Represents a secured inter-process cache for a Dictionary{TKey,TValue} of serialized UserData.
This is a personal user data cache that only contains basic LDAP information for the user. It is used to load the local and Active Directory groups a user is associated with when the user no longer has access to its domain server. This can happen when a laptop that is normally connected to the Active Directory domain gets shutdown then restarted without access to the domain, for example, on an airplane - in this mode the user can successfully still login to the laptop to their using domain account cached by Windows but the groups the user is in will no longer be accessible. If role based security happens to be based on Active Directory groups, this cache will make sure the user can still have needed role based access even when the domain is unavailable. This cache is maintained as a separate user cache from the system level AdoSecurityCache since the user data cache only contains group information and is used by the LdapSecurityProvider which can be used independently of the AdoSecurityProvider.
상속: GSF.IO.InterprocessCache
예제 #1
0
        // Static Methods

        /// <summary>
        /// Loads the <see cref="UserDataCache"/> for the current local user.
        /// </summary>
        /// <param name="providerID">Unique security provider ID used to distinguish cached user data that may be different based on provider.</param>
        /// <returns>Loaded instance of the <see cref="UserDataCache"/>.</returns>
        public static UserDataCache GetCurrentCache(int providerID)
        {
            // By default user data cache is stored in a path where user will have rights
            UserDataCache userDataCache;
            string        userCacheFolder   = FilePath.GetApplicationDataFolder();
            string        userCacheFileName = Path.Combine(userCacheFolder, FilePath.GetFileName(DefaultCacheFileName));

            // Make sure user directory exists
            if (!Directory.Exists(userCacheFolder))
            {
                Directory.CreateDirectory(userCacheFolder);
            }

            // Initialize user data cache for current local user
            userDataCache          = new UserDataCache(providerID);
            userDataCache.FileName = userCacheFileName;

            return(userDataCache);
        }
예제 #2
0
파일: UserDataCache.cs 프로젝트: rmc00/gsf
        // Static Methods

        /// <summary>
        /// Loads the <see cref="UserDataCache"/> for the current local user.
        /// </summary>
        /// <param name="providerID">Unique security provider ID used to distinguish cached user data that may be different based on provider.</param>
        /// <returns>Loaded instance of the <see cref="UserDataCache"/>.</returns>
        public static UserDataCache GetCurrentCache(int providerID)
        {
            // By default user data cache is stored in a path where user will have rights
            UserDataCache userDataCache;
            string userCacheFolder = FilePath.GetApplicationDataFolder();
            string userCacheFileName = Path.Combine(userCacheFolder, FilePath.GetFileName(DefaultCacheFileName));

            // Make sure user directory exists
            if (!Directory.Exists(userCacheFolder))
                Directory.CreateDirectory(userCacheFolder);

            // Initialize user data cache for current local user
            userDataCache = new UserDataCache(providerID);
            userDataCache.FileName = userCacheFileName;

            return userDataCache;
        }
예제 #3
0
        /// <summary>
        /// Refreshes the <see cref="UserData"/> from the backend data store loading user groups into desired collection.
        /// </summary>
        /// <param name="userData">The structure for the data being refreshed.</param>
        /// <param name="groupCollection">Target collection for user groups.</param>
        /// <param name="providerID">Unique provider ID used to distinguish cached user data that may be different based on provider.</param>
        /// <returns>true if <see cref="SecurityProviderBase.UserData"/> is refreshed, otherwise false.</returns>
        protected virtual bool RefreshData(UserData userData, List <string> groupCollection, int providerID)
        {
            if ((object)groupCollection == null)
            {
                throw new ArgumentNullException(nameof(groupCollection));
            }

            if (string.IsNullOrEmpty(userData.Username))
            {
                return(false);
            }

            // Initialize user data
            userData.Initialize();

