/// <summary>
/// Sends a command request to the service.
/// </summary>
/// <param name="clientID">Client ID of sender.</param>
/// <param name="userInput">Request string.</param>
public void SendRequest(Guid clientID, string userInput)
{
ClientRequest request = ClientRequest.Parse(userInput);
if ((object)request != null)
{
ClientRequestHandler requestHandler = ServiceHelper.FindClientRequestHandler(request.Command);
if (SecurityProviderUtility.IsResourceSecurable(request.Command) && !SecurityProviderUtility.IsResourceAccessible(request.Command, Thread.CurrentPrincipal))
{
ServiceHelper.UpdateStatus(clientID, UpdateType.Alarm, $"Access to \"{request.Command}\" is denied.\r\n\r\n");
return;
}
if ((object)requestHandler != null)
{
requestHandler.HandlerMethod(new ClientRequestInfo(new ClientInfo {
ClientID = clientID
}, request));
}
else
{
ServiceHelper.UpdateStatus(clientID, UpdateType.Alarm, $"Command \"{request.Command}\" is not supported.\r\n\r\n");
}
}
}
private void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
// Check if access to resource is to be secured.
string resource = GetResourceName();
if (!IsAccessSecured(resource))
{
return;
}
SecurityProviderCache.ValidateCurrentProvider();
if (!m_application.User.Identity.IsAuthenticated)
{
// Failed to authenticate user.
Redirect(HttpStatusCode.Unauthorized);
}
if (IsAccessRestricted() ||
!SecurityProviderUtility.IsResourceAccessible(resource))
{
// User does not have access to the resource.
Redirect(HttpStatusCode.Forbidden);
}
}
/// <summary>
/// Sends a command request to the service.
/// </summary>
/// <param name="clientID">Client ID of sender.</param>
/// <param name="principal">The principal used for role-based security.</param>
/// <param name="userInput">Request string.</param>
public void SendRequest(Guid clientID, IPrincipal principal, string userInput)
{
ClientRequest request = ClientRequest.Parse(userInput);
if (request is null)
{
return;
}
if (SecurityProviderUtility.IsResourceSecurable(request.Command) && !SecurityProviderUtility.IsResourceAccessible(request.Command, principal))
{
ServiceHelper.UpdateStatus(clientID, UpdateType.Alarm, $"Access to \"{request.Command}\" is denied.\r\n\r\n");
return;
}
ClientRequestHandler requestHandler = ServiceHelper.FindClientRequestHandler(request.Command);
if (requestHandler is null)
{
ServiceHelper.UpdateStatus(clientID, UpdateType.Alarm, $"Command \"{request.Command}\" is not supported.\r\n\r\n");
return;
}
ClientInfo clientInfo = new ClientInfo {
ClientID = clientID
};
clientInfo.SetClientUser(principal);
ClientRequestInfo requestInfo = new ClientRequestInfo(clientInfo, request);
requestHandler.HandlerMethod(requestInfo);
}
private void m_userAccounts_BeforeSave(object sender, CancelEventArgs e)
{
m_userAccounts.CurrentItem.UseADAuthentication = RadioButtonWindows.IsChecked.GetValueOrDefault();
if (m_userAccounts.IsNewRecord)
{
if (RadioButtonDatabase.IsChecked.GetValueOrDefault())
{
if (string.IsNullOrEmpty(TextBoxPassword.Password) || !Regex.IsMatch(TextBoxPassword.Password, m_passwordRequirementsRegex))
{
MessageBox.Show(m_passwordRequirementsError, "Invalid Password", MessageBoxButton.OK);
e.Cancel = true;
}
else
{
m_userAccounts.CurrentItem.Password = SecurityProviderUtility.EncryptPassword(TextBoxPassword.Password);
}
}
}
else
{
if (!string.IsNullOrEmpty(TextBoxPassword.Password))
{
if (Regex.IsMatch(TextBoxPassword.Password, m_passwordRequirementsRegex))
{
m_userAccounts.CurrentItem.Password = SecurityProviderUtility.EncryptPassword(TextBoxPassword.Password);
}
else
{
MessageBox.Show("Please provide valid password value or leave it blank to retain old password." + Environment.NewLine + m_passwordRequirementsError, "Invalid Password", MessageBoxButton.OK);
e.Cancel = true;
}
}
}
}
/// <summary>
/// Changes user password.
/// </summary>
/// <param name="sender">Source of this event.</param>
/// <param name="e">Arguments of this event.</param>
protected void ChangeButton_Click(object sender, EventArgs e)
{
try
{
// Initialize the security provider.
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(ChangePasswordUsername.Text);
if (provider.CanChangePassword)
{
// Attempt to change password.
if (provider.ChangePassword(ChangePasswordOldPassword.Text, ChangePasswordNewPassword.Text))
{
// Password changed successfully.
if (provider.Authenticate(ChangePasswordNewPassword.Text))
{
// Password authenticated successfully.
SecurityProviderCache.CurrentProvider = provider;
Response.Redirect(GetReferrerUrl(), false);
}
else
{
// Show why authentication failed.
if (!ShowFailureReason(provider))
{
ShowMessage("Authentication was not successful.", true);
}
}
}
else
{
// Show why password change failed.
if (!ShowFailureReason(provider))
{
ShowMessage("Password change was not successful.", true);
}
}
}
else
{
// Changing password is not supported.
ShowMessage("Account does not support password change.", true);
}
}
catch (SecurityException ex)
{
// Show security related error messages.
