public void RefreshGroups()
{
DBEntities context = COREobject.i.Context;
string groupADServer = WebConfigurationManager.AppSettings[$"Persona_AdGroupServer"];
NexusLdapService ldap = new NexusLdapService();
ldap.UseServer(groupADServer);
// get ADgroup_User from AD
List <ADgroup_User> rightsLdap = new List <ADgroup_User>();
foreach (ADgroup group in context.ADgroups.ToList())
{
// For ADGroup with added RoleForApplication remove UserRoles
if (!string.IsNullOrEmpty(group.RoleForApplication))
{
foreach (User_Role userRole in context.Users_Roles.ToList())
{
if (userRole.ApplicationId == group.ApplicationId && userRole.RoleName == group.RoleForApplication)
{
context.Users_Roles.Remove(userRole);
}
}
}
var ADapps = ldap.GetGroups(group.Name);
if (ADapps.Count() == 0)
{
continue;
}
foreach (JToken ADapp in ADapps) // should be only 1
{
foreach (JToken member in ADapp["member"])
{
// save user with groups
User user = AuthAD.getUserAndHisGroupsFromAD(identify: (string)member).Item1;
// Add UserRole according to ADGroup
if (!string.IsNullOrEmpty(group.RoleForApplication))
{
User_Role newUserRole = new User_Role();
newUserRole.UserId = user.Id;
newUserRole.RoleName = group.RoleForApplication;
newUserRole.ApplicationId = group.ApplicationId ?? 0;
newUserRole.ApplicationName = context.Applications.Find(group.ApplicationId ?? 0).Name;
context.Users_Roles.Add(newUserRole);
}
}
}
}
context.SaveChanges();
}
public static void RefreshFromAD(Modules.CORE.CORE core)
{
// refresh all users
DBEntities context = core.Entitron.GetStaticTables();
//foreach(User user in context.Users.ToList())
//{
// core.Persona.RefreshUser(user);
//}
NexusLdapService ldap = new NexusLdapService();
ldap.UseServer(groupADServer);
// get ADgroup_User from AD
List <ADgroup_User> rightsLdap = new List <ADgroup_User>();
foreach (ADgroup group in context.ADgroups.ToList())
{
var ADapps = ldap.GetGroups(group.Name);
if (ADapps.Count() == 0)
{
continue;
}
foreach (JToken ADapp in ADapps) // should be only 1
{
foreach (JToken member in ADapp["member"])
{
// save user with groups
core.Persona.GetUser(identify: (string)member);
}
}
}
context.SaveChanges();
}
internal static (User, List <string>) getUserAndHisGroupsFromAD(string userName = null, string identify = null)
{
DBEntities context = COREobject.i.Context;
// split userName & domain
string serverName;
string onlyName = null;
// use userName
if (!string.IsNullOrWhiteSpace(userName))
{
int domainIndex = userName.IndexOf('\\');
serverName = null;
onlyName = userName;
if (domainIndex != -1)
{
serverName = userName.Substring(0, domainIndex).ToLower();
onlyName = userName.Substring(domainIndex + 1);
}
}
// use identify
else if (!string.IsNullOrWhiteSpace(identify))
{
serverName = getUserServer(identify);
}
// nothing
else
{
return(null, null);
}
// search in AD
NexusLdapService search = new NexusLdapService();
if (serverName != null)
{
search.UseServer(serverName);
}
JToken ldapResult = (onlyName != null)
? search.SearchByLogin(onlyName)
: search.SearchByIdentify(identify);
// no user found
if (ldapResult == null)
{
return(null, null);
}
// user attributes
User user = new User
{
UserName = userName ?? $"{getUserServer(identify).ToUpper()}\\{ldapResult["samaccountname"]}",
DisplayName = (string)ldapResult["displayname"],
Email = (string)ldapResult["mail"],
Address = "",
Company = "",
Department = "",
Team = "",
Job = (string)ldapResult["title"],
WorkPhone = "",
MobilPhone = "",
LastLogin = DateTime.FromFileTime((long)ldapResult["lastlogon"]),
CurrentLogin = DateTime.UtcNow,
ModuleAccessPermission = new ModuleAccessPermission(),
AuthTypeId = new MasterAD().Id,
localExpiresAt = DateTime.UtcNow
};
// groups
List <string> groupNames = new List <string>();
foreach (JToken group in ldapResult["memberof"])
{
string groupIdentify = (string)group;
int startI = groupIdentify.IndexOf("CN=") + 3;
int EndI = groupIdentify.IndexOf(',', startI);
groupNames.Add(groupIdentify.Substring(startI, EndI - startI));
}
return(user, groupNames);
}