public bool PosTest1() { bool retVal = true; SecurityException sec; string msg; string str; TestLibrary.TestFramework.BeginScenario("PosTest1: SecurityException.ToString()"); try { msg = TestLibrary.Generator.GetString(-55, false, c_MINLEN, c_MAXLEN); sec = new SecurityException(msg); str = sec.ToString(); if (null == str) { TestLibrary.TestFramework.LogError("000", "ToString returned null"); retVal = false; } } catch (Exception e) { TestLibrary.TestFramework.LogError("001", "Unexpected exception: " + e); retVal = false; } return retVal; }
public bool PosTest1() { bool retVal = true; SecurityException sec; string msg; TestLibrary.TestFramework.BeginScenario("PosTest1: SecurityException.Ctor(string)"); try { msg = TestLibrary.Generator.GetString(-55, false, c_MINLEN, c_MAXLEN); sec = new SecurityException(msg); if (!sec.Message.Equals(msg)) { TestLibrary.TestFramework.LogError("000", "Message mismatch: Expected("+msg+") Actual("+sec.Message+")"); retVal = false; } } catch (Exception e) { TestLibrary.TestFramework.LogError("001", "Unexpected exception: " + e); retVal = false; } return retVal; }
public bool PosTest1() { bool retVal = true; SecurityException sec; TestLibrary.TestFramework.BeginScenario("PosTest1: SecurityException.Ctor"); try { sec = new SecurityException(); if (null == sec.Message) { TestLibrary.TestFramework.LogError("000", "Message is null!"); retVal = false; } } catch (Exception e) { TestLibrary.TestFramework.LogError("001", "Unexpected exception: " + e); retVal = false; } return retVal; }
public void LogEvent(TraceEventType type, ushort eventLogCategory, uint eventId, bool shouldTrace, params string[] values) { if (EventLogger.canLogEvent) { try { this.SafeLogEvent(type, eventLogCategory, eventId, shouldTrace, values); } catch (SecurityException securityException1) { SecurityException securityException = securityException1; EventLogger.canLogEvent = false; if (shouldTrace && this.diagnosticTrace != null && TraceCore.HandledExceptionIsEnabled(this.diagnosticTrace)) { TraceCore.HandledException(this.diagnosticTrace, securityException); } } } }
public bool PosTest1() { bool retVal = true; SecurityException sec; Exception eh; string msg1; string msg2; TestLibrary.TestFramework.BeginScenario("PosTest1: SecurityException.Ctor(string, exception)"); try { msg1 = TestLibrary.Generator.GetString(-55, false, c_MINLEN, c_MAXLEN); msg2 = TestLibrary.Generator.GetString(-55, false, c_MINLEN, c_MAXLEN); eh = new Exception(msg2); sec = new SecurityException(msg1, eh); if (!sec.Message.Equals(msg1)) { TestLibrary.TestFramework.LogError("000", "Message mismatch: Expected("+msg1+") Actual("+sec.Message+")"); retVal = false; } if (null == sec.InnerException) { TestLibrary.TestFramework.LogError("001", "InnerException should not be null"); retVal = false; } if (null != sec.InnerException && !sec.InnerException.Message.Equals(msg2)) { TestLibrary.TestFramework.LogError("002", "InnerException Message mismatch: Expected("+msg2+") Actual("+sec.InnerException.Message+")"); retVal = false; } } catch (Exception e) { TestLibrary.TestFramework.LogError("003", "Unexpected exception: " + e); retVal = false; } return retVal; }
public void LogEvent(TraceEventType type, ushort eventLogCategory, uint eventId, bool shouldTrace, string[] values) { if (EventLogger.canLogEvent) { try { this.SafeLogEvent(type, eventLogCategory, eventId, shouldTrace, values); } catch (SecurityException securityException1) { SecurityException securityException = securityException1; EventLogger.canLogEvent = false; if (shouldTrace) { Fx.Exception.TraceHandledException(securityException, TraceEventType.Information); } } } }
public override void Arrange() { var actionGenerator = new DomainGenerator() .With <Action <IList <Exception> > >( // repetition increases likelyhood l => l.Add(null), l => l.Add(null), l => l.Add(null), l => l.Add(null), l => { Exception exception = new BusinessException(); l.Add(exception); throw exception; }, l => { Exception exception = new SecurityException(); l.Add(exception); throw exception; }, l => { Exception exception = new UnknownException(); l.Add(exception); throw exception; }, l => { Exception exception = new AnotherUnknownException(); l.Add(exception); throw exception; }); input = new DomainGenerator() .With <ProcessOneWayRequestsInput>( opt => opt.For(i => i.OneWayRequestsAndHandlers, new OneWayRequestsAndHandlers())) .With <ProcessOneWayRequestsInput>( opt => opt.For(i => i.Actions, actionGenerator.Many <Action <IList <Exception> > >(3, 3).ToList())) .One <ProcessOneWayRequestsInput>(); }