ShowMessage(ex.Message.EnsureEnd('.'), true);
}
catch (Exception ex)
{
// Show ambiguous message for other errors.
ShowMessage("Password change failed due to an unexpected error.", true);
System.Diagnostics.Trace.WriteLine(string.Format("Password change error: \r\n {0}", ex));
}
finally
{
ChangePasswordOldPassword.Focus();
}
}
/// <summary>
/// Evaluates the <paramref name="evaluationContext"/> and initializes security.
/// </summary>
/// <param name="evaluationContext">An <see cref="EvaluationContext"/> object.</param>
/// <param name="state">Custom state of the <see cref="SecurityPolicy"/>.</param>
/// <returns></returns>
public virtual bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// In order for this to work properly security on the binding must be configured to use windows security.
// When this is done the caller's windows identity is available to us here and can be used to derive from
// it the security principal that can be used by WCF service code downstream for implementing security.
object property;
if (evaluationContext.Properties.TryGetValue("Identities", out property))
{
// Extract and assign the caller's windows identity to current thread if available.
IList <IIdentity> identities = property as List <IIdentity>;
if ((object)identities == null)
{
throw new SecurityException(string.Format("Null Identities in Evaluation Context for '{0}'", Thread.CurrentPrincipal.Identity));
}
foreach (IIdentity identity in identities)
{
if (identity is WindowsIdentity)
{
Thread.CurrentPrincipal = new WindowsPrincipal((WindowsIdentity)identity);
break;
}
}
}
string resource = GetResourceName();
if (SecurityProviderUtility.IsResourceSecurable(resource))
{
// Initialize the security principal from caller's windows identity if uninitialized.
if (SecurityProviderCache.CurrentProvider == null)
{
SecurityProviderCache.CurrentProvider = SecurityProviderUtility.CreateProvider(string.Empty);
}
// Setup the principal to be attached to the thread on which WCF service will execute.
evaluationContext.Properties["Principal"] = Thread.CurrentPrincipal;
// Verify that the current thread principal has been authenticated.
if (!Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
throw new SecurityException(string.Format("Authentication failed for user '{0}'", Thread.CurrentPrincipal.Identity.Name));
}
// Perform a top-level permission check on the resource being accessed.
if (!SecurityProviderUtility.IsResourceAccessible(resource))
{
throw new SecurityException(string.Format("Access to '{0}' is denied", resource));
}
return(true);
}
// Setup the principal to be attached to the thread on which WCF service will execute.
evaluationContext.Properties["Principal"] = Thread.CurrentPrincipal;
return(true);
}
private bool IsResourceAccessible(string resource)
{
if (ResourceAccessiblity == ResourceAccessiblityMode.AlwaysIncluded)
{
return(SecurityPrincipal.IsInRole(IncludedRoles));
}
return(SecurityProviderUtility.IsResourceAccessible(resource, SecurityPrincipal));
}
/// <summary>
/// Returns information about the current user.
/// </summary>
/// <returns>An <see cref="UserData"/> object of the user if user's security context has been initialized, otherwise null.</returns>
public UserData GetUserData()
{
if (SecurityProviderCache.CurrentProvider == null)
{
SecurityProviderCache.CurrentProvider = SecurityProviderUtility.CreateProvider(string.Empty);
}
return(SecurityProviderCache.CurrentProvider.UserData);
}
public void UpdateUserAccount(UserAccount record)
{
if (!record.UseADAuthentication && !string.IsNullOrWhiteSpace(record.Password))
{
record.Password = SecurityProviderUtility.EncryptPassword(record.Password);
}
DataContext.Table <UserAccount>().UpdateRecord(record);
}
private void SecureForm_Load(object sender, EventArgs e)
{
try
{
// Don't proceed if the form is opened in design mode
if (DesignMode)
{
return;
}
// Check if the resource is excluded from being secured
string resource = GetResourceName();
if (!SecurityProviderUtility.IsResourceSecurable(resource))
{
return;
}
// Set up security provider for passthrough authentication
ISecurityProvider securityProvider = SecurityProviderCache.CreateProvider(WindowsIdentity.GetCurrent().Name);
securityProvider.PassthroughPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
securityProvider.Authenticate();
// Setup the security principal for role-based security
SecurityIdentity securityIdentity = new SecurityIdentity(securityProvider);
SecurityPrincipal = new SecurityPrincipal(securityIdentity);
// Verify that the current thread principal has been authenticated
if (!SecurityPrincipal.Identity.IsAuthenticated)
{
throw new SecurityException($"Authentication failed for user '{SecurityPrincipal.Identity.Name}'");
}
// Perform a top-level permission check on the resource being accessed
if (!SecurityProviderUtility.IsResourceAccessible(resource, SecurityPrincipal))
{
throw new SecurityException($"Access to '{resource}' is denied");
}
// Set up the current thread principal
// NOTE: Provided for backwards compatibility;
// recommended to use the SecurityPrincipal instead
Thread.CurrentPrincipal = SecurityPrincipal;
}
catch (Exception ex)
{
if (ExceptionHandler is null)
{
throw;
}
ExceptionHandler(ex);
}
}
/// <summary>
/// Authenticates a user and caches the security context upon successful authentication for subsequent use.
