public HttpResponseMessage Login(string userName, string pwd)
{
if (!UserInfoService.Validate(userName, pwd))
{
return(ToHttpResponse(MessageResult.Failed("login failed")));
}
//todo: expired time should be configurable
var ticket = new FormsAuthenticationTicket(0, userName, DateTime.Now,
DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", userName, pwd),
FormsAuthentication.FormsCookiePath);
var oUser = new UserInfo {
UserName = userName, Password = pwd, Ticket = FormsAuthentication.Encrypt(ticket)
};
var identity = new UserIdentity(oUser);
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
return(ToHttpResponse(MessageResult.Ok(oUser, "login succeed")));
}
private AuthenticateResult validateToken(string token)
{
var validatedToken = customAuthenticationManager.Tokens.FirstOrDefault(t => t.Key == token);
if (validatedToken.Key == null)
{
return(AuthenticateResult.Fail("Unauthorized"));
}
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, validatedToken.Value),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization"))
{
return(AuthenticateResult.Fail("authorization header is absent"));
}
string tokenHeader = Request.Headers["Authorization"];
IProviderResolver resolver = ProviderResolverFactory.GetResolver(tokenHeader.Split(" ").First().ToLower(), tokenHeader.Split(" ").Last(), _serviceProvider);
if (resolver == null)
{
return(AuthenticateResult.Fail("unknown auth center"));
}
try
{
var claims = await resolver.GetClaims();
if (claims.Count == 0)
{
return(AuthenticateResult.Fail("unauthorized"));
}
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return(AuthenticateResult.Fail("unauthorized"));
}
}
public void Setup()
{
var config = new HttpConfiguration();
config.Routes.MapHttpRoute(
name: "Default",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional });
_request = new HttpRequestMessage(HttpMethod.Get, "http://localhost");
_request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
_request.Properties[HttpPropertyKeys.HttpRouteDataKey] = new HttpRouteData(new HttpRoute());
_mockContainer = new Data.Mocks.MockContainer();
_teamRepo = new Data.TeamRepo(_mockContainer);
_goalRepo = new Data.GoalRepo(_mockContainer);
_dimensionRepo = new Data.DimensionRepo(_mockContainer);
var identity = new System.Security.Principal.GenericIdentity("*****@*****.**");
var princpal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
_controller = new GoalController(_goalRepo, _teamRepo, _dimensionRepo);
_controller.User = princpal;
_controller.Request = _request;
}
/// <summary>
/// Check to see if the user is allowed to perform the operation
/// </summary>
/// <param name="operationType">Arena OperationType</param>
/// <param name="currentUser">The current user/principal</param>
/// <returns></returns>
public bool Allowed(Security.OperationType operationType,
System.Security.Principal.GenericPrincipal currentUser)
{
if (operationType.Equals(Security.OperationType.View))
{
// The user can only view authorizations for themselves
if (currentUser.Identity == this.User)
{
return(true);
}
}
if (operationType.Equals(Security.OperationType.Edit))
{
// The user can only edit authorizations for themselves
if (currentUser.Identity.Name != this.LoginId)
{
return(false);
}
// Make sure the client has the scope
foreach (Scope scope in this.Client.Scopes)
{
if (scope.ScopeId == this.ScopeId)
{
return(true);
}
}
}
return(false);
}
} // End Sub ProcessRequest
private static bool TryGetPrincipal(string[] creds, out System.Security.Principal.IPrincipal principal)
{
if (creds[0] == "Administrator" && creds[1] == "SecurePassword")
{
principal = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("Administrator"),
new string[] { "Administrator", "User" }
);
return(true);
}
else if (creds[0] == "JoeBlogs" && creds[1] == "Password")
{
principal = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("JoeBlogs"),
new string[] { "User" }
