary> /// <remarks> /// Retrieves application roles based on a users group membership /// </remarks> /// <param name="context">HttpContext</param> /// <param name="appID">Application ID</param> public static void GetUserAuthorisationInfo(HttpContextBase context, string appID) { string[] roles = null; if (context.User.Identity.IsAuthenticated && context.Request.LogonUserIdentity != null && context.Request.LogonUserIdentity.IsAuthenticated) { //Get roles from session if available if (null != SessionManager.UserRoles) { roles = SessionManager.UserRoles; } else // If roles not in session then retrieve from authorisation service { AuthorisationDC authorisationResult = null; //Create instance of Authorisation service AuthorisationServiceClient sc = new AuthorisationServiceClient(); //Get user name for current user string userName = context.User.Identity.Name; try { #if DEBUG authorisationResult = new AuthorisationDC(); authorisationResult.Roles = new string[] { "FW-ADMIN", "FW-APPLICATION", "UCB-APPLICATION", "AM-APPLICATION" }; authorisationResult.UserID = "F308F543-75A8-4218-A644-F27765CE51AB"; authorisationResult.UserName = "******"; #else string[] adGroups = Roles.GetRolesForUser(); //Authorise user and retrieve user roles authorisationResult = sc.GetUserAuthorisationInfo(userName, appID, adGroups); //Close service communication ((ICommunicationObject)sc).Close(); #endif //Store roles in session so we don't have to call service each time SessionManager.UserRoles = roles = authorisationResult.Roles; //Store user's ID in session SessionManager.UserID = authorisationResult.UserID; //Store user's Name in session SessionManager.UserName = authorisationResult.UserName; } catch (FaultException <AuthorisationFailureFault> ) { ((ICommunicationObject)sc).Close(); //Store user's ID in session SessionManager.UserID = userName; //Store roles as empty array SessionManager.UserRoles = new string[] { }; } catch (Exception e) { ExceptionManager.HandleException(e, (ICommunicationObject)sc); } } } //Create new principal object and attach roles GenericPrincipal principal = new GenericPrincipal(context.User.Identity, roles); //Attach new principal to current thread Thread.CurrentPrincipal = context.User = principal; }
/// <summary> /// Gets authorisation information relating to the current user /// </summary> /// <remarks> /// Retrieves application roles based on a users group membership /// </remarks> /// <param name="context">HttpContext</param> /// <param name="appID">Application ID</param> public void GetUserAuthorisationInfo(HttpContextBase context, string appID) { string[] roles = null; if (context.User.Identity.IsAuthenticated && context.Request.LogonUserIdentity != null && context.Request.LogonUserIdentity.IsAuthenticated) { //Get roles from session if available if (null != sessionManager.UserRoles) { roles = sessionManager.UserRoles; } else // If roles not in session then retrieve from authorisation service { AuthorisationDC authorisationResult = null; //Create instance of Authorisation service //AuthorisationServiceClient sc = new AuthorisationServiceClient(); IAuthorisationService sc = authorisationService; //Get user name for current user string userName = context.User.Identity.Name; try { #if DEBUG authorisationResult = new AuthorisationDC(); authorisationResult.Roles = new string[] { }; //authorisationResult.Roles = new string[] { AppRoles.APPLICATION, AppRoles.NOMINATED_MANAGER, AppRoles.TRADE_UNION, AppRoles.UCB_MI_USER, AppRoles.STAFFADMIN }; authorisationResult.Roles = new string[] { AppRoles.APPLICATION, AppRoles.NOMINATED_MANAGER, AppRoles.DEPUTY_NOMINATED_MANAGER, AppRoles.ADMIN, AppRoles.TRADE_UNION, AppRoles.BUSINESS_AREA_MANAGER, AppRoles.UCB_MI_USER, AppRoles.STAFFADMIN }; // authorisationResult.Roles = new string[] { AppRoles.APPLICATION, AppRoles.NOMINATED_MANAGER, AppRoles.DEPUTY_NOMINATED_MANAGER, AppRoles.ADMIN, AppRoles.TRADE_UNION, AppRoles.BUSINESS_AREA_MANAGER, AppRoles.UCB_MI_USER, AppRoles.STAFFADMIN }; // authorisationResult.Roles = new string[] { "UCB-APPLICATION", "UCB-ADMIN" }; authorisationResult.UserID = "DF8752EF-74DB-4AEE-A55A-1D3D5F6AA6FE"; authorisationResult.UserName = "******"; #else string[] adGroups = Roles.GetRolesForUser(); //Authorise user and retrieve user roles authorisationResult = sc.GetUserAuthorisationInfo(userName, appID, adGroups); //Close service communication ((ICommunicationObject)sc).Close(); #endif //Store roles in session so we don't have to call service each time sessionManager.UserRoles = roles = authorisationResult.Roles; //Store user's ID in session sessionManager.UserID = authorisationResult.UserID; //Store user's Name in session sessionManager.UserName = authorisationResult.UserName; } catch (FaultException <AuthorisationFailureFault> ) { ((ICommunicationObject)sc).Close(); //Store user's ID in session sessionManager.UserID = userName; //Store roles as empty array sessionManager.UserRoles = new string[] { }; } catch (Exception e) { ExceptionManager.HandleException(e, (ICommunicationObject)sc); } } } //Create new principal object and attach roles GenericPrincipal principal = new GenericPrincipal(context.User.Identity, roles); //Attach new principal to current thread Thread.CurrentPrincipal = context.User = principal; }
public AuthorisationDC GetUserAuthorisationInfo(string token, string appID, string[] roles) { try { #region Parameter validation //Validate for parameters which cannot be null if (null == token) { throw new ArgumentNullException("token"); } if (null == appID) { throw new ArgumentNullException("appID"); } if (null == roles) { throw new ArgumentNullException("roles"); } #endregion // Get the domain name from configuration string domainName = ConfigurationManager.AppSettings.Get("DomainName"); // Remove domain name from user name token = token.Substring(token.IndexOf("\\") + 1); // Token passed was invalid if (null == token) { throw new ArgumentOutOfRangeException("token"); } //Remove the domain name from the AD groups var adGroupsWithoutDomainPrefix = (from x in roles select(x.Contains("\\") ? x.Substring(x.LastIndexOf("\\") + 1) : x)).ToArray(); // Create instance of Staff repository. Note - no way to specify user guids IRepository <Staff> staffRepository = new Repository <Staff>("", "", appID, ""); //Find user List <Staff> staffItems = staffRepository.Find(x => x.StaffNumber == token && x.IsActive == true).ToList(); Staff staffItem = null; if (staffItems.Count() != 1) { // If zero staff records are found then the user is not in the Staff table throw new FailedAuthorisationException(); } else { // One staff member found. staffItem = staffItems[0]; } // Convert to string string staffCode = staffItem.Code.ToString(); // Create instance of ADRoleLookup repository IRepository <ADRoleLookup> adRoleLookupRepository = new Repository <ADRoleLookup>(staffCode, staffCode, appID, ""); IRepository <StaffAttributes> staffAttributesRepository = new Repository <StaffAttributes>(staffCode, staffCode, appID, ""); // Get user authorisation information AuthorisationDC returnObject = GetUserAuthorisationInfo(token, appID, adGroupsWithoutDomainPrefix, staffCode, staffItem.FirstName, staffItem.LastName, adRoleLookupRepository, staffAttributesRepository); return(returnObject); } catch (ArgumentNullException e) { // Publish the exception information ExceptionManager.PublishException(e); //Prevent exception from propogating across the service interface throw new FaultException <AuthorisationFailureFault>(new AuthorisationFailureFault(), "Authorisation failure"); } catch (ArgumentOutOfRangeException e) { // Publish the exception information ExceptionManager.PublishException(e); //Prevent exception from propogating across the service interface throw new FaultException <AuthorisationFailureFault>(new AuthorisationFailureFault(), "Authorisation failure"); } catch (FailedAuthorisationException) { //Prevent exception from propogating across the service interface throw new FaultException <AuthorisationFailureFault>(new AuthorisationFailureFault(), "Authorisation failure"); } catch (Exception e) { if (!(e is FaultException)) { // Publish the exception information ExceptionManager.PublishException(e); // Throw default fault exception throw new FaultException <ServiceErrorFault>(new ServiceErrorFault(), "The service experienced a serious error."); } return(null); } }