/// </summary>
/// <param name="username">Username of the user.</param>
/// <param name="password">Password of the user.</param>
/// <returns>An <see cref="UserData"/> object of the user.</returns>
public UserData Authenticate(string username, string password)
{
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(username);
if (provider.Authenticate(password))
{
SecurityProviderCache.CurrentProvider = provider;
}
return(provider.UserData);
}
public void UpdateUserAccount(UserAccount record)
{
if (!record.UseADAuthentication && !string.IsNullOrWhiteSpace(record.Password))
{
record.Password = SecurityProviderUtility.EncryptPassword(record.Password);
}
record.DefaultNodeID = DefaultNodeID;
record.UpdatedBy = UserInfo.CurrentUserID;
record.UpdatedOn = DateTime.UtcNow;
DataContext.Table <UserAccount>().UpdateRecord(record);
}
/// <summary>
/// Determines if access to the requested <paramref name="resource"/> is to be secured.
/// </summary>
/// <param name="resource">Name of the resource being requested.</param>
/// <returns>True if access to the resource is to be secured, otherwise False.</returns>
protected override bool IsAccessSecured(string resource)
{
if (SecurityProviderUtility.IsRegexMatch(s_webServicesPath, resource))
{
// Don't secure WCF services.
return(false);
}
else
{
// Fallback to the base class for everything else.
return(base.IsAccessSecured(resource));
}
}
/// <summary>
/// Refreshes and returns information about the current user.
/// </summary>
/// <returns>An <see cref="UserData"/> object of the user if user's security context has been initialized, otherwise null.</returns>
public UserData RefreshUserData()
{
if (SecurityProviderCache.CurrentProvider == null)
{
SecurityProviderCache.CurrentProvider = SecurityProviderUtility.CreateProvider(string.Empty);
}
if (SecurityProviderCache.CurrentProvider.CanRefreshData)
{
SecurityProviderCache.CurrentProvider.RefreshData();
}
return(SecurityProviderCache.CurrentProvider.UserData);
}
/// <summary>
/// Authenticates a user and caches the security context upon successful authentication for subsequent use.
/// </summary>
/// <param name="username">Username of the user.</param>
/// <param name="password">Password of the user.</param>
/// <returns>An <see cref="UserData"/> object of the user.</returns>
public UserData Authenticate(string username, string password)
{
ISecurityProvider securityProvider = SecurityProviderUtility.CreateProvider(username);
securityProvider.Password = password;
if (securityProvider.Authenticate())
{
SecurityIdentity securityIdentity = new SecurityIdentity(securityProvider);
Thread.CurrentPrincipal = new SecurityPrincipal(securityIdentity);
}
return(securityProvider.UserData);
}
/// <summary>
/// Changes user password.
/// </summary>
/// <param name="oldPassword">User's current password.</param>
/// <param name="newPassword">User's new password.</param>
/// <returns>true if the password is changed, otherwise false.</returns>
public bool ChangePassword(string oldPassword, string newPassword)
{
if (SecurityProviderCache.CurrentProvider == null)
{
SecurityProviderCache.CurrentProvider = SecurityProviderUtility.CreateProvider(string.Empty);
}
if (!SecurityProviderCache.CurrentProvider.CanChangePassword)
{
return(false);
}
else
{
return(SecurityProviderCache.CurrentProvider.ChangePassword(oldPassword, newPassword));
}
}
/// <summary>
/// Resets user password.
/// </summary>
/// <param name="securityAnswer">Answer to user's security question.</param>
/// <returns>true if password is reset, otherwise false.</returns>
public bool ResetPassword(string securityAnswer)
{
if (SecurityProviderCache.CurrentProvider == null)
{
SecurityProviderCache.CurrentProvider = SecurityProviderUtility.CreateProvider(string.Empty);
}
if (!SecurityProviderCache.CurrentProvider.CanResetPassword)
{
return(false);
}
else
{
return(SecurityProviderCache.CurrentProvider.ResetPassword(securityAnswer));
}
}
/// <summary>
/// Resets user password.
/// </summary>
/// <param name="sender">Source of this event.</param>
/// <param name="e">Arguments of this event.</param>
protected void ResetFinalButton_Click(object sender, EventArgs e)
{
try
{
// Initialize the security provider.
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(ResetPasswordUsername.Text);
if (provider.CanResetPassword)
{
// Attempt to reset password.
if (provider.ResetPassword(ResetPasswordSecurityAnswer.Text))
{
// Password reset was successful.
ShowMessage("Password reset request has been processed.", false);
}
else
{
// Show why password reset failed.
if (!ShowFailureReason(provider))
{
ShowMessage("Password reset was not successful.", true);
}
}
}
else
{
// Resetting password is not supported.
ShowMessage("Account does not support password reset.", true);
}
}
catch (SecurityException ex)
{
// Show security related error messages.
ShowMessage(ex.Message.EnsureEnd('.'), true);
}
catch (Exception ex)
{
// Show ambiguous message for other errors.
ShowMessage("Password reset failed due to an unexpected error.", true);
System.Diagnostics.Trace.WriteLine(string.Format("Password reset error: \r\n {0}", ex));
}
finally
{
ResetPasswordSecurityAnswer.Focus();
}
}
/// <summary>
/// Checks if user password can be reset.
/// </summary>
/// <param name="sender">Source of this event.</param>
/// <param name="e">Arguments of this event.</param>
protected void ResetCheckButton_Click(object sender, EventArgs e)
{
try
{
// Initialize the security provider.
