/// <summary>
/// Gets and bulk updates roles. Called when the "Get and bulk update roles" button is pressed.
/// Expects the CreateRole method to be run first.
/// </summary>
private bool GetAndBulkUpdateRoles()
{
// Prepare the parameters
string where = "RoleName LIKE N'MyNewRole%'";
// Get the data
DataSet roles = RoleInfoProvider.GetRoles(where, null);
if (!DataHelper.DataSourceIsEmpty(roles))
{
// Loop through the individual items
foreach (DataRow roleDr in roles.Tables[0].Rows)
{
// Create object from DataRow
RoleInfo modifyRole = new RoleInfo(roleDr);
// Update the properties
modifyRole.DisplayName = modifyRole.DisplayName.ToUpper();
// Save the changes
RoleInfoProvider.SetRoleInfo(modifyRole);
}
return(true);
}
return(false);
}
public RoleInfo GetRole(string RoleName, string SiteName, string[] Columns = null)
{
return(RoleInfoProvider.GetRoles()
.OnSite(new CMS.DataEngine.SiteInfoIdentifier(SiteName))
.ColumnsNullHandled(Columns)
.FirstOrDefault());
}
/// <summary>
/// Returns where condition for specialized role conditions or <c>null</c> in case no roles were selected.
/// </summary>
/// <param name="selector">Condition to use (ANY/ALL)</param>
/// <param name="selectedRoles">Values separated with semicolon</param>
/// <remarks>
/// <c>null</c> is returned in order to allow calling <see cref="WhereConditionBase{TParent}.WhereNot"/> on method's result
/// (empty <see cref="WhereCondition"/> would cause appending "NOT" to SQL query).
/// </remarks>
private WhereCondition GetRolesSelectorCondition(string selector, string selectedRoles)
{
if (String.IsNullOrEmpty(selectedRoles))
{
return(null);
}
string[] roles = selectedRoles.Split(';');
var globalRolesCondition = GetGlobalRolesCondition(roles);
var roleCondition = GetSiteRolesCondition(roles).Or(globalRolesCondition);
var query = UserRoleInfoProvider.GetUserRoles()
.Column("UserID")
.WhereIn("RoleID", RoleInfoProvider.GetRoles()
.Column("RoleID")
.Where(roleCondition))
.Where(new WhereCondition()
.WhereNull("ValidTo")
.Or()
.WhereGreaterThan("ValidTo", DateTime.Now))
.GroupBy("UserID");
if (selector.Equals(UniGrid.ALL, StringComparison.OrdinalIgnoreCase))
{
query.Having(condition => condition.WhereEquals(new CountColumn("RoleID"), roles.Length));
}
var userIdColumn = SessionInsteadOfUser ? "SessionUserID" : "UserID";
return(new WhereCondition().WhereIn(userIdColumn, query));
}
public HttpResponseMessage GetRoles()
{
ObjectQuery <RoleInfo> roles;
try
{
//the roles are got
roles = RoleInfoProvider.GetRoles().OrderByDescending("RoleDisplayName");
//puts the relevant information into a new object to represent the role
List <Object> roleList = roles.Select(
roleInfo => new
{
RoleId = roleInfo.RoleID,
RoleName = roleInfo.RoleName,
RoleDisplayName = roleInfo.DisplayName
}).OrderBy(role => role.RoleDisplayName)
.ToList <Object>();
//everything is OK, the roles are also returned
return(Request.CreateResponse(HttpStatusCode.OK, new { roleList = roleList }));
}
catch (Exception e)
{
return(Request.CreateResponse(HttpStatusCode.ServiceUnavailable, new { errorMessage = e.Message }));
}
}
/// <summary>
/// Returns the dataset with roles for specified site.