public override void Arrange() { var actionGenerator = new DomainGenerator() .With<Action<IList<Exception>>>( // repetition increases likelyhood l => l.Add(null), l => l.Add(null), l => l.Add(null), l => l.Add(null), l => { Exception exception = new BusinessException(); l.Add(exception); throw exception; }, l => { Exception exception = new SecurityException(); l.Add(exception); throw exception; }, l => { Exception exception = new UnknownException(); l.Add(exception); throw exception; }, l => { Exception exception = new AnotherUnknownException(); l.Add(exception); throw exception; }); input = new DomainGenerator() .With<ProcessOneWayRequestsInput>( opt => opt.For(i => i.OneWayRequestsAndHandlers, new OneWayRequestsAndHandlers())) .With<ProcessOneWayRequestsInput>( opt => opt.For(i => i.Actions, actionGenerator.Many<Action<IList<Exception>>>(3, 3).ToList())) .One<ProcessOneWayRequestsInput>(); }
public bool PosTest1() { bool retVal = true; SecurityException sec; Exception eh; string msg1; string msg2; TestLibrary.TestFramework.BeginScenario("PosTest1: SecurityException.Ctor(string, exception)"); try { msg1 = TestLibrary.Generator.GetString(-55, false, c_MINLEN, c_MAXLEN); msg2 = TestLibrary.Generator.GetString(-55, false, c_MINLEN, c_MAXLEN); eh = new Exception(msg2); sec = new SecurityException(msg1, eh); if (!sec.Message.Equals(msg1)) { TestLibrary.TestFramework.LogError("000", "Message mismatch: Expected(" + msg1 + ") Actual(" + sec.Message + ")"); retVal = false; } if (null == sec.InnerException) { TestLibrary.TestFramework.LogError("001", "InnerException should not be null"); retVal = false; } if (null != sec.InnerException && !sec.InnerException.Message.Equals(msg2)) { TestLibrary.TestFramework.LogError("002", "InnerException Message mismatch: Expected(" + msg2 + ") Actual(" + sec.InnerException.Message + ")"); retVal = false; } } catch (Exception e) { TestLibrary.TestFramework.LogError("003", "Unexpected exception: " + e); retVal = false; } return(retVal); }
internal static bool IsCustomTypeDeserializationAllowed(Type type, out SecurityException ex) { ex = null; // allow all primitive and basic types if (type.IsPrimitive || type == typeof(string) || type == typeof(DateTime) || type == typeof(TimeSpan) || type == typeof(decimal)) { return(true); } if (AjaxPro.Utility.Settings.IsCustomTypesDeserializationDisabled) { bool isCustomTypeAllowed = false; foreach (var s in AjaxPro.Utility.Settings.JsonDeserializationCustomTypesAllowed) { if ((s.EndsWith("*") && type.FullName.StartsWith(s.Substring(0, s.Length - 1), StringComparison.InvariantCultureIgnoreCase)) || s == type.FullName) { isCustomTypeAllowed = true; break; } } if (!isCustomTypeAllowed) { ex = new SecurityException(AjaxPro.Utility.Settings.DebugEnabled ? "The type '" + type.Name + "' is not allowed to be deserialized." : "At least one type passed is not allowed to be deserialized."); return(false); } } else { foreach (var s in AjaxPro.Utility.Settings.JsonDeserializationCustomTypesDenied) { if ((s.EndsWith("*") && type.FullName.StartsWith(s.Substring(0, s.Length - 1), StringComparison.InvariantCultureIgnoreCase)) || s == type.FullName) { ex = new SecurityException(AjaxPro.Utility.Settings.DebugEnabled ? "The type '" + type.Name + "' is not allowed to be deserialized." : "At least one type passed is not allowed to be deserialized."); return(false); } } } return(true); }
/// <summary> /// this handler written beaded on the SSON ApiExceptionHandler and how we are throw the exception /// in Tahaluf.FIHS.SingleSignOn.API.Handlers.ApiExceptionHandler /// </summary> /// <param name="webException"></param> /// <returns></returns> private static Exception HandleApiWebException(WebException webException) { Exception exception = webException; if (webException?.Response is System.Net.HttpWebResponse webResponse) { if (webResponse?.StatusCode == HttpStatusCode.Unauthorized) { exception = new SecurityException(); } if (webResponse?.StatusCode == HttpStatusCode.Forbidden) { exception = new UnauthorizedAccessException(); } } return(exception); }