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(ResetPasswordUsername.Text);
if (provider.CanResetPassword)
{
// Proceed to resetting password.
if (!string.IsNullOrEmpty(provider.UserData.SecurityQuestion) && !string.IsNullOrEmpty(provider.UserData.SecurityAnswer))
{
ViewState.Add(UsernameKey, ResetPasswordUsername.Text);
ViewState.Add("SecurityQuestion", provider.UserData.SecurityQuestion);
Page.ClientScript.RegisterStartupScript(Page.GetType(), "PostBack", Page.ClientScript.GetPostBackEventReference(Page, null), true);
}
else
{
ShowMessage("Security question and answer must be set to reset password.", true);
}
}
else
{
// Resetting password is not supported.
ShowMessage("Account does not support password reset.", true);
}
}
catch (SecurityException ex)
{
// Show security related error messages.
ShowMessage(ex.Message.EnsureEnd('.'), true);
}
catch (Exception ex)
{
// Show ambiguous message for other errors.
ShowMessage("Password reset failed due to an unexpected error.", true);
System.Diagnostics.Trace.WriteLine(string.Format("Password reset error: \r\n {0}", ex));
}
finally
{
ResetPasswordUsername.Focus();
}
}
private void SecureForm_Load(object sender, EventArgs e)
{
// Don't proceed if the form is opened in design mode.
if (DesignMode)
{
return;
}
// Check if the resource is excluded from being secured.
string resource = GetResourceName();
if (!SecurityProviderUtility.IsResourceSecurable(resource))
{
return;
}
// Setup thread principal to current windows principal.
if (!(Thread.CurrentPrincipal is WindowsPrincipal))
{
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
}
// Setup the security provider for role-based security.
if ((object)SecurityProviderCache.CurrentProvider == null)
{
SecurityProviderCache.CurrentProvider = SecurityProviderUtility.CreateProvider(string.Empty);
}
// Verify that the current thread principal has been authenticated.
if (!Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
throw new SecurityException(string.Format("Authentication failed for user '{0}'", Thread.CurrentPrincipal.Identity.Name));
}
// Perform a top-level permission check on the resource being accessed.
if (!SecurityProviderUtility.IsResourceAccessible(resource))
{
throw new SecurityException(string.Format("Access to '{0}' is denied", resource));
}
}
private void Connect(string username, string password)
{
m_clientHelper.Username = username.ToNonNullString();
// If the communications channel is secured or the user
// has entered a blank password, send the password as-is
if (string.IsNullOrEmpty(password) || m_clientHelper.RemotingClient is TlsClient)
{
m_clientHelper.Password = password.ToNonNullString();
Connect();
}
// If the client fails to connect with the as-is password,
// attempt to connect again with an encrypted password
// because the server may only be authenticating against
// the encrypted password
if (!m_clientHelper.RemotingClient.Enabled && !string.IsNullOrEmpty(password))
{
m_clientHelper.Password = SecurityProviderUtility.EncryptPassword(password);
Connect();
}
}
private ActionResult ValidateAdminRequest()
{
string username = HttpContext.User.Identity.Name;
ISecurityProvider securityProvider = SecurityProviderUtility.CreateProvider(username);
securityProvider.PassthroughPrincipal = HttpContext.User;
if (!securityProvider.Authenticate())
{
return(new HttpStatusCodeResult(HttpStatusCode.Forbidden));
}
SecurityIdentity approverIdentity = new SecurityIdentity(securityProvider);
SecurityPrincipal approverPrincipal = new SecurityPrincipal(approverIdentity);
if (!approverPrincipal.IsInRole("Administrator"))
{
return(new HttpStatusCodeResult(HttpStatusCode.Forbidden));
}
return(null);
}
private void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
// Check if access to resource is to be secured.
string resource = GetResourceName();
if (!IsAccessSecured(resource))
{
return;
}
SecurityPrincipal securityPrincipal = Thread.CurrentPrincipal as SecurityPrincipal;
if ((object)securityPrincipal == null)
{
ISecurityProvider securityProvider = SecurityProviderCache.CreateProvider(Thread.CurrentPrincipal.Identity.Name);
securityProvider.PassthroughPrincipal = Thread.CurrentPrincipal;
securityProvider.Authenticate();
SecurityIdentity securityIdentity = new SecurityIdentity(securityProvider);
securityPrincipal = new SecurityPrincipal(securityIdentity);
Thread.CurrentPrincipal = securityPrincipal;
}
if (!m_application.User.Identity.IsAuthenticated)
{
// Failed to authenticate user.
Redirect(HttpStatusCode.Unauthorized);
}
if (IsAccessRestricted() ||
!SecurityProviderUtility.IsResourceAccessible(resource, securityPrincipal))
{
// User does not have access to the resource.
Redirect(HttpStatusCode.Forbidden);
}
}
private void VerifyAdminUser(IDbConnection connection, string nodeID)
{
// Lookup administrator role ID
IDbCommand command = connection.CreateCommand();
command.CommandText = string.Format("SELECT ID FROM ApplicationRole WHERE Name = 'Administrator' AND NodeID = {0}", nodeID);
string adminRoleID = command.ExecuteScalar().ToNonNullString();
string databaseType = m_state["newDatabaseType"].ToString();
adminRoleID = adminRoleID.StartsWith("'") ? adminRoleID : "'" + adminRoleID + "'";
// Check if there is any user associated with the administrator role ID in the ApplicationRoleUserAccount table.
// if so that means there is atleast one user associated with that role. So we do not need to take any action.