/// </summary>
/// <param name="users">Determines whether to return only roles to which the user is assigned</param>
private DataSet GetRoleDataset(bool users)
{
string siteWhere = (siteId.ToString() == siteSelector.GlobalRecordValue) ? "SiteID IS NULL" : "SiteID = " + siteId;
string where = "(RoleID " + (users ? "" : "NOT ") + "IN (SELECT RoleID FROM CMS_UserRole WHERE UserID = " + userId + ")) AND " + siteWhere + " AND RoleGroupID IS NULL";
// Exclude generic roles
string genericWhere = null;
ArrayList genericRoles = RoleInfoProvider.GetGenericRoles();
if (genericRoles.Count != 0)
{
foreach (string role in genericRoles)
{
genericWhere += "'" + SqlHelperClass.GetSafeQueryString(role, false) + "',";
}
if (genericWhere != null)
{
genericWhere = genericWhere.TrimEnd(',');
}
where += " AND ( RoleName NOT IN (" + genericWhere + ") )";
}
return(RoleInfoProvider.GetRoles("RoleDisplayName, RoleID", where, "RoleDisplayName", 0));
}
public HttpResponseMessage GetRole(int roleId)
{
try
{
List <Object> roles = RoleInfoProvider.GetRoles()
.WhereEquals("RoleID", roleId)
.Select(
row => new
{ //puts the relevant information into a new object representing the role
RoleId = row.RoleID,
RoleName = row.RoleName,
RoleDisplayName = row.DisplayName
}
).ToList <Object>();
if (roles.First() != null)
{
//everything is OK, the role is also returned
return(Request.CreateResponse(HttpStatusCode.OK, new { role = roles.First() }));
}
return(Request.CreateResponse(HttpStatusCode.BadRequest, "No role with the given roleId exists."));
}
catch (Exception e)
{
return(Request.CreateResponse(HttpStatusCode.ServiceUnavailable, new { errorMessage = e.Message }));
}
}
/// <summary>
/// Reloads data.
/// </summary>
public override void ReloadData()
{
base.ReloadData();
// Get roles for current user
LoadCurrentRoles();
string where = CreateWhereCondition();
usRoles.WhereCondition = where;
// Show message or uniselector?
RoleInfo role = RoleInfoProvider.GetRoles().Where(where).Columns("RoleID").TopN(1).FirstOrDefault();
if (role == null)
{
usRoles.Visible = false;
lblRole.Visible = true;
}
else
{
usRoles.Visible = true;
lblRole.Visible = false;
}
// Enable or disable buttons according to state of user's approval process
if ((CurrentMember != null) && (CurrentMember.MemberGroupID > 0))
{
// Current user cannot approve/reject him self
if (IsLiveSite && (CurrentMember.MemberUserID == MembershipContext.AuthenticatedUser.UserID))
{
// Member can nothing
btnApprove.Enabled = false;
btnReject.Enabled = false;
}
else if (CurrentMember.MemberStatus == GroupMemberStatus.Approved)
{
// Member can be rejected
btnApprove.Enabled = false;
btnReject.Enabled = true;
}
else if (CurrentMember.MemberStatus == GroupMemberStatus.Rejected)
{
// Member can be approved
btnApprove.Enabled = true;
btnReject.Enabled = false;
}
else if (CurrentMember.MemberStatus == GroupMemberStatus.WaitingForApproval)
{
// Member can be rejected and approved
btnApprove.Enabled = true;
btnReject.Enabled = true;
}
}
InitializeForm();
usRoles.Value = currentValues;
}
private ObjectQuery <RoleInfo> GetBoardRoles(params string[] columns)
{
var roles = RoleInfoProvider.GetRoles()
.Columns(columns)
.WhereIn("RoleID", BoardRoleInfoProvider.GetBoardRoles()
.Column("RoleID")
.WhereEquals("BoardID", BoardID));
return(roles);
}
public async Task RoleDeletion_OneRoleIsCreatedWithID_AfterDeletingRole_NoRoleInfoExists()
{
int idToBeDeleted = role.Id;
await store.DeleteAsync(role);
CMSAssert.All(
() => Assert.AreNotEqual(0, idToBeDeleted),
() => Assert.AreEqual(0, RoleInfoProvider.GetRoles().Count));
}
/// <summary>
/// Deletes domain objects that exist in CMS and doesn't exist in AD.