);
return(true);
}
else if (!string.IsNullOrEmpty(creds[0]) && !string.IsNullOrEmpty(creds[1]))
{
// GenericPrincipal(GenericIdentity identity, string[] Roles)
principal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(creds[0]),
new string[] { "Administrator", "User" }
);
return(true);
}
else
{
principal = null;
}
return(false);
} // End Function TryGetPrincipal
public void TestThatUserWhoCreatesTeamIsSetAsTeamAdmin()
{
/// var user = System.Security.Principal.WindowsIdentity.GetCurrent();
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var princpal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
TeamController.CurrentUser = princpal;
TeamController teamController = CreateTeamController();
teamController.Request = _request;
teamController.User = princpal;
Core.Models.Team newTeam = new Core.Models.Team()
{
Name = Guid.NewGuid().ToString()
};
var result = teamController.Post(newTeam);
var team = _mockContainer.Teams.Where(i => i.Name == newTeam.Name).FirstOrDefault();
Assert.IsNotNull(team, "Could not find new team");
var teamMember = team.TeamMembers.Where(i => i.UserId == identity.Name).FirstOrDefault();
string allUsers = String.Join(",", team.TeamMembers.Select(i => i.UserId + i.IsAdmin.ToString()).ToArray());
Assert.IsNotNull(teamMember, "User was not assigned to team. The current user is " + identity.Name + " Current Users:" + allUsers);
Assert.IsTrue(teamMember.IsAdmin, "User was not created as administrator.");
}
/// <summary>
/// Checks basic authentication request
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (!_isActive)
{
return;
}
var identity = FetchAuthHeader(actionContext);
if (identity == null)
{
ChallengeAuthRequest(actionContext);
return;
}
var genericPrincipal = new System.Security.Principal.GenericPrincipal(identity, null);
Thread.CurrentPrincipal = genericPrincipal;
string deviceId = identity.DeviceIdentifier;
string token = identity.Token != null ? identity.Token.Identifier : null;
string user = identity.User != null ? identity.User.NetworkAccount : null;
string password = identity.User != null ? identity.User.Password : null;
if (!OnAuthorizeUser(deviceId, user, password, actionContext) && !OnAuthorizeUser(deviceId, token, actionContext))
{
ChallengeAuthRequest(actionContext);
return;
}
base.OnAuthorization(actionContext);
}
public void SetCurrentUserFromIdentity()
{
// ユーザー情報
// 企業ユーザーの場合は会社情報も取得
var p = _context.User.Identity;
if (p.IsAuthenticated)
{
using (var db = new Models.Entities())
{
db.Configuration.ProxyCreationEnabled = false;
// TODO: UserNameの一意性保証
this.CurrentUser = db.Users.FirstOrDefault(x => x.UserName == p.Name);
var au = this.CurrentUser as Models.AccountUser;
if (au != null)
{
db.Entry(au).Reference(x => x.Company).Load();
}
}
}
if (this.CurrentUser == null)
{
// 未認証とする
this.CurrentUser = Models.User.Anonymous;
if (p.IsAuthenticated)
{
// 認証クッキーが有効だが、DBにユーザーが存在しない場合の対処
var identity = new System.Security.Principal.GenericIdentity("");
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
_context.User = principal;
}
}
}
public void Setup()
{
var principal = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("Test"),
new string[] { "ProjectManager" });
Csla.ApplicationContext.User = principal;
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
string loggedUser = HttpContext.Current.User.Identity.Name;
var memberUser = (OktaMembershipUser)Membership.GetUser(loggedUser);
if (memberUser != null)
{
var roles = Roles.GetRolesForUser(loggedUser);
var identity = new OktaIdentity(memberUser.UserName, true)
{
FirstName = memberUser.FirstName,
LastName = memberUser.LastName,
PhoneNumber = memberUser.PhoneNumber,
Apps = memberUser.apps,
};
var principal = new System.Security.Principal.GenericPrincipal(identity, roles);
HttpContext.Current.User = principal;
}
else
{
FormsAuthentication.SignOut();
}
}
}
public void Setup()
{
var config = new HttpConfiguration();
