public AuthorizeUsingAzManProviderBuilder(IConfigureSecuritySettings context, string azManAuthorizationProviderName)
: base(context)
{
azManProviderData = new AzManAuthorizationProviderData
{
Name = azManAuthorizationProviderName
};
base.SecuritySettings.AuthorizationProviders.Add(azManProviderData);
}
/// <summary>
///
/// </summary>
/// <param name="azManAuthorizationProviderData"></param>
public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData)
{
if (azManAuthorizationProviderData == null)
{
throw new ArgumentNullException("azManAuthorizationProviderData");
}
this.scope = azManAuthorizationProviderData.Scope;
this.application = azManAuthorizationProviderData.Application;
this.storeLocation = azManAuthorizationProviderData.StoreLocation;
this.auditIdentifier = azManAuthorizationProviderData.AuditIdentifierPrefix;
Rename(azManAuthorizationProviderData.Name);
}
/// <summary>
///
/// </summary>
/// <param name="azManAuthorizationProviderData"></param>
public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData)
{
if (azManAuthorizationProviderData == null)
{
throw new ArgumentNullException("azManAuthorizationProviderData");
}
this.scope = azManAuthorizationProviderData.Scope;
this.application = azManAuthorizationProviderData.Application;
this.storeLocation = azManAuthorizationProviderData.StoreLocation;
this.auditIdentifier = azManAuthorizationProviderData.AuditIdentifierPrefix;
Rename(azManAuthorizationProviderData.Name);
}
public void Setup()
{
AzManAuthorizationProviderData azManProviderdata = new AzManAuthorizationProviderData();
azManProviderdata.Name = "AzMan Provider";
SecuritySettings settings = new SecuritySettings();
settings.AuthorizationProviders.Add(azManProviderdata);
registrations = settings.GetRegistrations(null);
}
public void Properties()
{
AzManAuthorizationProviderData data = new AzManAuthorizationProviderData();
data.Name = nodeName;
data.TypeName = nodeType;
data.Application = applicationName;
data.StoreLocation = storeLocation;
data.AuditIdentifierPrefix = auditIdPrefix;
Assert.AreEqual(nodeName, data.Name);
Assert.AreEqual(nodeType, data.TypeName);
Assert.AreEqual(applicationName, data.Application);
Assert.AreEqual(storeLocation, data.StoreLocation);
Assert.AreEqual(auditIdPrefix, data.AuditIdentifierPrefix);
}
public void Properties()
{
AzManAuthorizationProviderData data = new AzManAuthorizationProviderData();
data.Name = nodeName;
data.TypeName = nodeType;
data.Application = applicationName;
data.StoreLocation = storeLocation;
data.AuditIdentifierPrefix = auditIdPrefix;
Assert.AreEqual(nodeName, data.Name);
Assert.AreEqual(nodeType, data.TypeName);
Assert.AreEqual(applicationName, data.Application);
Assert.AreEqual(storeLocation, data.StoreLocation);
Assert.AreEqual(auditIdPrefix, data.AuditIdentifierPrefix);
}
private object[] GetTaskOperations(AzManAuthorizationProviderData data, IAzApplication azApp, string[] tasks)
{
string[] scopes = new string[] { data.Scope };
StringCollection operations = new StringCollection();
foreach (String task in tasks)
{
IAzScope scope = null;
if ((scopes != null) && (scopes[0].Length > 0))
{
scope = azApp.OpenScope(scopes[0], null);
}
IAzTask azTask = null;
if (scope != null)
{
azTask = scope.OpenTask(task, null);
}
else
{
azTask = azApp.OpenTask(task, null);
}
Array ops = azTask.Operations as Array;
Debug.Assert(ops != null);
foreach (String op in ops)
{
operations.Add(op);
}
}
if (operations.Count == 0)
{
throw new ConfigurationException(SR.NoOperations);
}
object[] operationIds = new object[operations.Count];
for (int index = 0; index < operations.Count; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
return(operationIds);
}
/// <devdoc>
/// Gets the client context for the call based on the identity, system and parameters.