/// </summary>
/// <param name="usersChanged">Records removed users for CMS event log.</param>
/// <param name="rolesChanged">Records removed roles for CMS event log.</param>
private static void DeleteNonExistingObjects(CumulatedChanges usersChanged, CumulatedChanges rolesChanged)
{
// Remove CMS (domain) roles that do not exist in AD anymore
IQueryable <RoleInfo> excessiveRoles = RoleInfoProvider
.GetRoles()
.WhereTrue("RoleIsDomain")
.WhereNotEquals("RoleGUID", Guid.Empty)
.WhereGreaterThan("RoleID", 0)
.Columns("RoleID", "RoleGUID", "RoleName")
.Where(x => !PrincipalProvider.Exists(x.RoleGUID));
foreach (var role in excessiveRoles)
{
// Delete role
RoleInfoProvider.DeleteRoleInfo(role.RoleID);
// Store deleted role GUID and name for EventLog
rolesChanged.Add(role.RoleGUID, role.RoleDisplayName, ChangeActionEnum.Deleted);
// Add message to log
MessageLog.LogEvent(ResHelper.GetString("Log_DeletingRole", role.RoleDisplayName));
}
// Remove CMS (domain) users that do not exist in AD anymore
IQueryable <UserInfo> excessiveUsers = UserInfoProvider
.GetUsers()
.WhereTrue("UserIsDomain")
.WhereNotEquals("UserGUID", Guid.Empty)
.WhereGreaterThan("UserID", 0)
.Columns("UserID", "UserGUID", "UserName")
.Where(x => !PrincipalProvider.Exists(x.UserGUID));
foreach (var user in excessiveUsers)
{
// Delete user
UserInfoProvider.DeleteUser(user.UserID);
// Store deleted user GUID and name for EventLog
usersChanged.Add(user.UserGUID, user.UserName, ChangeActionEnum.Deleted);
// Add message to log
MessageLog.LogEvent(ResHelper.GetString("Log_DeletingUser", user.UserName));
}
}
/// <summary>
/// Gets and bulk updates roles. Called when the "Get and bulk update roles" button is pressed.
/// Expects the CreateRole method to be run first.
/// </summary>
private bool GetAndBulkUpdateRoles()
{
// Prepare the parameters
string where = "RoleName LIKE N'MyNewRole%'";
// Get the data from database
var roles = RoleInfoProvider.GetRoles().Where(where);
// Loop through the individual items
foreach (RoleInfo modifyRole in roles)
{
// Update the properties
modifyRole.DisplayName = modifyRole.DisplayName.ToUpper();
// Save the changes
RoleInfoProvider.SetRoleInfo(modifyRole);
}
// Return TRUE if any object was found and updated, FALSE otherwise
return(roles.Count > 0);
}
/// <summary>
/// Helper to Get or create the given Role
/// </summary>
/// <param name="RoleCodeName">Role Code Name</param>
/// <param name="RoleDisplayName">Role Display Name</param>
/// <param name="RoleDescription">Role Description</param>
/// <returns>The RoleInfo</returns>
private RoleInfo GetOrCreateRole(string RoleCodeName, string RoleDisplayName, string RoleDescription, int?SiteID)
{
if (SiteID.HasValue)
{
// Get Site Specific Role
RoleInfo Role = RoleInfoProvider.GetRoleInfo(RoleCodeName, SiteID.Value);
if (Role == null)
{
Role = new RoleInfo()
{
RoleDisplayName = RoleDisplayName,
RoleName = RoleCodeName,
RoleDescription = RoleDescription,
SiteID = SiteID.Value,
RoleIsDomain = false
};
RoleInfoProvider.SetRoleInfo(Role);
}
return(Role);
}
else
{
// Get Global Role
RoleInfo Role = RoleInfoProvider.GetRoles().WhereEquals("RoleName", RoleCodeName).WhereNull("SiteID").FirstOrDefault();
if (Role == null)
{
Role = new RoleInfo()
{
RoleDisplayName = RoleDisplayName,
RoleName = RoleCodeName,
RoleDescription = RoleDescription,
RoleIsDomain = false
};
RoleInfoProvider.SetRoleInfo(Role);
}
return(Role);
}
}
private static void ImportWorker_DoWork(object sender, DoWorkEventArgs e)
{
try
{
BackgroundWorker worker = (BackgroundWorker)sender;
// Save import profile
if (ImportProfile.SaveImportProfile && !ImportProfile.UsesConsole)
{
SaveFile(SaveImportProfile);
}
// Decide whether to import
if (!ImportProfile.ImportNow && !ImportProfile.UsesConsole)
{
return;
}
using (new CMSActionContext()
{
LogEvents = false, ContinuousIntegrationAllowObjectSerialization = false