public ActionResult LoginPost(string provider) { IdentityProviderClientConfigurationElement providerConfig = OpenIdConnectUtilities.GetIdentityProviderFromConfiguration(provider); switch (providerConfig.ProviderType) { case IdentityProviderType.OpenIdConnect: this.ControllerContext.HttpContext.GetOwinContext().Authentication.Challenge(providerConfig.Name); return(new HttpUnauthorizedResult()); case IdentityProviderType.ACS: // Storing cookie with current provider (used in Logoff). OpenIdConnectUtilities.SetCookie( this.HttpContext, OpenIdConnectUtilities.CookieCurrentProvider, providerConfig.Name); OpenIdConnectUtilities.SetCookie( this.HttpContext, OpenIdConnectUtilities.CookieCurrentProviderType, providerConfig.ProviderType.ToString()); string url = string.Format( CultureInfo.InvariantCulture, "{0}v2/wsfederation?wa=wsignin1.0&wtrealm={1}", providerConfig.Issuer, providerConfig.RedirectUrl); this.Response.Redirect(url, true); break; default: SecurityException securityException = new SecurityException( string.Format( CultureInfo.InvariantCulture, "The identity provider type {0} is not supported", providerConfig.ProviderType)); throw securityException; } return(null); }
public void TestSecurityExceptionReturnsNotFoundResult() { // Arrange var loggerMock = new Mock <ILogger <ExceptionHandlerFilterAttribute> >(); var logger = loggerMock.Object; var loggerFactoryMock = new Mock <ILoggerFactory>(); loggerFactoryMock.Setup( lf => lf.CreateLogger(It.IsAny <String>())) .Returns(logger); var exception = new SecurityException("A security message"); var httpContextMock = new Mock <HttpContext>(); var routeData = new RouteData(); var actionDescriptor = new ActionDescriptor(); var actionContext = new ActionContext(httpContextMock.Object, routeData, actionDescriptor); var exceptionContext = new ExceptionContext(actionContext, new List <IFilterMetadata>()); exceptionContext.Exception = exception; exceptionContext.ExceptionHandled = false; // Act var filter = new ExceptionHandlerFilterAttribute(loggerFactoryMock.Object); filter.OnException(exceptionContext); // Assert Assert.NotNull(exceptionContext.Result); Assert.IsType <ForbiddenObjectResult>(exceptionContext.Result); String expectedMessage = "Access to this resource is forbidden"; var resultObject = (ForbiddenObjectResult)(exceptionContext.Result); Assert.IsType <ApiMessageModel>(resultObject.Value); Assert.Equal(expectedMessage, ((ApiMessageModel)resultObject.Value).Message); // Commented out because LogWarning is an extension method. Need to figure out how to test //loggerMock.Verify(l => l.LogWarning(It.IsAny<EventId>(), exception, notFoundMessage), Times.Once); }
public IPrincipal Authenticate(string deviceId, string deviceSecret, string clientId, string clientSecret) { // Authenticate IPrincipal retVal = null; using (IRestClient restClient = new RestClient(this.m_configuration.GetIdpDescription())) { try { // Create grant information OAuthTokenRequest request = new OAuthTokenRequest(clientId, clientSecret); request.Scope = "*"; restClient.Requesting += (o, p) => { p.AdditionalHeaders.Add("X-Device-Authorization", $"BASIC {Convert.ToBase64String(Encoding.UTF8.GetBytes(String.Format("{0}:{1}", deviceId, deviceSecret)))}"); }; OAuthTokenResponse response = restClient.Post <OAuthTokenRequest, OAuthTokenResponse>("oauth2_token", "application/x-www-form-urlencoded", request); retVal = new TokenClaimsPrincipal(response.AccessToken, response.IdToken ?? response.AccessToken, response.TokenType, response.RefreshToken); } catch (RestClientException <OAuthTokenResponse> ex) { Trace.TraceError("REST client exception: {0}", ex.Message); var se = new SecurityException($"Error executing OAuth request: {ex.Result.Error}", ex); se.Data.Add("detail", ex.Result); throw se; } catch (SecurityException ex) { Trace.TraceError("TOKEN exception: {0}", ex.Message); throw new SecurityException($"Security error: {ex.Message}", ex); } catch (Exception ex) { Trace.TraceError("Generic exception: {0}", ex); throw; } return(retVal); } }
