public List <RBACUserInfo> GetAllUserNamesAndIDs()
{
List <RBACUserInfo> result = new List <RBACUserInfo>();
try
{
// Get dataset of filtered users from DB (Note: this will contain more info than from the RBAC method)
Dictionary <string, object> sqlParams = new Dictionary <string, object>();
DataSet _dsUsers = _DAL_RBAC.GetDatasetFromSQL(
"select CONVERT(VARBINARY(85), UserID) AS DBUserSid, UserID, UserName, DomainUserName, FullName, CustomerID from Users order by UserName", sqlParams, true);
_dsUsers.Tables[0].TableName = "Users";
if (_dsUsers.Tables[0].Rows.Count == 0)
{
_dsUsers.Dispose();
return(null);
}
RBACUserInfo rbacUser = null;
foreach (DataRow nextRow in _dsUsers.Tables["Users"].Rows)
{
// Create user from info in data row
rbacUser = rbacUser = new RBACUserInfo();
rbacUser.UserName = Convert.ToString(nextRow["UserName"]);
rbacUser.FullName = Convert.ToString(nextRow["FullName"]);
rbacUser.DomainUserName = Convert.ToString(nextRow["DomainUserName"]);
if (nextRow["DBUserSid"] != DBNull.Value)
{
rbacUser.DBUserCustomSID = (nextRow["DBUserSid"] as byte[]);
}
if (nextRow["CustomerID"] != DBNull.Value)
{
rbacUser.PEMDefaultCustomerID = Convert.ToInt32(nextRow["CustomerID"]);
}
// Add user to result list
result.Add(rbacUser);
}
// Free DB resources
_dsUsers.Dispose();
return(result);
}
catch
{
return(null);
}
}
public override string[] GetRolesForUser(string username)
{
List <string> results = new List <string>();
RBACUserInfo rbacUser = GetRBACUserFromCacheOrDB(username);
if (rbacUser == null)
{
return(results.ToArray());
}
List <RBACItemInfo> grantedItems = _RBACInterface.GetGrantedItemsForUser(rbacUser, false);
foreach (RBACItemInfo nextItem in grantedItems)
{
results.Add(nextItem.ItemName);
}
return(results.ToArray());
}
public ApplicationLogonResponse LogonAsRBACUser(string username, string password)
{
// Create response object
ApplicationLogonResponse responseObj = new ApplicationLogonResponse();
try
{
// Try to get RBAC user
RBACUserInfo rbacUserInfo = GetUser(username);
if (rbacUserInfo == null)
{
responseObj.ErrorMsg = "Username not found in system";
return(responseObj);
}
// Check to make sure passwords match
if (string.Compare(rbacUserInfo.Password_PlainText, password) != 0)
{
responseObj.ErrorMsg = "Incorrect username or password";
return(responseObj);
}
// Create a new RBAC Session ID
string SessionId = System.Guid.NewGuid().ToString();
// Create a new record in SessionDetails table
Dictionary <string, object> sqlParams = new Dictionary <string, object>();
sqlParams.Clear();
sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
sqlParams.Add("@SessionID", SessionId);
int result = _DAL_RBAC.ExecuteNonQuery(
"insert into SessionDetails (UserId, SessionID, SessionExpTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
" values (@UserId, @SessionID, DATEADD(hour,12,getdate()), @UserId, getdate(), @UserId, getdate())", sqlParams, true);
// Create a new record in LoginDetails table
sqlParams.Clear();
sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
sqlParams.Add("@SessionID", SessionId);
result = _DAL_RBAC.ExecuteNonQuery(
"insert into LoginDetails (Userid, SessionID, LoginTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
" values (@UserId, @SessionID, getdate(), @UserId, getdate(), @UserId, getdate())", sqlParams, true);
// Get all granted items of the user
List <RBACItemInfo> grantedItemsForUser = GetGrantedItemsForUser(rbacUserInfo, false);
List <RBACItemInfo> itemsToRemove = new List <RBACItemInfo>();
List <RBACCustomerInfo> allCustomers = GetCustomers();
List <RBACCustomerInfo> grantedCustomers = new List <RBACCustomerInfo>();
// Look through each item. If its actually a customer, we will use a customized object instead
foreach (RBACItemInfo nextItem in grantedItemsForUser)
{
if (nextItem.ItemName.StartsWith("Customer:"))
{
itemsToRemove.Add(nextItem);
RBACCustomerInfoPredicate customerPredicate = new RBACCustomerInfoPredicate(nextItem.ItemID);
RBACCustomerInfo customerObj = allCustomers.Find(customerPredicate.CompareByRbacID);
if (customerObj != null)
{
grantedCustomers.Add(customerObj);
}
}
}
foreach (RBACItemInfo nextItem in itemsToRemove)
{
grantedItemsForUser.Remove(nextItem);
}
// Update the response object
responseObj.SessionId = SessionId;
responseObj.Username = rbacUserInfo.UserName;
responseObj.DomainUsername = rbacUserInfo.DomainUserName;
responseObj.FullName = rbacUserInfo.FullName;
responseObj.RbacUserId = rbacUserInfo.DBUserCustomSID_AsInt;
responseObj.GrantedItems.AddRange(grantedItemsForUser);
responseObj.GrantedCustomers.AddRange(grantedCustomers);
}
catch (Exception ex)
{
responseObj.ErrorMsg = ex.Message;
// Debug: Need to log this?