            // Populate user data
            UserInfo      user          = null;
            UserDataCache userDataCache = null;

            try
            {
                // Get current local user data cache
                if (m_enableOfflineCaching)
                {
                    userDataCache = UserDataCache.GetCurrentCache(providerID);
                    userDataCache.RetryDelayInterval   = m_cacheRetryDelayInterval;
                    userDataCache.MaximumRetryAttempts = m_cacheMaximumRetryAttempts;
                    userDataCache.ReloadOnChange       = false;
                    userDataCache.AutoSave             = true;
                    userDataCache.Load();
                }

                // Create user info object using specified LDAP path if provided
                string ldapPath = GetLdapPath();

                if (string.IsNullOrEmpty(ldapPath))
                {
                    user = new UserInfo(userData.Username);
                }
                else
                {
                    user = new UserInfo(userData.Username, ldapPath);
                }

                // Make sure to load privileged user credentials from config file if present.
                user.PersistSettings = true;

                // Attempt to determine if user exists (this will initialize user object if not initialized already)
                userData.IsDefined = user.Exists;
                userData.LoginID   = user.LoginID;

                if (userData.IsDefined)
                {
                    // Fill in user information from domain data if it is available
                    if (user.DomainRespondsForUser)
                    {
                        // Copy relevant user information
                        userData.FirstName    = user.FirstName;
                        userData.LastName     = user.LastName;
                        userData.CompanyName  = user.Company;
                        userData.PhoneNumber  = user.Telephone;
                        userData.EmailAddress = user.Email;

                        try
                        {
                            userData.IsLockedOut = user.AccountIsLockedOut;
                            userData.IsDisabled  = user.AccountIsDisabled;
                        }
                        catch (SecurityException)
                        {
                            // AD may restrict information on account availability, if so, have to make a safe assumption:
                            userData.IsLockedOut = true;
                            userData.IsDisabled  = true;
                        }

                        userData.PasswordChangeDateTime = user.NextPasswordChangeDate;
                        userData.AccountCreatedDateTime = user.AccountCreationDate;

                        // Assign all groups the user is a member of
                        foreach (string groupName in user.Groups)
                        {
                            if (!groupCollection.Contains(groupName, StringComparer.OrdinalIgnoreCase))
                            {
                                groupCollection.Add(groupName);
                            }
                        }

                        if ((object)userDataCache != null)
                        {
                            // Cache user data so that information can be loaded later if domain is unavailable
                            userDataCache[userData.LoginID] = userData;

                            // Wait for pending serialization since cache is scoped locally to this method and will be disposed before exit
                            userDataCache.WaitForSave();
                        }
                    }
                    else
                    {
                        // Attempt to load previously cached user information when domain is offline
                        UserData cachedUserData;

                        if ((object)userDataCache != null && userDataCache.TryGetUserData(userData.LoginID, out cachedUserData))
                        {
                            // Copy relevant cached user information
                            userData.FirstName    = cachedUserData.FirstName;
                            userData.LastName     = cachedUserData.LastName;
                            userData.CompanyName  = cachedUserData.CompanyName;
                            userData.PhoneNumber  = cachedUserData.PhoneNumber;
                            userData.EmailAddress = cachedUserData.EmailAddress;
                            userData.IsLockedOut  = cachedUserData.IsLockedOut;
                            userData.IsDisabled   = cachedUserData.IsDisabled;
                            userData.Roles.AddRange(cachedUserData.Roles);
                            userData.Groups.AddRange(cachedUserData.Groups);

                            // If domain is offline, a password change cannot be initiated
                            userData.PasswordChangeDateTime = DateTime.MaxValue;
                            userData.AccountCreatedDateTime = cachedUserData.AccountCreatedDateTime;
                        }
                        else
                        {
                            // No previous user data was cached but Windows allowed authentication, so all we know is that user exists
                            userData.IsLockedOut            = false;
                            userData.IsDisabled             = false;
                            userData.PasswordChangeDateTime = DateTime.MaxValue;
                            userData.AccountCreatedDateTime = DateTime.MinValue;
                        }
                    }
                }

                return(userData.IsDefined);
            }
            finally
            {
                if ((object)user != null)
                {
                    user.PersistSettings = false;
                    user.Dispose();
                }

                if ((object)userDataCache != null)
                {
                    userDataCache.Dispose();
                }
            }
        }