/// <summary>
/// Get roles for specified user.
/// </summary>
/// <param name="username">User to check.</param>
/// <returns>List of roles</returns>
public override string[] GetRolesForUser(string username)
{
// Define private variables.
string[] roles = null;
// Check cache.
string cacheKey = "__ACTIVEDIRECTORYROLEPROVIDER__" + this.Config.Name + "_" + username;
HttpContext currentContext = HttpContext.Current;
if (currentContext != null)
{
ActiveDirectoryRoleProviderCache cache = (ActiveDirectoryRoleProviderCache)currentContext.Cache.Get(cacheKey);
if (cache != null)
{
// Value found in cache. Return it.
return(cache.Roles);
}
}
// Value not found in cache. Get roles for specified user.
roles = this.adConnect.GetGroupNamesForUser(username, this.Config.RecursiveGroupMembership).ToArray();
// Store value in cache.
if (currentContext != null)
{
currentContext.Cache.Insert(cacheKey, new ActiveDirectoryRoleProviderCache(roles), null, DateTime.Now.AddMinutes(this.Config.CacheDurationInMinutes), Cache.NoSlidingExpiration);
}
return(roles);
}
/// <summary>
/// Validate user to make sure they have valid roles.
/// </summary>
/// <param name="username">Username to check.</param>
/// <param name="password">Password to check.</param>
/// <returns>True/false if user login is valid and if they are a member of allowed roles.</returns>
public override bool ValidateUser(string username, string password)
{
// Check to make sure user if allowed, if appropriate.
if (this.Config.AllowedUsers.Any() && !this.Config.AllowedUsers.Contains(username))
{
// Restricted users, and this user is not one of them.
return(false);
}
// Initialize AdConnection.
this.InitializeAdConnection();
// Determine if user is valid.
var validUser = this.adConnect.ValidateUser(username, password);
// If user is not valid, return now.
if (!validUser)
{
return(false);
}
// If allowedRoles is restricted, check further.
if (this.Config.AllowedGroups.Any())
{
// Define private variables.
string[] roles = null;
// Check cache. Use different key than ActiveDirectoryRoleProvider to avoid complications in case of different settings.
string cacheKey = "__ACTIVEDIRECTORYMEMBERSHIPPROVIDER__" + this.Config.Name + "_" + username;
HttpContext currentContext = HttpContext.Current;
if (currentContext != null)
{
ActiveDirectoryRoleProviderCache cache = (ActiveDirectoryRoleProviderCache)currentContext.Cache.Get(cacheKey);
if (cache != null)
{
// Value found in cache. See if it contains any roles.
return((cache.Roles != null) && (cache.Roles.Any()));
}
}
// Check if user has any roles. If so, they can proceed.
roles = this.adConnect.GetGroupNamesForUser(username, this.Config.RecursiveGroupMembership).ToArray();
// Store value in cache.
if (currentContext != null)
{
currentContext.Cache.Insert(cacheKey, new ActiveDirectoryRoleProviderCache(roles), null, DateTime.Now.AddMinutes(this.Config.CacheDurationInMinutes), Cache.NoSlidingExpiration);
}
return((roles != null) && (roles.Any()));
}
else
{
// User is valid.
return(true);
}
}
/// <summary>
/// Get listing of all roles.
/// </summary>
/// <returns>List of roles</returns>
public override string[] GetAllRoles()
{
// Verify that search methods are allowed.
if (this.Config.EnableSearchMethods == false)
{
throw new NotSupportedException("Search methods are not enabled.");
}
// Define private variables.
string[] roles = null;
// Check cache.
string cacheKey = "__ACTIVEDIRECTORYROLEPROVIDER__" + this.Config.Name;
HttpContext currentContext = HttpContext.Current;
if (currentContext != null)
{
ActiveDirectoryRoleProviderCache cache = (ActiveDirectoryRoleProviderCache)currentContext.Cache.Get(cacheKey);
if (cache != null)
{
// Value found in cache. Return it.
return(cache.Roles);
}
}
// Value not found in cache. Get all roles
roles = this.adConnect.GetAllGroupNames().ToArray();
// Store value in cache.
if (currentContext != null)
{
currentContext.Cache.Insert(cacheKey, new ActiveDirectoryRoleProviderCache(roles), null, DateTime.Now.AddMinutes(this.Config.CacheDurationInMinutes), Cache.NoSlidingExpiration);
}
return(roles);
}