/// <summary> /// Xoa mot ung dung /// </summary> /// <param name="application">Doi tuong ung dung muon xoa</param> public void Remove(Application application) { try { // Create SQL parameters SqlParameter prmApplicationID = new SqlParameter("@ApplicationID", SqlDbType.Int, 4); prmApplicationID.Direction = ParameterDirection.Input; prmApplicationID.Value = application.ApplicationID; SqlParameter prmErrorNumber = new SqlParameter("@ErrorNumber", SqlDbType.Int, 4); prmErrorNumber.Direction = ParameterDirection.Output; SqlParameter prmErrorMessage = new SqlParameter("@ErrorMessage", SqlDbType.NVarChar, 100); prmErrorMessage.Direction = ParameterDirection.Output; // execute stored procedure to delete application Database.ExecuteNonQuery( "UspRemoveApplication", CommandType.StoredProcedure , prmApplicationID , prmErrorNumber , prmErrorMessage); // checking for output errors int errorNumber = int.Parse(prmErrorNumber.Value.ToString()); if (errorNumber > 0) { string errorMessage = prmErrorMessage.Value.ToString(); SecurityException customEx = new SecurityException(errorMessage); throw customEx; } } catch (Exception ex) { throw ex; } }
/// <summary> /// /// </summary> /// <param name="user"></param> /// <param name="role"></param> public void RemoveUserFromRole(string username, int roleID) { try { // create sql parameters SqlParameter prmUsername = new SqlParameter("@Username", SqlDbType.VarChar, 128); prmUsername.Direction = ParameterDirection.Input; prmUsername.Value = username; SqlParameter prmRoleID = new SqlParameter("@RoleID", SqlDbType.Int, 4); prmRoleID.Direction = ParameterDirection.Input; prmRoleID.Value = roleID; SqlParameter prmErrorNumber = new SqlParameter("@ErrorNumber", SqlDbType.Int, 4); prmErrorNumber.Direction = ParameterDirection.Output; SqlParameter prmErrorMessage = new SqlParameter("@ErrorMessage", SqlDbType.NVarChar, 150); prmErrorMessage.Direction = ParameterDirection.Output; // execute procedure Database.ExecuteNonQuery("UspRemoveUserFromRole", CommandType.StoredProcedure , prmUsername , prmRoleID , prmErrorNumber , prmErrorMessage); int errorNumber = int.Parse(prmErrorNumber.Value.ToString()); if (errorNumber > 0) { string errorMessage = prmErrorMessage.Value.ToString(); SecurityException customEx = new SecurityException(errorMessage); throw customEx; } } catch (Exception ex) { throw ex; } }
private async Task <MinIdpUserData> guardedIdpAccess(Func <Guid, Task <MinIdpUserData> > body) { var rel = Guid.NewGuid(); try { if (ComponentEffectiveLogLevel < MessageType.Trace) { WriteLog(MessageType.DebugA, nameof(guardedIdpAccess), "#001 IDP.Call", related: rel); } var result = await body(rel); if (ComponentEffectiveLogLevel < MessageType.Trace) { WriteLog(MessageType.DebugA, nameof(guardedIdpAccess), "#002 IDP.Call result. User name: `{0}`".Args(result?.Name), related: rel); } return(result); } catch (Exception cause) { if (ComponentEffectiveLogLevel < MessageType.Trace) { WriteLog(MessageType.DebugError, nameof(guardedIdpAccess), "#003 IDP.Call result exception: {0}".Args(cause.ToMessageWithType()), related: rel); } if (cause is WebCallException wce && wce.HttpStatusCode == 404) { if (ComponentEffectiveLogLevel < MessageType.Trace) { WriteLog(MessageType.DebugA, nameof(guardedIdpAccess), "#004 Got WCE-404", related: rel); } return(null);//404 is treated as "user not found" } var error = new SecurityException(StringConsts.SECURITY_IDP_UPSTREAM_CALL_ERROR.Args(cause.ToMessageWithType()), cause); WriteLog(MessageType.CriticalAlert, nameof(guardedIdpAccess), error.Message, error: error, related: rel); throw error; } }
/// <summary> /// Update resource status /// </summary> /// <param name="resourceID">Resource ID</param> /// <param name="status">New Status</param> public void UpdateResourceStatus(int resourceID, bool status) { try { // create sql parameters SqlParameter prmResourceID = new SqlParameter("@ResourceID", SqlDbType.Int, 4); prmResourceID.Direction = ParameterDirection.Input; SqlParameter prmStatus = new SqlParameter("@Status", SqlDbType.Bit, 1); prmStatus.Direction = ParameterDirection.Input; SqlParameter prmErrorNumber = new SqlParameter("@ErrorNumber", SqlDbType.Int, 4); prmErrorNumber.Direction = ParameterDirection.Output; SqlParameter prmErrorMessage = new SqlParameter("@ErrorMessage", SqlDbType.NVarChar, 100); prmErrorMessage.Direction = ParameterDirection.Output; // asign param value prmResourceID.Value = resourceID; prmStatus.Value = status; // execute query Database.ExecuteNonQuery("UspUpdateResourceStatus", CommandType.StoredProcedure , prmResourceID , prmStatus , prmErrorNumber , prmErrorMessage); int errorNumber = int.Parse(prmErrorNumber.Value.ToString()); if (errorNumber > 0) { string errorMessage = prmErrorMessage.Value.ToString(); SecurityException customEx = new SecurityException(errorMessage); throw customEx; } } catch (Exception ex) { throw ex; } }
