Exemplo n.º 1
0
 public static List <string> ReadWinUsers(string aStoreName, string RoleName)
 {
     try
     {
         AzAuthorizationStore store = new AzAuthorizationStore();
         string storeLocation       = GetAuthStoreLocation(aStoreName);
         //0 = The authorization store is opened for use by the Update method and the AccessCheck method.
         store.Initialize(0, storeLocation, null);
         List <string> members = new List <string>();
         IAzRole       iAzRole = null;
         foreach (IAzApplication3 toApplication in store.Applications)
         {
             if (RoleName.Equals("Administrator"))
             {
                 iAzRole = toApplication.OpenRole(RoleName);
             }
             else
             {
                 iAzRole = toApplication.OpenRole("_" + RoleName);
             }
             foreach (string member in iAzRole.MembersName)
             {
                 members.Add(member);
             }
             return(members);
         }
         return(members);
     }
     catch (COMException ce)
     {
         MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
         return(null);
     }
 }
Exemplo n.º 2
0
        public static List <string> ReadOperations(string aStoreName)
        {
            try
            {
                AzAuthorizationStore store = new AzAuthorizationStore();
                string storeLocation       = GetAuthStoreLocation(aStoreName);
                //0 = The authorization store is opened for use by the Update method and the AccessCheck method.
                store.Initialize(0, storeLocation, null);

                List <string> operations = new List <string>();

                foreach (IAzApplication3 toApplication in store.Applications)
                {
                    foreach (IAzOperation operation in toApplication.Operations)
                    {
                        if (!operations.Contains(operation.Name))
                        {
                            operations.Add(operation.Name);
                        }
                    }
                }
                return(operations);
            }
            catch (COMException ce)
            {
                MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
                return(null);
            }
        }
Exemplo n.º 3
0
 internal static void AddAdministrator(string aStoreName)
 {
     try
     {
         AzAuthorizationStore store = new AzAuthorizationStore();
         string storeLocation       = AzManReader.GetAuthStoreLocation(aStoreName);
         //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
         store.Initialize(4, storeLocation, null);
         foreach (IAzApplication3 application in store.Applications)
         {
             //Create a new role assignment
             IAzRoleAssignments roleAssignments = application.RoleAssignments;
             bool hasAdministrator = false;
             foreach (IAzRoleAssignment roleassignment in roleAssignments)
             {
                 if (roleassignment.Name.Equals("Administrator"))
                 {
                     hasAdministrator = true;
                 }
             }
             if (!hasAdministrator)
             {
                 IAzRoleAssignment newRoleAssignment = application.CreateRoleAssignment("Administrator");
                 newRoleAssignment.AddRoleDefinition("Administrator");
                 newRoleAssignment.Submit();
                 application.Submit();
             }
         }
     }
     catch (COMException ce)
     {
         MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
     }
 }
Exemplo n.º 4
0
        /// <summary>
        /// Read all roles for this specific application
        /// </summary>
        /// <param name="aStoreName"></param>
        /// <param name="aPath"></param>
        /// <returns></returns>
        public static List <string> ReadRoles(string aStoreName)
        {
            try
            {
                AzAuthorizationStore store = new AzAuthorizationStore();
                string storeLocation       = GetAuthStoreLocation(aStoreName);
                //0 = The authorization store is opened for use by the Update method and the AccessCheck method.
                store.Initialize(0, storeLocation, null);

                List <string> roles = new List <string>();

                foreach (IAzApplication3 toApplication in store.Applications)
                {
                    foreach (IAzRoleDefinition role in toApplication.RoleDefinitions)
                    {
                        if (role.Name.StartsWith("_"))
                        {
                            roles.Add(role.Name.Substring(1));
                        }
                        else if (role.Name.Equals("Administrator"))
                        {
                            roles.Add(role.Name);
                            AzManWriter.AddAdministrator(aStoreName);
                        }
                    }
                }
                return(roles);
            }
            catch (COMException ce)
            {
                MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
                return(null);
            }
        }
Exemplo n.º 5
0
        public static bool DeleteWindowsUserFromRole(string role, string aStoreName, string windowsUser)
        {
            bool success;