// if not that means, user provided on the screen must be attached to this role. Also check if that user exists in
// the UserAccount table. If so, then get the ID otherwise add user and retrieve ID.
command.CommandText = string.Format("SELECT COUNT(*) FROM ApplicationRoleUserAccount WHERE ApplicationRoleID = {0}", adminRoleID);
if (Convert.ToInt32(command.ExecuteScalar()) == 0)
{
if (m_state.ContainsKey("adminUserName")) //i.e. if security setup screen was displayed during setup.
{
command.CommandText = string.Format("Select ID FROM UserAccount WHERE Name = '{0}'", m_state["adminUserName"].ToString());
string adminUserID = command.ExecuteScalar().ToNonNullString();
if (!string.IsNullOrEmpty(adminUserID)) //if user exists then attach it to admin role and we'll be done with it.
{
adminUserID = adminUserID.StartsWith("'") ? adminUserID : "'" + adminUserID + "'";
command.CommandText = string.Format("INSERT INTO ApplicationRoleUserAccount(ApplicationRoleID, UserAccountID) VALUES({0}, {1})", adminRoleID, adminUserID);
command.ExecuteNonQuery();
}
else //we need to add user to the UserAccount table and then attach it to admin role.
{
bool databaseIsOracle = (databaseType == "Oracle");
char paramChar = databaseIsOracle ? ':' : '@';
// Add Administrative User.
IDbCommand adminCredentialCommand = connection.CreateCommand();
if (m_state["authenticationType"].ToString() == "windows")
{
IDbDataParameter nameParameter = adminCredentialCommand.CreateParameter();
IDbDataParameter createdByParameter = adminCredentialCommand.CreateParameter();
IDbDataParameter updatedByParameter = adminCredentialCommand.CreateParameter();
nameParameter.ParameterName = paramChar + "name";
createdByParameter.ParameterName = paramChar + "createdBy";
updatedByParameter.ParameterName = paramChar + "updatedBy";
nameParameter.Value = m_state["adminUserName"].ToString();
createdByParameter.Value = Thread.CurrentPrincipal.Identity.Name;
updatedByParameter.Value = Thread.CurrentPrincipal.Identity.Name;
adminCredentialCommand.Parameters.Add(nameParameter);
adminCredentialCommand.Parameters.Add(createdByParameter);
adminCredentialCommand.Parameters.Add(updatedByParameter);
if (databaseIsOracle)
{
adminCredentialCommand.CommandText = string.Format("INSERT INTO UserAccount(Name, DefaultNodeID, CreatedBy, UpdatedBy) VALUES(:name, {0}, :createdBy, :updatedBy)", nodeID);
}
else
{
adminCredentialCommand.CommandText = string.Format("INSERT INTO UserAccount(Name, DefaultNodeID, CreatedBy, UpdatedBy) VALUES(@name, {0}, @createdBy, @updatedBy)", nodeID);
}
}
else
{
IDbDataParameter nameParameter = adminCredentialCommand.CreateParameter();
IDbDataParameter passwordParameter = adminCredentialCommand.CreateParameter();
IDbDataParameter firstNameParameter = adminCredentialCommand.CreateParameter();
IDbDataParameter lastNameParameter = adminCredentialCommand.CreateParameter();
IDbDataParameter createdByParameter = adminCredentialCommand.CreateParameter();
IDbDataParameter updatedByParameter = adminCredentialCommand.CreateParameter();
nameParameter.ParameterName = paramChar + "name";
passwordParameter.ParameterName = paramChar + "password";
firstNameParameter.ParameterName = paramChar + "firstName";
lastNameParameter.ParameterName = paramChar + "lastName";
createdByParameter.ParameterName = paramChar + "createdBy";
updatedByParameter.ParameterName = paramChar + "updatedBy";
nameParameter.Value = m_state["adminUserName"].ToString();
passwordParameter.Value = SecurityProviderUtility.EncryptPassword(m_state["adminPassword"].ToString());
firstNameParameter.Value = m_state["adminUserFirstName"].ToString();
lastNameParameter.Value = m_state["adminUserLastName"].ToString();
createdByParameter.Value = Thread.CurrentPrincipal.Identity.Name;
updatedByParameter.Value = Thread.CurrentPrincipal.Identity.Name;
adminCredentialCommand.Parameters.Add(nameParameter);
adminCredentialCommand.Parameters.Add(passwordParameter);
adminCredentialCommand.Parameters.Add(firstNameParameter);
adminCredentialCommand.Parameters.Add(lastNameParameter);
adminCredentialCommand.Parameters.Add(createdByParameter);
adminCredentialCommand.Parameters.Add(updatedByParameter);
if (databaseIsOracle)
{
adminCredentialCommand.CommandText = string.Format("INSERT INTO UserAccount(Name, Password, FirstName, LastName, DefaultNodeID, UseADAuthentication, CreatedBy, UpdatedBy) VALUES" +
"(:name, :password, :firstName, :lastName, {0}, 0, :createdBy, :updatedBy)", nodeID);
}
else
{
adminCredentialCommand.CommandText = string.Format("INSERT INTO UserAccount(Name, Password, FirstName, LastName, DefaultNodeID, UseADAuthentication, CreatedBy, UpdatedBy) VALUES" +
"(@name, @password, @firstName, @lastName, {0}, 0, @createdBy, @updatedBy)", nodeID);
}
}
adminCredentialCommand.ExecuteNonQuery();
// Get the admin user ID from the database.
