/// <summary>
/// Displays the dialog.
/// </summary>
public UserIdentity ShowDialog(IUserIdentity identity, string caption)
{
if (!String.IsNullOrEmpty(caption))
{
this.Text = caption;
}
if (identity != null)
{
UserNameIdentityToken token = identity.GetIdentityToken() as UserNameIdentityToken;
if (token != null)
{
UserNameTB.Text = token.UserName;
PasswordTB.Text = token.DecryptedPassword;
}
}
if (ShowDialog() != DialogResult.OK)
{
return null;
}
return new UserIdentity(UserNameTB.Text, PasswordTB.Text);
}
public override SystemPermissions GetPermissionsForUser(IUserIdentity user)
{
if (user == null || !user.IsAuthenticated())
{
return SystemPermissions.None;
}
var calculatedPermissions = SystemPermissions.None;
if (!String.IsNullOrEmpty(user.UserName))
{
// See if there are user-specific permissions
SystemPermissions userPermissions;
if (_userPermissions.TryGetValue(user.UserName, out userPermissions))
{
calculatedPermissions |= userPermissions;
}
}
foreach (var claim in user.Claims)
{
SystemPermissions claimPermissions;
if (_claimPermissions.TryGetValue(claim, out claimPermissions))
{
calculatedPermissions |= claimPermissions;
}
}
return calculatedPermissions;
}
public WorkgroupServiceTests()
{
AutomapperConfig.Configure();
VendorRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<Vendor, string>>();
VendorAddressRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<VendorAddress, Guid>>();
UserRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<User, string>>();
EmailPreferencesRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<EmailPreferences, string>>();
WorkgroupPermissionRepository = MockRepository.GenerateStub<IRepository<WorkgroupPermission>>();
WorkgroupRepository = MockRepository.GenerateStub<IRepository<Workgroup>>();
OrganizationRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<Organization, string>>();
SearchService = MockRepository.GenerateStub<IDirectorySearchService>();
RepositoryFactory = MockRepository.GenerateStub<IRepositoryFactory>();
RepositoryFactory.RoleRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<Role, string>>();
RepositoryFactory.WorkgroupPermissionRepository = WorkgroupPermissionRepository;
RepositoryFactory.AccountRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<Account, string>>();
QueryRepositoryFactory = MockRepository.GenerateStub<IQueryRepositoryFactory>();
UserIdentity = MockRepository.GenerateStub<IUserIdentity>();
QueryRepositoryFactory.RelatatedWorkgroupsRepository =
MockRepository.GenerateStub<IRepository<RelatedWorkgroups>>();
WorkgroupService = new WorkgroupService(VendorRepository,
VendorAddressRepository,
UserRepository,
EmailPreferencesRepository,
WorkgroupPermissionRepository,
WorkgroupRepository,
OrganizationRepository,
SearchService,
RepositoryFactory, QueryRepositoryFactory, UserIdentity);
}
/// <summary>
/// Creates a token from a <see cref="IUserIdentity"/>.
/// </summary>
/// <param name="userIdentity">The user identity from which to create a token.</param>
/// <param name="context">Current <see cref="NancyContext"/>.</param>
/// <returns>The generated token.</returns>
public string Tokenize(IUserIdentity userIdentity, NancyContext context)
{
var items = new List<string>
{
userIdentity.UserName,
string.Join(this.claimsDelimiter, userIdentity.Claims),
this.tokenStamp().Ticks.ToString(CultureInfo.InvariantCulture)
};
if (this.additionalItems != null)
{
foreach (var item in this.additionalItems.Select(additionalItem => additionalItem(context)))
{
if (string.IsNullOrWhiteSpace(item))
{
throw new RouteExecutionEarlyExitException(new Response { StatusCode = HttpStatusCode.Unauthorized });
}
items.Add(item);
}
}
var message = string.Join(this.itemDelimiter, items);
var token = CreateToken(message);
return token;
}
public bool TryAuthentifcate(AuthenticateUserRequest request, out IUserIdentity identity)
{
using (var database = DatabaseFactory.GetDatabase())
{
identity = null;
User user = database.Query<User>().FirstOrDefault(x => x.Name == request.UserName);
if (user == null)
{
return false;
}
if (user.PasswordHash != cryptoService.ComputeHash(request.Password, user.PasswordSalt))
{
return false;
}
IList<string> claims = database.Fetch<string>(@"
select c.*
from auth.user u
inner join auth.user_claim uc on u.user_id = uc.user_id
inner join auth.claim c on uc.claim_id = c.claim_id
where u.user_id = @0", user.Id);
identity = new DefaultUserIdentity(user.Name, claims);
return true;
}
}
public RavenFileRepository(IDocumentSession documentSession, IFileStorage fileStorage, IUserIdentity userIdentity, ILog logger)
{
_documentSession = DIHelper.VerifyParameter(documentSession);
_fileStorage = DIHelper.VerifyParameter(fileStorage);
_userIdentity = DIHelper.VerifyParameter(userIdentity);
_logger = DIHelper.VerifyParameter(logger);
}
public NotificationServiceTests()
{
EmailRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<EmailQueue, Guid>>();
EmailPreferenceRepository = MockRepository.GenerateStub < IRepositoryWithTypedId<EmailPreferences, string>>();
UserIdentity = MockRepository.GenerateStub<IUserIdentity>();
UserRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<User, string>>();
OrderStatusCodeRepository = MockRepository.GenerateStub<IRepositoryWithTypedId<OrderStatusCode, string>>();
ServerLink = MockRepository.GenerateStub<IServerLink>();
QueryRepositoryFactory = MockRepository.GenerateStub<IQueryRepositoryFactory>();
RepositoryFactory = MockRepository.GenerateStub<IRepositoryFactory>();
RepositoryFactory.OrganizationRepository =
MockRepository.GenerateStub<IRepositoryWithTypedId<Organization, string>>();
AdminWorkgroupRepository = MockRepository.GenerateStub<IRepository<AdminWorkgroup>>();
QueryRepositoryFactory.AdminWorkgroupRepository = AdminWorkgroupRepository;
WorkgroupRepository = MockRepository.GenerateStub<IRepository<Workgroup>>();
RepositoryFactory.WorkgroupRepository = WorkgroupRepository;
NotificationService = new NotificationService(EmailRepository, EmailPreferenceRepository, UserRepository, OrderStatusCodeRepository, UserIdentity, ServerLink, QueryRepositoryFactory, RepositoryFactory);
ServerLink.Expect(a => a.Address).Return("FakeHost").Repeat.Any();
ApprovalRepository = MockRepository.GenerateStub<IRepository<Approval>>();
SetupOrderStatusCodes();
}
public SearchController(ISearchService searchService, IQueryRepositoryFactory queryRepositoryFactory, IUserIdentity userIdentity, IAccessQueryService accessQueryService)
{
_searchService = searchService;
_queryRepositoryFactory = queryRepositoryFactory;
_userIdentity = userIdentity;
_accessQueryService = accessQueryService;
}
public DepartmentalAdminRequestController(IRepositoryWithTypedId<DepartmentalAdminRequest, string> departmentalAdminRequestRepository, IRepositoryFactory repositoryFactory, IQueryRepositoryFactory queryRepositoryFactory, IDirectorySearchService directorySearchService, IUserIdentity userIdentity)
{