config.Routes.MapHttpRoute(
name: "Default",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional });
_request = new HttpRequestMessage(HttpMethod.Get, "http://localhost");
_request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
_request.Properties[HttpPropertyKeys.HttpRouteDataKey] = new HttpRouteData(new HttpRoute());
_mockContainer = new Data.Mocks.MockContainer();
_teamRepo = new Data.TeamRepo(_mockContainer);
_goalRepo = new Data.GoalRepo(_mockContainer);
_dimensionRepo = new Data.DimensionRepo(_mockContainer);
var identity = new System.Security.Principal.GenericIdentity("*****@*****.**");
var princpal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
_controller = new GoalController(_goalRepo, _teamRepo, _dimensionRepo);
_controller.User = princpal;
_controller.Request = _request;
}
void IServiceContext.CreateContext(List <ContextMessage> messageContext)
{
this.Messages = new Dictionary <ServiceContextKey, object>();
messageContext.ForEach(i => this.Messages.Add(i.Key, i.Instance));
if (this.Messages.ContainsKey(ServiceContextKey.UserLogin))
{
this.UserLogin = this.Messages[ServiceContextKey.UserLogin].ToString();
System.Security.Principal.IPrincipal principal =
new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(this.UserLogin), new string[0]);
System.Threading.Thread.CurrentPrincipal = principal;
ServiceCache.SetCache(
string.Format("{0}@{1}", System.ServiceModel.OperationContext.Current.SessionId,
ServiceContextKey.UserLogin.GetName()), this.UserLogin);
}
lock (_servicesOpen)
{
if (System.ServiceModel.OperationContext.Current != null)
{
if (!_servicesOpen.ContainsKey(System.ServiceModel.OperationContext.Current.SessionId))
{
_servicesOpen.Add(System.ServiceModel.OperationContext.Current.SessionId, this);
}
}
}
}
public void SetCurrentUserFromIdentity()
{
// ユーザー情報
// 企業ユーザーの場合は会社情報も取得
var p = _context.User.Identity;
if (p.IsAuthenticated)
{
using (var db = new Models.Entities())
{
db.Configuration.ProxyCreationEnabled = false;
// TODO: UserNameの一意性保証
this.CurrentUser = db.Users.FirstOrDefault(x => x.UserName == p.Name);
var au = this.CurrentUser as Models.AccountUser;
if (au != null)
{
db.Entry(au).Reference(x => x.Company).Load();
}
}
}
if (this.CurrentUser == null)
{
// 未認証とする
this.CurrentUser = Models.User.Anonymous;
if (p.IsAuthenticated)
{
// 認証クッキーが有効だが、DBにユーザーが存在しない場合の対処
var identity = new System.Security.Principal.GenericIdentity("");
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
_context.User = principal;
}
}
}
private void AuthorizeApiRequest(HttpContextBase httpContext)
{
if (!httpContext.User.Identity.IsAuthenticated)
{
var token = GetApiToken(httpContext.Request);
if (!string.IsNullOrEmpty(token))
{
try
{
var encodedTicket = System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(token));
var ticket = System.Web.Security.FormsAuthentication.Decrypt(encodedTicket);
if (!ticket.Expired)
{
var genericprincipal =
new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity(ticket.Name, "api"),
null
);
var ccPrincipal = new CcPrincipal(genericprincipal);
httpContext.User = ccPrincipal;
}
}
catch (Exception ex)
{
_log.Error(ex);
}
}
}
}
public static void SignOut(ISecurityService authenticationService)
{
var cookie = AuthCookie.GetCurrent();
if (cookie != null)
{
if (!string.IsNullOrEmpty(cookie.SessionUid))
{
HttpContext.Current.Cache.Remove(cookie.SessionUid);
//ICacheService cacheService = ((IContainer)System.Web.HttpContext.Current.Application["container"]).Resolve<ICacheService>();
//cacheService.Remove(string.Format("UserSessionID:{0}", cookie.SessionUid));
if (string.IsNullOrEmpty(cookie.Username))
{
authenticationService.SignOut(cookie.SessionUid);
}
}
cookie.SessionUid = null;
cookie.Username = null;
cookie.UserRoles = null;
cookie.BranchCode = null;
cookie.AuthExpiry = Helper.GetLocalDate().AddDays(-1);
cookie.Delete();
}
//create a new anonymous identity/principal.