IDataReader userIdReader = null;
IDbDataParameter newNameParameter = adminCredentialCommand.CreateParameter();
newNameParameter.ParameterName = paramChar + "name";
newNameParameter.Value = m_state["adminUserName"].ToString();
adminCredentialCommand.CommandText = "SELECT ID FROM UserAccount WHERE Name = " + paramChar + "name";
adminCredentialCommand.Parameters.Clear();
adminCredentialCommand.Parameters.Add(newNameParameter);
using (userIdReader = adminCredentialCommand.ExecuteReader())
{
if (userIdReader.Read())
{
adminUserID = userIdReader["ID"].ToNonNullString();
}
}
// Assign Administrative User to Administrator Role.
if (!string.IsNullOrEmpty(adminRoleID) && !string.IsNullOrEmpty(adminUserID))
{
adminUserID = adminUserID.StartsWith("'") ? adminUserID : "'" + adminUserID + "'";
adminCredentialCommand.CommandText = string.Format("INSERT INTO ApplicationRoleUserAccount(ApplicationRoleID, UserAccountID) VALUES ({0}, {1})", adminRoleID, adminUserID);
adminCredentialCommand.ExecuteNonQuery();
}
}
}
}
}
/// <summary>
/// Handles service start event.
/// </summary>
/// <param name="args">Service start arguments.</param>
public virtual void Start(string[] args)
{
string userInput = null;
Arguments arguments = new Arguments(string.Join(" ", args));
if (arguments.Exists("OrderedArg1") && arguments.Exists("restart"))
{
string serviceName = arguments["OrderedArg1"];
if (Common.IsPosixEnvironment)
{
string serviceCommand = FilePath.GetAbsolutePath(serviceName);
try
{
Command.Execute(serviceCommand, "stop");
}
catch (Exception ex)
{
WriteLine("Failed to stop the {0} daemon: {1}\r\n", serviceName, ex.Message);
}
try
{
Command.Execute(serviceCommand, "start");
}
catch (Exception ex)
{
WriteLine("Failed to restart the {0} daemon: {1}\r\n", serviceName, ex.Message);
}
}
else
{
// Attempt to access service controller for the specified Windows service
ServiceController serviceController = ServiceController.GetServices().SingleOrDefault(svc => string.Compare(svc.ServiceName, serviceName, StringComparison.OrdinalIgnoreCase) == 0);
if (serviceController != null)
{
try
{
if (serviceController.Status == ServiceControllerStatus.Running)
{
WriteLine("Attempting to stop the {0} Windows service...", serviceName);
serviceController.Stop();
// Can't wait forever for service to stop, so we time-out after 20 seconds
serviceController.WaitForStatus(ServiceControllerStatus.Stopped, TimeSpan.FromSeconds(20.0D));
if (serviceController.Status == ServiceControllerStatus.Stopped)
{
WriteLine("Successfully stopped the {0} Windows service.", serviceName);
}
else
{
WriteLine("Failed to stop the {0} Windows service after trying for 20 seconds...", serviceName);
}
// Add an extra line for visual separation of service termination status
WriteLine("");
}
}
catch (Exception ex)
{
WriteLine("Failed to stop the {0} Windows service: {1}\r\n", serviceName, ex.Message);
}
}
// If the service failed to stop or it is installed as stand-alone debug application, we try to forcibly stop any remaining running instances
try
{
Process[] instances = Process.GetProcessesByName(serviceName);
if (instances.Length > 0)
{
int total = 0;
WriteLine("Attempting to stop running instances of the {0}...", serviceName);
// Terminate all instances of service running on the local computer
foreach (Process process in instances)
{
process.Kill();
total++;
}
if (total > 0)
{
WriteLine("Stopped {0} {1} instance{2}.", total, serviceName, total > 1 ? "s" : "");
}
// Add an extra line for visual separation of process termination status
WriteLine("");
}
}
catch (Exception ex)
{
WriteLine("Failed to terminate running instances of the {0}: {1}\r\n", serviceName, ex.Message);
}
// Attempt to restart Windows service...
if (serviceController != null)
{
try
{
// Refresh state in case service process was forcibly stopped
serviceController.Refresh();
if (serviceController.Status != ServiceControllerStatus.Running)
{
serviceController.Start();
}
}
catch (Exception ex)
{
WriteLine("Failed to restart the {0} Windows service: {1}\r\n", serviceName, ex.Message);
}
}
}
}
else
{
if (arguments.Exists("server"))
{
// Override default settings with user provided input.
m_clientHelper.PersistSettings = false;
m_remotingClient.PersistSettings = false;
m_remotingClient.ConnectionString = string.Format("Server={0}", arguments["server"]);
}
string password = null;
long lastConnectAttempt = 0;
// Connect to service and send commands.
while (!string.Equals(userInput, "Exit", StringComparison.OrdinalIgnoreCase))
{
try
{
// Do not reattempt connection too quickly
while (DateTime.UtcNow.Ticks - lastConnectAttempt < Ticks.PerSecond)
{
Thread.Sleep(200);
}
lastConnectAttempt = DateTime.UtcNow.Ticks;
m_clientHelper.Connect();
if (!m_clientHelper.RemotingClient.Enabled)
{
continue;
}
// If connection attempt failed with provided credentials, try once more with direct authentication
// but only when transport is secured
if (!m_authenticated && !string.IsNullOrEmpty(password) && m_clientHelper.RemotingClient is TlsClient)
{
m_clientHelper.Disconnect();
m_clientHelper.Password = password;
m_clientHelper.Connect();
}
if (!m_authenticated)
{
string username;
UserInfo userInfo;
StringBuilder passwordBuilder = new StringBuilder();
StringBuilder prompt = new StringBuilder();
ConsoleKeyInfo key;
lock (m_displayLock)
{
prompt.AppendLine();
prompt.AppendLine();
prompt.AppendLine("Connection to the service was rejected due to authentication failure.");
prompt.AppendLine("Enter the credentials to be used for authentication with the service.");
prompt.AppendLine();
Write(prompt.ToString());
// Capture the user name.