_departmentalAdminRequestRepository = departmentalAdminRequestRepository;
_repositoryFactory = repositoryFactory;
_queryRepositoryFactory = queryRepositoryFactory;
_directorySearchService = directorySearchService;
_userIdentity = userIdentity;
}
public RollbarPerson GetPerson(IUserIdentity currentUser) {
var person = currentUser as FakePerson;
if (person == null) throw new ArgumentException("Current User has to be FakePerson", "currentUser");
return new RollbarPerson(person.Id.ToString(CultureInfo.InvariantCulture)) {
UserName = person.UserName,
Email = person.Email,
};
}
private bool IsAuthorized(IUserIdentity userIdentity)
{
if (requiredRole == UserRole.Admin)
{
return userIdentity.HasClaim("Admin");
}
return true;
}
private AuthenticateUserResponse GetAuthenticateResponse(IUserIdentity userIdentity)
{
var token = tokenizer.Tokenize(userIdentity, Context);
return new AuthenticateUserResponse
{
Token = token
};
}
public SecurityServiceTests()
{
RepositoryFactory = MockRepository.GenerateStub<IRepositoryFactory>();
AccessQueryService = MockRepository.GenerateStub<IAccessQueryService>();
QueryRepositoryFactory = MockRepository.GenerateStub<IQueryRepositoryFactory>();
UserIdentity = MockRepository.GenerateStub<IUserIdentity>();
DirectorySearchService = MockRepository.GenerateStub<IDirectorySearchService>();
SecurityService = new SecurityService(RepositoryFactory, UserIdentity, DirectorySearchService, AccessQueryService, QueryRepositoryFactory);
}
public DeployRequestManager(IBuildRepository buildRepository, IProjectRepository projectRepository, IDeployRepository deployRepository, IDeploymentValidator validator, IProjectNotifier projectNotifier, IUserIdentity userIdentity, IDeployStateRepository deployStateRepository)
{
_buildRepository = DIHelper.VerifyParameter(buildRepository);
_projectRepository = DIHelper.VerifyParameter(projectRepository);
_deployRepository = DIHelper.VerifyParameter(deployRepository);
_deployStateRepository = DIHelper.VerifyParameter(deployStateRepository);
_validator = DIHelper.VerifyParameter(validator);
_projectNotifier = DIHelper.VerifyParameter(projectNotifier);
_userIdentity = DIHelper.VerifyParameter(userIdentity);
}
/* strings to be used in the messages */
//private const string ApprovalMessage = "Order request {0} for {1} has been approved by {2} at {3} review.";
//private const string CancellationMessage = "Order request {0} for {1} has been cancelled by {2} at {3} review with the following comment \"{4}\".";
//private const string UpdateInKualiMessage = "Order request {0} for {1} has been updated in Kuali to {2}.";
//private const string ChangeMessage = "Order request {0} for {1} has been changed by {2}.";
//private const string SubmissionMessage = "Order request {0} for {1} has been submitted.";
//private const string ArrivalMessage = "Order request {0} for {1} has arrived at your level ({2}) for review from {3}{4}.";
//private const string CompleteMessage = "Order request {0} for {1} has been completed by {2}. Order will be completed as a {3}.";
//private const string ReceiveMessage = "Order request {0} for {1} has {2} item(s) received.";
//private const string RerouteMessage = "Order request {0} for {1} has been rerouted to you.";
//private const string AddAttachmentMessage = "Order request {0} for {1} has a new attachment added by {2}";
//private const string AddNoteMessage = "Order request {0} for {1} has a new note added by {2}";
public NotificationService(IRepositoryWithTypedId<EmailQueue, Guid> emailRepository, IRepositoryWithTypedId<EmailPreferences, string> emailPreferenceRepository, IRepositoryWithTypedId<User, string> userRepository, IRepositoryWithTypedId<OrderStatusCode, string> orderStatusCodeRepository, IUserIdentity userIdentity, IServerLink serverLink, IQueryRepositoryFactory queryRepositoryFactory, IRepositoryFactory repositoryFactory )
{
_emailRepository = emailRepository;
_emailPreferenceRepository = emailPreferenceRepository;
_userRepository = userRepository;
_orderStatusCodeRepository = orderStatusCodeRepository;
_userIdentity = userIdentity;
_serverLink = serverLink;
//_serverLink = "prepurchasing.ucdavis.edu";
_queryRepositoryFactory = queryRepositoryFactory;
_repositoryFactory = repositoryFactory;
}
private void SetImageSource(UserAvatarModel context, IUserIdentity userIdentity)
{
if (TeamCodingPackage.Current.Settings.UserSettings.UserTabDisplay == UserSettings.UserDisplaySetting.Avatar)
{
if (userIdentity.ImageBytes != null)
{
using (var MS = new MemoryStream(userIdentity.ImageBytes))
{
var bitmap = new BitmapImage();
bitmap.BeginInit();
bitmap.StreamSource = MS;
bitmap.CacheOption = BitmapCacheOption.OnLoad;
bitmap.EndInit();
context.AvatarImageSource = UrlImages[userIdentity.ImageUrl] = bitmap;
}
}
else if (userIdentity.ImageUrl != null)
{
if (UrlImages.ContainsKey(userIdentity.ImageUrl))
{
context.AvatarImageSource = UrlImages[userIdentity.ImageUrl];
}
else
{
ThreadHelper.JoinableTaskFactory.RunAsync(async() =>
{
try
{
var request = await TeamCodingPackage.Current.HttpClient.GetAsync(userIdentity.ImageUrl);
if (!request.IsSuccessStatusCode)
{
return;
}
var imageStream = await request.Content.ReadAsStreamAsync();
context.AvatarImageSource = UrlImages[userIdentity.ImageUrl] = BitmapFrame.Create(imageStream, BitmapCreateOptions.None, BitmapCacheOption.OnLoad);
}
catch (Exception ex) when(!System.Diagnostics.Debugger.IsAttached)
{
TeamCodingPackage.Current.Logger.WriteError(ex);
}
});
}
}
}
else
{
context.AvatarImageSource = null;
}
}
/// <summary>
/// Returns a localized client for the specified locale id.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="localeId">The locales id.</param>
/// <returns>A localized client.</returns>
public ComClient GetLocalizedClient(IUserIdentity identity, int localeId)
{
// check if a logon is required.
string userName = null;
if (identity != null && identity.TokenType == UserTokenType.UserName)
{
userName = (identity.GetIdentityToken() as UserNameIdentityToken).UserName;
}
if (String.IsNullOrEmpty(userName) && localeId == ComUtils.LOCALE_SYSTEM_DEFAULT)
{
Utils.Trace("COM Client Selected: DEFAULT (no match for locale)");
return(DefaultClient);
}
// create the key.
StringBuilder buffer = new StringBuilder();
buffer.Append(localeId);
if (!String.IsNullOrEmpty(userName))
{
buffer.Append(':');
buffer.Append(userName);
}
string key = buffer.ToString();
if (m_localizedClients == null)
{
m_localizedClients = new Dictionary <string, ComClient>();
}
ComClient client = null;
if (!m_localizedClients.TryGetValue(key, out client))
{
client = CreateClient();
client.Key = key;
client.LocaleId = localeId;
client.UserIdentity = identity;
client.CreateInstance();
m_localizedClients[key] = client;
}
// Utils.Trace("COM Client Seleted: {0}", key);
return(client);
}
public void GetBalancesSafelyUnavailableRecognizedDataProviderRequestWorks()
{
// Se habilitan los proveedores conocidos para la aplicación...