var identity = new System.Security.Principal.GenericIdentity("");
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
//assign the anonymous principle to the context
System.Web.HttpContext.Current.User = principal;
System.Threading.Thread.CurrentPrincipal = principal;
}
private AuthenticateResult ValidateToken(string token)
{
// var validatedToken = customAuthenticationManager.Tokens.FirstOrDefault(t => t.Key == token);
// if (validatedToken.Key == null)
// {
// return AuthenticateResult.Fail("Unauthorize");
// }
string username = database.StringGet(token);
if (string.IsNullOrEmpty(username))
{
return(AuthenticateResult.Fail("Unauthorize"));
}
//鉴权通过
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, username),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
public void TestThatTeamWithNoAssessmentResultsGetsDefaultRating()
{
CreateTeamWithMember();
var assessmentResults = new List <Continuum.Data.AssessmentResult>();
_mockContainer.Assessments.Add(new Data.Assessment()
{
DateCreated = DateTime.Now,
AssessmentResults = assessmentResults,
Status = new Data.AssessmentStatus()
{
Value = "Closed"
}
});
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Logic.AssessmentLogic assessmentLogic = new WebApi.Logic.AssessmentLogic(_assessmentRepo, _teamRepository, _dimensionRepo, principal);
int rating = assessmentLogic.GetCurrentLevelForTeam();
Assert.IsTrue(rating == 1, "Rating must be 1 if there is not assessment info.");
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
Console.WriteLine("ApiKeyAuthenticationHandler");
if (!Request.Headers.ContainsKey("x-api-key"))
{
return(AuthenticateResult.Fail("Unauthorized"));
}
string apiKey = Request.Headers["x-api-key"];
if (string.IsNullOrEmpty(apiKey))
{
return(AuthenticateResult.Fail("Unauthorized"));
}
if (apiKey.Equals("apikey"))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, "test"),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
return(AuthenticateResult.Fail("Unauthorized"));
}
private void CreateauTicket(string loginRole)
{
try
{
WorkingProfile.UserRole = loginRole;
WorkingProfile.UserRoleLogin = loginRole;
WorkingProfile.ClientUserScreen = txtResolution.Value;
Boolean iscookiepersistent = chkPersist.Checked;
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, txtUserName.Text.ToLower(), DateTime.Now, DateTime.Now.AddMinutes(60), iscookiepersistent, "");
string encryptedTitcket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTitcket);
if (iscookiepersistent)
{
authCookie.Expires = authTicket.Expiration;
}
Response.Cookies.Add(authCookie);
System.Security.Principal.GenericIdentity id = new System.Security.Principal.GenericIdentity(authTicket.Name, "LdapAuthentication");
System.Security.Principal.GenericPrincipal principal = new System.Security.Principal.GenericPrincipal(id, null);
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text.ToLower(), chkPersist.Checked);
}
catch (Exception ex)
{
string exm = ex.Message;
}
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
//Is Authenticated?
if (this.Context.Request.IsAuthenticated == false)
{
return;
}
//Get Current User
string currentUsername = this.Context.User.Identity.Name;
//GetUserManager
UserManager userMgr = new UserManager();
//Get USer from Manager
User usr = userMgr.GetAllUsers().FirstOrDefault(row => row.UserName == currentUsername);
//Get User_Roles from Manager
IEnumerable <UserRole> allUsersRoles = userMgr.GetUserRoles(usr.Id);
//Create Identity Object
System.Security.Principal.GenericIdentity identity;
identity = new System.Security.Principal.GenericIdentity(currentUsername);
//Get Roles as an array of string
string[] roles;
roles = allUsersRoles.Select(ur => ur.Role.Name).ToArray();
//Create Principal Object
System.Security.Principal.GenericPrincipal principal;
principal = new System.Security.Principal.GenericPrincipal(identity, roles);
//Set Principal as new User
this.Context.User = principal;
}
private AuthenticateResult ValidateToken(string token)
{
TokenGenerator tokenGenerator = new TokenGenerator();
var jsonUser = tokenGenerator.Decrypt(Global.Key, token);
var user = JsonConvert.DeserializeObject <UserDTO>(jsonUser);
TimeSpan timeElapsed = DateTime.UtcNow - user.FechaGeneracion;
if (timeElapsed.TotalMinutes > 5)
{
return(AuthenticateResult.Fail("Unauthorized"));
}
var claims = new List <Claim>
{
new Claim("Id", user.Id.ToString()),
new Claim(ClaimTypes.Name, user.NomUser),
new Claim(ClaimTypes.Role, user.NomRol),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
private static bool IsAccessibleToEveryone(ISecurable content)
{
var visitorPrinciple = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("visitor"),
new[] { "Everyone" });
return(content.GetSecurityDescriptor().HasAccess(visitorPrinciple, AccessLevel.Read));
}
