public CreateTransactionOptions(AuthorizationType authorizationType, bool capture = false,
bool generateToken = false)
{
AuthorizationType = authorizationType;
Capture = capture;
GenerateToken = generateToken;
}
internal GenericMember(IAzManSid sid, WhereDefined whereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
this.sid = sid;
this.WhereDefined = whereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
}
private void TestSuNetSqlAzMan(string connectionString, int max)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
int rnd = new Random().Next(max);
IAzManStorage storage = new SqlAzManStorage(connectionString);
storage.OpenConnection();
AuthorizationType res = storage.CheckAccess("Store Stress Test", "Application" + rnd.ToString(), "Operation" + rnd.ToString(), id, DateTime.Now, true, new KeyValuePair <string, object>("chiave", "valore"));
//AuthorizationType res = storage.CheckAccess("Store Stress Test", "Application" + rnd.ToString(), "Operation" + rnd.ToString(), storage.GetDBUser("Andrea"), DateTime.Now, true, new KeyValuePair<string, object>("chiave", "valore"));
storage.CloseConnection();
storage.Dispose();
}
public NotificationServerRedirectionResponse(int trid, IPEndPoint host, AuthorizationType authorization, string ticket, string directHost, bool isDirect)
: base(trid, PackageType.NotificationServerRedirection)
{
host.NotNull();
ticket.NotEmpty();
directHost.NotEmpty();
this.Host = host;
this.Authorization = authorization;
this.Ticket = ticket;
this.DirectHost = directHost;
this.IsDirect = isDirect;
}
private static void EnsureDeclared(AuthorizationType category)
{
var requested = GetDescriptions(category);
var info = NSBundle.MainBundle.InfoDictionary;
var undeclared = requested.Where(r => !info.ContainsKey(r));
if (undeclared.Any())
{
var aggregate = undeclared.Aggregate((total, next) => total += $", {next}");
throw new AuthorizationException(AuthorizationState.Denied, $"未在 info.plist 文件中声明 `{aggregate}` 权限");
}
}
private static AuthorizationState PlatformGetState(AuthorizationType category)
{
// 检查是否声明了权限
var permissions = GetPermissions(category, false);
EnsureDeclared(permissions);
// 检查运行时权限状态
permissions = GetPermissions(category, true);
var state = GetState(permissions).ToShared();
return(state);
}
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo, SqlAzManENS ens)
{
this.db = db;
this.authorizationId = authorizationId;
this.item = item;
this.owner = owner;
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = objectSidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.ens = ens;
}
public static Task <AuthorizationState> RequestAsync(AuthorizationType category)
=> TaskUtils.FromEvent <AuthorizationState, AuthorizationStateEventArgs>(
execute: () => Request(category),
getCompleteHandler: complete => (s, e) =>
{
if (e.Category != category)
{
return;
}
complete(e.State);
},
subscribeComplete: handler => AuthorizationRequested += handler,
unsubscribeComplete: handler => AuthorizationRequested -= handler);
private MexPolicy SelectPolicy(AuthorizationType userAuthType)
{
//try ws-trust 1.3 first
return(_policies.Values.Where(
p => p.Url != null && p.AuthType == userAuthType &&
p.Version == WsTrustVersion.WsTrust13).FirstOrDefault() ?? _policies
.Values.Where(
p =>
p.Url !=
null &&
p.AuthType ==
userAuthType)
.FirstOrDefault());
}
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo, SqlAzManENS ens)