})
{
#region "Initialization"
// Import canceled
if (worker.CancellationPending)
{
e.Cancel = true;
return;
}
DateTime start = DateTime.Now;
// Initialize CMS context
CMSInit();
if (ImportProfile.UsesConsole)
{
// Ensure object in case they are not present in import profile
EnsureObjects();
}
if (ImportProfile.ImportUsersOnlyFromSelectedRoles)
{
// Narrow down imported users according to imported roles
ImportProfile.Users.Clear();
}
// Import canceled
if (worker.CancellationPending)
{
e.Cancel = true;
return;
}
// Initialize cumulative changed users and roles storages
var rolesChanged = new CumulatedChanges(WellKnownEventLogEventsEnum.RolesCreated, WellKnownEventLogEventsEnum.RolesUpdated, WellKnownEventLogEventsEnum.RolesDeleted);
var usersChanged = new CumulatedChanges(WellKnownEventLogEventsEnum.UsersCreated, WellKnownEventLogEventsEnum.UsersUpdated, WellKnownEventLogEventsEnum.UsersDeleted);
#endregion
// Delete non-existing objects (this also prevents conflicting code names)
if (ImportProfile.DeleteNotExistingObjects)
{
DeleteNonExistingObjects(usersChanged, rolesChanged);
}
#region "Role import"
foreach (var siteInfo in ImportProfile
.Sites
.Select(site => SiteInfoProvider.GetSiteInfo(site.Key))
.Where(info => info != null))
{
foreach (Guid groupGuid in ImportProfile.Groups)
{
// Import canceled
if (worker.CancellationPending)
{
e.Cancel = true;
return;
}
// Try to get group
IPrincipalObject group = PrincipalProvider.GetPrincipalObject(groupGuid);
// If group is still null
if (group == null)
{
MessageLog.LogEvent(ResHelper.GetString("Log_SkippingNonExistingObject"));
warnings++;
// If deleting of not existing objects is enabled
if (ImportProfile.DeleteNotExistingObjects)
{
DeleteRole(siteInfo, groupGuid);
}
}
else
{
// Get role description
string roleDescription = String.Empty;
if (ImportProfile.ImportRoleDescription && (group.Description != null))
{
roleDescription = group.Description;
}
// Get correct role name format
string roleCodeName = group.GetCMSCodeName(true);
// Get role display name
string roleDisplayName = group.GetCMSDisplayName();
// Get safe role name
roleCodeName = ValidationHelper.GetSafeRoleName(roleCodeName, siteInfo.SiteName);
if (!String.IsNullOrEmpty(roleCodeName))
{
// Add message to log
MessageLog.LogEvent(ResHelper.GetString("Log_ImportingRole", roleDisplayName, CMS.Helpers.ResHelper.LocalizeString(siteInfo.DisplayName)));
// Import role
ImportRole(roleCodeName, roleDisplayName, siteInfo.SiteID, roleDescription, groupGuid, ImportProfile.UpdateObjectData, rolesChanged);
if (ImportProfile.ImportUsersOnlyFromSelectedRoles)
{
ImportProfile.Users.AddRange(PrincipalProvider.GetUsersOf(group).Select(u => u.Identifier));
}
}
else
{
// Add message to log
MessageLog.LogEvent(ResHelper.GetString("Log_SkippingEmptyRolename", group.Identifier));
warnings++;
}
}
}
}
// Log created and updated and removed roles to EventLog
rolesChanged.WriteEventsToEventLog();
#endregion
#region "User import"
foreach (var user in ImportProfile
.Users
.Distinct()
.Select(userGuid => PrincipalProvider.GetPrincipalObject(userGuid)))
{
// Import canceled
if (worker.CancellationPending)
{
e.Cancel = true;
return;
}
if (user == null)
{
MessageLog.LogEvent(ResHelper.GetString("Log_SkippingNonExistingObject"));
continue;
}
string domainName = user.GetCMSCodeName(true);
if (!String.IsNullOrEmpty(domainName))
{
// Get user info object
UserInfo userInfo = (UserInfoProvider.GetUserInfoByGUID((Guid)user.Identifier) ?? UserInfoProvider.GetUserInfo(domainName));
bool newUser = (userInfo == null);
// When is desired to import new users only from selected roles
if (newUser && ImportProfile.ImportNewUsersOnlyFromSelectedRoles)
{
// Skip users that does not belong to one of selected role
bool skip = ImportProfile.Groups.Cast <Guid>().All(groupGuid => !user.IsPrincipalInGroup(groupGuid));