public void RunBeforeEachTest()
{
System.Security.Principal.GenericIdentity identity = new System.Security.Principal.GenericIdentity("unittest\\user", "UnitTestAuth");
System.Security.Principal.GenericPrincipal gp = new System.Security.Principal.GenericPrincipal(identity, new string[] { "FirstRole", "ThirdRole" });
System.Threading.Thread.CurrentPrincipal = gp;
}
private static bool IsAccessibleToEveryone(PageData page)
{
var visitorPrinciple = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("visitor"),
new[] { "Everyone" });
return(page.ACL.QueryDistinctAccess(visitorPrinciple, EPiServer.Security.AccessLevel.Read));
}
public void Setup()
{
var principal = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("Test"),
new string[] { "ProjectManager" });
Csla.ApplicationContext.User = principal;
}
private WebApi.Logic.TeamLogic CreateTeamLogic(string[] roles)
{
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, roles);
var teamLogic = new WebApi.Logic.TeamLogic(_teamRepository, principal);
return(teamLogic);
}
private static bool IsAccessibleToEveryone(PageData page)
{
var visitorPrinciple = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("visitor"),
new[] { "Everyone" });
return page.ACL.QueryDistinctAccess(visitorPrinciple, EPiServer.Security.AccessLevel.Read);
}
public void SetThreadPrincipal()
{
Assert.Throws <ArgumentNullException>(() => { AppDomain.CurrentDomain.SetThreadPrincipal(null); });
var identity = new System.Security.Principal.GenericIdentity("NewUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
AppDomain.CurrentDomain.SetThreadPrincipal(principal);
}
private WebApi.Logic.AssessmentLogic CreateAssessmentLogic()
{
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Logic.AssessmentLogic assessmentLogic = new WebApi.Logic.AssessmentLogic(_assessmentRepo, _teamRepository, _dimensionRepo, principal);
return(assessmentLogic);
}
private AuthenticateResult Success(long clientId)
{
var claims = new [] { new Claim(ClaimTypes.NameIdentifier, clientId.ToString()) };
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
public void SetThreadPrincipal()
{
RemoteInvoke(() => {
Assert.Throws <ArgumentNullException>(() => { AppDomain.CurrentDomain.SetThreadPrincipal(null); });
var identity = new System.Security.Principal.GenericIdentity("NewUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
AppDomain.CurrentDomain.SetThreadPrincipal(principal);
return(SuccessExitCode);
}).Dispose();
}
public void TestThatAttemptingToAccessAssessmentWithoutTeamThrowsException()
{
var identity = new System.Security.Principal.GenericIdentity("*****@*****.**");
var princpal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Controllers.AssessmentController.CurrentUser = princpal;
_assessmentController.User = princpal;
_assessmentController.Get();
}
public void TestThatAttemptingToAccessAssessmentWithoutTeamThrowsException()
{
var identity = new System.Security.Principal.GenericIdentity("*****@*****.**");
var princpal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Controllers.AssessmentController.CurrentUser = princpal;
_assessmentController.User = princpal;
_assessmentController.Get();
}
public void TestThatTeamWithNoAssessmentsHasDefaultRating()
{
CreateTeamWithMember();
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Logic.AssessmentLogic assessmentLogic = new WebApi.Logic.AssessmentLogic(_assessmentRepo, _teamRepository, _dimensionRepo, principal);
int rating = assessmentLogic.GetCurrentLevelForTeam();
Assert.IsTrue(rating == 1, "Rating must be 1 if there is not assessment info.");
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
var cookieName = System.Web.Security.FormsAuthentication.FormsCookieName;
var authCookie = this.Context.Request.Cookies[cookieName];
if (authCookie != null) {
var authTicket = System.Web.Security.FormsAuthentication.Decrypt(authCookie.Value);
if (authTicket != null) {
var groups = authTicket.UserData.Split('|');
var id = new System.Security.Principal.GenericIdentity(authTicket.Name, "LdapAuthentication");
var principal = new System.Security.Principal.GenericPrincipal(id, groups);
this.Context.User = principal;
}
}
}
public void Setup()
{
_mockContainer = new Data.Mocks.MockContainer();
_assessmentRepo = new Continuum.Data.AssessmentRepo(_mockContainer);
_teamRepo = new Continuum.Data.TeamRepo(_mockContainer);
_dimensionRepo = new Data.DimensionRepo(_mockContainer);
var identity = new System.Security.Principal.GenericIdentity("*****@*****.**");
var princpal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Controllers.AssessmentController.CurrentUser = princpal;
_assessmentController = new Continuum.WebApi.Controllers.AssessmentController(_assessmentRepo, _teamRepo, _dimensionRepo);
_assessmentController.User = princpal;
