/// <summary>
/// AuthorizationCheck
/// This method is used to check if the user is authorized to access the objects's
/// attribute. Accessing of object's specific attributes is dependent on the accessRights
/// and ctrlAccessRights bit
/// </summary>
/// <param name="accessRights">specifies the access rights granted on the user for
/// the object's specific attribute</param>
/// <param name="ctrlAccessRights">specifies the control access rights on the user
/// for the object's specific attribute</param>
/// <param name="attribCheck">specifies the attribute of the object.Depending
/// upon the access control bits set, we will observe if the object is accessible</param>
/// <param name="fUserPwdSupport">specifies the whether the password Change operation is supported or not</param>
/// <returns>errorstatus</returns>
public errorstatus AuthorizationCheck(AccessRights accessRights,
ControlAccessRights ctrlAccessRights,
AttribsToCheck attribCheck,
bool fUserPwdSupport)
{
#region valid Credentials
return(AuthorizationRequirements(accessRights, ctrlAccessRights, attribCheck, fUserPwdSupport));
#endregion
}
/// <summary>
/// This method validates the requirements AD Authorization
/// </summary>
/// <param name="accessRights">specifies the ActiveDirectoryRight</param>
/// <param name="ctrlAccessRights">specifies the Control access right</param>
/// <param name="attribCheck">specifies attribute to validate</param>
/// <param name="fUserPwdSupport">specifies the whether the password Change operation is supported or not</param>
/// <returns>returns the status</returns>
private errorstatus AuthorizationRequirements(AccessRights accessRights,
ControlAccessRights ctrlAccessRights,
AttribsToCheck attribCheck,
bool fUserPwdSupport)
{
#region nTSecurityDescriptoRequirementsValidation
//Checking nTSecurityDescriptor
if (attribCheck == AttribsToCheck.nTSecurityDescriptor)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidatenTSecurityDescriptor(accessRights, attribCheck));
}
#endregion
#region msDS_QuotaEffective
if (attribCheck == AttribsToCheck.msDS_QuotaEffective)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidatemsDS_QuotaEffectiveAttribute(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region msDS_QuotaUsed
if (attribCheck == AttribsToCheck.msDS_QuotaUsed)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidatemsDS_QuotaUsedAttribute(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region passwordChange attribute
if (attribCheck == AttribsToCheck.userPassword)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateUserPasswordAttribute(attribCheck, accessRights, ctrlAccessRights, fUserPwdSupport));
}
if (attribCheck == AttribsToCheck.nTSecurityDescriptor)
{
return(adtsRequirementsValidation.ValidatenTSecurityDescriptor(accessRights, attribCheck));
}
#endregion
#region NtdsQuotaRequirements
if (ctrlAccessRights == ControlAccessRights.DS_Query_Self_Quota)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidatemsDS_QuotaUsedAttribute(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region MsDS_ReplAttributeMetaDataAttributeRequirementsValidation
//Checking msDS_ReplAttributeMetaData
if (attribCheck == AttribsToCheck.msDS_ReplAttributeMetaData)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateMsDS_ReplAttributeMetaData(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region msDS-ReplValueMetaDataRequirementsValidation
//Checking msDS_ReplValueMetaData
if (attribCheck == AttribsToCheck.msDS_ReplValueMetaData)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateMsDS_ReplValueMetaData(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region msDS_NCReplInboundNeighborsAttributeRequirementsValidation
//Checking msDS_ReplAttributeMetaData
if (attribCheck == AttribsToCheck.msDS_NCReplInboundNeighbors)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateMsDS_NCReplInboundNeighborsAttribute(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region ValidateMsDS_NCReplOutboundNeighborsAttributeAttributeRequirementsValidation
//Checking msDS_ReplAttributeMetaData
if (attribCheck == AttribsToCheck.msDS_NCReplOutboundNeighbors)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateMsDS_NCReplOutboundNeighborsAttribute(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region msDS_NCReplCursorsAttributeRequirementsValidation
//Checking msDS_ReplAttributeMetaData
if (attribCheck == AttribsToCheck.msDS_NCReplCursors)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateMsDS_NCReplCursor(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region servicePrincipleNameAttributeRequirementsValidation
//Checking msDS_ReplAttributeMetaData
if (attribCheck == AttribsToCheck.servicePrincipleName)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateServicePrincipalName(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region dnsHostNameAttributeRequirementsValidation
//Checking msDS_ReplAttributeMetaData
if (attribCheck == AttribsToCheck.dnsHostName)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateDNSHostname(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region writeDACLOperationeAttributeRequirementsValidation
//Checking msDS_ReplAttributeMetaData
if (attribCheck == AttribsToCheck.writeDACLOperation)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidatewriteDACLOperation(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
#region MoveOperationValidation
if (attribCheck == AttribsToCheck.moveOperation)
{
//return the status of the Validation.
return(adtsRequirementsValidation.ValidateMoveOperation(accessRights, ctrlAccessRights, attribCheck));
}
#endregion
return(errorstatus.failure);
}
