public void RedirectsHtmlNotAuth() { var id = new Identity { IsAuthenticated = false }; var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/test.html") }; var auth = a.Authorize(req); Assert.True(!string.IsNullOrWhiteSpace(auth.Redirect)); }
public void CustomRoleDeny() { var id = new Identity { IsAuthenticated = true, User = new User()}; var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/roled.html") }; var auth = a.Authorize(req); Assert.False(auth.Process); Assert.NotNull(auth.Error); }
public void DenyUnknownNotAuth() { var id = new Identity { IsAuthenticated = false }; var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/operation") }; var auth = a.Authorize(req); Assert.NotNull(auth.Error); }
public void Run(IHostServer server, WebContext context, string callbackEndPoint, CancellationToken cancel) { var id = context.User.Identity as Identity; if(null==id)throw new Exception("invalid identity type"); if (null == id.ImpersonationSource) { if(!id.IsAdmin)throw new Exception("not admin"); } var src = id.ImpersonationSource ?? id; var p = RequestParameters.Create(context); var to = p.Get("login"); Identity newid = null; if (string.IsNullOrWhiteSpace(to)) { newid = (Identity)src; } else { var user = Users.GetUser(to); if (null != user) { newid = new Identity(user); } else { newid =new Identity{Name = to, IsAuthenticated = true}; } newid.ImpersonationSource = src; } context.User = new GenericPrincipal(newid,null); var token = TokenService.Create(context.Request); newid.Token = token; TokenService.Store(context.Response,context.Request.Uri,token); context.Finish(newid.stringify()); }
public IIdentity Logon(string username, SecureLogonInfo info, IScope context = null) { if (null == UserService) { return null; } var user = UserService.GetUser(username); if (!StateChecker.IsSecureLogable(user)) { return null; } var result = new Identity { Name = username, AuthenticationType = "secure" }; var state = StateChecker.GetActivityState(user); if (state != UserActivityState.Ok) { result.IsError = true; result.Error = new SecurityException(state.ToStr()); } else { try { SecureLogonService.CheckSecureInfo(info, user, context); result.IsAuthenticated = true; result.User = user; result.IsAdmin = user.IsAdmin; } catch (Exception e) { result.IsError = true; result.Error = e; } } return result; }
public bool IsInRole(IIdentity identity, string role, bool exact) { var id = identity as Identity; if (null == id) { id =new Identity(identity); } var user = id.User ?? (id.User = Users.GetUser(id.Name)); if (HasRole(user, role)) { return true; } if (exact) { return false; } if (null == user) { return false; } if (!string.IsNullOrWhiteSpace(user.Domain)) { var master = Users.GetUser(user.Domain + "@groups"); if (HasRole(master, role)) { return true; } } foreach (var grp in user.Groups) { var g = Users.GetUser(grp + "@groups"); if (HasRole(g, role)) { return true; } } return false; }
/// <summary> /// Произведение авторизации и всех сопутствующих процедур /// </summary> /// <param name="user">Пользователь</param> /// <param name="server">Сервер</param> /// <param name="context">Контекст</param> /// <returns>HandlerResult</returns> private HandlerResult ProcessUserLogin(IUser user, IHostServer server, WebContext context) { var identity = new Identity(user) {AuthenticationType = "secure"}; context.User = new GenericPrincipal(identity, null); var logondata = new LogonInfo { Identity = identity, RemoteEndPoint = context.Request.RemoteEndPoint, LocalEndPoint = context.Request.LocalEndPoint, UserAgent = context.Request.UserAgent }; var token = TokenService.Create(context.Request); TokenService.Store(context.Response, context.Request.Uri, token); return new HandlerResult { Result = true, Data = logondata }; }
public static bool IsInRole(this IRoleResolverService service, string login, string role, bool exact = false) { var srv = service as RoleResolverService; var us = srv.Users.GetUser(login); if (null == us) { return false; } var id = new Identity { Name = us.Name, IsAuthenticated = true, IsAdmin = us.IsAdmin, User = us }; return service.IsInRole(id, role, exact); }
private Identity BuildIdentity(Token token) { var result = new Identity { Token = token, Name = token.User, IsAuthenticated = true, AuthenticationType = "form", IsAdmin = token.IsAdmin }; var errormessage = ""; var user = UserService.GetUser(token.User); if (null != user) { result.User = user; result.IsAdmin = user.IsAdmin; var userstate = UserStateChecker.GetActivityState(user); if (userstate != UserActivityState.Ok) { result.IsError = true; errormessage += userstate.ToStr() + "; "; } } if (!string.IsNullOrWhiteSpace(token.ImUser)) { var imtoken = new Token {User = token.ImUser}; var imidentity = BuildIdentity(imtoken); result.ImpersonationSource = imidentity; if (!imidentity.IsAuthenticated) { result.IsError = true; errormessage += "not-auth impersonation; "; } else if (!imidentity.IsAdmin) { result.IsError = true; errormessage += "non-admin impersonation;"; } } if (result.IsError) { result.IsAuthenticated = false; result.Error = new SecurityException(errormessage); } return result; }
public void AllowPathedRole() { var id = new Identity { IsAuthenticated = true, IsAdmin = true}; var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/admin-data.html") }; var auth = a.Authorize(req); Assert.True(auth.Process); }
public void AllowAllAuthToAnyHtml() { var id = new Identity { IsAuthenticated = true }; var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/some.html") }; var auth = a.Authorize(req); Assert.True(auth.Process); }
public void CustomRedirection() { var id = new Identity { IsAuthenticated = false }; var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/spredir.html") }; var auth = a.Authorize(req); Assert.AreEqual(@"/public.html?referer=/spredir.html", auth.Redirect); }
public void CustomPublicResource() { var id = new Identity { IsAuthenticated = false }; var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/public.html") }; var auth = a.Authorize(req); Assert.True(auth.Process); }
public void AllowAnyCss() { var id = new Identity {IsAuthenticated = false}; var req = new HttpRequestDescriptor {User =new GenericPrincipal(id,null), Uri = new Uri("http://host/test.css")}; var auth = a.Authorize(req); Assert.True(auth.Process); }