Write("Enter user name: ");
username = System.Console.ReadLine();
// Capture the password.
Write("Enter password: "******"Exit", StringComparison.OrdinalIgnoreCase))
{
// Wait for a command from the user.
userInput = System.Console.ReadLine();
// Write a blank line to the console.
WriteLine();
if (!string.IsNullOrWhiteSpace(userInput))
{
// The user typed in a command and didn't just hit <ENTER>.
switch (userInput.ToUpper())
{
case "CLS":
// User wants to clear the console window.
System.Console.Clear();
break;
case "EXIT":
// User wants to exit the telnet session with the service.
if (m_telnetActive)
{
userInput = string.Empty;
m_clientHelper.SendRequest("Telnet -disconnect");
}
break;
case "LOGIN":
m_clientHelper.Username = null;
m_clientHelper.Password = null;
m_authenticated = false;
break;
default:
// User wants to send a request to the service.
m_clientHelper.SendRequest(userInput);
if (string.Compare(userInput, "Help", StringComparison.OrdinalIgnoreCase) == 0)
{
DisplayHelp();
}
break;
}
}
}
m_clientHelper.Disconnect();
}
catch (Exception)
{
// Errors during the outer connection loop
// should simply force an attempt to reconnect
m_clientHelper.Disconnect();
}
}
}
}
private void SecureWindow_Initialized(object sender, EventArgs e)
{
// Don't proceed if the window is opened in design mode
if (DesignerProperties.GetIsInDesignMode(this))
{
return;
}
// Check if the resource is excluded from being secured
string resource = GetResourceName();
if (ResourceAccessiblity != ResourceAccessiblityMode.AlwaysIncluded &&
(ResourceAccessiblity == ResourceAccessiblityMode.AlwaysExcluded ||
!SecurityProviderUtility.IsResourceSecurable(resource)))
{
return;
}
try
{
// Setup the security provider for role-based security
ISecurityProvider securityProvider = SecurityProviderCache.CreateProvider(WindowsIdentity.GetCurrent().Name);
securityProvider.PassthroughPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
securityProvider.Authenticate();
SecurityIdentity securityIdentity = new SecurityIdentity(securityProvider);
SecurityPrincipal = new SecurityPrincipal(securityIdentity);
}
catch (Exception ex)
{
ShowSecurityDialog(DisplayType.AccessDenied, "Error loading security provider: " + ex.Message);
return;
}
// Verify that the security principal has been authenticated
if (!SecurityPrincipal.Identity.IsAuthenticated || ForceLoginDisplay)
{
ISecurityProvider securityProvider = SecurityPrincipal.Identity.Provider;
// See if user's password has expired
if (securityProvider.UserData.IsDefined && securityProvider.UserData.PasswordChangeDateTime <= DateTime.UtcNow)
{
ShowSecurityDialog(DisplayType.ChangePassword, string.Format("Your password has expired. {0} You must change your password to continue.", securityProvider.AuthenticationFailureReason));
}
else
{
ShowSecurityDialog(DisplayType.Login);
}
}
// Perform a top-level permission check on the resource being accessed
if (!string.IsNullOrEmpty(resource))
{
// Stay in a dialog display loop until either access to resource is available or user exits
while (!m_shutdownRequested && !IsResourceAccessible(resource))
{
// Access to resource is denied
ShowSecurityDialog(DisplayType.AccessDenied);
}
}
}
/// <summary>
/// Logins the user.
/// </summary>
/// <param name="sender">Source of this event.</param>
/// <param name="e">Arguments of this event.</param>
private void ButtonLogin_Click(object sender, RoutedEventArgs e)
{
UserInfo userInfo;
WindowsImpersonationContext impersonationContext = null;
ISecurityProvider provider;
try
{
// Determine whether we need to try impersonating the user
userInfo = new UserInfo(TextBoxUserName.Text);
// If the application is unable to access the domain, possibly because the local user
// running the application does not have access to domain objects, it's possible that
// the user logging in does have access to the domain. So we attempt to impersonate the
// user logging in to allow authentication to proceed
if (!userInfo.DomainRespondsForUser && TryImpersonate(userInfo.LoginID, TextBoxPassword.Password, out impersonationContext))
{
try
{
// Working around a known issue - DirectorySearcher will often throw
// an exception the first time it is used after impersonating another
// user so we get that out of the way here
userInfo.Initialize();
}
catch (InitializationException)
{
// Exception is expected so we ignore it
}
}
// Initialize the security provider
provider = SecurityProviderUtility.CreateProvider(TextBoxUserName.Text);
// Attempt to authenticate user
if (provider.Authenticate(TextBoxPassword.Password))
{
// Setup security provider for subsequent uses
SecurityProviderCache.CurrentProvider = provider;
ClearErrorMessage();
ExitSuccess = true;
}
else
{
// Verify their password hasn't expired
if (provider.UserData.IsDefined && provider.UserData.PasswordChangeDateTime <= DateTime.UtcNow)
{
// Display password expired message
DisplayErrorMessage(string.Format("Your password has expired. {0} You must change your password to continue.", provider.AuthenticationFailureReason));
m_displayType = DisplayType.ChangePassword;
ManageScreenVisualization();
TextBoxPassword.Password = "";
}
else
{
// Display login failure message
DisplayErrorMessage("The username or password is invalid. " + provider.AuthenticationFailureReason);
if (string.IsNullOrWhiteSpace(TextBoxUserName.Text))
{
TextBoxUserName.Focus();
}
else
{
TextBoxPassword.Focus();
}
}
}
}
catch (Exception ex)
{
DisplayErrorMessage("Login failed: " + ex.Message);
if (string.IsNullOrWhiteSpace(TextBoxUserName.Text))
{
TextBoxUserName.Focus();
}
else
{
TextBoxPassword.Focus();
}
}
finally
{
if ((object)impersonationContext != null)
{
impersonationContext.Undo();
impersonationContext.Dispose();
}
}
}
/// <summary>
/// Logins the user.