IAppIdentity appIdentity = AutonomousAppIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP|Bancor");
IAutonomousApp client = this.GetAutonomousClient();
IUserIdentity userIdentity = RecognizedUserIdentity.Master;
string docType = userIdentity.DocType;
string docNumber = userIdentity.DocNumber;
IList <AccountInfo> accounts = client.Inquiries.GetAccounts(docType, docNumber);
CollectionAssert.IsNotEmpty(accounts);
AccountInfo accountInfo = accounts.FirstOrDefault(account => account.Source == Subsystem.Tup);
Assert.IsNotNull(accountInfo);
string accountId = accountInfo.SourceAccountId;
// Se configura una conexión inválida para el proveedor de datos de TUP para esperar que falle la consulta de saldos...
TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bifrost:ConnectionStringName", "RabbitMQ:Broken:Tests");
TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "TUP:ConnectionStringName", "Aspen");
IList <BalanceResultInfo> inquiryResults = client.InquiriesV11.GetBalances(docType, docNumber, accountId);
CollectionAssert.IsNotEmpty(inquiryResults);
Assert.That(inquiryResults.Count, Is.EqualTo(2));
// El proveedor de datos de TUP debe indicar que no está disponible para procesar la consulta requerida...
BalanceResultInfo tupInquiryResult = inquiryResults.First(info => info.Subsystem == Subsystem.Tup);
CollectionAssert.IsEmpty(tupInquiryResult.Data);
Assert.IsNotEmpty(tupInquiryResult.Reason);
Assert.That(tupInquiryResult.Status, Is.EqualTo(SubsystemStatus.Unavailable));
// El proveedor de datos de BANCOR debe indicar que no implementa la característica de saldos...
BalanceResultInfo bancorInquiryResult = inquiryResults.First(info => info.Subsystem == Subsystem.Bancor);
CollectionAssert.IsEmpty(bancorInquiryResult.Data);
Assert.IsNotEmpty(bancorInquiryResult.Reason);
Assert.That(bancorInquiryResult.Status, Is.EqualTo(SubsystemStatus.MissingFeature));
// Se reestablece la aplicación para usar el proveedor de datos predeterminando para pruebas...
TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "DataProvider:SubsystemEnabled", "TUP");
// Se reestablece las conexión valida al proveedor de datos de TUP...
TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "Bifrost:ConnectionStringName", "RabbitMQ:Bifrost:Tests");
TestContext.CurrentContext.DatabaseHelper().SetAppSettingsKey(appIdentity.ApiKey, "TUP:ConnectionStringName", "Sql:TupCompensar");
}
/// <summary>
/// Use the <see cref="IUserIdentity"/>.
/// </summary>
/// <param name="identity">The user identity. Provide an <see cref="AnonymousIdentity"/>, <see cref="UserNameIdentity"/>, <see cref="IssuedIdentity"/> or <see cref="X509Identity"/>.</param>
/// <returns>The <see cref="UaApplicationBuilder"/>.</returns>
public UaApplicationBuilder UseIdentity(IUserIdentity identity)
{
if (identity == null)
{
throw new ArgumentNullException(nameof(identity));
}
if (this.identityProvider != null)
{
throw new InvalidOperationException("The identityProvider has already been specified.");
}
this.identityProvider = endpoint => Task.FromResult(identity);
return(this);
}
public bool HasAnyPermissions(IUserIdentity user, params Permissions[] perm)
{
var permissions = GetPermissions(user);
foreach (var p in perm)
{
var result = permissions.HasFlag(p);
if (result)
{
return(true);
}
}
return(false);
}
protected void BaseSetup()
{
_appSensor = MockRepository.GenerateMock <IAppSensor>();
_context = MockRepository.GenerateStub <ISEContext>();
_context.LookupItem = new TestDbSet <LookupItem>();
_context.User = new TestDbSet <User>();
_context.User.Add(GetUser());
_context.Stub(a => a.SaveChangesAsync()).Return(Task.FromResult(0));
_userIdentity = MockRepository.GenerateMock <IUserIdentity>();
_httpSession = MockRepository.GenerateMock <HttpSessionStateBase>();
_httpContext = MockRepository.GenerateMock <HttpContextBase>();
_httpRequest = MockRepository.GenerateMock <HttpRequestBase>();
_httpContext.Stub(c => c.Request).Return(_httpRequest);
_httpContext.Stub(c => c.Session).Return(_httpSession);
}
private int?FindUserId(IUserIdentity identity)
{
using (var conn = SimpleDbConnection())
{
return(conn.Query <int?>(@"
SELECT U.user_id
FROM Emails E
INNER JOIN Users U
ON E.user_id = U.user_id
WHERE U.is_active = 1 AND E.user_email IN @Emails
",
new { Emails = identity.EmailAddresses() }
).FirstOrDefault());
}
}
public AuthenticationResult(IUserIdentity user, string scene, IDictionary <string, object> parameters)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
_user = user;
_scene = scene;
if (parameters != null && parameters.Count > 0)
{
_parameters = new Dictionary <string, object>(parameters, StringComparer.OrdinalIgnoreCase);
}
}
public static string AppendTokenToUrl(string url, IUserIdentity user)
{
if (string.IsNullOrEmpty(url))
{
return(url);
}
string str = CreateUserToken(user);
string tokenKey = TokenKey;
StringBuilder builder = new StringBuilder(0x100);
builder.Append(url);
builder.Append(url.Contains('?') ? "&" : "?");
builder.Append(HttpUtility.UrlEncode(tokenKey)).Append("=").Append(HttpUtility.UrlEncode(str));
return(builder.ToString());
}
public async Task <IBuildDirectDebitPlanOverviewVmValidationResult> ValidateAndBuild(
IUserIdentity loggedInUser, IApplicationSessionState applicationSessionState, Guid lowellReferenceSurrogateKey,
PaymentOptionsVm paymentOptionsVmWithUserEntries, DirectDebitDetailsVm directDebitDetailsVmWithUserEntries, string caseflowUserId)
{
//
// Payment Options - reconstruct from CaseFlow, populate user entris and validate clean
//
PaymentOptionsVm paymentOptionsVm = await _buildPaymentOptionsVmService.Build(loggedInUser, applicationSessionState, lowellReferenceSurrogateKey, caseflowUserId);