protected void Page_Load(object sender, EventArgs e) { SPWeb currentWeb = SPContext.Current.Web; if (currentWeb.Name.ToLower().Equals("policies") || currentWeb.ServerRelativeUrl.ToLower().Equals("/policies")) { return; } Page.Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache); SPUser currentUser = currentWeb.CurrentUser; var currentPage = Request.CurrentExecutionFilePath; PermissionGroupDAL = new PermissionGroupDAL(SPContext.Current.Site.RootWeb.Url); var groups = new List <string>(); var items = currentWeb.CurrentUser.Groups.GetEnumerator(); while (items.MoveNext()) { groups.Add(items.Current.ToString()); } var hasPermission = PermissionGroupDAL.IsAuthorizedOnPage(SPContext.Current.Site.RootWeb, currentPage, groups); if (!hasPermission) { var ex = new SecurityException(); SPUtility.HandleAccessDenied(ex); } if (currentUser.IsSiteAdmin == false && UserPermission.IsCurrentUserInGroup(StringConstant.Group.CommonAccountGroupName) && HttpContext.Current.Session[StringConstant.EmployeeLogedin] == null) { string url = HttpContext.Current.Request.Url.AbsoluteUri; if (url.Contains(StringConstant.PageLoginURL) || url.Contains(StringConstant.PageHomeURL)) { return; } Response.Redirect(StringConstant.PageLoginURL); } }
public TWindow LoadWindow <TWindowViewModel, TWindow>(TWindowViewModel windowViewModel) where TWindowViewModel : class, IWindowViewModel, IClaim where TWindow : class, IWindow { bool isAllowed = SecurityChecker.AmIAllowed <TWindowViewModel>(); if (isAllowed) { Window.Value = (IWindow)Container.Resolve <TWindow>(); Window.Value.DataContext = this; Window.Value.Show(); LoadedCommand.Execute(null); return((TWindow)Window.Value); } else { throw SecurityException.CreateCoreException <TWindowViewModel>(windowViewModel); } }
private static Exception convertException(WebException exp) { Exception exp2 = exp; var s = readString(exp.Response.GetResponseStream()); exp2 = new Exception(s, exp); if (exp.Response is HttpWebResponse) { if (string.IsNullOrWhiteSpace(s)) { s = "Unauthorized access."; } var httpExp = exp.Response as HttpWebResponse; if (httpExp.StatusCode == HttpStatusCode.Unauthorized) { exp2 = new SecurityException(s, exp); } } return(exp2); }
private bool RequiresMemberAccessForCreate(SecurityException securityException) { if (!DataContract.IsTypeVisible(base.UnderlyingType)) { if (securityException != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityException(System.Runtime.Serialization.SR.GetString("PartialTrustIXmlSerializableTypeNotPublic", new object[] { DataContract.GetClrTypeFullName(base.UnderlyingType) }), securityException)); } return(true); } if (!DataContract.ConstructorRequiresMemberAccess(this.GetConstructor())) { return(false); } if (securityException != null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityException(System.Runtime.Serialization.SR.GetString("PartialTrustIXmlSerialzableNoPublicConstructor", new object[] { DataContract.GetClrTypeFullName(base.UnderlyingType) }), securityException)); } return(true); }
public double RegionConsumtion(string region) //srednja potronja za odredjeni region { if (StateService.stateService != EStateServers.Primarni) { MyException ex = new MyException("Error! Not primary\n"); throw new FaultException <MyException>(ex); } CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; if (!principal.IsInRole(Permissions.ReadingRegionAvgConsumption.ToString())) { SecurityException ex = new SecurityException("Error! IS NOT A READER\n"); throw new FaultException <SecurityException>(ex); } if (!File.Exists(DataBase.FileName)) { MyException ex = new MyException("Error! file not find\n"); throw new FaultException <MyException>(ex); } double suma = 0; int count = 0; lock (DataBase.lockObject) { foreach (var item in DataBase.consumers.Values) { if (item.Region == region) { suma += item.Consumation; count++; } } } Console.WriteLine("Srednja vrednost za grad " + region + " je {0}", Math.Round((suma / count), 2)); return(suma / count); }
private void OpenWriteAsyncResponseCallback(IAsyncResult result) { Exception ex = null; try { WebResponse response = request.EndGetResponse(result); ProcessResponse(response); } catch (SecurityException se) { // SecurityException inside a SecurityException (not a WebException) for SL compatibility ex = new SecurityException(String.Empty, se); } catch (Exception e) { ex = new WebException("Could not complete operation.", e, WebExceptionStatus.UnknownError, null); } finally { callback_data.sync_context.Post(delegate(object sender) { OnWriteStreamClosed(new WriteStreamClosedEventArgs(ex)); }, null); } }
