private void SaveRecord() { try { _Storage.BeginTransaction(AzManIsolationLevel.ReadUncommitted); foreach (ListViewItem item in lvwStoreGroups.Items) { #region update checked items only, not selected if (item.Checked) { _SelectedItems.Add(item); #region 立即 save IAzManStoreGroup sg = _Store.GetStoreGroup(item.SubItems[0].Text); _StoreGroup.CreateStoreGroupMember(sg.SID, WhereDefined.Store, _IsMember); #endregion } #endregion } _Storage.CommitTransaction(); } catch (Exception ex) { _Storage.RollBackTransaction(); throw (ex); } }
/// <summary> /// Create a Full Storage through .NET code /// </summary> private void CreateFullStorage() { // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Administrators //Sql Storage connection string string sqlConnectionString = "data source=(local);initial catalog=NetSqlAzManStorage;user id=netsqlazmanuser;password=password"; //Create an instance of SqlAzManStorage class IAzManStorage storage = new SqlAzManStorage(sqlConnectionString); //Open Storage Connection storage.OpenConnection(); //Begin a new Transaction storage.BeginTransaction(AzManIsolationLevel.ReadUncommitted); //Create a new Store IAzManStore newStore = storage.CreateStore("My Store", "Store description"); //Create a new Basic StoreGroup IAzManStoreGroup newStoreGroup = newStore.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), "My Store Group", "Store Group Description", String.Empty, GroupType.Basic); //Retrieve current user SID IAzManSid mySid = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User); //Add myself as sid of "My Store Group" IAzManStoreGroupMember storeGroupMember = newStoreGroup.CreateStoreGroupMember(mySid, WhereDefined.Local, true); //Create a new Application IAzManApplication newApp = newStore.CreateApplication("New Application", "Application description"); //Create a new Role IAzManItem newRole = newApp.CreateItem("New Role", "Role description", ItemType.Role); //Create a new Task IAzManItem newTask = newApp.CreateItem("New Task", "Task description", ItemType.Task); //Create a new Operation IAzManItem newOp = newApp.CreateItem("New Operation", "Operation description", ItemType.Operation); //Add "New Operation" as a sid of "New Task" newTask.AddMember(newOp); //Add "New Task" as a sid of "New Role" newRole.AddMember(newTask); //Create an authorization for myself on "New Role" IAzManAuthorization auth = newRole.CreateAuthorization(mySid, WhereDefined.Local, mySid, WhereDefined.Local, AuthorizationType.AllowWithDelegation, null, null); //Create a custom attribute IAzManAttribute <IAzManAuthorization> attr = auth.CreateAttribute("New Key", "New Value"); //Create an authorization for DB User "Andrea" on "New Role" IAzManAuthorization auth2 = newRole.CreateAuthorization(mySid, WhereDefined.Local, storage.GetDBUser("Andrea").CustomSid, WhereDefined.Local, AuthorizationType.AllowWithDelegation, null, null); //Commit transaction storage.CommitTransaction(); //Close connection storage.CloseConnection(); }
private void ImportFromAzMan(string azManStorePath, string netSqlAzManStoreName) { Microsoft.Interop.Security.AzRoles.AzAuthorizationStore azstore = null; string tempFileName = Path.Combine(Environment.GetEnvironmentVariable("temp", EnvironmentVariableTarget.Machine), String.Format("AzMan{0}.xml", Guid.NewGuid())); try { this.storage.BeginTransaction(AzManIsolationLevel.ReadUncommitted); string storeDescription = String.Format("Store imported from AzMan Store:" + " ({0}) - {1}", azManStorePath, DateTime.Now.ToString()); IAzManStore store = this.storage.CreateStore(netSqlAzManStoreName, storeDescription); azstore = new AzAuthorizationStoreClass(); if (this.rbtStoreFile.Checked) { this.FileUpload1.SaveAs(tempFileName); azManStorePath = String.Format("msxml://{0}", tempFileName); } azstore.Initialize(2, azManStorePath, null); #region Store Groups //Store Groups foreach (IAzApplicationGroup azStoreGroup in azstore.ApplicationGroups) { //Store Groups Definition if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), azStoreGroup.Name, azStoreGroup.Description, String.Empty, GroupType.Basic); } else if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_LDAP_QUERY) { //LDap store.