_buildPaymentOptionsVmService.UpdateFieldsFromUserEntries(loggedInUser, paymentOptionsVm, paymentOptionsVmWithUserEntries);
if (!_paymentOptionsVmValidatorProcess.Validate(paymentOptionsVm))
{
return new ValidationResult()
{
IsValid = false
}
}
;
//
// Direct Debit Details - reconstruct from fresh payment options, populate user entris and validate clean
//
DirectDebitDetailsVm directDebitDetailsVm = _buildDirectDebitDetailsVmService.Build(paymentOptionsVm);
_buildDirectDebitDetailsVmService.UpdateFieldsFromUserEntries(directDebitDetailsVm, directDebitDetailsVmWithUserEntries);
if (!_directDebitDetailsVmValidatorProcess.Validate(directDebitDetailsVm))
{
return new ValidationResult()
{
IsValid = false
}
}
;
//
// Return valid result with overview built clean
//
return(new ValidationResult()
{
IsValid = true,
DirectDebitPlanOverviewVm = Build(paymentOptionsVm, directDebitDetailsVm)
});
}
}
}
public OrderServiceTests()
{
RepositoryFactory = MockRepository.GenerateStub <IRepositoryFactory>();
QueryRepositoryFactory = MockRepository.GenerateStub <IQueryRepositoryFactory>();
FinancialSystemService = MockRepository.GenerateStub <IFinancialSystemService>();
IndexService = MockRepository.GenerateStub <IIndexService>();
EventService = MockRepository.GenerateStub <IEventService>();
UserIdentity = MockRepository.GenerateStub <IUserIdentity>();
SecurityService = MockRepository.GenerateStub <ISecurityService>();
AccessQueryService = MockRepository.GenerateStub <IAccessQueryService>();
WorkgroupPermissionRepository = MockRepository.GenerateStub <IRepository <WorkgroupPermission> >();
ApprovalRepository = MockRepository.GenerateStub <IRepository <Approval> >();
OrderTrackingRepository = MockRepository.GenerateStub <IRepository <OrderTracking> >();
OrganizationRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <Organization, string> >();
UserRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <User, string> >();
OrderRepository = MockRepository.GenerateStub <IRepository <Order> >();
WorkgroupAccountRepository = MockRepository.GenerateStub <IRepository <WorkgroupAccount> >();
AccountRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <Account, string> >();
OrderStatusCodeRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <OrderStatusCode, string> >();
AutoAprovalRepository = MockRepository.GenerateStub <IRepository <AutoApproval> >();
ConditionalApprovalRepository = MockRepository.GenerateStub <IRepository <ConditionalApproval> >();
RepositoryFactory.WorkgroupAccountRepository = WorkgroupAccountRepository;
RepositoryFactory.AccountRepository = AccountRepository;
RepositoryFactory.OrderStatusCodeRepository = OrderStatusCodeRepository;
RepositoryFactory.AutoApprovalRepository = AutoAprovalRepository;
RepositoryFactory.UserRepository = UserRepository;
RepositoryFactory.ConditionalApprovalRepository = ConditionalApprovalRepository;
SetupValidOrderStatusCodes();
OrderService = new OrderService(RepositoryFactory,
EventService,
UserIdentity,
SecurityService,
WorkgroupPermissionRepository,
ApprovalRepository,
OrderTrackingRepository,
OrganizationRepository,
//UserRepository,
OrderRepository,
QueryRepositoryFactory,
AccessQueryService,
FinancialSystemService,
IndexService);
}
/// <summary>
/// 获取指定工作流、角色、时间段的实例集合
/// </summary>
/// <param name="workflowName">流程名称</param>
/// <param name="userIdentity">用户身份</param>
/// <param name="role">审批角色</param>
/// <param name="startDate">时间段起始时间</param>
/// <param name="endDate">时间段截止时间</param>
/// <returns></returns>
internal InstanceCollection InternalDistill(string workflowName, IUserIdentity userIdentity, ApprovalRole role, DateTime startDate, DateTime endDate)
{
if (workflowName == null)
{
throw new ArgumentNullException("workflowName");
}
if (userIdentity == null)
{
throw new ArgumentNullException("userIdentity");
}
if (role == null)
{
throw new ArgumentNullException("role");
}
return(Distill(workflowName, userIdentity, role, startDate, endDate));
}
public virtual WebNotifyConnection Register(WebSocket socket, IUserIdentity user, string address)
{
var connection = GetBySocket(socket);
if (connection == null)
{
connection = new WebNotifyConnection
{
Socket = socket,
User = user,
Address = address,
};
connections.Add(connection);
}
return(connection);
}
public async Task InvokeAsync(HttpContext context, IUserIdentity userIdentity)
{
var user = (ClaimsIdentity)context.User.Identity;
if (user.IsAuthenticated)
{
var first = user.FindFirst(ClaimsName.FirstName).Value; \ \ get info from claims
userIdentity.FirstName = first; \ \ and add to identity
}
else
{
userIdentity.FirstName = null;
}
await _next(context);
}
public IUserSession Create(IUserIdentity currentUser)
{
var loggedInUserIdentity = (LoggedInUserIdentity)currentUser;
if (HasRole(loggedInUserIdentity, "Administrator"))
{
Guid userId = GetUserId(loggedInUserIdentity);
return(new AdminUserSession(userId.ToString()));
}
if (HasRole(loggedInUserIdentity, "Basic"))
{
Guid userId = GetUserId(loggedInUserIdentity);
return(new BasicUserSession(userId.ToString()));
}
return(new VisitorSession());
}
/// <summary>
/// Asynchronously open the session.
/// </summary>
private void Open(object state)
{
try {
Session session = ((object[])state)[0] as Session;
string sessionName = ((object[])state)[1] as string;
IUserIdentity identity = ((object[])state)[2] as IUserIdentity;
IList <string> preferredLocales = ((object[])state)[3] as IList <string>;
// open the session.
session.Open(sessionName, (uint)session.SessionTimeout, identity, preferredLocales);
OpenComplete(null);
} catch (Exception exception) {
OpenComplete(exception);
}
}
/// <summary>
/// Setups the controller.