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
// Return the result object
return(responseObj);
}
public List <RBACItemInfo> GetGrantedItemsForUser(RBACUserInfo user, bool onlyExplicitGrants)
{
List <RBACItemInfo> result = new List <RBACItemInfo>();
Dictionary <string, object> sqlParams = new Dictionary <string, object>();
sqlParams.Add("@DBUserSid", user.DBUserCustomSID);
sqlParams.Add("@ApplicationID", _ApplicationID);
DataSet dsUserRights = _DAL_RBAC.GetDatasetFromSQL(
"select t1.ItemId, t1.Name, t1.ItemType, t1.Description, t2.AuthorizationType, 'Direct' as Grantor " +
"from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
"where t1.ApplicationID = @ApplicationID " +
" and t2.objectSid = @DBUserSid " +
" and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
"union all " +
"select t4.ItemId, t4.Name, t4.ItemType, t4.Description, t5.AuthorizationType, 'Role' as Grantor " +
"from netsqlazman_ItemsHierarchyTable t3, netsqlazman_ItemsTable t4, netsqlazman_AuthorizationsTable t5 " +
"where t3.ItemId = t4.ItemId " +
"and t5.AuthorizationType in (1, 3) " +
"and t5.ItemId = t3.MemberOfItemId " +
"and t3.MemberOfItemId in " +
"( " +
"select t1.ItemId " +
"from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
"where t1.ApplicationID = @ApplicationID and t2.objectSid = @DBUserSid " +
"and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
") " +
"order by 3 asc, 4 asc, 2 asc", sqlParams, true);
//"select t1.ItemId, t1.Name, t1.ItemType, t1.Description, t2.AuthorizationType, 'Direct' as Grantor " +
//"from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
//"where t1.ApplicationID = @ApplicationID " +
//" and t2.OwnerSid = CONVERT(varchar(max),ownerSid,2) " + /*" and t2.objectSid = @DBUserSid " +*/
//" and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
//"union all " +
//"select t4.ItemId, t4.Name, t4.ItemType, t4.Description, t5.AuthorizationType, 'Role' as Grantor " +
//"from netsqlazman_ItemsHierarchyTable t3, netsqlazman_ItemsTable t4, netsqlazman_AuthorizationsTable t5 " +
//"where t3.ItemId = t4.ItemId " +
//"and t5.AuthorizationType in (1, 3) " +
//"and t5.ItemId = t3.MemberOfItemId " +
//"and t3.MemberOfItemId in " +
//"( " +
//"select t1.ItemId " +
//"from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
//"where t1.ApplicationID = 73 and t2.OwnerSid = CONVERT(varchar(max),ownerSid,2) " + /*"where t1.ApplicationID = @ApplicationID and t2.objectSid = @DBUserSid " +*/
//"and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
//") " +
//"order by 3 asc, 4 asc, 2 asc", sqlParams, true);
//DataSet dsUserRights = _DAL_RBAC.GetDatasetFromSQL(
// "select t1.ItemId, t1.Name, t1.ItemType, t1.Description, t2.AuthorizationType, 'Direct' as Grantor " +
// "from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
// "where t1.ApplicationID = @ApplicationID " +
// " and t2.OwnerSid = @DBUserSid " + /*" and t2.objectSid = @DBUserSid " +*/
// " and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
// "union all " +
// "select t4.ItemId, t4.Name, t4.ItemType, t4.Description, t5.AuthorizationType, 'Role' as Grantor " +
// "from netsqlazman_ItemsHierarchyTable t3, netsqlazman_ItemsTable t4, netsqlazman_AuthorizationsTable t5 " +
// "where t3.ItemId = t4.ItemId " +
// "and t5.AuthorizationType in (1, 3) " +
// "and t5.ItemId = t3.MemberOfItemId " +
// "and t3.MemberOfItemId in " +
// "( " +
// "select t1.ItemId " +
// "from netsqlazman_ItemsTable as t1, netsqlazman_Authorizationstable t2 " +
// "where t1.ApplicationID = @ApplicationID and t2.OwnerSid = @DBUserSid " + /*"where t1.ApplicationID = @ApplicationID and t2.objectSid = @DBUserSid " +*/
// "and t1.ItemId = t2.ItemId and t2.AuthorizationType in (1, 3) " +