{
this.db = db;
this.authorizationId = authorizationId;
this.item = item;
this.owner = owner;
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = objectSidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.ens = ens;
}
private void neutralToolStripMenuItem_Click(object sender, EventArgs e)
{
foreach (DataGridViewRow drv in this.dgAuthorizations.SelectedRows)
{
DataRow dr = ((DataRowView)drv.DataBoundItem).Row;
AuthorizationType newAuthorizationType = AuthorizationType.Neutral;
dr.BeginEdit();
dr["AuthorizationType"] = this.RenderAuthorizationType(newAuthorizationType);
dr["AuthorizationTypeEnum"] = newAuthorizationType;
dr.EndEdit();
this.modified = true;
this.btnApply.Enabled = true;
}
}
public WebAuthorizationCredentials(
string username,
string password,
AuthorizationType authType = AuthorizationType.Basic,
string accessTokenServiceUrl = "",
string grantType = "",
string scope = "")
{
this.Username = username;
this.Password = password;
this.AuthType = authType;
this.AccessTokenTokenServiceUrl = accessTokenServiceUrl;
this.GrantType = grantType.OrTake(GrantTypeDefault);
this.Scope = scope.OrTake(ScopeDefault);
}
public void TestMethod1()
{
using (sr.CacheServiceClient csc = new NetSqlAzMan_Test.sr.CacheServiceClient())
{
try
{
KeyValuePair <string, string>[] kvp;
AuthorizationType result = csc.CheckAccessForWindowsUsersWithAttributesRetrieve(out kvp, "Italferr", "CartaDeiServizi", "Visualizza Dettagli Richiesta", ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).GetUserBinarySSid(), ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).GetGroupsBinarySSid(), DateTime.Now, false, null);
Debug.WriteLine(result);
}
finally
{
csc.Close();
((IDisposable)csc).Dispose();
}
}
}
public static string Label(this AuthorizationType authorizationType)
{
switch (authorizationType)
{
case AuthorizationType.None:
return("None");
case AuthorizationType.ProtectAll:
return("Protect All");
case AuthorizationType.ProtectChanges:
return("Protect Changes");
default:
return(null);
}
}
private void button1_Click(object sender, EventArgs e)
{
int max = 1000;
this.errors = 0;
this.progressBar1.Minimum = 0;
this.progressBar1.Maximum = max - 1;
for (int i = 0; i < max; i++)
{
Thread t = new Thread(new ThreadStart(
delegate()
{
using (sr.CacheServiceClient csc = new NetSqlAzMan_WinTest.sr.CacheServiceClient())
{
try
{
csc.Open();
//KeyValuePair<string, string>[] attrs = null;
AuthorizationType auth = csc.CheckAccessForWindowsUsersWithoutAttributesRetrieve("Eidos", "DB Persone",
"Gestore", WindowsIdentity.GetCurrent().GetUserBinarySSid(), WindowsIdentity.GetCurrent().GetGroupsBinarySSid(),
DateTime.Now, false, null);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
if (ex.InnerException != null)
{
MessageBox.Show(ex.InnerException.Message);
}
this.errors++;
}
finally
{
((IDisposable)csc).Dispose();
}
}
Thread.Sleep(new Random().Next(300));
}));
this.progressBar1.Value = i;
Application.DoEvents();
t.Start();
Thread.Sleep(new Random().Next(100));
}
MessageBox.Show(this.errors.ToString());
}
private static string[] GetDescriptions(AuthorizationType category)
{
var descriptions = new List <string>();
switch (category)
{
case AuthorizationType.Camera:
{
descriptions.Add("NSCameraUsageDescription");
break;
}
case AuthorizationType.LocationWhenUse:
{
descriptions.Add("NSLocationWhenInUseUsageDescription");