/// </summary>
protected override void SetupController()
{
UserRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <User, string> >();
RoleRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <Role, string> >();
OrganizationRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <Organization, string> >();
SearchService = MockRepository.GenerateStub <IDirectorySearchService>();
EmailPreferencesRepository = MockRepository.GenerateStub <IRepositoryWithTypedId <EmailPreferences, string> >();
UserIdentity = MockRepository.GenerateStub <IUserIdentity>();
WorkgroupService = MockRepository.GenerateStub <IWorkgroupService>();
RepositoryFactory = MockRepository.GenerateStub <IRepositoryFactory>();
RepositoryFactory.WorkgroupRepository = MockRepository.GenerateStub <IRepository <Workgroup> >();
RepositoryFactory.WorkgroupPermissionRepository = MockRepository.GenerateStub <IRepository <WorkgroupPermission> >();
Controller = new TestControllerBuilder().CreateController <AdminController>(UserRepository, RoleRepository, OrganizationRepository, SearchService, EmailPreferencesRepository, UserIdentity, RepositoryFactory, WorkgroupService);
}
internal bool Delete(IUserIdentity u)
{
try
{
NpgsqlCommand cmd = Db.GetCmd(Db.RoleConnectionString);
cmd.CommandText = Db.RemoveUser_Roles;
cmd.Parameters.AddWithValue("id", u.Uid);
Db.ExecuteNonQuery(cmd);
//need to handle cascading
return(true);
}
catch
{ }
return(false);
}
public List <dynamic> FindPermitsForUser(IUserIdentity identity)
{
using (var conn = SimpleDbConnection())
{
var emailAddresses = identity.EmailAddresses();
return(conn.Query <dynamic>(@"
SELECT A.application_id AS Id, A.application_status AS Status, A.application_data AS Data
FROM Applications A
LEFT JOIN UserApplications UA ON A.application_id = UA.application_id
LEFT JOIN Emails E ON UA.user_id = E.user_id
LEFT JOIN Users U ON UA.user_id = U.user_id
WHERE U.is_active = 1 AND E.user_email IN (@Addresses)
", new { Addresses = emailAddresses })
.ToList());
}
}
protected SecurityControllerBase(IUserIdentity userIdentity, IAppSensor appSensor)
{
if (appSensor == null)
{
throw new ArgumentNullException("appSensor");
}
if (userIdentity == null)
{
throw new ArgumentNullException("userIdentity");
}
_verbs = new AcceptVerbsAttribute(HttpVerbs.Post);
_validator = new ValidateAntiForgeryTokenAttribute();
Logger = Log.Logger;
_userIdentity = userIdentity;
_appSensor = appSensor;
}
/// <summary>
/// Creates a new session
/// </summary>
/// <param name="identity"></param>
/// <returns></returns>
private async Task <Session> CreateSessionAsync(IUserIdentity identity)
{
if (_endpoint.SecurityMode != SecurityMode.SignAndEncrypt)
{
_logger.Warning("{session}: Establishing unecrypted connection to {url}.",
_sessionId, _endpoint.Url);
}
if (_urlQueue.TryDequeue(out var next))
{
if (_endpointUrl != null && _endpointUrl != next)
{
_urlQueue.Enqueue(_endpointUrl);
}
_endpointUrl = next;
_logger.Information("{session}: Creating session to {url} via {endpoint}.",
_sessionId, _endpoint.Url, _endpointUrl);
}
var selectedEndpoint = await DiscoverEndpointsAsync(_config,
_endpoint, new Uri(_endpointUrl), (server, endpoints, channel) =>
SelectServerEndpoint(server, endpoints, channel, true));
if (selectedEndpoint == null)
{
throw new ConnectionException(
$"Unable to select secure endpoint on {_endpoint.Url} via {_endpointUrl}");
}
var configuredEndpoint = new ConfiguredEndpoint(selectedEndpoint.Server,
EndpointConfiguration.Create(_config));
configuredEndpoint.Update(selectedEndpoint);
var session = await Session.Create(_config, configuredEndpoint, true, false,
_sessionName, (uint)(_timeout.TotalMilliseconds * 1.2), identity, null);
if (session == null)
{
throw new ExternalDependencyException(
$"Cannot establish session to {_endpoint.Url} via {_endpointUrl}.");
}
session.KeepAlive += (_, e) => e.CancelKeepAlive = true;
session.KeepAliveInterval = -1; // No keep alives - we handle those ourselves.
session.RenewUserIdentity += (_, user) => identity; // Reset back to default.
return(session);
}
/// <summary>
/// Validate user identity
/// </summary>
/// <param name="newIdentity"></param>
/// <param name="userTokenPolicy"></param>
/// <returns></returns>
private static IUserIdentity ValidateUserIdentity(UserIdentityToken newIdentity,
UserTokenPolicy userTokenPolicy)
{
System.Diagnostics.Contracts.Contract.Ensures(userTokenPolicy != null);
try {
IUserIdentity identity = null;
IUserIdentity effectiveIdentity = null;
// Validate the identity token and impersonate user.
// TODO
// lock (_eventLock) {
// if (_impersonateUser != null) {
//
// var args = new ImpersonateEventArgs(newIdentity, userTokenPolicy);
// _impersonateUser(session, args);
//
// if (ServiceResult.IsBad(args.IdentityValidationError)) {
// error = args.IdentityValidationError;
// if (ServiceResult.IsBad(error)) {
// throw new ServiceResultException(error);
// }
// }
// else {
// identity = args.Identity;
// return args.EffectiveIdentity;
// }
// }
// }
// check for validation error.
if (identity == null)
{
identity = new UserIdentity(newIdentity);
}
// use the identity as the effectiveIdentity if not provided.
return(effectiveIdentity ?? identity);
}
catch (ServiceResultException) {
throw;
}
catch (Exception e) {
throw ServiceResultException.Create(StatusCodes.BadIdentityTokenInvalid,
e, "Could not validate user identity token: {0}", newIdentity);
}
}
internal bool Remove(Role role, IUserIdentity user)
{
try
{
NpgsqlCommand cmd = Db.GetCmd(Db.RoleConnectionString);
cmd.CommandText = Db.RemoveUserFromRole; //:rid,:id
cmd.Parameters.AddWithValue("rid", role.Id);
cmd.Parameters.AddWithValue("id", user.Uid);
int ct = Db.ExecuteNonQuery(cmd); // 1?
return(true);
}
catch
{ }
return(false);
}
public override bool Remove(IUserIdentity user, IEnumerable <Organization> org)
{
if (user != null && org != null)
{
bool res = true;
foreach (Organization u in org)
{
if (u != null)
{
res = res & Remove(user, u);
}
}
return(res);
}
return(false);
}
public bool LogIn(Guid sessionId, ICredential cred)
{
if (cred != null)
{
ModuleRuntimeSession session = SessionProvider.Get(sessionId) as ModuleRuntimeSession;
if (session != null)
{
IUserIdentity user = AuthenticationProvider.Authenticate(cred);
if (user != null)
{
session.SetUserBinding(Guid.Empty, session.Binding);
return(SessionProvider.Update(session));
}
}
}
return(false);
}
public async Task DeleteUser(IUserIdentity userIdentity)
{
Require.NotNull(userIdentity, nameof(userIdentity));
Require.ArgumentNotNullEmpty(userIdentity.Email, nameof(userIdentity.Email));
Require.ArgumentNotNullEmpty(userIdentity.Password, nameof(userIdentity.Password));
var users = await _userRepository.ReadUsersAsync();
var index = users.Where(user => user.Id == userIdentity.Id).Select((user, idx) => new int?(idx)).FirstOrDefault() ?? -1;
if (index == -1)
{
throw new AuthenticationException("User not found");
}
users.RemoveAt(index);
await _userRepository.WriteUsersAsync(users);
}
/// <summary>
/// Initializes a new instance of the <see cref="UaTcpSessionChannel"/> class.