if (skip)
{
MessageLog.LogEvent(ResHelper.GetString("Log_SkippingDoesNotBelongToSelectedRole", domainName));
continue;
}
}
if (ImportProfile.UpdateObjectData || newUser)
{
if (userInfo == null)
{
userInfo = new UserInfo();
// Add message to log
MessageLog.LogEvent(ResHelper.GetString("Log_ImportingUser", domainName));
}
else
{
// Add message to log
MessageLog.LogEvent(ResHelper.GetString("Log_UpdatingUser", domainName));
}
using (var transaction = new CMSTransactionScope())
{
if (newUser)
{
userInfo.UserIsDomain = true;
userInfo.UserGUID = (Guid)user.Identifier;
// Set privilege level
UserPrivilegeLevelEnum privilegeLevel = ImportProfile.ConfigureAsCMSEditor ? UserPrivilegeLevelEnum.Editor : UserPrivilegeLevelEnum.None;
userInfo.SiteIndependentPrivilegeLevel = privilegeLevel;
}
if (userInfo.UserIsDomain)
{
// Set user's properties
userInfo.UserIsExternal = true;
userInfo.UserName = domainName;
userInfo.Enabled = ValidationHelper.GetBoolean(user.Enabled, true);
// Bind properties
foreach (KeyValuePair <string, string> property in ImportProfile.UserProperties)
{
// Get attribute
object attribute = user.GetProperty(property.Value);
if (attribute != null)
{
try
{
string attrValue;
// Get string representation of the attribute
if (attribute is float || attribute is double || attribute is decimal)
{
attrValue = String.Format(CultureInfo.InvariantCulture, "{0}", attribute);
}
else if (attribute.GetType() == typeof(byte[]))
{
attrValue = PrincipalProvider.GetSID(attribute);
}
else if (attribute.GetType().BaseType == typeof(MarshalByRefObject))
{
attrValue = PrincipalProvider.GetTimeFromInterval(attribute);
}
else
{
attrValue = attribute.ToString();
}
// Set property
userInfo.SetValue(property.Key, LimitLengthForField(attrValue, property.Key));
}
catch
{
MessageLog.LogEvent(ResHelper.GetString("Log_ErrorParsingAttr", property.Value));
warnings++;
}
}
else
{
FormFieldInfo field = UserFormInfo.GetFormField(property.Key);
userInfo.SetValue(property.Key, field.GetPropertyValue(FormFieldPropertyEnum.DefaultValue));
}
}
// Create full name if empty
if (String.IsNullOrEmpty(userInfo.FullName))
{
userInfo.FullName = user.GetCMSDisplayName();
}
// Store user info object and its user-settings
if (userInfo.ChangedColumns().Any())
{
// Store created/updated user for EventLog
// User name is used, because AD accounts does not have to have first and/or given name specified (e.g. Guest, …)
usersChanged.Add(userInfo.UserGUID, userInfo.UserName, newUser ? ChangeActionEnum.Created : ChangeActionEnum.Updated);
UserInfoProvider.SetUserInfo(userInfo);
}
}
else
{
MessageLog.LogEvent(ResHelper.GetString("Log_UserIsNotDomain", userInfo.UserName));
warnings++;
}
transaction.Commit();
}
}
else
{
MessageLog.LogEvent(ResHelper.GetString("Log_SkippingExistingUser", domainName));
}
// Import canceled
if (worker.CancellationPending)
{
e.Cancel = true;
return;
}
// Assign user to sites and roles (for domain users only)
if (!userInfo.UserIsDomain)
{
continue;
}
#region "Membership (roles) synchronization"
if (!newUser && !ImportProfile.UpdateMemberships && !ImportProfile.UpdateMemberships)
{
// No membership synchronization will be performed
continue;
}
// Initialize collection to cumulate membership changes
var memberShipChanges = new CumulatedRolesMembership();
// Load all user roles from DB
var userRoles = new HashSet <RoleInfo>(newUser
? Enumerable.Empty <RoleInfo>() // non-existing user cannot be present in a single role (in DB)
: RoleInfoProvider
.GetRoles()
.WhereIn("RoleID",
UserRoleInfoProvider
.GetUserRoles()
.WhereEquals("UserID", userInfo.UserID)
.Column("RoleID"))
.Columns("RoleID", "RoleGUID", "RoleDisplayName", "RoleIsDomain"));
// Store user's roles before membership synchronization
memberShipChanges.SetRolesBefore(userRoles);
foreach (KeyValuePair <string, List <Guid> > site in ImportProfile.Sites)