break;
}
case AuthorizationType.LocationAlways:
{
if (UIDevice.CurrentDevice.CheckSystemVersion(11, 0))
{
descriptions.Add("NSLocationWhenInUseUsageDescription");
descriptions.Add("NSLocationAlwaysAndWhenInUseUsageDescription");
}
else
{
descriptions.Add("NSLocationAlwaysUsageDescription");
}
break;
}
case AuthorizationType.PhotoLibrary:
{
descriptions.Add("NSPhotoLibraryUsageDescription");
break;
}
default:
{
throw new ArgumentOutOfRangeException(nameof(category));
}
}
return(descriptions.ToArray());
}
public static HttpClient Authorize(this HttpClient self, AuthorizationType type)
{
switch (type)
{
case AuthorizationType.InvalidBearer:
self.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", Guid.NewGuid().ToString());
break;
case AuthorizationType.Anonymous:
self.DefaultRequestHeaders.Authorization = null;
break;
default: throw new ArgumentOutOfRangeException();
}
return(self);
}
public ChatInvitationResponse(int sessionId, IPEndPoint host, AuthorizationType authorization, string ticket, string passport, string name, string directHost, bool directConnection)
: base(0, PackageType.ChatInvitation)
{
host.NotNull();
ticket.NotEmpty();
passport.NotEmpty();
name.NotEmpty();
directHost.NotEmpty();
this.SessionID = sessionId;
this.Host = host;
this.Authorization = authorization;
this.Ticket = ticket;
this.Passport = passport;
this.Name = name;
this.DirectHost = directHost;
this.DirectConnection = directConnection;
}
private Bitmap RenderAuthorizationType(AuthorizationType authorizationType)
{
switch (authorizationType)
{
case AuthorizationType.AllowWithDelegation:
return(Properties.Resources.AllowForDelegation);
case AuthorizationType.Allow:
return(Properties.Resources.Allow);
case AuthorizationType.Deny:
return(Properties.Resources.Deny);
default:
case AuthorizationType.Neutral:
return(Properties.Resources.Neutral);
}
}
private string RenderAuthorizationType(AuthorizationType authorizationType)
{
switch (authorizationType)
{
case AuthorizationType.AllowWithDelegation:
return(this.getImageUrl("AllowForDelegation.bmp"));
case AuthorizationType.Allow:
return(this.getImageUrl("Allow.bmp"));
case AuthorizationType.Deny:
return(this.getImageUrl("Deny.bmp"));
default:
case AuthorizationType.Neutral:
return(this.getImageUrl("Neutral.bmp"));
}
}
public static String GetAuthTypeName(AuthorizationType authorizationType)
{
switch (authorizationType)
{
case AuthorizationType.AllowWithDelegation:
return("Allow for Delegation");
case AuthorizationType.Allow:
return("Allow");
case AuthorizationType.Deny:
return("Deny");
default:
case AuthorizationType.Neutral:
return("Neutral");
}
}
protected int getSelectedIndex(int authorizationId)
{
//int authorizationId = int.Parse(this.dgAuthorizations.Rows[this.dgAuthorizations.EditIndex].Cells[12].Text);
AuthorizationType at = (AuthorizationType)this.dtAuthorizations.Select("AuthorizationId=" + authorizationId.ToString())[0]["AuthorizationTypeEnum"];
switch (at)
{
case AuthorizationType.AllowWithDelegation: return(0);
case AuthorizationType.Allow: return(1);
case AuthorizationType.Deny: return(2);
case AuthorizationType.Neutral: return(3);
default:
return(-1);
}
}
public static AuthorizationMessage Build(string AuthorizationHeader)
{
string[] strArray = AuthorizationHeader.Split(' ');
if (strArray.Length != 2)
{
throw new Exception("Unexpected Authorization Header");
}