/// </summary>
/// <param name="localDescription">The <see cref="ApplicationDescription"/> of the local application.</param>
/// <param name="localCertificate">The <see cref="X509Certificate2"/> of the local application.</param>
/// <param name="userIdentity">The user identity or null if anonymous. Supports <see cref="AnonymousIdentity"/>, <see cref="UserNameIdentity"/>, <see cref="IssuedIdentity"/> and <see cref="X509Identity"/>.</param>
/// <param name="remoteEndpoint">The <see cref="EndpointDescription"/> of the remote application. Obtained from a prior call to UaTcpDiscoveryClient.GetEndpoints.</param>
/// <param name="sessionTimeout">The requested number of milliseconds that a session may be unused before being closed by the server.</param>
/// <param name="timeoutHint">The default number of milliseconds that may elapse before an operation is cancelled by the service.</param>
/// <param name="diagnosticsHint">The default diagnostics flags to be requested by the service.</param>
/// <param name="localReceiveBufferSize">The size of the receive buffer.</param>
/// <param name="localSendBufferSize">The size of the send buffer.</param>
/// <param name="localMaxMessageSize">The maximum total size of a message.</param>
/// <param name="localMaxChunkCount">The maximum number of message chunks.</param>
public UaTcpSessionChannel(
ApplicationDescription localDescription,
X509Certificate2 localCertificate,
IUserIdentity userIdentity,
EndpointDescription remoteEndpoint,
double sessionTimeout = DefaultSessionTimeout,
uint timeoutHint = DefaultTimeoutHint,
uint diagnosticsHint = DefaultDiagnosticsHint,
uint localReceiveBufferSize = DefaultBufferSize,
uint localSendBufferSize = DefaultBufferSize,
uint localMaxMessageSize = DefaultMaxMessageSize,
uint localMaxChunkCount = DefaultMaxChunkCount)
: base(localDescription, localCertificate, remoteEndpoint, timeoutHint, diagnosticsHint, localReceiveBufferSize, localSendBufferSize, localMaxMessageSize, localMaxChunkCount)
{
this.UserIdentity = userIdentity;
this.SessionTimeout = sessionTimeout;
}
public CaseService(IParameterService parameterService,
IContextService contextService,
ILibraryService libraryService,
IRepository <Site> siteRepository,
IRepository <Library> libraryRepository,
IUserIdentity userIdentity,
IUnitOfWork unitOfWork)
: base(parameterService)
{
if (parameterService == null)
{
throw new ArgumentNullException(nameof(parameterService));
}
if (contextService == null)
{
throw new ArgumentNullException(nameof(contextService));
}
if (libraryService == null)
{
throw new ArgumentNullException(nameof(libraryService));
}
if (siteRepository == null)
{
throw new ArgumentNullException(nameof(siteRepository));
}
if (libraryRepository == null)
{
throw new ArgumentNullException(nameof(libraryRepository));
}
if (userIdentity == null)
{
throw new ArgumentNullException(nameof(userIdentity));
}
if (unitOfWork == null)
{
throw new ArgumentNullException(nameof(unitOfWork));
}
_parameterService = parameterService;
_contextService = contextService;
_libraryService = libraryService;
_siteRepository = siteRepository;
_libraryRepository = libraryRepository;
_userIdentity = userIdentity;
_unitOfWork = unitOfWork;
}
public bool AddCredential(IUserIdentity user, Security.ICredential credential)
{
if (user != null && credential != null)
{
UserPasswordCredential up = credential as UserPasswordCredential; //this is the only type of credential we can use
if (up != null)
{
UsernamePassword hist = up.ToHistoryPair(); //this is what we store in history
if (UserPasswordProviderFactory.Instance.ComplexityChecker.IsValid(up.password)) //validate it meets complexity rules
{
//get the existing credential this will replace, or this may be all together new
PersistedCredential curCred = GetPersisted(user.Uid, hist.UserName);
if (curCred != null)
{
PasswordHistory <UsernamePassword> history = GetHistory(user.Uid, hist.UserName);
if (!history.MatchesHistory(UsernamePassword.Matches, hist)) //can't add this since it's matching a current history in range
{
history.Add(hist);
//delete and set the new password
if (ReplaceCredential(user.Uid, hist.UserName, hist.Password))
{
this.historyProvider.Update(user.Uid, history);
return(true);
}
}
}
else //no existing cred, so this is a new one - but already meets complexity rule
{
PasswordHistory <UsernamePassword> history = GetHistory(user.Uid, hist.UserName);
if (!history.MatchesHistory(UsernamePassword.Matches, hist)) //can't add this since it's matching a current history in range
{
history.Add(hist);
//delete and set the new password
if (this.storeProvider.AddCredential(user.Uid, this, hist.UserName, hist.Password)) //the hist is already salted
{
this.historyProvider.Update(user.Uid, history); //update the history
return(true);
}
}
}
} //inside this level we have a valid password by complexity
}
}
return(false);
}
/// <summary>
/// Gets the supported key formats.
/// </summary>
/// <exception cref="System.InvalidOperationException">Connection to server is not active.</exception>
public string[] GetSupportedKeyFormats()
{
if (AdminCredentials == null || Endpoint == null)
{
return(null);
}
if (!IsConnected)
{
Connect();
}
IUserIdentity oldUser = ElevatePermissions();
try
{
ReadValueIdCollection nodesToRead = new ReadValueIdCollection
{
new ReadValueId()
{
NodeId = ExpandedNodeId.ToNodeId(Opc.Ua.VariableIds.ServerConfiguration_SupportedPrivateKeyFormats, m_session.NamespaceUris),
AttributeId = Attributes.Value
}
};
DataValueCollection results = null;
DiagnosticInfoCollection diagnosticInfos = null;
m_session.Read(
null,
0,
TimestampsToReturn.Neither,
nodesToRead,
out results,
out diagnosticInfos);
ClientBase.ValidateResponse(results, nodesToRead);
ClientBase.ValidateDiagnosticInfos(diagnosticInfos, nodesToRead);
return(results[0].GetValue <string[]>(null));
}
finally
{
RevertPermissions(oldUser);
}
}
public string CreateToken(IUserIdentity user)
{
var claims = new List<Claim>(user.Claims.Select(c => new Claim(ClaimTypes.Role, c)))
{
new Claim(ClaimTypes.Name, user.UserName)
};
var token = new JwtToken
{
Issuer = "https://localhost",
Audience = "https://localhost",
Claims = claims,
Expiry = DateTime.UtcNow.AddDays(1),
};
var encodedToken = JsonWebToken.Encode(token, SecretKey, JwtHashAlgorithm.HS512);
return encodedToken;
}
/// <summary>
/// Initializes a new instance of the <see cref="UaTcpSessionService"/> class.
/// </summary>
/// <param name="localDescription">The <see cref="ApplicationDescription"/> of the local application.</param>
/// <param name="localCertificate">The <see cref="X509Certificate2"/> of the local application.</param>
/// <param name="userIdentity">The user identity or null if anonymous. Supports <see cref="AnonymousIdentity"/>, <see cref="UserNameIdentity"/>, <see cref="IssuedIdentity"/> and <see cref="X509Identity"/>.</param>
/// <param name="discoveryUrl">The url of the remote application</param>
public UaTcpSessionService(ApplicationDescription localDescription, X509Certificate2 localCertificate, IUserIdentity userIdentity, string discoveryUrl)
{
if (localDescription == null)
{
throw new ArgumentNullException(nameof(localDescription));
}
this.LocalDescription = localDescription;
this.LocalCertificate = localCertificate;
this.UserIdentity = userIdentity;
if (string.IsNullOrEmpty(discoveryUrl))
{
throw new ArgumentNullException(nameof(discoveryUrl));
}
this.discoveryUrl = discoveryUrl;
this.Subscriptions = new SubscriptionCollection(this);
this.stateMachineTask = this.StateMachine(this.cancellationTokenSource.Token);
}
/// <summary>
/// Initializes a new instance of the <see cref="UaTcpSessionService"/> class.