// ") " +
// "order by 3 asc, 4 asc, 2 asc", sqlParams, true);
foreach (DataRow dr in dsUserRights.Tables[0].Rows)
{
if ((onlyExplicitGrants == false) || (dr["Grantor"].ToString() == "Direct"))
{
RBACItemInfo item = new RBACItemInfo();
item.ItemID = Convert.ToInt32(dr["ItemId"]);
item.ItemName = dr["Name"].ToString();
item.Description = Convert.ToString(dr["Description"]);
item.ItemType = (RBACItemType)Enum.Parse(typeof(RBACItemType), dr["ItemType"].ToString());
bool alreadyExists = false;
foreach (RBACItemInfo nextItem in result)
{
if (nextItem.ItemID == item.ItemID)
{
alreadyExists = true;
break;
}
}
if (alreadyExists == false)
{
result.Add(item);
}
}
}
return(result);
}
public override bool IsUserInRole(string username, string roleName)
{
// First we will look at cached stuff. If not found there, then we will search the DB (and update the cache)
bool matchedFromCache = false;
try
{
// Use a read lock for this operation
_CacheLocker.EnterReadLock();
if (_cachedRolesForUsernames.ContainsKey(username))
{
List <string> cachedRolesForUsername = _cachedRolesForUsernames[username];
if ((cachedRolesForUsername != null) && (cachedRolesForUsername.Count > 0))
{
if (cachedRolesForUsername.IndexOf(roleName) != -1)
{
matchedFromCache = true;
}
}
}
}
finally
{
// Release the read lock
if (_CacheLocker.IsReadLockHeld)
{
_CacheLocker.ExitReadLock();
}
}
if (matchedFromCache == true)
{
return(true);
}
else
{
// Get the user
RBACUserInfo rbacUser = GetRBACUserFromCacheOrDB(username);
if (rbacUser == null)
{
return(false);
}
// Not found in the cache yet, but let's see if access can be assumed from the "PEM" default CustomerID assigned to the user
string defaultCustomerAccess = "Customer:" + rbacUser.PEMDefaultCustomerID.ToString();
if (string.Compare(defaultCustomerAccess, roleName, true) == 0)
{
try
{
// Use an exclusive lock when modifying the collection
_CacheLocker.EnterWriteLock();
// Is a match, so lets update the local cache
if (_cachedRolesForUsernames.ContainsKey(username) == false)
{
_cachedRolesForUsernames.Add(username, new List <string>());
}
if (_cachedRolesForUsernames[username].IndexOf(defaultCustomerAccess) != -1)
{
_cachedRolesForUsernames[username].Add(defaultCustomerAccess);
}
return(true);
}
finally
{
// Release the exclusive write lock
if (_CacheLocker.IsWriteLockHeld)
{
_CacheLocker.ExitWriteLock();
}
}
}
// We will get all granted items for the user, add them to the cache as needed, and also
// check to see if any of them are the ones we are explicitly looking for
bool grantedItemFound = false;
List <RBACItemInfo> grantedItems = _RBACInterface.GetGrantedItemsForUser(rbacUser, false);
try
{
// Use an exclusive lock when modifying the collection
_CacheLocker.EnterWriteLock();
foreach (RBACItemInfo nextItem in grantedItems)
{
// Update the local cache with this item
if (_cachedRolesForUsernames.ContainsKey(username) == false)
{
_cachedRolesForUsernames.Add(username, new List <string>());
}
// If the granted item isn't in the user's cache yet, add it now
if (_cachedRolesForUsernames[username].IndexOf(nextItem.ItemName) != -1)
{
_cachedRolesForUsernames[username].Add(nextItem.ItemName);
}
// If it matches the item we are looking for, then set a flag (but don't break out of loop)
if (string.Compare(nextItem.ItemName, roleName, true) == 0)
{
grantedItemFound = true;
}
}
}
finally
{
// Release the exclusive write lock
if (_CacheLocker.IsWriteLockHeld)
{
_CacheLocker.ExitWriteLock();
}
}
// If granted item was found (and cache was updated), then return true
if (grantedItemFound == true)
{
return(true);
}
}
// If we get this far, then user doesn't have access to requested role
return(false);
}