            try
            {
                AzAuthorizationStore store = new AzAuthorizationStore();

                string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
                if (role != "Administrator")
                {
                    role = "_" + role;
                }
                //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
                store.Initialize(4, storeLocation, null);
                foreach (IAzApplication3 application in store.Applications)
                {
                    IAzRole iAzRole = application.OpenRole(role);
                    iAzRole.DeleteMemberName(windowsUser);
                    iAzRole.Submit();
                    application.Submit();
                }
                success = true;
            }

            catch (Exception)
            {
                success = false;
            }
            return(success);
        }
Exemplo n.º 6
0
        public static bool DeleteRole(string deleteRole, string aStoreName)
        {
            bool success = false;

            try
            {
                AzAuthorizationStore store = new AzAuthorizationStore();

                string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
                string roleName      = "_" + deleteRole;
                //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
                store.Initialize(4, storeLocation, null);
                foreach (IAzApplication3 application in store.Applications)
                {
                    //Delete role assignment
                    application.DeleteRoleAssignment(roleName);
                    //Delete role definition
                    application.DeleteRoleDefinition(roleName);
                    application.Submit();
                }
                success = true;
            }
            catch (COMException ce)
            {
                MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
            }
            catch (Exception)
            {
                success = false;
            }
            return(success);
        }
Exemplo n.º 7
0
        public static bool AddWindowsUserToRole(string role, string aStoreName, string windowsUser)
        {
            bool success = false;

            try
            {
                AzAuthorizationStore store = new AzAuthorizationStore();

                string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
                if (role != "Administrator")
                {
                    role = "_" + role;
                }
                //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
                store.Initialize(4, storeLocation, null);
                foreach (IAzApplication3 application in store.Applications)
                {
                    IAzRole iAzRole = application.OpenRole(role);
                    iAzRole.AddMemberName(windowsUser);
                    iAzRole.Submit();
                    application.Submit();
                }
                success = true;
            }
            catch (COMException ce)
            {
                MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
            }
            catch (Exception)
            {
                success = false;
            }
            return(success);
        }
        public void Dispose()
        {
            if (null == app)
            {
                return;
            }

            Marshal.ReleaseComObject(app);
            Marshal.ReleaseComObject(store);

            app   = null;
            store = null;
        }
Exemplo n.º 9
0
        public static bool CreateRole(string role, string aStoreName)
        {
            bool success = false;

            try
            {
                AzAuthorizationStore store = new AzAuthorizationStore();

                string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
                string roleName      = "_" + role;
                //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
                store.Initialize(4, storeLocation, null);
                foreach (IAzApplication3 application in store.Applications)
                {
                    //Create a new role definition
                    IAzRoleDefinition newRole = application.CreateRoleDefinition(roleName);
                    //Create a new role assignment
                    IAzRoleAssignment newRoleAssignment = application.CreateRoleAssignment(roleName);

                    newRole.Submit();
                    newRoleAssignment.AddRoleDefinition(roleName);
                    newRoleAssignment.Submit();
                    application.Submit();
                }
                success = true;
            }
            catch (COMException ce)
            {
                if (ce.ErrorCode.Equals(-2147024713))
                {
                    MessageBox.Show(null, "Role already exist in this application.", "Role already exist");
                }
                else
                {
                    MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
                }
            }
            catch (Exception ex)
            {
                if (ex is UnauthorizedAccessException)
                {
                    MessageBox.Show("Access denied to " + aStoreName + "AuthStore.xml. Maybe it is read-only?", "", MessageBoxButtons.OK);
                }
                else
                {
                    MessageBox.Show("Could not create role. Maybe it already exists?", "", MessageBoxButtons.OK);
                }
                success = false;
            }
            return(success);
        }
Exemplo n.º 10
0
        public AzManHelper(string connectionString, string appName)
        {
            this.appName = appName;

            try {
                // load and initialize the AzMan runtime
                store = new AzAuthorizationStore();
                store.Initialize(0, connectionString, null);