/// </summary>
/// <param name="localDescription">The <see cref="ApplicationDescription"/> of the local application.</param>
/// <param name="localCertificate">The <see cref="X509Certificate2"/> of the local application.</param>
/// <param name="userIdentity">The user identity or null if anonymous. Supports <see cref="AnonymousIdentity"/>, <see cref="UserNameIdentity"/>, <see cref="IssuedIdentity"/> and <see cref="X509Identity"/>.</param>
/// <param name="remoteEndpoint">The <see cref="EndpointDescription"/> of the remote application. Obtained from a prior call to UaTcpDiscoveryClient.GetEndpoints.</param>
public UaTcpSessionService(ApplicationDescription localDescription, X509Certificate2 localCertificate, IUserIdentity userIdentity, EndpointDescription remoteEndpoint)
{
if (localDescription == null)
{
throw new ArgumentNullException(nameof(localDescription));
}
this.LocalDescription = localDescription;
this.LocalCertificate = localCertificate;
this.UserIdentity = userIdentity;
if (remoteEndpoint == null)
{
throw new ArgumentNullException(nameof(remoteEndpoint));
}
this.RemoteEndpoint = remoteEndpoint;
this.Subscriptions = new SubscriptionCollection(this);
this.stateMachineTask = this.StateMachine(this.cancellationTokenSource.Token);
}
public WorkgroupService(IRepositoryWithTypedId<Vendor, string> vendorRepository,
IRepositoryWithTypedId<VendorAddress, Guid> vendorAddressRepository,
IRepositoryWithTypedId<User, string> userRepository,
IRepositoryWithTypedId<EmailPreferences, string> emailPreferencesRepository,
IRepository<WorkgroupPermission> workgroupPermissionRepository,
IRepository<Workgroup> workgroupRepository,
IRepositoryWithTypedId<Organization, string> organizationRepository,
IDirectorySearchService searchService, IRepositoryFactory repositoryFactory, IQueryRepositoryFactory queryRepositoryFactory, IUserIdentity userIdentity)
{
_vendorRepository = vendorRepository;
_vendorAddressRepository = vendorAddressRepository;
_userRepository = userRepository;
_emailPreferencesRepository = emailPreferencesRepository;
_workgroupPermissionRepository = workgroupPermissionRepository;
_workgroupRepository = workgroupRepository;
_organizationRepository = organizationRepository;
_searchService = searchService;
_repositoryFactory = repositoryFactory;
_queryRepositoryFactory = queryRepositoryFactory;
_userIdentity = userIdentity;
}
/// <summary>
/// Initializes the context with a session.
/// </summary>
/// <param name="requestHeader">The request header.</param>
/// <param name="requestType">Type of the request.</param>
public OperationContext(RequestHeader requestHeader, RequestType requestType, IUserIdentity identity = null)
{
if (requestHeader == null) throw new ArgumentNullException("requestHeader");
m_channelContext = SecureChannelContext.Current;
m_session = null;
m_identity = identity;
m_preferredLocales = new string[0];
m_diagnosticsMask = (DiagnosticsMasks)requestHeader.ReturnDiagnostics;
m_stringTable = new StringTable();
m_auditLogEntryId = requestHeader.AuditEntryId;
m_requestId = Utils.IncrementIdentifier(ref s_lastRequestId);
m_requestType = requestType;
m_clientHandle = requestHeader.RequestHandle;
m_operationDeadline = DateTime.MaxValue;
if (requestHeader.TimeoutHint > 0)
{
m_operationDeadline = DateTime.UtcNow.AddMilliseconds(requestHeader.TimeoutHint);
}
}
/// <summary>
/// Sets the current user identity.
/// </summary>
public void SetUserIdentity(IUserIdentity identity)
{
string methodName = "IOPCSecurityPrivate.Logon";
try
{
IOPCSecurityPrivate server = BeginComCall<IOPCSecurityPrivate>(methodName, true);
if (server != null)
{
int bAvailable = 0;
server.IsAvailablePriv(out bAvailable);
if (bAvailable != 0)
{
bool logoff = true;
if (identity != null && identity.TokenType == UserTokenType.UserName)
{
UserNameSecurityToken securityToken = identity.GetSecurityToken() as UserNameSecurityToken;
if (securityToken != null)
{
server.Logon(securityToken.UserName, securityToken.Password);
logoff = false;
}
}
if (logoff)
{
server.Logoff();
}
}
}
}
catch (Exception e)
{
ComCallError(methodName, e);
}
finally
{
EndComCall(methodName);
}
}
/// <summary>
/// Returns a localized client based on the preferred locales.
/// </summary>
/// <param name="identity">The identity to use.</param>
/// <param name="preferredLocales">The locales to use.</param>
/// <returns>A localized client.</returns>
public ComClient GetLocalizedClient(IUserIdentity identity, IList<string> preferredLocales)
{
return GetLocalizedClient(identity, ComClient.SelectLocaleId(AvailableLocaleIds, preferredLocales));
}
/// <summary>
/// Returns a localized client for the specified locale id.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="localeId">The locales id.</param>
/// <returns>A localized client.</returns>
public ComClient GetLocalizedClient(IUserIdentity identity, int localeId)
{
// check if a logon is required.
string userName = null;
if (identity != null && identity.TokenType == UserTokenType.UserName)
{
userName = (identity.GetIdentityToken() as UserNameIdentityToken).UserName;
}
if (String.IsNullOrEmpty(userName) && localeId == ComUtils.LOCALE_SYSTEM_DEFAULT)
{
Utils.Trace("COM Client Selected: DEFAULT (no match for locale)");
return DefaultClient;
}
// create the key.
StringBuilder buffer = new StringBuilder();
buffer.Append(localeId);
if (!String.IsNullOrEmpty(userName))
{
buffer.Append(':');
buffer.Append(userName);
}
string key = buffer.ToString();
if (m_localizedClients == null)
{
m_localizedClients = new Dictionary<string, ComClient>();
}
ComClient client = null;
if (!m_localizedClients.TryGetValue(key, out client))
{
client = CreateClient();
client.Key = key;
client.LocaleId = localeId;
client.UserIdentity = identity;
client.CreateInstance();
m_localizedClients[key] = client;
}
// Utils.Trace("COM Client Seleted: {0}", key);
return client;
}
/// <summary>
/// Updates the user identity and/or locales used for the session.
/// </summary>
/// <param name="identity">The user identity.</param>
/// <param name="preferredLocales">The preferred locales.</param>
public void UpdateSession(IUserIdentity identity, StringCollection preferredLocales)
{
byte[] serverNonce = null;
lock (SyncRoot)
{
// check connection state.
if (!Connected)
{
throw new ServiceResultException(StatusCodes.BadInvalidState, "Not connected to server.");
}
// get current nonce.
serverNonce = m_serverNonce;
if (preferredLocales == null)
{
preferredLocales = m_preferredLocales;
}
}
// get the identity token.
UserIdentityToken identityToken = null;
SignatureData userTokenSignature = null;
string securityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
// create the client signature.
byte[] serverCertificateData = null;
if (m_serverCertificate != null)
{
serverCertificateData = m_serverCertificate.GetRawCertData();
}
// create the client signature.
byte[] dataToSign = Utils.Append(serverCertificateData, serverNonce);
SignatureData clientSignature = SecurityPolicies.Sign(m_instanceCertificate, securityPolicyUri, dataToSign);
// choose a default token.
if (identity == null)
{
identity = new UserIdentity();
}
// check that the user identity is supported by the endpoint.
