public void RemoveAuthorizedUser(string name)
{
var usr = AuthorizedUsers.FirstOrDefault((m) => m.User.UserName == name);
if (usr != null)
{
AuthorizedUsers.Remove(usr);
}
}
public AccessLevel Authorize(string objectType, ref DataFilter dataFilter)
{
List <Object> objects = new List <Object>();
//ISession session = null;
try
{
//session = NHibernateSessionManager.Instance.GetSession(
// _nhSettings["AppDataPath"], _nhSettings["Scope"]);
//if (session != null)
//{
if (_keyRing != null && _keyRing["UserName"] != null)
{
string userName = _keyRing["UserName"].ToString();
userName = userName.Substring(userName.IndexOf('\\') + 1).ToLower();
_logger.Debug("Authorizing user [" + userName + "]");
if (userName == "anonymous")
{
return(AccessLevel.Delete);
}
AuthorizedUsers authUsers = Utility.Read <AuthorizedUsers>(_authorizationPath, true);
if (authUsers != null)
{
foreach (string authUser in authUsers)
{
if (authUser.ToLower() == userName)
{
return(AccessLevel.Delete);
}
}
}
}
else
{
_logger.Error("KeyRing is empty.");
return(AccessLevel.AccessDenied);
}
//}
}
finally
{
//if (session != null)
// session.Close();
}
return(AccessLevel.AccessDenied);
}
public IActionResult Authorize(AuthorizationModel authorizationModel)
{
try
{
var client = new RestClient(authorizationServicePaths.ServiceUrl);
var request = new RestRequest(authorizationServicePaths.Method, DataFormat.Json);
request.AddJsonBody(authorizationModel);
var response = client.Post(request);
if (!response.IsSuccessful)
{
throw new Exception("Authorization service error. Please try letter");
}
var authorizationResponse = JsonConvert.DeserializeObject <AuthorizationResponseModel>(response.Content);
if (authorizationResponse == null)
{
throw new Exception("Authorization service messeging error. Please try letter");
}
if (authorizationResponse.IsAuthorized)
{
UpdateUsers();
var loginedUser = AuthorizedUsers.FirstOrDefault(u => u.Login == authorizationModel.Login);
if (loginedUser != null)
{
return(Ok(loginedUser));
}
var user = new AuthorizedUser
{
Login = authorizationModel.Login,
Token = Guid.NewGuid().ToString(),
Role = authorizationResponse.Role,
TokenExpirationTime = DateTime.UtcNow.AddMinutes(tokenLifetimeMinutes)
};
AuthorizedUsers.Add(user);
return(Ok(user));
}
throw new Exception(authorizationResponse.IsKnownUser ?
"Incorrect password. Please try again" : "Unknown user. Please change login and try again");
}
catch (Exception exception)
{
return(BadRequest(exception));
}
}
public IActionResult CheckToken(TokenModel tokenModel)
{
try
{
UpdateUsers();
return(Ok(AuthorizedUsers.Any(u => u.Token == tokenModel.Token)));
}
catch (Exception exception)
{
return(BadRequest(exception));
}
}
/// <summary>
///为文件夹添加users,IIS_IUSRS用户组的完全控制权限
/// </summary>
/// <param name="dirPath"></param>
public static void AddSecurityControll2Folder(string dirPath, AuthorizedUsers user)
{
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(dirPath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加IIS_IUSRS用户组的访问权限规则 完全控制权限
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(EnumHelper.GetDescription(user), FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, fileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
public void AddAuthorizedUser(ApplicationUser user, WallAccessPermissionLevels level)
{
var usr = AuthorizedUsers.FirstOrDefault((m) => m.User.UserName == user.UserName);
if (usr != null)
{
usr.PermissionLevel = level;
}
else
{
AuthorizedUsers.Add(new WallUserReferenceModel()
{
PermissionLevel = level,
User = user
});
}
}
public IActionResult GetFacultyStatistics()
{
try
{
return(Ok(new HomeDataModel {
CurrentOnline = AuthorizedUsers.Count(),
FacultyStatistics = FactoryConcentrator.StudentAttendanceFactory.GetStatisticsByFaculties(
CurrentLanguage,
DateTime.Today.AddDays(-30),
DateTime.Today)
}));
}
catch (Exception exception)
{
return(BadRequest(exception));
}
}
public static User FromEntities(this AuthorizedUsers User)
{
return(User == null ? null : new User
{
Id = User.UserId,
Username = User.UserName,
Name = User.UserName,
Email = User.Email,
Division = User.Division,
GroupContact = new GroupContact {
Code = User.ReferTo
},
CanAddTicketComments = User.AddComments == "Y",
CanAssignTicket = User.AllowAssignTo == "Y",
CanAccessAdmin = User.AllowSecurity == "Y",
CanCloseTicket = User.AllowCloseTicket == "Y",
CanSearchTickets = User.AllowSearchTickets == "Y",
CanViewUnassigned = User.AllowViewUnassigned == "Y",
GetsNotificationOnAssignment = User.NotifyWhenAssigned == "Y",
DaysReminderNotification = User.ReminderDelayDays,
CanViewOnlyDeptTickets = User.AllowOnlyDeptTickets == "Y"
});
}
private Result Delete(AuthorizedUsers user)
{
var result = new Result();