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
string loggedUser = HttpContext.Current.User.Identity.Name;
var memberUser = (OktaMembershipUser)Membership.GetUser(loggedUser);
var roles = Roles.GetRolesForUser(loggedUser);
var identity = new OktaIdentity(memberUser.UserName, true)
{
FirstName = memberUser.FirstName,
LastName = memberUser.LastName,
PhoneNumber = memberUser.PhoneNumber,
Apps = memberUser.apps,
};
var principal = new System.Security.Principal.GenericPrincipal(identity, roles);
HttpContext.Current.User = principal;
}
}
public static bool ShouldExcludeContent(this CatalogContentBase catalogContent)
{
if (catalogContent == null)
{
return true;
}
if (catalogContent.IsPendingPublish)
{
return true;
}
var visitorPrinciple = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("visitor"),
new[] { "Everyone" });
var securityDescriptor = catalogContent.GetSecurityDescriptor();
if (!securityDescriptor.HasAccess(visitorPrinciple, AccessLevel.Read))
{
return true;
}
if (!IsSitemapPropertyEnabled(catalogContent))
{
return true;
}
if (catalogContent.IsDeleted)
{
return true;
}
if (!catalogContent.HasTemplate())
{
return true;
}
return false;
}
//针对所有请求,就会到这里
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpRequest request = HttpContext.Current.Request;
//找请求的cookie里面是否有用户票据
HttpCookie cookie = request.Cookies["Ticket"];
string name = string.Empty;
if (cookie != null)
{
string ticketstring = cookie.Value;
//解密
System.Web.Security.FormsAuthenticationTicket ticket
= System.Web.Security.FormsAuthentication.Decrypt(ticketstring);
name = ticket.Name;
}
//上面是教学实践,下面是微软写好的
//MyIdentity identity = new MyIdentity(name, "Type");
System.Security.Principal.GenericIdentity identity
= new System.Security.Principal.GenericIdentity(name, "Type");
//MyPrinciple user = new MyPrinciple(identity, new string[] { });
System.Security.Principal.GenericPrincipal user
= new System.Security.Principal.GenericPrincipal(identity,new string[] { } );
HttpContext context = HttpContext.Current;
context.Items.Add("User", user);
}
public void TestThatTeamWithNoAssessmentsHasDefaultRating()
{
CreateTeamWithMember();
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Logic.AssessmentLogic assessmentLogic = new WebApi.Logic.AssessmentLogic(_assessmentRepo, _teamRepository, _dimensionRepo, principal);
int rating = assessmentLogic.GetCurrentLevelForTeam();
Assert.IsTrue(rating == 1, "Rating must be 1 if there is not assessment info.");
}
public static void SetAuthenticatedTicket(System.Guid userID, List<string> roleNames, bool createPersistentCookie)
{
// Ϊ������ userName��createPersistentCookie �� strCookiePath ���������֤Ʊ�������丽�ӵ� Cookie �������Ӧ���ϡ�����ִ���ض���
string logonID = userID.ToString();
System.Web.Security.FormsAuthentication.SetAuthCookie(logonID, createPersistentCookie);
HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddDays(1);
string userData = "";
for(int index = 0;index < roleNames.Count;index++)
{
userData += roleNames[index];
if(index < roleNames.Count -1)userData += ",";
}
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(
1, // version
logonID, // �û����
DateTime.Now, // creation
DateTime.Now.AddMinutes(20),// Expiration
false, // Persistent
userData); // User data
string encryptedTicket = FormsAuthentication.Encrypt(authTicket); //����
//����Cookie
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
HttpContext.Current.Response.Cookies.Add(authCookie);
// ���µ�ǰUser
System.Security.Principal.GenericIdentity genericIdentity = new System.Security.Principal.GenericIdentity(logonID);
System.Security.Principal.GenericPrincipal genericPrincipal = new System.Security.Principal.GenericPrincipal(genericIdentity, roleNames.ToArray());
HttpContext.Current.User = genericPrincipal;
}
private static bool IsAccessibleToEveryone(ISecurable content)
{
var visitorPrinciple = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("visitor"),
new[] { "Everyone" });
return content.GetSecurityDescriptor().HasAccess(visitorPrinciple, AccessLevel.Read);
}
public void TestThatTeamWithNoAssessmentResultsGetsDefaultRating()
{
CreateTeamWithMember();
var assessmentResults = new List<Continuum.Data.AssessmentResult>();
_mockContainer.Assessments.Add(new Data.Assessment()
{
DateCreated = DateTime.Now,
AssessmentResults = assessmentResults,
Status = new Data.AssessmentStatus() { Value = "Closed" }
});
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Logic.AssessmentLogic assessmentLogic = new WebApi.Logic.AssessmentLogic(_assessmentRepo, _teamRepository, _dimensionRepo, principal);
int rating = assessmentLogic.GetCurrentLevelForTeam();
Assert.IsTrue(rating == 1, "Rating must be 1 if there is not assessment info.");
}
/// <summary>
/// Check if the current user principal has access to the requested resource.