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), azStoreGroup.Name, azStoreGroup.Description, azStoreGroup.LdapQuery, GroupType.LDapQuery); } } //Store Groups Members foreach (IAzApplicationGroup azStoreGroup in azstore.ApplicationGroups) { if (azStoreGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic IAzManStoreGroup storeGroup = store.GetStoreGroup(azStoreGroup.Name); //Store Group Members - Members Store Group object[] azStoreGroupMembers = azStoreGroup.AppMembers as object[]; if (azStoreGroupMembers != null) { foreach (string azStoreGroupMember in azStoreGroupMembers) { IAzManStoreGroup member = store.GetStoreGroup(azStoreGroupMember); storeGroup.CreateStoreGroupMember(member.SID, WhereDefined.Store, true); } } //Store Group Non-Members - Non-Members Store Group object[] azStoreGroupNonMembers = azStoreGroup.AppNonMembers as object[]; if (azStoreGroupNonMembers != null) { foreach (string azStoreGroupNonMember in azStoreGroupNonMembers) { IAzManStoreGroup nonMember = store.GetStoreGroup(azStoreGroupNonMember); storeGroup.CreateStoreGroupMember(nonMember.SID, WhereDefined.Store, false); } } //Store Group Members - Windows NT Account object[] azStoreGroupWindowsMembers = azStoreGroup.Members as object[]; if (azStoreGroupWindowsMembers != null) { foreach (string azStoreWindowsMember in azStoreGroupWindowsMembers) { IAzManSid sid = new SqlAzManSID(azStoreWindowsMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); storeGroup.CreateStoreGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, true); } } //Store Group NonMembers - Windows NT Account object[] azStoreGroupWindowsNonMembers = azStoreGroup.NonMembers as object[]; if (azStoreGroupWindowsNonMembers != null) { foreach (string azStoreWindowsNonMember in azStoreGroupWindowsNonMembers) { IAzManSid sid = new SqlAzManSID(azStoreWindowsNonMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); storeGroup.CreateStoreGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, false); } } } } #endregion Store Groups #region Applications //Applications foreach (IAzApplication azApplication in azstore.Applications) { IAzManApplication application = store.CreateApplication(azApplication.Name, azApplication.Description); #region Application Groups //Store Groups foreach (IAzApplicationGroup azApplicationGroup in azApplication.ApplicationGroups) { //Application Groups Definition if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic application.CreateApplicationGroup(SqlAzManSID.NewSqlAzManSid(), azApplicationGroup.Name, azApplicationGroup.Description, String.Empty, GroupType.Basic); } else if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_LDAP_QUERY) { //LDap application.CreateApplicationGroup(SqlAzManSID.NewSqlAzManSid(), azApplicationGroup.Name, azApplicationGroup.Description, azApplicationGroup.LdapQuery, GroupType.LDapQuery); } } //Application Groups Members foreach (IAzApplicationGroup azApplicationGroup in azApplication.ApplicationGroups) { if (azApplicationGroup.Type == (int)tagAZ_PROP_CONSTANTS.AZ_GROUPTYPE_BASIC) { //Basic IAzManApplicationGroup applicationGroup = application.GetApplicationGroup(azApplicationGroup.Name); //Application Group Members - Members Group object[] azStoreGroupMembers = azApplicationGroup.AppMembers as object[]; if (azStoreGroupMembers != null) { foreach (string azGroupMember in azStoreGroupMembers) { IAzManStoreGroup storemember; try { storemember = store.GetStoreGroup(azGroupMember); } catch (SqlAzManException) { storemember = null; } IAzManApplicationGroup appmember; try { appmember = application.GetApplicationGroup(azGroupMember); } catch (SqlAzManException) { appmember = null; } if (storemember != null) { applicationGroup.CreateApplicationGroupMember(storemember.SID, WhereDefined.Store, true); } else { applicationGroup.CreateApplicationGroupMember(appmember.SID, WhereDefined.Application, true); } } } //Application Group Non-Members - Non-Members Group object[] azStoreGroupNonMembers = azApplicationGroup.AppNonMembers as object[]; if (azStoreGroupNonMembers != null) { foreach (string azGroupNonMember in azStoreGroupNonMembers) { IAzManStoreGroup storenonMember; try { storenonMember = store.GetStoreGroup(azGroupNonMember); } catch (SqlAzManException) { storenonMember = null; } IAzManApplicationGroup appnonMember; try { appnonMember = application.GetApplicationGroup(azGroupNonMember); } catch (SqlAzManException) { appnonMember = null; } if (storenonMember != null) { applicationGroup.CreateApplicationGroupMember(storenonMember.SID, WhereDefined.Store, false); } else { applicationGroup.CreateApplicationGroupMember(appnonMember.SID, WhereDefined.Application, false); } } } //Application Group Members - Windows NT Account object[] azApplicationGroupWindowsMembers = azApplicationGroup.Members as object[]; if (azApplicationGroupWindowsMembers != null) { foreach (string azApplicationWindowsMember in azApplicationGroupWindowsMembers) { IAzManSid sid = new SqlAzManSID(azApplicationWindowsMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); applicationGroup.CreateApplicationGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, true); } } //Application Group NonMembers - Windows NT Account object[] azApplicationGroupWindowsNonMembers = azApplicationGroup.NonMembers as object[]; if (azApplicationGroupWindowsNonMembers != null) { foreach (string azApplicationWindowsNonMember in azApplicationGroupWindowsNonMembers) { IAzManSid sid = new