public void SetPassword(string username, string password) { try { // create sql parameters SqlParameter prmUsername = new SqlParameter("@Username", SqlDbType.VarChar, 128); prmUsername.Direction = ParameterDirection.Input; prmUsername.Value = username; SqlParameter prmPassword = new SqlParameter("@Password", SqlDbType.VarChar, 64); prmPassword.Direction = ParameterDirection.Input; prmPassword.Value = password; SqlParameter prmErrorNumber = new SqlParameter("@ErrorNumber", SqlDbType.Int, 4); prmErrorNumber.Direction = ParameterDirection.Output; SqlParameter prmErrorMessage = new SqlParameter("@ErrorMessage", SqlDbType.NVarChar, 150); prmErrorMessage.Direction = ParameterDirection.Output; // Execute procedure Database.ExecuteNonQuery("UspSetUserPassword", CommandType.StoredProcedure , prmUsername , prmPassword , prmErrorNumber , prmErrorMessage); int errorNumber = int.Parse(prmErrorNumber.Value.ToString()); if (errorNumber > 0) { string errorMessage = prmErrorMessage.Value.ToString(); SecurityException customEx = new SecurityException(errorMessage); throw customEx; } } catch (Exception ex) { throw ex; } }
/// <summary> /// /// </summary> /// <param name="operation"></param> public void Remove(Operation operation) { try { // create sql param SqlParameter prmOperationCode = new SqlParameter("@OperationCode", SqlDbType.Int, 4); prmOperationCode.Direction = ParameterDirection.Input; prmOperationCode.Value = operation.OperationCode; SqlParameter prmResourceTypeCode = new SqlParameter("@ResourceTypeCode", SqlDbType.VarChar, 50); prmResourceTypeCode.Direction = ParameterDirection.Input; prmResourceTypeCode.Value = operation.ResourceTypeCode; SqlParameter prmErrorNumber = new SqlParameter("@ErrorNumber", SqlDbType.Int, 4); prmErrorNumber.Direction = ParameterDirection.Output; SqlParameter prmErrorMessage = new SqlParameter("@ErrorMessage", SqlDbType.NVarChar, 100); prmErrorMessage.Direction = ParameterDirection.Output; // execute stored Database.ExecuteNonQuery("UspRemoveOperation", CommandType.StoredProcedure , prmOperationCode , prmResourceTypeCode , prmErrorNumber , prmErrorMessage); int errorNumber = int.Parse(prmErrorNumber.Value.ToString()); if (errorNumber > 0) { string errorMessage = prmErrorMessage.Value.ToString(); SecurityException customEx = new SecurityException(errorMessage); throw customEx; } } catch (Exception ex) { throw ex; } }
/// <summary> /// /// </summary> /// <param name="resourceType"></param> public void Update(ResourceType resourceType) { try { // create sql parameters SqlParameter prmResourceTypeCode = new SqlParameter("@ResourceTypeCode", SqlDbType.VarChar, 50); prmResourceTypeCode.Direction = ParameterDirection.Input; prmResourceTypeCode.Value = resourceType.ResourceTypeCode; SqlParameter prmName = new SqlParameter("@Name", SqlDbType.NVarChar, 50); prmName.Direction = ParameterDirection.Input; prmName.Value = resourceType.Name; SqlParameter prmErrorNumber = new SqlParameter("@ErrorNumber", SqlDbType.Int, 4); prmErrorNumber.Direction = ParameterDirection.Output; SqlParameter prmErrorMessage = new SqlParameter("@ErrorMessage", SqlDbType.NVarChar, 150); prmErrorMessage.Direction = ParameterDirection.Output; // Execute procedure Database.ExecuteNonQuery("UspUpdateResourceType", CommandType.StoredProcedure , prmResourceTypeCode , prmName , prmErrorNumber , prmErrorMessage); int errorNumber = int.Parse(prmErrorNumber.Value.ToString()); if (errorNumber > 0) { string errorMessage = prmErrorMessage.Value.ToString(); SecurityException customEx = new SecurityException(errorMessage); throw customEx; } } catch (Exception ex) { throw ex; } }