/// </summary>
/// <returns>Returns True if the current user has access to the requested resource, otherwise False</returns>
internal static bool CheckUrlAccessForCurrentPrincipal()
{
HttpContext context = HttpContext.Current;
HttpRequest request = context.Request;
var user = context.User;
if (user == null)
{
var identity = new System.Security.Principal.GenericIdentity("", "");
user = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
}
return System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal(request.Path, user, request.HttpMethod);
}
public void TestThatUserWhoCreatesTeamIsSetAsTeamAdmin()
{
/// var user = System.Security.Principal.WindowsIdentity.GetCurrent();
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var princpal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
TeamController.CurrentUser = princpal;
TeamController teamController = CreateTeamController();
teamController.Request = _request;
teamController.User = princpal;
Core.Models.Team newTeam = new Core.Models.Team()
{
Name = Guid.NewGuid().ToString()
};
var result = teamController.Post(newTeam);
var team = _mockContainer.Teams.Where(i => i.Name == newTeam.Name).FirstOrDefault();
Assert.IsNotNull(team, "Could not find new team");
var teamMember = team.TeamMembers.Where(i => i.UserId == identity.Name).FirstOrDefault();
string allUsers = String.Join(",",team.TeamMembers.Select(i => i.UserId + i.IsAdmin.ToString()).ToArray());
Assert.IsNotNull(teamMember, "User was not assigned to team. The current user is " + identity.Name + " Current Users:" + allUsers);
Assert.IsTrue(teamMember.IsAdmin, "User was not created as administrator.");
}
private WebApi.Logic.AssessmentLogic CreateAssessmentLogic()
{
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, new string[] { });
Continuum.WebApi.Logic.AssessmentLogic assessmentLogic = new WebApi.Logic.AssessmentLogic(_assessmentRepo, _teamRepository, _dimensionRepo, principal);
return assessmentLogic;
}
private WebApi.Logic.TeamLogic CreateTeamLogic(string[] roles)
{
var identity = new System.Security.Principal.GenericIdentity("TestUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, roles);
var teamLogic = new WebApi.Logic.TeamLogic(_teamRepository, principal);
return teamLogic;
}
public void SetThreadPrincipal()
{
Assert.Throws<ArgumentNullException>(() => {AppDomain.CurrentDomain.SetThreadPrincipal(null);});
var identity = new System.Security.Principal.GenericIdentity("NewUser");
var principal = new System.Security.Principal.GenericPrincipal(identity, null);
AppDomain.CurrentDomain.SetThreadPrincipal(principal);
}
private static bool TryGetPrincipal(string[] creds, out System.Security.Principal.IPrincipal principal)
{
if (creds[0] == "Administrator" && creds[1] == "SecurePassword")
{
principal = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("Administrator"),
new string[] { "Administrator", "User" }
);
return true;
}
else if (creds[0] == "JoeBlogs" && creds[1] == "Password")
{
principal = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("JoeBlogs"),
new string[] { "User" }
);
return true;
}
else if (!string.IsNullOrEmpty(creds[0]) && !string.IsNullOrEmpty(creds[1]))
{
// GenericPrincipal(GenericIdentity identity, string[] Roles)
principal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(creds[0]),
new string[] { "Administrator", "User"}
);
return true;
}
else
{
principal = null;
}
return false;
}