UserTokenPolicy identityPolicy = m_endpoint.Description.FindUserTokenPolicy(identity.TokenType, identity.IssuedTokenType);
if (identityPolicy == null)
{
throw ServiceResultException.Create(
StatusCodes.BadUserAccessDenied,
"Endpoint does not supported the user identity type provided.");
}
// select the security policy for the user token.
securityPolicyUri = identityPolicy.SecurityPolicyUri;
if (String.IsNullOrEmpty(securityPolicyUri))
{
securityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
}
// sign data with user token.
identityToken = identity.GetIdentityToken();
identityToken.PolicyId = identityPolicy.PolicyId;
userTokenSignature = identityToken.Sign(dataToSign, securityPolicyUri);
// encrypt token.
identityToken.Encrypt(m_serverCertificate, serverNonce, securityPolicyUri);
// send the software certificates assigned to the client.
SignedSoftwareCertificateCollection clientSoftwareCertificates = GetSoftwareCertificates();
StatusCodeCollection certificateResults = null;
DiagnosticInfoCollection certificateDiagnosticInfos = null;
// activate session.
ActivateSession(
null,
clientSignature,
clientSoftwareCertificates,
preferredLocales,
new ExtensionObject(identityToken),
userTokenSignature,
out serverNonce,
out certificateResults,
out certificateDiagnosticInfos);
// save nonce and new values.
lock (SyncRoot)
{
if (identity != null)
{
m_identity = identity;
}
m_serverNonce = serverNonce;
m_preferredLocales = preferredLocales;
// update system context.
m_systemContext.PreferredLocales = m_preferredLocales;
m_systemContext.SessionId = this.SessionId;
m_systemContext.UserIdentity = identity;
}
}
public SqlServerProjectRepository(ISqlConnectionInfo sqlConnectionInfo, IUserIdentity userIdentity)
{
_sqlConnectionInfo = DIHelper.VerifyParameter(sqlConnectionInfo);
_userIdentity = DIHelper.VerifyParameter(userIdentity);
}
/// <summary>
/// Creates a new communication session with a server by invoking the CreateSession service
/// </summary>
/// <param name="configuration">The configuration for the client application.</param>
/// <param name="endpoint">The endpoint for the server.</param>
/// <param name="updateBeforeConnect">If set to <c>true</c> the discovery endpoint is used to update the endpoint description before connecting.</param>
/// <param name="sessionName">The name to assign to the session.</param>
/// <param name="sessionTimeout">The timeout period for the session.</param>
/// <param name="identity">The identity.</param>
/// <param name="preferredLocales">The user identity to associate with the session.</param>
/// <returns>The new session object</returns>
public static Session Create(
ApplicationConfiguration configuration,
ConfiguredEndpoint endpoint,
bool updateBeforeConnect,
string sessionName,
uint sessionTimeout,
IUserIdentity identity,
IList<string> preferredLocales)
{
return Create(configuration, endpoint, updateBeforeConnect, false, sessionName, sessionTimeout, identity, preferredLocales);
}
/// <summary>
/// Creates a new communication session with a server by invoking the CreateSession service
/// </summary>
/// <param name="configuration">The configuration for the client application.</param>
/// <param name="endpoint">The endpoint for the server.</param>
/// <param name="updateBeforeConnect">If set to <c>true</c> the discovery endpoint is used to update the endpoint description before connecting.</param>
/// <param name="checkDomain">If set to <c>true</c> then the domain in the certificate must match the endpoint used.</param>
/// <param name="sessionName">The name to assign to the session.</param>
/// <param name="sessionTimeout">The timeout period for the session.</param>
/// <param name="identity">The user identity to associate with the session.</param>
/// <param name="preferredLocales">The preferred locales.</param>
/// <returns>The new session object.</returns>
public static Session Create(
ApplicationConfiguration configuration,
ConfiguredEndpoint endpoint,
bool updateBeforeConnect,
bool checkDomain,
string sessionName,
uint sessionTimeout,
IUserIdentity identity,
IList<string> preferredLocales)
{
endpoint.UpdateBeforeConnect = updateBeforeConnect;
EndpointDescription endpointDescription = endpoint.Description;
// create the endpoint configuration (use the application configuration to provide default values).
EndpointConfiguration endpointConfiguration = endpoint.Configuration;
if (endpointConfiguration == null)
{
endpoint.Configuration = endpointConfiguration = EndpointConfiguration.Create(configuration);
}
// create message context.
ServiceMessageContext messageContext = configuration.CreateMessageContext();
// update endpoint description using the discovery endpoint.
if (endpoint.UpdateBeforeConnect)
{
BindingFactory bindingFactory = BindingFactory.Create(configuration, messageContext);
endpoint.UpdateFromServer(bindingFactory);
endpointDescription = endpoint.Description;
endpointConfiguration = endpoint.Configuration;
}
// checks the domains in the certificate.
if (checkDomain && endpoint.Description.ServerCertificate != null && endpoint.Description.ServerCertificate.Length > 0)
{
CheckCertificateDomain(endpoint);
}
X509Certificate2 clientCertificate = null;
//X509Certificate2Collection clientCertificateChain = null;
if (endpointDescription.SecurityPolicyUri != SecurityPolicies.None)
{
if (configuration.SecurityConfiguration.ApplicationCertificate == null)
{
throw ServiceResultException.Create( StatusCodes.BadConfigurationError, "ApplicationCertificate must be specified." );
}
clientCertificate = configuration.SecurityConfiguration.ApplicationCertificate.Find( true );
if( clientCertificate == null )
{
throw ServiceResultException.Create( StatusCodes.BadConfigurationError, "ApplicationCertificate cannot be found." );
}
//load certificate chain
//clientCertificateChain = new X509Certificate2Collection(clientCertificate);
//List<CertificateIdentifier> issuers = new List<CertificateIdentifier>();
//configuration.CertificateValidator.GetIssuers(clientCertificate, issuers);
//for (int i = 0; i < issuers.Count; i++)
//{
// clientCertificateChain.Add(issuers[i].Certificate);
//}
}
// initialize the channel which will be created with the server.
ITransportChannel channel = SessionChannel.Create(
configuration,
endpointDescription,
endpointConfiguration,
//clientCertificateChain,
clientCertificate,
messageContext);
// create the session object.
Session session = new Session(channel, configuration, endpoint, null);
// create the session.
try
{
session.Open( sessionName, sessionTimeout, identity, preferredLocales, checkDomain );
}
catch
{
session.Dispose();
throw;
}
return session;
}
public NLogDBLogTarget(IDIFactory diFactory, IUserIdentity userIdentity)
{
_diFactory = DIHelper.VerifyParameter(diFactory);
_userIdentity = DIHelper.VerifyParameter(userIdentity);
}
public string Tokenize(IUserIdentity userIdentity, NancyContext context)
{
return "";
}
/// <summary>
/// Called when a Kerberos token needs to be renewed before reconnect.
/// </summary>
IUserIdentity Session_RenewUserIdentity(Session session, IUserIdentity identity)
{
if (identity == null || identity.TokenType != UserTokenType.IssuedToken)
{
return identity;
}
return GetKerberosToken();
}