/// </devdoc>
private IAzClientContext GetClientContext(AzManAuthorizationProviderData data, IIdentity identity, String applicationName, out IAzApplication azApp)
{
WindowsIdentity winIdentity = identity as WindowsIdentity;
if (winIdentity == null)
{
throw new ArgumentException(SR.WindowsIdentityOnly);
}
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, data.StoreLocation, null);
azApp = store.OpenApplication(applicationName, null);
Debug.Assert(azApp != null, "could not open the application");
ulong tokenHandle = (ulong)winIdentity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
Debug.Assert(clientCtx != null, "could not get the context");
return(clientCtx);
}
public void AzManAuthorizationProviderNodeTest()
{
string name = "some name";
string auditIdentifierPrefix = "pFix";
string storeLocation = "some store location";
string scope = "some scope";
AzManAuthorizationProviderData data = new AzManAuthorizationProviderData();
data.Name = name;
data.AuditIdentifierPrefix = auditIdentifierPrefix;
data.StoreLocation = storeLocation;
data.Scope = scope;
AzManAuthorizationProviderNode node = new AzManAuthorizationProviderNode(data);
Assert.AreEqual(name, node.Name);
Assert.AreEqual(auditIdentifierPrefix, node.AuditIdentifierPrefix);
Assert.AreEqual(storeLocation, node.StoreLocation);
Assert.AreEqual(scope, node.Scope);
}
/// <devdoc>
/// Checks access to specified a set of operations in a specified application in a specified scope.
/// </devdoc>
private bool CheckAccessOperations(AzManAuthorizationProviderData data, string auditIdentifier, IIdentity identity, string[] operations)
{
string[] scopes = new string[] { data.Scope };
IAzApplication azApp = null;
try
{
IAzClientContext clientCtx = GetClientContext(data, identity, data.Application, out azApp);
Debug.Assert(azApp != null);
object[] operationIds = new object[operations.Length];
for (int index = 0; index < operations.Length; index++)
{
operationIds[index] = azApp.OpenOperation(operations[index], null).OperationID;
}
object[] internalScopes = null;
if (scopes != null)
{
internalScopes = new object[1];
internalScopes[0] = scopes[0];
}
object[] result = (object[])clientCtx.AccessCheck(auditIdentifier,
internalScopes, operationIds, null, null, null, null, null);
foreach (int accessAllowed in result)
{
if (accessAllowed != 0)
{
return(false);
}
}
}
catch (COMException comEx)
{
throw new SecurityException(comEx.Message, comEx);
}
return(true);
}
/// <summary>
/// Evaluates the specified authority against the specified context that is either a task or operation in Authorization Manager. If the context is an operation it should be prefixed by "O".
/// </summary>
/// <param name="principal">Principal object containing a windows identity.</param>
/// <param name="context">Name of the task or operation to evaluate.</param>
/// <returns><strong>True</strong> if AzMan evaluates to true,
/// otherwise <strong>false</strong>.</returns>
public bool Authorize(IPrincipal principal, string context)
{
ArgumentValidation.CheckForNullReference(principal, "principal");
ArgumentValidation.CheckForNullReference(context, "context");
SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context);
AzManAuthorizationProviderData data = GetConfigurationData();
string auditIdentifier = data.AuditIdentifierPrefix + principal.Identity.Name + ":" + context;
bool result = false;
bool operation = false;
if (context.IndexOf(OperationContextPrefix) == 0)
{
operation = true;
context = context.Substring(OperationContextPrefix.Length);
}
if (operation)
{
string[] operations = new string[] { context };
result = CheckAccessOperations(data, auditIdentifier, principal.Identity, operations);
}
else
{
string[] tasks = new string[] { context };
result = CheckAccessTasks(data, auditIdentifier, principal.Identity, tasks);
}
if (result == false)
{
SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context);
}
return(result);
}
public TestAuthorizationProviderConfigurationView(AzManAuthorizationProviderData data, ConfigurationContext context) : base(context)
{
this.data = data;
}
/// <summary>
/// Constructor for AzManAuthorizationProviderDataNode.
/// </summary>
/// <param name="azManAuthorizationProviderData">Configuration data for <see cref="AzManAuthorizationProvider"></see></param>
public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData)
: base(azManAuthorizationProviderData)
{
this.azManAuthorizationProviderData = azManAuthorizationProviderData;
}
/// <summary>
/// Constructor for AzManAuthorizationProviderDataNode.
/// </summary>
/// <param name="azManAuthorizationProviderData">Configuration data for <see cref="AzManAuthorizationProvider"></see></param>
public AzManAuthorizationProviderNode(AzManAuthorizationProviderData azManAuthorizationProviderData) : base(azManAuthorizationProviderData)
{
this.azManAuthorizationProviderData = azManAuthorizationProviderData;
}