                // drill down to our application
                app = store.OpenApplication(appName, null);
            }
            catch (COMException x) {
                throw new AzManException("Failed to initizlize AzManHelper", x);
            }
            catch (System.IO.FileNotFoundException x) {
                throw new AzManException(string.Format("Failed to load AzMan policy from {0} - make sure your connection string is correct.", connectionString), x);
            }
        }
Exemplo n.º 11
0
        public AZOperation[] CheckAccess(string _userName, string _domain, AZOperation[] _operations)
        {
            if (null == _azStore)
            {
                _azStore = new AzAuthorizationStore();
                _azStore.Initialize(0, Globals.Configuration.AzManagerStoreConnectionString, null);
            }

            IAzApplication azApp = _azStore.OpenApplication("CustomerService");
            try
            {
                IAzClientContext context = azApp.InitializeClientContextFromName(_userName, _domain, null);

                object[] operationIds = new object[_operations.Length];

                for (int i = 0; i < _operations.Length; i++)
                {
                    operationIds[i] = _operations[i].ID;
                }

                object[] result = (object[])context.AccessCheck("Auditstring",
                      new object[1], operationIds, null, null, null, null, null);

                for (int j = 0; j < result.Length; j++)
                {
                    if (int.Parse(result[j].ToString()) != 0)
                    {
                        _operations[j].Result = false;
                    }
                    else
                    {
                        _operations[j].Result = true;
                    }
                }

                return _operations;
            }
            catch
            {
                throw;
            }
        }
Exemplo n.º 12
0
        private void InitializeProvider(string providerName, string applicationName, string storeLocation)
        {
            if (!_storeDictionary.ContainsKey(storeLocation))
            {
                try
                {
                    AzAuthorizationStore store = new AzAuthorizationStore();

                    store.Initialize(0, storeLocation, null);

                    _storeDictionary.Add(storeLocation, store);

                    AddFileSystemWatcher(storeLocation);
                }
                catch (Exception ex)
                {
                    throw new AuthorizationException(string.Format("Failed to open authorization store. ProviderName = {0}, ApplicationName = {1}, StoreLocation = {2}.", providerName, applicationName, storeLocation), ex);
                }
            }

            if (!_applicationDictionary.ContainsKey(providerName))
            {
                try
                {
                    IAzApplication2 application = ((IAzAuthorizationStore2)_storeDictionary[storeLocation]).OpenApplication2(applicationName, null);
                    _applicationDictionary.Add(providerName, application);

                    _operationDictionary.Add(providerName, new Dictionary <string, int>());

                    foreach (IAzOperation o in application.Operations)
                    {
                        _operationDictionary[providerName].Add(o.Name, o.OperationID);
                    }
                }
                catch (Exception ex)
                {
                    throw new AuthorizationException(string.Format("Failed to open application. ProviderName = {0}, ApplicationName = {1}, StoreLocation = {2}.", providerName, applicationName, storeLocation), ex);
                }
            }
        }
Exemplo n.º 13
0
        public AZOperation[] ShowOperations(string[] _OperationNames)
        {
            if (null == _azStore)
            {
                _azStore = new AzAuthorizationStore();
                _azStore.Initialize(0, Globals.Configuration.AzManagerStoreConnectionString, null);
            }

            IAzApplication azApp = _azStore.OpenApplication("CustomerService");

            List<AZOperation> _Operations = new List<AZOperation>();

            foreach (string opName in _OperationNames)
            {
                IAzOperation op = azApp.OpenOperation(opName, null);
                AZOperation operationAux = new AZOperation();

                operationAux.ID = op.OperationID;
                operationAux.Name = op.Name;

                _Operations.Add(operationAux);
            }

            return _Operations.ToArray();
        }
Exemplo n.º 14
0
 public void Dispose()
 {
     if (null != _azStore)
         _azStore = null;
 }
Exemplo n.º 15
0
        public static void SaveRole(List <string> anOperations, string aRole, string aStoreName, List <string> allTreeOperations)
        {
            try
            {
                //Make sure all operations exist in Azman
                List <string> allOperations      = AzManReader.ReadOperations(aStoreName);
                List <string> excludedOperations = new List <string>();
                if (allOperations != null)
                {
                    List <string> addOperations = new List <string>();
                    foreach (string operation in anOperations)
                    {
                        if (allOperations.Contains(operation))
                        {
                            addOperations.Add(operation);
                        }
                    }
                    foreach (string operation in allOperations)
                    {
                        if (!allTreeOperations.Contains(operation))
                        {
                            excludedOperations.Add(operation);
                        }
                    }