AuthorizationType authorizationType = AuthorizationType.Unknown;
AuthorizationMessage authorizationMessage = (AuthorizationMessage)null;
try
{
switch (strArray[0].ToLower())
{
case "ntlm":
authorizationType = AuthorizationType.Ntlm;
authorizationMessage = (AuthorizationMessage) new NtlmAuthorizeMessage(strArray[1]);
break;
case "basic":
authorizationType = AuthorizationType.Basic;
authorizationMessage = (AuthorizationMessage) new BasicAuthorizationMessage(strArray[1]);
break;
case "negotiate":
if (Encoding.ASCII.GetString(Convert.FromBase64String(strArray[1]), 0, 4) == "NTLM")
{
authorizationType = AuthorizationType.Ntlm;
authorizationMessage = (AuthorizationMessage) new NtlmAuthorizeMessage(strArray[1]);
break;
}
authorizationType = AuthorizationType.Kerberos;
authorizationMessage = (AuthorizationMessage) new KerberosAuthorizeMessage(strArray[1]);
break;
}
}
catch (Exception ex)
{
authorizationMessage = (AuthorizationMessage) new UnknownAuthorizationMessage(strArray[1], authorizationType);
}
return(authorizationMessage);
}
/// <summary>
/// دریافت لیست نقش های کاربر
/// </summary>
public IEnumerable <RoleOutput> GetUserRolesByUserName(string Username)
{
var userRoles = new List <RoleOutput>();
try
{
IAzManStorage storage = new SqlAzManStorage(_azManConnectionString);
storage.OpenConnection();
//دریافت لیست نقش ها
IAzManItem[] azManRoles = storage[_storageName][_applicationName].GetItems(ItemType.Role);
storage.CloseConnection();
var fullUserName = GetUserNameWithoutDomain(Username) + _fullDomainName;
WindowsIdentity wi = new WindowsIdentity(fullUserName);
foreach (IAzManItem role in azManRoles)
{
AuthorizationType AuthType = role.CheckAccess(wi, DateTime.Now, new KeyValuePair <string, object> [0]);
if (AuthType == AuthorizationType.Allow || AuthType == AuthorizationType.AllowWithDelegation)
{
AzmanSid sid = new AzmanSid(wi);
if (role.GetAuthorizationsOfMember(sid)[0].Attributes.Keys.Contains("IsActive"))
{
if (!Convert.ToBoolean(role.GetAuthorizationsOfMember(sid)[0].Attributes["IsActive"].Value))
{
continue;
}
}
//اگر نقش برای این کاربر مجاز بود به لیست اضافه شود
userRoles.Add(new RoleOutput {
Name = role.Name, Description = role.Description
});
}
}
}
catch (Exception ex)
{
//log
}
return(userRoles);
}
/// <summary>
/// Retrive a complete Authorization for the current user and populate the string array
/// from .NetSqlAzMan store
/// </summary>
/// <param name="userName">User name identifying the current user</param>
/// <returns>Array of strings containing all of the permissions from .NetSqlAzMan store</returns>
private bool CheckAccess(IAzManDBUser dbUser, string app, string role, IAzManStorage storage)
{
var result = false;
//IAzManDBUser dbUser = storage.GetDBUser(dbUserName);
AuthorizationType auth = storage.CheckAccess("CATS", app, role, dbUser, DateTime.Now, false);
switch (auth)
{
case AuthorizationType.AllowWithDelegation:
case AuthorizationType.Allow:
result = true;
break;
case AuthorizationType.Neutral:
case AuthorizationType.Deny:
result = false;
break;
}
return(result);
}
/// <summary>
/// Determines whether the specified control name has access.
/// </summary>
/// <param name="context">The context.</param>
/// <param name="controlName">Name of the control.</param>
/// <param name="itemName">Name of the item.</param>
/// <returns>
/// <c>true</c> if the specified control name has access; otherwise, <c>false</c>.