try
{
if (string.IsNullOrEmpty(user.UserId))
{
throw new Exception("UserId is required to delete.");
}
cusRelContext.Entry(user).State = EntityState.Deleted;
var count = SaveChanges();
if (count > 0)
{
result.SetOK();
}
}
catch (Exception e)
{
result.SetFail(e);
}
return(result);
}
public async Task <IHttpActionResult> RegisterExternal([FromBody] RegisterExternalBindingModel model)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var verifiedAccessToken = await VerifyExternalAccessToken(model.Provider, model.ExternalAccessToken);
if (verifiedAccessToken == null)
{
return(BadRequest("Invalid Provider or External Access Token"));
}
var user =
await
AuthenticationRepository.FindAsync(new UserLoginInfo(model.Provider, verifiedAccessToken.UserId));
var hasRegistered = user != null;
if (hasRegistered)
{
return(BadRequest("External user is already registered"));
}
var alias = model.Alias.Replace(" ", string.Empty);
user = new IdentityUser {
UserName = model.Email, Email = model.Email
};
var result = await AuthenticationRepository.CreateAsync(user);
if (!result.Succeeded)
{
return(GetErrorResult(result));
}
var newAlias = alias;
if (DataRepository.Find <Member>(m => m.Alias == alias) != null)
{
newAlias = newAlias + model.Email.GetHashCode();
}
var info = new ExternalLoginInfo
{
DefaultUserName = newAlias,
Email = model.Email,
Login = new UserLoginInfo(model.Provider, model.ExternalAccessToken)
};
result = await AuthenticationRepository.AddLoginAsync(user.Id, info.Login);
if (!result.Succeeded)
{
return(GetErrorResult(result));
}
var member = CreateNewMember(model, newAlias, user);
lock (LockObject)
{
if (!AuthorizedUsers.ContainsKey(model.ExternalAccessToken))
{
AuthorizedUsers.Add(model.ExternalAccessToken, user);
}
}
var memberResult = new Result <Member> {
Data = member
};
return(Ok(memberResult));
}
catch (Exception ex)
{
Log.Error(ex);
return(BadRequest("Internal Failure"));
}
}
internal static bool IsAuthorized(IIdentity user)
{
var externalLogin = ExternalLoginData.FromIdentity(user as ClaimsIdentity);
return(externalLogin != null && AuthorizedUsers.ContainsKey(externalLogin.ProviderKey));
}
public async Task <IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
try
{
var redirectUri = "";
if (error != null)
{
if (error == "access_denied")
{
return(Redirect(RedirectUrl));
}
return(BadRequest(Uri.EscapeDataString(error)));
}
if (!User.Identity.IsAuthenticated)
{
return(new ChallengeResult(provider, this));
}
var token = ValidateClientAndRedirectUri(ref redirectUri);
if (string.IsNullOrWhiteSpace(token))
{
return(BadRequest(token));
}
var externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
if (externalLogin == null)
{
return(InternalServerError());
}
if (externalLogin.LoginProvider != provider)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
return(new ChallengeResult(provider, this));
}
var member = new Member();
var user =
await
AuthenticationRepository.FindAsync(new UserLoginInfo(externalLogin.LoginProvider,
externalLogin.ProviderKey));
if (user != null)
{
member = DataRepository.Queryable <Member>().FirstOrDefault(x => x.AspNetUserId == user.Id);
if (member == null || member.Id == Constants.NotFound)
{
member = new Member {
Email = externalLogin.EmailAddress, PlainName = externalLogin.UserName
};
}
lock (LockObject)
{
if (!AuthorizedUsers.ContainsKey(externalLogin.ProviderKey))
{
AuthorizedUsers.Add(externalLogin.ProviderKey, user);
}
}
var verifiedAccessToken = await VerifyExternalAccessToken(provider, externalLogin.ProviderKey);
if (verifiedAccessToken == null)
{
return(BadRequest("Invalid Provider or External Access Token"));
}
var currentUtc = new SystemClock().UtcNow;
var expiresUtc = currentUtc.Add(TimeSpan.FromHours(3.0));
Authentication.SignIn(
new AuthenticationProperties()
{
AllowRefresh = true,
ExpiresUtc = expiresUtc,
IssuedUtc = currentUtc,
IsPersistent = true
}, User.Identity as ClaimsIdentity);
}
else
{
member.Alias = externalLogin.UserName;
member.Email = externalLogin.EmailAddress ?? Constants.NotSet;
member.PlainName = externalLogin.UserName;
}
member.ProviderKey = externalLogin.ProviderKey;
lock (LockObject)
{
if (!AuthenticatedMembers.ContainsKey(token))
{
AuthenticatedMembers.Add(token, member);
}
}
if (string.IsNullOrEmpty(redirectUri))
{
return(Ok(member));
}
return(Redirect(redirectUri));
}
catch (Exception ex)
{
Log.Error(ex);
var result = new Result <bool>();
result.Status.Code = Controller.StatusCode.NotAuthorized;
return(Ok(result));
}
}
// =============================================================
#region Save Entities
public int AddOrUpdateUser(AuthorizedUsers User)
{
context.AuthorizedUsers.AddOrUpdate(User);
return(SaveChanges());
}
