public UserIdentity ShowDialog(IWin32Window owner, string caption, UserIdentity identity)
{
if (!String.IsNullOrEmpty(caption))
{
InstructuctionsLabel.Text = caption;
InstructuctionsLabel.Visible = true;
}
UserNameTextBox.Text = null;
PasswordTextBox.Text = null;
if (identity != null)
{
UserNameIdentityToken token = identity.GetIdentityToken() as UserNameIdentityToken;
if (token != null)
{
UserNameTextBox.Text = token.UserName;
PasswordTextBox.Text = token.DecryptedPassword;
}
}
if (base.ShowDialog(owner) != DialogResult.OK)
{
return(null);
}
return(new UserIdentity(UserNameTextBox.Text.Trim(), PasswordTextBox.Text.Trim()));
}
/// <summary>
/// Called when a client tries to change its user identity.
/// </summary>
private void SessionManager_ImpersonateUser(Session session, ImpersonateEventArgs args)
{
// check for an issued token.
IssuedIdentityToken issuedToken = args.NewIdentity as IssuedIdentityToken;
if (issuedToken != null)
{
if (args.UserTokenPolicy.IssuedTokenType == "http://opcfoundation.org/UA/UserTokenPolicy#JWT")
{
JwtEndpointParameters parameters = new JwtEndpointParameters();
parameters.FromJson(args.UserTokenPolicy.IssuerEndpointUrl);
var jwt = new UTF8Encoding().GetString(issuedToken.DecryptedTokenData);
var identity = ValidateJwt(parameters, jwt);
Utils.Trace("JSON Web Token Accepted: {0}", identity.DisplayName);
args.Identity = identity;
return;
}
}
// check for a user name token.
UserNameIdentityToken userNameToken = args.NewIdentity as UserNameIdentityToken;
if (userNameToken != null)
{
var identity = new UserIdentity(userNameToken);
var token = (UserNameIdentityToken)identity.GetIdentityToken();
switch (token.UserName)
{
case "gdsadmin":
{
if (token.DecryptedPassword == "demo")
{
Utils.Trace("GdsAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
break;
}
case "appadmin":
{
if (token.DecryptedPassword == "demo")
{
args.Identity = new RoleBasedIdentity(identity, GdsRole.ApplicationAdmin);
Utils.Trace("ApplicationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
break;
}
case "appuser":
{
if (token.DecryptedPassword == "demo")
{
args.Identity = new RoleBasedIdentity(identity, GdsRole.ApplicationUser);
Utils.Trace("ApplicationUser Token Accepted: {0}", args.Identity.DisplayName);
return;
}
break;
}
}
args.Identity = identity;
Utils.Trace("UserName Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// check for x509 user token.
X509IdentityToken x509Token = args.NewIdentity as X509IdentityToken;
if (x509Token != null)
{
VerifyCertificate(x509Token.Certificate);
args.Identity = new UserIdentity(x509Token);
Utils.Trace("X509 Token Accepted: {0}", args.Identity.DisplayName);
return;
}
}