/// </returns>
protected internal bool HasAccess(NetSqlAzManAuthorizationContext context, string controlName, string itemName)
{
if (!String.IsNullOrEmpty(context._storageConnectionString))
{
if (context.StorageCache != null)
{
//Storage Cache
AuthorizationType auth = AuthorizationType.Neutral;
if (context._windowIdentity != null)
{
auth = context.StorageCache.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._windowIdentity.GetUserBinarySSid(), context._windowIdentity.GetGroupsBinarySSid(), ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
}
else if (context._dbuserIdentity != null)
{
auth = context.StorageCache.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._dbuserIdentity.CustomSid.StringValue, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
}
return((auth == AuthorizationType.AllowWithDelegation) || (auth == AuthorizationType.Allow));
}
else
{
//Direct Access
using (SqlAzManStorage storage = new SqlAzManStorage(context._storageConnectionString))
{
AuthorizationType auth = AuthorizationType.Neutral;
if (context._windowIdentity != null)
{
auth = storage.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._windowIdentity, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
}
else if (context._dbuserIdentity != null)
{
auth = storage.CheckAccess(context.StoreName, context.ApplicationName, itemName, context._dbuserIdentity, ValidFor.HasValue ? ValidFor.Value : DateTime.Now, OperationsOnly, ContextParameters);
}
return((auth == AuthorizationType.AllowWithDelegation) || (auth == AuthorizationType.Allow));
}
}
}
else
{
throw new InvalidOperationException("NetSqlAzMan Storage connection string and NetSqlAzMan WCF Cache Service url cannot be both null");
}
}
private void GetXsollaSettings(out string loginID, out string callbackURL, out AuthorizationType authorizationType, out bool invalidationFlag, out int OAuthClientId, out string facebookAppId, out string googleServerId, out string wechatAppId, out string qqAppId)
{
loginID = XsollaSettings.LoginId;
callbackURL = XsollaSettings.CallbackUrl;
authorizationType = XsollaSettings.AuthorizationType;
if (authorizationType == AuthorizationType.JWT)
{
invalidationFlag = XsollaSettings.JwtTokenInvalidationEnabled;
}
else /*if (authorizationType == AuthorizationType.OAuth2_0)*/
{
invalidationFlag = true;
}
OAuthClientId = XsollaSettings.OAuthClientId;
facebookAppId = XsollaSettings.FacebookAppId;
googleServerId = XsollaSettings.GoogleServerId;
wechatAppId = XsollaSettings.WeChatAppId;
qqAppId = XsollaSettings.QQAppId;
}
public CommunicatorConfiguration(IDictionary <string, string> properties)
{
if (properties != null)
{
ApiEndpoint = GetApiEndpoint(properties);
AuthorizationType = AuthorizationType.GetValueOf(GetProperty(properties, "onlinePayments.api.authorizationType", AuthorizationType.ToString()));
ConnectTimeout = GetTimeout(properties, "onlinePayments.api.connectTimeout", ConnectTimeout);
SocketTimeout = GetTimeout(properties, "onlinePayments.api.socketTimeout", SocketTimeout);
MaxConnections = GetProperty(properties, "onlinePayments.api.maxConnections", MaxConnections);
var proxyURI = GetProperty(properties, "onlinePayments.api.proxy.uri");
if (proxyURI != null)
{
ProxyConfiguration.Uri = new Uri(proxyURI);
ProxyConfiguration.Username = GetProperty(properties, "onlinePayments.api.proxy.username");
ProxyConfiguration.Password = GetProperty(properties, "onlinePayments.api.proxy.password");
}
Integrator = GetProperty(properties, "onlinePayments.api.integrator", "");
}
}
private void AddPolicy(
XElement policy,
AuthorizationType policyAuthType)
{
var binding = policy.Descendants(XmlNamespace.Sp + "TransportBinding").FirstOrDefault() ??
policy.Descendants(XmlNamespace.Sp2005 + "TransportBinding").FirstOrDefault();
if (binding != null)
{
var id = policy.Attribute(XmlNamespace.Wsu + "Id");
if (id != null)
{
_policies.Add(
"#" + id.Value,
new MexPolicy
{
Id = id.Value,
AuthType = policyAuthType
});
}
}
}
/// <summary>
/// Gets the string response from the passed endpoint. First converts the request parameters hashtable into a URLEncoded request body.
