private bool AzManTestCheckAccess()
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
string applicationName = "Application Test";
string[] operations = new string[] { this.txtOperation.Text };
HybridDictionary businessRuleParameters = new HybridDictionary();
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, AzManStorePath, null);
IAzApplication azApp = store.OpenApplication(applicationName, null);
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken((UInt64)identity.Token, null);
// costruisce il vettore dei valori e dei delle regole di business
Object[] names = new Object[0];
Object[] values = new Object[0];
Object[] operationIds = new Object[operations.Length];
for (Int32 index = 0; index < operations.Length; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
Object[] internalScopes = new Object[1];
Object[] result = (Object[])clientCtx.AccessCheck("AuditString", internalScopes, operationIds, names, values, null, null, null);
foreach (Int32 accessAllowed in result)
{
if (accessAllowed != 0)
{
return(false);
}
}
return(true);
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp)
{
lock (contextLock)
{
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
azApp = store.OpenApplication(applicationName, null);
}
ulong tokenHandle = (ulong)identity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
return(clientCtx);
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp)
{
WindowsIdentity winIdentity = identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(SR.WindowsIdentityOnly);
}
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, data.StoreLocation, null);
azApp = store.OpenApplication(applicationName, null);
Debug.Assert(azApp != null, "could not open the application");
ulong tokenHandle = (ulong)winIdentity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
Debug.Assert(clientCtx != null, "could not get the context");
return(clientCtx);
}
/// <summary>
/// Check access permission for user
/// </summary>
/// <returns>void</returns>
public bool CheckAccessPermissions(object[] operationIds)
{
bool bCheckAccess = false;
AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass();
AzManStore.Initialize(0, ConfigurationManager.ConnectionStrings[AuthorizationManagerConstants.AZMANPOLICYSTORECONNECTIONSTRING].ConnectionString, null);
IAzApplication azApp = AzManStore.OpenApplication(AuthorizationManagerConstants.AZMANAPPLICATION, null);
// Get the current user context
IPrincipal userPrincipal = HttpContext.Current.User;
WindowsIdentity userIdentity = userPrincipal.Identity as WindowsIdentity;
IAzClientContext clientContext = azApp.InitializeClientContextFromToken((ulong)userIdentity.Token, null);
// Check if user has access to the operations
// The first argument, "Auditstring", is a string that is used if you
// have run-time auditing turned on
object[] result = (object[])clientContext.AccessCheck("CheckAccessPermission", new object[1], operationIds, null, null, null, null, null);
// Test the integer array we got back to see which operations are
// authorized
int accessAllowed = (int)result[0];
if (accessAllowed != 0)
{
// current user not authorized to perform operation
bCheckAccess = false;
}
else
{
// current user authorized to perform operation
bCheckAccess = true;
}
return(bCheckAccess);
}
private void TestSuAzMan(string azManStorePath, int max)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
IAzAuthorizationStore store = new AzAuthorizationStoreClass();
store.Initialize(0, azManStorePath, null);
int rnd = 0; // new Random().Next(max);
IAzApplication app = store.OpenApplication("Application" + rnd.ToString(), null);
IAzClientContext ctx = app.InitializeClientContextFromToken((ulong)id.Token.ToInt64(), null);
string opName = "Operation" + rnd.ToString();
IAzOperation op = app.OpenOperation(opName, null);
object[] parameterNames = new object[1] {
"chiave"
};
object[] parameterValues = new object[1] {
"valore"
};
object[] oRes = (object[])ctx.AccessCheck("Test", null, new object[] { op.OperationID }, parameterNames, parameterValues, null, null, null);
foreach (int accessAllowed in oRes)
{
if (accessAllowed != 0)
{
break;
}
}
store.CloseApplication("Application" + rnd.ToString(), 0);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(op);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(app);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(store);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(ctx);
op = null;
ctx = null;
app = null;
store = null;
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp)
{
lock (contextLock)
{
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
azApp = store.OpenApplication(applicationName, null);
}
ulong tokenHandle = (ulong)identity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
return clientCtx;
}
/// <summary>
/// Initializes the WebExpense application to use the
/// authorization policy and settings defined in Global.asax.cs
/// </summary>
/// <returns>Returns any errors encountered in the initialization process
/// or null if no errors occured</returns>
public static bool Initialize()
{
//
// WebExpense Application object
//
IAzApplication AzManApp;
//
// WebExpense application store object
//
AzAuthorizationStoreClass AzManStore;
string RtnMsg;
//
// Create a new Authorization Manager Store object
//
AzManStore = new AzAuthorizationStoreClass();
try
{
//
// Open the Authorization Manager policy store from the path specified the in
// the application variable AZMAN_STORE. This variable
// is initially specified in Global.asax.cs
//
AzManStore.Initialize(0, (string)HttpContext.Current.Application["STORE_PATH"], null);
}
catch (System.IO.FileNotFoundException)
{
// IAzAuthorizationStore.Initialize failed w/ File Not Found. This can happen if the
// store URL is bad.