                    //read OK and Cancel operations
                    List <string> oKAndCancelOperations = AzManReader.ReadOkCancelAndCloseOperations(aStoreName);
                    if (oKAndCancelOperations != null)
                    {
                        foreach (string operation in allOperations)
                        {
                            if (oKAndCancelOperations.Contains(operation))
                            {
                                excludedOperations.Remove(operation);
                            }
                        }
                        addOperations.AddRange(excludedOperations);

                        //save down the operations into the role in AuthStore
                        AzAuthorizationStore store = new AzAuthorizationStore();

                        string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName);
                        string roleName      = "_" + aRole;
                        //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE
                        store.Initialize(4, storeLocation, null);

                        foreach (IAzApplication3 application in store.Applications)
                        {
                            foreach (IAzRoleDefinition role in application.RoleDefinitions)
                            {
                                if (role.Name != roleName)
                                {
                                    continue;
                                }
                                //remove all existing operations in the role
                                foreach (string operation in role.Operations)
                                {
                                    role.DeleteOperation(operation);
                                }
                                //Role needs to be submitted after deleting operations otherwise Azman freaks out
                                role.Submit();
                                //Save all selected operations to the role
                                foreach (string operationString in addOperations)
                                {
                                    role.AddOperation(operationString);
                                }
                                foreach (string oKOrCancelOperation in oKAndCancelOperations)
                                {
                                    role.AddOperation(oKOrCancelOperation);
                                }
                                //Submit role so changes are saved
                                role.Submit();
                                MessageBox.Show("Setting for " + aRole + " has been saved.", "Role Settings Saved", MessageBoxButtons.OK);
                            }
                            //Submit everything just to be sure
                            application.Submit();
                        }
                        store.Submit();
                    }
                }
            }
            catch (COMException ce)
            {
                MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred");
            }
            catch (Exception ex)
            {
                if (ex is UnauthorizedAccessException)
                {
                    MessageBox.Show("Access denied to " + aStoreName + "AuthStore.xml. Maybe it is read-only?", "", MessageBoxButtons.OK);
                }
                else
                {
                    MessageBox.Show("Failed to save configuration", "", MessageBoxButtons.OK);
                }
            }
        }
Exemplo n.º 16
0
        private static void MergeStores(string fromStoreLocation, string toStoreLocation)
        {
            LogEntry entry = new LogEntry();

            entry.Severity = TraceEventType.Verbose;
            entry.Priority = -1;

            if (Logger.ShouldLog(entry))
            {
                entry.Message = string.Format("Merging authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"...", fromStoreLocation, toStoreLocation);
                Logger.Write(entry);
            }

            try
            {
                AzAuthorizationStore fromStore = new AzAuthorizationStore();
                fromStore.Initialize(0, fromStoreLocation, null);

                AzAuthorizationStore toStore = new AzAuthorizationStore();
                toStore.Initialize(AZ_AZSTORE_FLAG_BATCH_UPDATE, toStoreLocation, null);

                foreach (IAzApplication3 fromApplication in fromStore.Applications)
                {
                    IAzApplication3 toApplication = (IAzApplication3)((IAzAuthorizationStore3)toStore).OpenApplication2(fromApplication.Name, null);

                    var operationsDictionary = new Dictionary <string, IAzOperation>();

                    int nextOperationId = 0;

                    foreach (IAzOperation toOperation in toApplication.Operations)
                    {
                        operationsDictionary.Add(toOperation.Name, toOperation);
                        nextOperationId = Math.Max(nextOperationId, toOperation.OperationID);
                    }

                    foreach (IAzOperation fromOperation in fromApplication.Operations)
                    {
                        IAzOperation toOperation = null;

                        if (operationsDictionary.ContainsKey(fromOperation.Name))
                        {
                            toOperation = operationsDictionary[fromOperation.Name];
                        }
                        else
                        {
                            if (Logger.ShouldLog(entry))
                            {
                                entry.Message = string.Format("Adding new Operation \"{0}\"...", fromOperation.Name);
                                Logger.Write(entry);
                            }