public bool AddConsumer(Consumer consumer) { if (StateService.stateService != EStateServers.Primarni) { MyException ex = new MyException("Error! Not primary\n"); throw new FaultException <MyException>(ex); } CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; if (!principal.IsInRole(Permissions.Writting.ToString())) { SecurityException ex = new SecurityException("Error! IS NOT A Writer\n"); throw new FaultException <SecurityException>(ex); } // CustomAuditBehavior.AuthenticationSuccess(principal.Identity.Name.ToString()); if (!File.Exists(DataBase.FileName)) { MyException ex = new MyException("Error! file not found\n"); throw new FaultException <MyException>(ex); } if (DataBase.consumers.ContainsKey(consumer.ConsumerID)) { return(false); } lock (DataBase.lockObject) { DataBase.consumers[consumer.ConsumerID] = consumer; DataBase.consumersDelta[consumer.ConsumerID] = consumer; using (StreamWriter file = File.AppendText(DataBase.FileName)) { file.WriteLine(CreateConsumerString(consumer.ConsumerID, consumer.Region, consumer.City, consumer.Year, consumer.Consumation)); } } return(true); }
internal static bool ShouldWrap(Exception exception, out Status status) { if (exception is RpcException) { status = default; return(false); } status = new Status(exception switch { #pragma warning disable IDE0059 // needs more recent compiler than the CI server has OperationCanceledException a => StatusCode.Cancelled, ArgumentException b => StatusCode.InvalidArgument, NotImplementedException c => StatusCode.Unimplemented, NotSupportedException d => StatusCode.Unimplemented, SecurityException e => StatusCode.PermissionDenied, EndOfStreamException f => StatusCode.OutOfRange, FileNotFoundException g => StatusCode.NotFound, DirectoryNotFoundException h => StatusCode.NotFound, TimeoutException i => StatusCode.DeadlineExceeded, #pragma warning restore IDE0059 // needs more recent compiler than the CI server has _ => StatusCode.Unknown, }, exception.Message, exception);
private void UploadStringResponseAsyncCallback(IAsyncResult result) { string data = null; Exception ex = null; bool cancel = false; try { WebResponse response = request.EndGetResponse(result); Stream stream = ProcessResponse(response); using (StreamReader sr = new StreamReader(stream, encoding, true)) { data = sr.ReadToEnd(); } } catch (WebException web) { cancel = (web.Status == WebExceptionStatus.RequestCanceled); ex = web; } catch (SecurityException se) { // SecurityException inside a SecurityException (not a WebException) for SL compatibility ex = new SecurityException(String.Empty, se); } catch (Exception e) { ex = new WebException("Could not complete operation.", e, WebExceptionStatus.UnknownError, null); } finally { callback_data.sync_context.Post(delegate(object sender) { OnUploadStringCompleted(new UploadStringCompletedEventArgs(data, ex, cancel, callback_data.user_token)); }, null); } }
public void RemovePerson(long jmbg, string username) { if (SystemUserService.IsUserAuthenticated(username)) { if (SystemUserService.IsUserAuthorized(username, ERights.Delete)) { if (Database.persons.ContainsKey(jmbg)) { Console.WriteLine("{1} : Deleted person with JMBG : {0}", jmbg, DateTime.Now); Database.persons.Remove(jmbg); } else { DataException ex = new DataException() { Message = "Idem with ID this cannot be found." }; throw new FaultException <DataException>(ex); } } else { SecurityException ex = new SecurityException() { Reason = "User not athorized to execute this operation." }; throw new FaultException <SecurityException>(ex); } } else { SecurityException ex = new SecurityException() { Reason = "User is not authenticated." }; throw new FaultException <SecurityException>(ex); } }
/// <summary> /// Authorizes the user /// </summary> /// <param name="e"></param> /// <remarks> /// Checks if the page exists outside of the /umbraco route, in which case the request will not have been authenticated for the back office /// so we'll force authentication. /// </remarks> protected override void OnPreInit(EventArgs e) { base.OnPreInit(e); //If this is not a back office request, then the module won't have authenticated it, in this case we // need to do the auth manually and since this is an UmbracoEnsuredPage, this is the anticipated behavior // TODO: When we implement Identity, this process might not work anymore, will be an interesting challenge if (Context.Request.Url.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath, Current.Configs.Global()) == false) { var http = new HttpContextWrapper(Context); var ticket = http.GetUmbracoAuthTicket(); http.AuthenticateCurrentRequest(ticket, true); } try { Security.ValidateCurrentUser(true); _hasValidated = true; if (!Security.ValidateUserApp(CurrentApp)) { var ex = new SecurityException(String.Format("The current user doesn't have access to the section/app '{0}'", CurrentApp)); Current.Logger.Error <UmbracoEnsuredPage>(ex, "Tried to access '{CurrentApp}'", CurrentApp); throw ex; } } catch { // Clear content as .NET transfers rendered content. Response.Clear(); // Ensure the person is definitely logged out UmbracoContext.Current.Security.ClearCurrentLogin(); // Redirect to the login page Response.Redirect(SystemDirectories.Umbraco + "#/login", true); } }