{
// Get site info object
var siteInfo = SiteInfoProvider.GetSiteInfo(site.Key);
if (siteInfo != null)
{
try
{
// Add user to this site
UserSiteInfoProvider.AddUserToSite(userInfo, siteInfo);
}
catch (Exception ex)
{
MessageLog.LogEvent(ResHelper.GetString("Log_GeneralWarning", ex.Message));
warnings++;
}
// Assign user to roles already existing in CMS
if (newUser || ImportProfile.UpdateMemberships)
{
SetMemberships(user, userInfo, siteInfo, userRoles, site);
}
// Remove user from roles they is member no more
if (!newUser && ImportProfile.UpdateMemberships)
{
RemoveExcessiveMemberships(user, userInfo, userRoles);
}
}
else
{
MessageLog.LogEvent(ResHelper.GetString("Log_SiteNotExist", site.Key));
warnings++;
}
}
// Store user's roles after membership synchronization
memberShipChanges.SetRolesAfter(userRoles);
// Log created and removed memberships to EventLog
memberShipChanges.WriteEventsToEventLog(userInfo.UserName);
#endregion
}
else
{
// Add message to log
MessageLog.LogEvent(ResHelper.GetString("Log_SkippingEmptyUsername", user.Identifier));
warnings++;
}
}
// Log created and updated and deleted users to EventLog
usersChanged.WriteEventsToEventLog();
#endregion
// Import canceled
if (worker.CancellationPending)
{
e.Cancel = true;
return;
}
TimeSpan duration = DateTime.Now - start;
if (!worker.CancellationPending)
{
// Add message to log
MessageLog.LogEvent(warnings == 0
? ResHelper.GetString("Log_ImportComplete", duration.Hours, duration.Minutes, duration.Seconds)
: ResHelper.GetString("Log_ImportCompleteWithWarnings", warnings, duration.Hours, duration.Minutes, duration.Seconds));
}
}
}
catch (Exception ex)
{
MessageLog.LogError(ResHelper.GetString("Error_General"), ex);
}
}
/// <summary>
/// Reloads data.
/// </summary>
public override void ReloadData()
{
base.ReloadData();
// Get member object info
if ((this.MemberID > 0))
{
this.gmi = GroupMemberInfoProvider.GetGroupMemberInfo(this.MemberID);
}
// Get roles for current user
LoadCurrentRoles();
string where = CreateWhereCondition();
usRoles.WhereCondition = where;
// Show message or uniselector?
if (DataHelper.DataSourceIsEmpty(RoleInfoProvider.GetRoles("RoleID", where, null, 1)))
{
usRoles.Visible = false;
lblRole.Visible = true;
}
else
{
usRoles.Visible = true;
lblRole.Visible = false;
}
// Enable or disable buttons according to state of user's approval process
if (gmi != null)
{
// Current user cannot approve/reject him self
if (IsLiveSite && (gmi.MemberUserID == CMSContext.CurrentUser.UserID))
{
// Member can nothing
btnApprove.Enabled = false;
btnReject.Enabled = false;
}
else if (gmi.MemberStatus == GroupMemberStatus.Approved)
{
// Member can be rejected
btnApprove.Enabled = false;
btnReject.Enabled = true;
}
else if (gmi.MemberStatus == GroupMemberStatus.Rejected)
{
// Member can be approved
btnApprove.Enabled = true;
btnReject.Enabled = false;
}
else if (gmi.MemberStatus == GroupMemberStatus.WaitingForApproval)
{
// Member can be rejected and approved
btnApprove.Enabled = true;
btnReject.Enabled = true;
}
}
InitializeForm();
usRoles.Value = currentValues;
}
public override async Task ProcessRequestAsync(HttpContext context)
{
try
{
ClientCredential credential = new ClientCredential(Constants.AzureActiveDirectory.ClientId,
Constants.AzureActiveDirectory.ApplicationKey);
var authContext =
new AuthenticationContext(string.Format(Constants.AzureActiveDirectory.AuthorityUrl,
Constants.AzureActiveDirectory.TenantId));
var code = ValidationHelper.GetString(HttpContext.Current.Request.QueryString["code"], string.Empty);
AuthenticationResult result =
await
authContext.AcquireTokenByAuthorizationCodeAsync(code,
new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential,
string.Format(Constants.AzureActiveDirectory.GraphUrl, ""));
var adClient = new ActiveDirectoryClient(