SqlAzManSID(azApplicationWindowsNonMember); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); applicationGroup.CreateApplicationGroupMember(sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, false); } } } } #endregion Application Groups //Without Scopes IAzTasks tasks = azApplication.Tasks as IAzTasks; if (tasks != null) { foreach (IAzTask azTask in tasks) { if (azTask.IsRoleDefinition == 1) { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Role); } else { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Task); } } } IAzOperations operations = azApplication.Operations as IAzOperations; if (operations != null) { foreach (IAzOperation azOperation in operations) { application.CreateItem(azOperation.Name, azOperation.Description, ItemType.Operation); } } //Build Item Hierarchy if (tasks != null) { foreach (IAzTask azTask in tasks) { this.SetHirearchy(null, azApplication, azTask.Name, application); } } //Scopes foreach (IAzScope azScope in azApplication.Scopes) { azApplication.OpenScope(azScope.Name, null); IAzTasks tasksOfScope = azScope.Tasks as IAzTasks; if (tasksOfScope != null) { foreach (IAzTask azTask in tasksOfScope) { if (azTask.IsRoleDefinition == 1) { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Role); } else { IAzManItem item = application.CreateItem(azTask.Name, azTask.Description, ItemType.Task); } } } //Build Item Hierarchy if (tasksOfScope != null) { foreach (IAzTask azTask in tasksOfScope) { this.SetHirearchy(azScope, azApplication, azTask.Name, application); } } } //Authorizations on Roles without Scopes AuthorizationType defaultAuthorization = AuthorizationType.AllowWithDelegation; IAzRoles azRoles = azApplication.Roles; foreach (IAzRole azRole in azRoles) { IAzManItem item; try { item = application.GetItem(azRole.Name); } catch (SqlAzManException) { item = null; } if (item == null) { item = application.CreateItem(azRole.Name, azRole.Description, ItemType.Role); } //Store & Application Groups Authorizations foreach (string member in (object[])azRole.AppMembers) { IAzManStoreGroup storeGroup; try { storeGroup = application.Store.GetStoreGroup(member); } catch (SqlAzManException) { storeGroup = null; } IAzManApplicationGroup applicationGroup; try { applicationGroup = application.GetApplicationGroup(member); } catch (SqlAzManException) { applicationGroup = null; } if (storeGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, storeGroup.SID, WhereDefined.Store, defaultAuthorization, null, null); } else if (applicationGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, applicationGroup.SID, WhereDefined.Application, defaultAuthorization, null, null); } } //Windows Users & Groups Authorizations foreach (string sSid in (object[])azRole.Members) { IAzManSid sid = new SqlAzManSID(sSid); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, defaultAuthorization, null, null); } } //Authorizations on Roles with Scopes foreach (IAzScope azScope in azApplication.Scopes) { IAzRoles azRolesWithScopes = azScope.Roles; foreach (IAzRole azRole in azRolesWithScopes) { IAzManItem item; try { item = application.GetItem(azRole.Name); } catch (SqlAzManException) { item = null; } if (item == null) { item = application.CreateItem(azRole.Name, azRole.Description, ItemType.Role); } //Store & Application Groups Authorizations foreach (string member in (object[])azRole.AppMembers) { IAzManStoreGroup storeGroup; try { storeGroup = application.Store.GetStoreGroup(member); } catch (SqlAzManException) { storeGroup = null; } IAzManApplicationGroup applicationGroup; try { applicationGroup = application.GetApplicationGroup(member); } catch (SqlAzManException) { applicationGroup = null; } if (storeGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, storeGroup.SID, WhereDefined.Store, defaultAuthorization, null, null); } else if (applicationGroup != null) { item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, applicationGroup.SID, WhereDefined.Application, defaultAuthorization, null, null); } } //Windows Users & Groups Authorizations foreach (string sSid in (object[])azRole.Members) { IAzManSid sid = new SqlAzManSID(sSid); string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(sid.StringValue, out memberName, out isLocal); item.CreateAuthorization(this.currentOwnerSid, this.currentOwnerSidWhereDefined, sid, isLocal ? WhereDefined.Local : WhereDefined.LDAP, defaultAuthorization, null, null); } } } //try //{ // azstore.CloseApplication(azApplication.Name, 0); //} //catch //{ // //PorkAround: COM Is a mistery //} } #endregion Applications if (storage.TransactionInProgress) { storage.CommitTransaction(); } } catch { if (storage.TransactionInProgress) { storage.RollBackTransaction(); } throw; } finally { if (azstore != null) { System.Runtime.InteropServices.Marshal.ReleaseComObject(azstore); File.Delete(tempFileName); azstore = null; } } }