/// </summary>
/// <param name="sender">Source of this event.</param>
/// <param name="e">Arguments of this event.</param>
protected void LoginButton_Click(object sender, EventArgs e)
{
try
{
// Initialize the security provider.
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(LoginUsername.Text);
if (provider.Authenticate(LoginPassword.Text))
{
// Credentials were authenticated successfully.
SecurityProviderCache.CurrentProvider = provider;
if (RememberUsername.Checked)
{
Response.Cookies[CookieName][UsernameKey] = LoginUsername.Text;
Response.Cookies[CookieName].Expires = DateTime.Now.AddYears(1);
}
else
{
Response.Cookies[CookieName][UsernameKey] = string.Empty;
Response.Cookies[CookieName].Expires = DateTime.Now.AddYears(-1);
}
// Redirect to the referring page.
Response.Redirect(GetReferrerUrl(), false);
}
else
{
// Check why authentication failed.
if (provider.UserData.PasswordChangeDateTime != DateTime.MinValue &&
provider.UserData.PasswordChangeDateTime <= DateTime.UtcNow)
{
// User must change password.
if (provider.CanChangePassword)
{
Response.Redirect(GetRedirectUrl(PasswordChangeStatusCode), false);
}
else
{
ShowMessage("Account password has expired.", true);
}
}
else
{
// Show why login failed.
if (!ShowFailureReason(provider))
{
ShowMessage("Authentication was not successful.", true);
}
}
}
}
catch (SecurityException ex)
{
// Show security related error messages.
ShowMessage(ex.Message.EnsureEnd('.'), true);
}
catch (Exception ex)
{
// Show ambiguous message for other errors.
ShowMessage("Login failed due to an unexpected error.", true);
System.Diagnostics.Trace.WriteLine(string.Format("Login error: \r\n {0}", ex));
}
finally
{
LoginPassword.Focus();
}
}
/// <summary>
/// Attempts to change user's password.
/// </summary>
/// <param name="sender">Source of this event.</param>
/// <param name="e">Arguments of this event.</param>
private void ButtonChange_Click(object sender, RoutedEventArgs e)
{
try
{
// Check if old and new password are different
if (TextBoxOldPassword.Password == TextBoxNewPassword.Password)
{
throw new Exception("New password cannot be same as old password.");
}
// Check is new password and confirm password are same
if (TextBoxNewPassword.Password != TextBoxConfirmPassword.Password)
{
throw new Exception("New password and confirm password should be same.");
}
ISecurityProvider provider = SecurityProviderUtility.CreateProvider(TextBoxChangePasswordUserName.Text);
if (provider.CanChangePassword)
{
// Attempt to change password
if (provider.ChangePassword(TextBoxOldPassword.Password, TextBoxNewPassword.Password) &&
provider.Authenticate(TextBoxNewPassword.Password))
{
// Password changed and authenticated successfully
DisplayErrorMessage("Password changed successfully.");
// Setup security provider for subsequent uses
SecurityProviderCache.CurrentProvider = provider;
ClearErrorMessage();
ExitSuccess = true;
}
else
{
// Show why password change failed
if (!ShowFailureReason(provider))
{
if (!provider.UserData.IsAuthenticated)
{
DisplayErrorMessage("Authentication was not successful.");
}
else
{
DisplayErrorMessage("Password change was not successful.");
}
if (string.IsNullOrWhiteSpace(TextBoxChangePasswordUserName.Text))
{
TextBoxChangePasswordUserName.Focus();
}
else
{
TextBoxOldPassword.Focus();
}
}
}
}
else
{
DisplayErrorMessage("Account does not support password change.");
}
}
catch (Exception ex)
{
DisplayErrorMessage("Change password failed: " + ex.Message);
TextBoxOldPassword.Focus();
}
}
/// <summary>
/// Determines if access to the requested <paramref name="resource"/> is to be secured.
/// </summary>
/// <param name="resource">Name of the resource being requested.</param>
/// <returns>True if access to the resource is to be secured, otherwise False.</returns>
protected virtual bool IsAccessSecured(string resource)
{
return(SecurityProviderUtility.IsResourceSecurable(GetResourceName()));
}