new Uri(string.Format(Constants.AzureActiveDirectory.GraphUrl, result.TenantId)),
async() => await GetAppTokenAsync(result.TenantId));
var adUser =
(User)
await
adClient.Users.Where(x => x.UserPrincipalName.Equals(result.UserInfo.DisplayableId))
.Expand(x => x.MemberOf)
.ExecuteSingleAsync();
var user =
UserInfoProvider.GetUsers()
.Where("AzureADUsername", QueryOperator.Equals, adUser.UserPrincipalName)
.FirstOrDefault();
var groupsToAdd = adUser.MemberOf.OfType <Group>()
.Select(x => x.DisplayName)
.Where(x => Constants.AzureActiveDirectory.GroupsToSync.Contains(x));
var groupsToRemove = Constants.AzureActiveDirectory.GroupsToSync
.Where(x => !groupsToAdd.Contains(x));
// check if any of the Azure Active Directory groups are matching by name any Kentico roles
// if not save an error message in ErrorLog and return
bool isGroupMatchRole = false;
foreach (var group in groupsToAdd)
{
var roleInfo = RoleInfoProvider.GetRoles()
.OnSite(SiteContext.CurrentSiteID)
.Where("RoleDisplayName", QueryOperator.Equals, group).ToList <RoleInfo>();
if (roleInfo.Count > 0)
{
isGroupMatchRole = true;
break;
}
}
if (!isGroupMatchRole)
{
var logerr = $"Attempted login on {DateTime.Now} by user {adUser.UserPrincipalName},[{adUser.DisplayName}] memberOf {groupsToAdd.ToList<string>().Join(",")}";
EventLogProvider.LogEvent(EventType.ERROR,
"Login user through Azure Active Directory",
"AZUREADLOGINFAILURE",
eventDescription: logerr);
var returnUrlWithError = ValidationHelper.GetString(this.Context.Request.Params["state"], string.Empty);
URLHelper.Redirect(URLHelper.GetAbsoluteUrl($"{returnUrlWithError}?logonresult=Failed&firstname={adUser.DisplayName}&lastname={string.Empty}&lastlogoninfo={logerr}"));
return;
}
if (user == null)
{
user = new CMS.Membership.UserInfo();
user.UserName = adUser.UserPrincipalName;
user.FirstName = adUser.GivenName;
user.LastName = adUser.Surname;
user.FullName = adUser.DisplayName;
user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault());
user.SetValue("AzureADUsername", adUser.UserPrincipalName);
user.IsExternal = true;
//None 0 User has no privilege level
//Editor 1 User is able to use administration interface
//Admin 2 User can use all applications except the global applications and functionality
//GlobalAdmin 3 User can use all applications and functionality without any exceptions
user.SiteIndependentPrivilegeLevel = CMS.Base.UserPrivilegeLevelEnum.Editor;
user.Enabled = true;
UserInfoProvider.SetUserInfo(user);
UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName);
foreach (var group in groupsToAdd)
{
UserInfoProvider.AddUserToRole(user.UserName,
RoleInfoProvider.GetRoles()
.OnSite(SiteContext.CurrentSiteID)
.Where("RoleDisplayName", QueryOperator.Equals, group)
.FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName);
}
}
else
{
user.FirstName = adUser.GivenName;
user.LastName = adUser.Surname;
user.FullName = adUser.DisplayName;
user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault());
user.IsExternal = true;
UserInfoProvider.SetUserInfo(user);
UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName);
foreach (var group in groupsToAdd)
{
UserInfoProvider.AddUserToRole(user.UserName,
RoleInfoProvider.GetRoles()
.OnSite(SiteContext.CurrentSiteID)
.Where("RoleDisplayName", QueryOperator.Equals, group)
.FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName);
}
foreach (var group in groupsToRemove)
{
UserInfoProvider.RemoveUserFromRole(user.UserName,
RoleInfoProvider.GetRoles()
.OnSite(SiteContext.CurrentSiteID)
.Where("RoleDisplayName", QueryOperator.Equals, group)
.FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName);
}
}
AuthenticationHelper.AuthenticateUser(user.UserName, false);
MembershipActivityLogger.LogLogin(user.UserName, DocumentContext.CurrentDocument);
var returnUrl = ValidationHelper.GetString(context.Request.Params["state"], string.Empty);
