// Static Methods /// <summary> /// Creates a new provider from data cached by the <see cref="SecurityProviderCache"/>. /// </summary> /// <param name="username">The username of the user for which to create a new provider.</param> /// <returns>A new provider initialized from cached data.</returns> public static ISecurityProvider CreateProvider(string username) { CacheContext cacheContext; lock (s_cache) { cacheContext = s_cache.GetOrAdd(username, name => new CacheContext(SecurityProviderUtility.CreateProvider(username))); } ISecurityProvider provider = SecurityProviderUtility.CreateProvider(cacheContext.Provider.UserData); AutoRefresh(provider); return(provider); }
// Static Methods /// <summary> /// Validates that current provider is ready, creating it if necessary. /// </summary> /// <param name="username">User name of the user for whom the<see cref= "ISecurityProvider" /> is to be created; defaults to current user.</param> public static void ValidateCurrentProvider(string username = null) { // Initialize the security principal from caller's windows identity if uninitialized, note that // simply by checking current provider any existing cached security principal will be restored, // if no current provider exists we create a new one if ((object)CurrentProvider == null) { lock (typeof(SecurityProviderCache)) { // Let's see if we won the race... if ((object)CurrentProvider == null) { CurrentProvider = SecurityProviderUtility.CreateProvider(username); } } } }
/// <summary> /// Attempts to reauthenticate the current thread principal /// after their provider has been removed from the cache. /// </summary> /// <returns>True if the user successfully reauthenticated; false otherwise.</returns> public static bool ReauthenticateCurrentPrincipal() { IPrincipal currentPrincipal; SecurityIdentity identity; ISecurityProvider provider = null; string password = null; bool authenticated; currentPrincipal = Thread.CurrentPrincipal; if ((object)currentPrincipal == null) { return(false); } identity = currentPrincipal.Identity as SecurityIdentity; if ((object)identity != null) { provider = identity.Provider; } if ((object)provider != null) { password = provider.Password; } // Reset the current principal WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent(); if ((object)currentIdentity != null) { Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity); } // Create a new provider associated with current identity provider = SecurityProviderUtility.CreateProvider(currentPrincipal.Identity.Name); // Re-authenticate user authenticated = provider.Authenticate(password); // Re-cache current provider for user CurrentProvider = provider; return(authenticated); }
// Static Methods /// <summary> /// Creates a new provider from data cached by the <see cref="SecurityProviderCache"/>. /// </summary> /// <param name="username">The username of the user for which to create a new provider.</param> /// <param name="passthroughPrincipal"><see cref="IPrincipal"/> obtained through alternative authentication mechanisms to provide authentication for the <see cref="ISecurityProvider"/>.</param> /// <param name="autoRefresh">Indicates whether the provider should be automatically refreshed on a timer.</param> /// <returns>A new provider initialized from cached data.</returns> public static ISecurityProvider CreateProvider(string username, IPrincipal passthroughPrincipal = null, bool autoRefresh = true) { CacheContext cacheContext; lock (s_cache) { cacheContext = s_cache.GetOrAdd(username, name => new CacheContext(SecurityProviderUtility.CreateProvider(username, passthroughPrincipal))); } ISecurityProvider provider = SecurityProviderUtility.CreateProvider(cacheContext.Provider.UserData); provider.PassthroughPrincipal = passthroughPrincipal; if (autoRefresh) { AutoRefresh(provider); } return(provider); }
/// <summary> /// Determines whether the user is a member of either of the specified <paramref name="roles"/>. /// </summary> /// <param name="roles">Comma separated list of roles to check.</param> /// <returns>true if the user is a member of either of the specified <paramref name="roles"/>, otherwise false.</returns> public bool IsInRole(string roles) { if (!m_identity.Provider.UserData.IsDefined || !m_identity.Provider.IsUserAuthenticated || m_identity.Provider.UserData.IsDisabled || m_identity.Provider.UserData.IsLockedOut) { // No need to check user roles. return(false); } // Check if user has any one of the specified roles. foreach (string role in roles.Split(',')) { if (m_identity.Provider.UserData.Roles.FirstOrDefault(currentRole => (SecurityProviderUtility.IsRegexMatch(m_identity.Provider.TranslateRole(role.Trim()), currentRole))) != null) { return(true); } } return(false); }