throw; // Since we can't proceed we'll throw to the default handler
}
catch (System.UnauthorizedAccessException)
{
// IAzAuthorizationStore.Initialize failed w/ AccessDenied. Make sure that the calling
// context is in the Reader (or Admin if the app needs to write) role on the AzMan store
throw; // Since we can't proceed we'll throw to the default handler
}
//
// Save the policy store in a session variable
//
HttpContext.Current.Application["AZMAN_STORE"] = AzManStore;
try
{
//
// Open the application specified in the application variable
// AZMAN_APP_NAME, This variable is initially specified in Global.asax.cs
//
AzManApp = AzManStore.OpenApplication((string)HttpContext.Current.Application["AZMAN_APP_NAME"], null);
}
catch (System.IO.FileNotFoundException)
{
// IAzAuthorizationStore.OpenApplication failed w/ File Not Found. This can happen if the
// application name is not correct (no corresponding application in the store).
throw; // Since we can't proceed we'll throw to the default handler
}
//
// Save the application to a session variable
//
HttpContext.Current.Application["AZMAN_APP"] = AzManApp;
//
// Return initialization suceeded
//
return(true);
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp)
{
WindowsIdentity winIdentity = identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(SR.WindowsIdentityOnly);
}
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, data.StoreLocation, null);
azApp = store.OpenApplication(applicationName, null);
Debug.Assert(azApp != null, "could not open the application");
ulong tokenHandle = (ulong) winIdentity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
Debug.Assert(clientCtx != null, "could not get the context");
return clientCtx;
}
/// <summary>
/// Initializes the WebExpense application to use the
/// authorization policy and settings defined in Global.asax.cs
/// </summary>
/// <returns>Returns any errors encountered in the initialization process
/// or null if no errors occured</returns>
public static bool Initialize()
{
//
// WebExpense Application object
//
IAzApplication AzManApp;
//
// WebExpense application store object
//
AzAuthorizationStoreClass AzManStore;
string RtnMsg;
//
// Create a new Authorization Manager Store object
//
AzManStore = new AzAuthorizationStoreClass();
try
{
//
// Open the Authorization Manager policy store from the path specified the in
// the application variable AZMAN_STORE. This variable
// is initially specified in Global.asax.cs
//
AzManStore.Initialize(0, (string)HttpContext.Current.Application["STORE_PATH"], null);
}
catch (System.IO.FileNotFoundException)
{
// IAzAuthorizationStore.Initialize failed w/ File Not Found. This can happen if the
// store URL is bad.
throw; // Since we can't proceed we'll throw to the default handler
}
catch (System.UnauthorizedAccessException)
{
// IAzAuthorizationStore.Initialize failed w/ AccessDenied. Make sure that the calling
// context is in the Reader (or Admin if the app needs to write) role on the AzMan store
throw; // Since we can't proceed we'll throw to the default handler
}
//
// Save the policy store in a session variable
//
HttpContext.Current.Application["AZMAN_STORE"] = AzManStore;
try
{
//
// Open the application specified in the application variable
// AZMAN_APP_NAME, This variable is initially specified in Global.asax.cs
//
AzManApp = AzManStore.OpenApplication ((string)HttpContext.Current.Application["AZMAN_APP_NAME"], null);
}
catch (System.IO.FileNotFoundException)
{
// IAzAuthorizationStore.OpenApplication failed w/ File Not Found. This can happen if the
// application name is not correct (no corresponding application in the store).
throw; // Since we can't proceed we'll throw to the default handler
}
//
// Save the application to a session variable
//
HttpContext.Current.Application["AZMAN_APP"] = AzManApp;
//
// Return initialization suceeded
//
return true;
}
private void TestSuAzMan(string azManStorePath, int max)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
IAzAuthorizationStore store = new AzAuthorizationStoreClass();
store.Initialize(0, azManStorePath, null);
int rnd = 0; // new Random().Next(max);
IAzApplication app = store.OpenApplication("Application" + rnd.ToString(), null);
IAzClientContext ctx = app.InitializeClientContextFromToken((ulong)id.Token.ToInt64(), null);
string opName = "Operation" + rnd.ToString();
IAzOperation op = app.OpenOperation(opName, null);
object[] parameterNames = new object[1] { "chiave" };
object[] parameterValues = new object[1] { "valore" };
object[] oRes = (object[])ctx.AccessCheck("Test", null, new object[] { op.OperationID }, parameterNames, parameterValues, null, null, null);
foreach (int accessAllowed in oRes)
{
if (accessAllowed != 0)
{
break;
}
}
store.CloseApplication("Application" + rnd.ToString(), 0);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(op);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(app);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(store);
System.Runtime.InteropServices.Marshal.FinalReleaseComObject(ctx);
op = null;
ctx = null;
app = null;
store = null;
}
private bool AzManTestCheckAccess()
{
WindowsIdentity identity = this.Request.LogonUserIdentity;
string applicationName = "Application Test";
string[] operations = new string[] { this.txtOperation.Text };
HybridDictionary businessRuleParameters = new HybridDictionary();
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, AzManStorePath, null);
IAzApplication azApp = store.OpenApplication(applicationName, null);
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken((UInt64)identity.Token, null);
// costruisce il vettore dei valori e dei delle regole di business
Object[] names = new Object[0];
Object[] values = new Object[0];
Object[] operationIds = new Object[operations.Length];
for (Int32 index = 0; index < operations.Length; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
Object[] internalScopes = new Object[1];
Object[] result = (Object[])clientCtx.AccessCheck("AuditString", internalScopes, operationIds, names, values, null, null, null);
foreach (Int32 accessAllowed in result)
{
if (accessAllowed != 0)
{
return false;
}
}
return true;
}