                            toOperation = toApplication.CreateOperation(fromOperation.Name);
                            nextOperationId++;
                            toOperation.OperationID = nextOperationId;
                        }

                        toOperation.Description = fromOperation.Description;
                        toOperation.Submit();
                    }

                    var tasksDictionary = new Dictionary <string, IAzTask>();

                    foreach (IAzTask toTask in toApplication.Tasks)
                    {
                        tasksDictionary.Add(toTask.Name, toTask);
                    }

                    foreach (IAzTask fromTask in fromApplication.Tasks)
                    {
                        IAzTask toTask = null;

                        if (tasksDictionary.ContainsKey(fromTask.Name))
                        {
                            toTask = tasksDictionary[fromTask.Name];
                        }
                        else
                        {
                            if (Logger.ShouldLog(entry))
                            {
                                entry.Message = string.Format("Adding new Task \"{0}\"...", fromTask.Name);
                                Logger.Write(entry);
                            }

                            toTask = toApplication.CreateTask(fromTask.Name);
                        }

                        toTask.IsRoleDefinition = fromTask.IsRoleDefinition;
                        toTask.Description      = fromTask.Description;

                        foreach (string taskOperation in fromTask.Operations)
                        {
                            if (!((object[])toTask.Operations).Contains(taskOperation))
                            {
                                if (Logger.ShouldLog(entry))
                                {
                                    entry.Message = string.Format("Adding Operation \"{0}\" to Task \"{1}\"...", taskOperation, toTask.Name);
                                    Logger.Write(entry);
                                }

                                toTask.AddOperation(taskOperation);
                            }
                        }

                        toTask.Submit();
                    }

                    var rolesDictionary = new Dictionary <string, IAzRoleDefinition>();

                    foreach (IAzRoleDefinition toRole in toApplication.RoleDefinitions)
                    {
                        rolesDictionary.Add(toRole.Name, toRole);
                    }

                    foreach (IAzRoleDefinition fromRole in fromApplication.RoleDefinitions)
                    {
                        IAzRoleDefinition toRole = null;

                        if (rolesDictionary.ContainsKey(fromRole.Name))
                        {
                            toRole = rolesDictionary[fromRole.Name];
                        }
                        else
                        {
                            if (Logger.ShouldLog(entry))
                            {
                                entry.Message = string.Format("Adding new Role Definition \"{0}\"...", fromRole.Name);
                                Logger.Write(entry);
                            }

                            toRole = toApplication.CreateRoleDefinition(fromRole.Name);
                        }

                        toRole.Description = toRole.Description;

                        foreach (string roleOperation in fromRole.Operations)
                        {
                            if (!((object[])toRole.Operations).Contains(roleOperation))
                            {
                                if (Logger.ShouldLog(entry))
                                {
                                    entry.Message = string.Format("Adding Operation \"{0}\" to Role Definition \"{1}\"...", roleOperation, toRole.Name);
                                    Logger.Write(entry);
                                }

                                toRole.AddOperation(roleOperation);
                            }
                        }

                        foreach (string roleTask in fromRole.Tasks)
                        {
                            if (!((object[])toRole.Tasks).Contains(roleTask))
                            {
                                if (Logger.ShouldLog(entry))
                                {
                                    entry.Message = string.Format("Adding Task \"{0}\" to Role Definition \"{1}\"...", roleTask, toRole.Name);
                                    Logger.Write(entry);
                                }

                                toRole.AddTask(roleTask);
                            }
                        }

                        toRole.Submit();
                    }
                }

                if (Logger.ShouldLog(entry))
                {
                    entry.Message = string.Format("Submitting changes...");
                    Logger.Write(entry);
                }

                toStore.Submit();
            }
            catch (Exception ex)
            {
                AuthorizationException authException = new AuthorizationException(string.Format("Failed to merge authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"\n", fromStoreLocation, toStoreLocation), ex);

                entry.Severity = TraceEventType.Error;

                if (Logger.ShouldLog(entry))
                {
                    entry.Message = authException.ToString();
                    Logger.Write(entry);
                }

                throw authException;
            }
        }