URLHelper.Redirect(URLHelper.GetAbsoluteUrl(returnUrl));
}
catch (Exception exception)
{
EventLogProvider.LogException("AzureActiveDirectory", "Login", exception);
}
}
protected async void Page_Load(object sender, EventArgs e)
{
try
{
ClientCredential credential = new ClientCredential(Constants.AzureActiveDirectory.ClientId,
Constants.AzureActiveDirectory.AppKey);
var authContext =
new AuthenticationContext(string.Format(Constants.AzureActiveDirectory.Authority,
Constants.AzureActiveDirectory.TenantId));
var code = ValidationHelper.GetString(HttpContext.Current.Request.QueryString["code"], string.Empty);
AuthenticationResult result =
await
authContext.AcquireTokenByAuthorizationCodeAsync(code,
new Uri(Request.Url.GetLeftPart(UriPartial.Path)), credential,
string.Format(Constants.AzureActiveDirectory.GraphResourceUri, ""));
var adClient = new ActiveDirectoryClient(
new Uri(string.Format(Constants.AzureActiveDirectory.GraphResourceUri, result.TenantId)),
async() => await GetAppTokenAsync(result.TenantId));
var adUser =
(User)
await
adClient.Users.Where(x => x.UserPrincipalName.Equals(result.UserInfo.DisplayableId))
.Expand(x => x.MemberOf)
.ExecuteSingleAsync();
var user =
UserInfoProvider.GetUsers()
.Where("AzureADUsername", QueryOperator.Equals, adUser.UserPrincipalName)
.FirstOrDefault();
var groupsToAdd = adUser.MemberOf.OfType <Group>()
.Select(x => x.DisplayName)
.Where(x => Constants.AzureActiveDirectory.GroupsToSync.Contains(x));
var groupsToRemove = Constants.AzureActiveDirectory.GroupsToSync
.Where(x => !groupsToAdd.Contains(x));
if (user == null)
{
user = new CMS.Membership.UserInfo();
user.UserName = adUser.UserPrincipalName;
user.FirstName = adUser.GivenName;
user.LastName = adUser.Surname;
user.FullName = adUser.DisplayName;
user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault());
user.SetValue("AzureADUsername", adUser.UserPrincipalName);
user.IsExternal = true;
user.Enabled = true;
UserInfoProvider.SetUserInfo(user);
UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName);
foreach (var group in groupsToAdd)
{
UserInfoProvider.AddUserToRole(user.UserName,
RoleInfoProvider.GetRoles()
.OnSite(SiteContext.CurrentSiteID)
.Where("RoleDisplayName", QueryOperator.Equals, group)
.FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName);
}
}
else
{
user.FirstName = adUser.GivenName;
user.LastName = adUser.Surname;
user.FullName = adUser.DisplayName;
user.Email = adUser.Mail.IfEmpty(adUser.OtherMails.FirstOrDefault());
user.IsExternal = true;
UserInfoProvider.SetUserInfo(user);
UserInfoProvider.AddUserToSite(user.UserName, SiteContext.CurrentSiteName);
foreach (var group in groupsToAdd)
{
UserInfoProvider.AddUserToRole(user.UserName,
RoleInfoProvider.GetRoles()
.OnSite(SiteContext.CurrentSiteID)
.Where("RoleDisplayName", QueryOperator.Equals, group)
.FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName);
}
foreach (var group in groupsToRemove)
{
UserInfoProvider.RemoveUserFromRole(user.UserName,
RoleInfoProvider.GetRoles()
.OnSite(SiteContext.CurrentSiteID)
.Where("RoleDisplayName", QueryOperator.Equals, group)
.FirstOrDefault()?.RoleName ?? "", SiteContext.CurrentSiteName);
}
}
AuthenticationHelper.AuthenticateUser(user.UserName, false);
MembershipActivityLogger.LogLogin(user.UserName, DocumentContext.CurrentDocument);
}
catch (Exception exception)
{
EventLogProvider.LogException("AzureActiveDirectory", "Login", exception);
}
var postLoginPage = DocumentHelper.GetDocuments()
.WhereEquals("NodeAliasPath", Constants.AzureActiveDirectory.PostLoginPage)
.FirstOrDefault(x => x.DocumentCulture.Equals(LocalizationContext.CurrentCulture.CultureCode,
StringComparison.InvariantCultureIgnoreCase));
var returnUrl = HttpContext.Current.Request.GetReturnUrl(postLoginPage.GetRelativeUrl());
URLHelper.Redirect(URLHelper.GetAbsoluteUrl(returnUrl));
}
