/// <summary>
/// Gets a list of users in the specified role for the configured applicationName.
/// </summary>
/// <param name="roleName">The name of the role to get the list of users for.</param>
/// <returns>
/// A string array containing the names of all the users who are members of the specified role for the configured applicationName.
/// </returns>
public override string[] GetUsersInRole(string roleName)
{
using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
{
IAzManApplication application = storage[this.storeName][this.applicationName];
IAzManItem role = application[roleName];
if (role.ItemType != ItemType.Role)
{
throw new ArgumentException(String.Format("{0} must be a Role.", roleName), "roleName");
}
IAzManAuthorization[] authz = role.GetAuthorizations();
List <string> users = new List <string>();
foreach (IAzManAuthorization auth in authz)
{
if (auth.AuthorizationType == AuthorizationType.Allow
||
auth.AuthorizationType == AuthorizationType.AllowWithDelegation)
{
if (auth.SidWhereDefined == WhereDefined.Local || auth.SidWhereDefined == WhereDefined.LDAP)
{
string displayName;
auth.GetMemberInfo(out displayName);
users.Add(displayName);
}
else if (auth.SidWhereDefined == WhereDefined.Database)
{
users.Add(application.GetDBUser(auth.SID).UserName);
}
}
}
return(users.ToArray());
}
}
/// <summary>
/// Adds the specified user names to the specified roles for the configured applicationName.
/// </summary>
/// <param name="usernames">A string array of user names to be added to the specified roles.</param>
/// <param name="roleNames">A string array of the role names to add the specified user names to.</param>
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
{
try
{
storage.OpenConnection();
storage.BeginTransaction();
IAzManApplication application = storage[this.storeName][this.applicationName];
foreach (string roleName in roleNames)
{
IAzManItem role = application.GetItem(roleName);
if (role.ItemType != ItemType.Role)
{
throw new ArgumentException(String.Format("{0} must be a Role.", roleName));
}
foreach (string username in usernames)
{
IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User);
WhereDefined whereDefined = WhereDefined.LDAP;
if (this.userLookupType == "LDAP")
{
string fqun = this.getFQUN(username);
NTAccount ntaccount = new NTAccount(fqun);
if (ntaccount == null)
{
throw SqlAzManException.UserNotFoundException(username, null);
}
IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier)))));
if (sid == null)
{
throw SqlAzManException.UserNotFoundException(username, null);
}
role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null);
}
else
{
var dbuser = application.GetDBUser(username);
IAzManSid sid = dbuser.CustomSid;
role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null);
}
}
}
storage.CommitTransaction();
//Rebuild StorageCache
this.InvalidateCache(false);
}
catch
{
storage.RollBackTransaction();
throw;
}
finally
{
storage.CloseConnection();
}
}
}
/// <summary>
/// Gets the DB user.
/// </summary>
/// <param name="dbUserName">Name of the db user.</param>
/// <returns></returns>
/// <remarks>Thread-Safe</remarks>
public virtual IAzManDBUser GetDBUser(string dbUserName)
{
using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
{
IAzManApplication application = storage[this.storeName][this.applicationName];
return(application.GetDBUser(dbUserName));
}
}
private void DBUserList_FormClosed(object sender, FormClosedEventArgs e)
{
var form = (DBUsersList)sender;
if (form.SelectedItems != null)
{
if (form.SelectedItems.Count > 0)
{
var item = form.SelectedItems[0];
if (item != null)
{
IAzManDBUser dbUser = _Application.GetDBUser(item.SubItems[0].Text);
txtUser.Tag = dbUser;
txtUser.Text = dbUser.UserName;
txtDetails.Text = String.Empty;
tvwResults.Nodes.Clear();
}
}
}
}
/// <summary>
/// Gets a value indicating whether the specified user is in the specified role for the configured applicationName.
/// </summary>
/// <param name="username">The user name to search for.</param>
/// <param name="roleName">The role to search in.</param>
/// <returns>
/// true if the specified user is in the specified role for the configured applicationName; otherwise, false.
/// </returns>
public override bool IsUserInRole(string username, string roleName)
{
if (this.userLookupType == "LDAP")
{
WindowsIdentity wid = null;
if (String.Compare(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).Name, this.getFQUN(username), true) == 0)
{
wid = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent());
}
if (wid == null)
{
wid = new WindowsIdentity(this.getUpn(this.getFQUN(username))); //Kerberos Protocol Transition: Works in W2K3 native domain only
}
if (!this.useWCFCacheService)
{
return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now)
where
t.Type == ItemType.Role
&&
(t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation)
&&
t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
select t).Count() > 0);
}
else
{
using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient())
{
try
{
return((from t in csc.GetAuthorizedItemsForWindowsUsers(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now, null)
where
t.Type == NetSqlAzManWCFCacheService.ItemType.Role
&&
(t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation)
&&
t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
select t).Count() > 0);
}
finally
{
((IDisposable)csc).Dispose();
}
}
}
}
else
{
using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
{
IAzManApplication application = storage[this.storeName][this.applicationName];
IAzManDBUser dbUser = application.GetDBUser(username);
if (!this.useWCFCacheService)
{
return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, dbUser.CustomSid.StringValue, DateTime.Now)
where
t.Type == ItemType.Role
&&
(t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation)
&&
t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
select t).Count() > 0);
}
else
{
using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient())
{
try
{
return((from t in csc.GetAuthorizedItemsForDatabaseUsers(this.storeName, this.applicationName, dbUser.CustomSid.StringValue, DateTime.Now, null)
where
t.Type == NetSqlAzManWCFCacheService.ItemType.Role
&&
(t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation)
&&
t.Name.Equals(roleName, StringComparison.CurrentCultureIgnoreCase)
select t).Count() > 0);
}
finally
{
((IDisposable)csc).Dispose();
}
}
}
}
}
}
