private bool AzManTestCheckAccess()
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
string applicationName = "Application Test";
string[] operations = new string[] { this.txtOperation.Text };
HybridDictionary businessRuleParameters = new HybridDictionary();
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, AzManStorePath, null);
IAzApplication azApp = store.OpenApplication(applicationName, null);
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken((UInt64)identity.Token, null);
// costruisce il vettore dei valori e dei delle regole di business
Object[] names = new Object[0];
Object[] values = new Object[0];
Object[] operationIds = new Object[operations.Length];
for (Int32 index = 0; index < operations.Length; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
Object[] internalScopes = new Object[1];
Object[] result = (Object[])clientCtx.AccessCheck("AuditString", internalScopes, operationIds, names, values, null, null, null);
foreach (Int32 accessAllowed in result)
{
if (accessAllowed != 0)
{
return(false);
}
}
return(true);
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp)
{
lock (contextLock)
{
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
azApp = store.OpenApplication(applicationName, null);
}
ulong tokenHandle = (ulong)identity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
return(clientCtx);
}
public bool AccessCheck(string audit, Operations op,
WindowsIdentity clientIdentity)
{
try {
// first step is to create an AzMan context for the client
// this looks at the security identifiers (SIDs) in the user's
// access token and maps them onto AzMan roles, tasks, and operations
IAzClientContext ctx = app.InitializeClientContextFromToken(
(ulong)clientIdentity.Token.ToInt64(), null);
// next step is to see if this user is authorized for
// the requested operation. Note that AccessCheck allows
// you to check multiple operations at once if you desire
object[] scopes = { "" };
object[] operations = { (int)op };
object[] results = (object[])ctx.AccessCheck(audit, scopes, operations,
null, null, null, null, null);
int result = (int)results[0];
return(0 == result);
}
catch (COMException x) {
throw new AzManException("AccessCheck failed", x);
}
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp)
{
WindowsIdentity winIdentity = identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(SR.WindowsIdentityOnly);
}
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, data.StoreLocation, null);
azApp = store.OpenApplication(applicationName, null);
Debug.Assert(azApp != null, "could not open the application");
ulong tokenHandle = (ulong)winIdentity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
Debug.Assert(clientCtx != null, "could not get the context");
return(clientCtx);
}
/// <summary>
/// Check access permission for user
/// </summary>
/// <returns>void</returns>
public bool CheckAccessPermissions(object[] operationIds)
{
bool bCheckAccess = false;
AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass();
AzManStore.Initialize(0, ConfigurationManager.ConnectionStrings[AuthorizationManagerConstants.AZMANPOLICYSTORECONNECTIONSTRING].ConnectionString, null);
IAzApplication azApp = AzManStore.OpenApplication(AuthorizationManagerConstants.AZMANAPPLICATION, null);
// Get the current user context
IPrincipal userPrincipal = HttpContext.Current.User;
WindowsIdentity userIdentity = userPrincipal.Identity as WindowsIdentity;
IAzClientContext clientContext = azApp.InitializeClientContextFromToken((ulong)userIdentity.Token, null);
// Check if user has access to the operations
// The first argument, "Auditstring", is a string that is used if you
// have run-time auditing turned on
object[] result = (object[])clientContext.AccessCheck("CheckAccessPermission", new object[1], operationIds, null, null, null, null, null);
// Test the integer array we got back to see which operations are
// authorized
int accessAllowed = (int)result[0];
if (accessAllowed != 0)
{
// current user not authorized to perform operation
bCheckAccess = false;
}
else
{
// current user authorized to perform operation
bCheckAccess = true;
}
return(bCheckAccess);
}
private void TestSuAzMan(string azManStorePath, int max)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
IAzAuthorizationStore store = new AzAuthorizationStoreClass();
store.Initialize(0, azManStorePath, null);
int rnd = 0; // new Random().Next(max);
IAzApplication app = store.OpenApplication("Application" + rnd.ToString(), null);
IAzClientContext ctx = app.InitializeClientContextFromToken((ulong)id.Token.ToInt64(), null);
string opName = "Operation" + rnd.ToString();
IAzOperation op = app.OpenOperation(opName, null);
object[] parameterNames = new object[1] {
"chiave"
};
object[] parameterValues = new object[1] {
"valore"
};
object[] oRes = (object[])ctx.AccessCheck("Test", null, new object[] { op.OperationID }, parameterNames, parameterValues, null, null, null);
foreach (int accessAllowed in oRes)
{
if (accessAllowed != 0)
{
break;
}
}
store.CloseApplication("Application" + rnd.ToString(), 0);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(op);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(app);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(store);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(ctx);
op = null;
ctx = null;
app = null;
store = null;
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp)
{
lock (contextLock)
{
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
azApp = store.OpenApplication(applicationName, null);
}
ulong tokenHandle = (ulong)identity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
return clientCtx;
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp)
{
WindowsIdentity winIdentity = identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(SR.WindowsIdentityOnly);
}
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, data.StoreLocation, null);
azApp = store.OpenApplication(applicationName, null);
Debug.Assert(azApp != null, "could not open the application");
ulong tokenHandle = (ulong) winIdentity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
Debug.Assert(clientCtx != null, "could not get the context");
return clientCtx;
}