private static string GetPermissionErrorMessage(SecurityException exception) { switch (exception.PermissionType.Name) { case nameof(FileIOPermission): return("Subroute.io execution environment prevents file system access. Please use other available storage functionality."); case nameof(EnvironmentPermission): return("Subroute.io execution environment prevents access to system and user environment variables."); case nameof(StorePermission): return("Subroute.io execution environment prevents access to key and certificate stores."); case nameof(RegistryPermission): return("Subroute.io execution environment prevents access to the system registry."); case nameof(SocketPermission): return("Subroute.io execution environment does not allow establishing a connection to or opening a socket."); case nameof(UIPermission): return("Subroute.io execution environment does not allow creating or accessing user interface components."); case nameof(FileDialogPermission): return("Subroute.io execution environment does not allow opening or interacting with a file dialog."); case nameof(ConfigurationPermission): return("Subroute.io execution environment does not allow access to configuration settings."); case nameof(EventLogPermission): return("Subroute.io execution environment does not allow access to the system event log."); case nameof(NetworkInformationPermission): return("Subroute.io execution environment does not allow access to information regarding internal network infrastructure."); default: return("Subroute.io execution environment does not allow file, registry, and certain reflection statements from executing."); } }
public TControlViewModel LoadContent <TControlViewModel, TControl>(params Arg[] args) where TControlViewModel : IControlViewModel, IClaim where TControl : IControl { bool isAllowed = SecurityChecker.AmIAllowed <TControlViewModel>(); TControlViewModel controlViewModel = GetContent <TControlViewModel, TControl>(true, args); if (isAllowed) { CurrentControlViewModel.Value = controlViewModel; CurrentControlViewModel.Value.WindowViewModel.Value = this; //controlViewModel.ControlLoadedCommand.Execute(controlViewModel); return((TControlViewModel)CurrentControlViewModel.Value); } else { throw SecurityException.CreateCoreException <TControlViewModel>(controlViewModel); } }
private bool IsValidSharedSecret() { SecurityException error = null; var isValid = true; if (string.IsNullOrWhiteSpace(SharedSecret)) { error = new SecurityException("The SPE shared secret is not set. Add a child <SharedSecret> element in the SPE <authenticationProvider> config (Spe.config) and set a secure shared secret, e.g. a 64-char random string."); } if (double.TryParse(SharedSecret, out _)) { error = new SecurityException("The SPE shared secret is not set, or was set to a numeric value. Add a child <SharedSecret> element in the SPE <authenticationProvider> config (Spe.config) and set a secure shared secret, e.g. a 64-char random string."); } if (SharedSecret.Length < 30) { error = new SecurityException("Your SPE shared secret is not long enough. Please make it more than 30 characters for maximum security. You can set this in Spe.config on the <authenticationProvider>."); } if (error != null) { isValid = false; } if (DetailedAuthenticationErrors && error != null) { throw error; } if (isValid) { return(true); } return(false); }
private bool HasRedirectPermission(Uri uri, ref Exception resultException) { try { CheckConnectPermission(uri, Async); } catch (SecurityException e) { resultException = new SecurityException(SR.GetString(SR.net_redirect_perm), new WebException(SR.GetString(SR.net_resubmitcanceled), e, WebExceptionStatus.ProtocolError, _HttpResponse)); GlobalLog.Leave("HttpWebRequest#" + ValidationHelper.HashString(this) + "::CheckRedirectPermission", "false"); return false; } return true; }
void LogSecurityException(SecurityException securityException) { Log.Error(TAG, "Invalid location permission. " + "You need to use ACCESS_FINE_LOCATION with geofences", securityException); }