/// </summary>
/// <returns>The string response, if any.</returns>
/// <param name="url">Endpoint URL.</param>
/// <param name="verb">HTTP Verb.</param>
/// <param name="authToken">Auth token, if any.</param>
/// <param name="requestParameters">Parameters to convert into a URLEncoded string in the request body.</param>
/// <param name="format">Request Format.</param>
/// <param name="encoding">Request Encoding.</param>
/// <param name="additionalHeaders">Additional headers.</param>
public async Task <WebServiceStringResult> GetStringResponse(
String url,
HttpVerb verb,
String authToken,
AuthorizationType authType = AuthorizationType.NOT_APPLICABLE,
Dictionary <String, String> requestParameters = null,
RequestDataFormatType format = RequestDataFormatType.JSON,
RequestEncodingType encoding = RequestEncodingType.UTF8,
List <HttpRequestHeader> additionalHeaders = null
)
{
// Make sure they actually passed parameters for non-GET requests.
if (verb != HttpVerb.GET && (requestParameters == null || requestParameters.Count == 0))
{
throw new ArgumentException("Request parameter list cannot be null or empty.");
}
// Convert the parameters to a URLEncoded request body.
string requestBody = GetUrlEncodedParameterList(requestParameters);
// Call the webservice.
return(await GetStringResponse(url, verb, authToken, authType, requestBody, format, encoding, additionalHeaders));
}
private void detectedDifferences(
AuthorizationType auth1,
List<KeyValuePair<string, string>> attrs1,
AuthorizationType auth2,
List<KeyValuePair<string, string>> attrs2)
{
if (auth1 != auth2)
throw new Exception("Auth1 <> Auth2");
if (attrs1.Count == attrs2.Count)
{
var t = (from t1 in attrs1
join t2 in attrs2 on new { K = t1.Key, V = t1.Value } equals new { K = t2.Key, V = t2.Value }
select t1).Count();
if (t != attrs2.Count)
{
throw new Exception("attrs1 <> attrs2");
}
}
else
{
throw new Exception("attrs1 <> attrs2");
}
}
public AuthorizeAttribute(AuthorizationType authorizationType, string role)
{
AuthorizationType = authorizationType;
Role = role;
}
internal static AuthorizationType mergeAuthorizations(AuthorizationType auth1, AuthorizationType auth2)
{
if (auth1 == AuthorizationType.AllowWithDelegation)
{
if (auth2 == AuthorizationType.AllowWithDelegation)
{
return AuthorizationType.AllowWithDelegation;
}
else if (auth2 == AuthorizationType.Allow)
{
return AuthorizationType.AllowWithDelegation;
}
else if (auth2 == AuthorizationType.Deny)
{
return AuthorizationType.Deny;
}
else if (auth2 == AuthorizationType.Neutral)
{
return AuthorizationType.AllowWithDelegation;
}
}
else if (auth1 == AuthorizationType.Allow)
{
if (auth2 == AuthorizationType.AllowWithDelegation)
{
return AuthorizationType.AllowWithDelegation;
}
else if (auth2 == AuthorizationType.Allow)
{
return AuthorizationType.Allow;
}
else if (auth2 == AuthorizationType.Deny)
{
return AuthorizationType.Deny;
}
else if (auth2 == AuthorizationType.Neutral)
{
return AuthorizationType.Allow;
}
}
else if (auth1 == AuthorizationType.Deny)
{
return AuthorizationType.Deny;
}
//else if (auth1 == AuthorizationType.Neutral)
//{
return auth2;
//}
}
private Bitmap RenderAuthorizationType(AuthorizationType authorizationType)
{
switch (authorizationType)
{
case AuthorizationType.AllowWithDelegation:
return Properties.Resources.AllowForDelegation;
case AuthorizationType.Allow:
return Properties.Resources.Allow;
case AuthorizationType.Deny:
return Properties.Resources.Deny;
default:
case AuthorizationType.Neutral:
return Properties.Resources.Neutral;
}
}
void permissionAction_Triggered(object sender, MMC.SyncActionEventArgs e, AuthorizationType authorizationType)
{
try
{
foreach (MMC.ResultNode resultNode in this.SelectedNodes)
{
IAzManAuthorization auth = (IAzManAuthorization)resultNode.Tag;
this.changePermission(auth, authorizationType);
string sAuthType;
switch (authorizationType)
{
default:
case AuthorizationType.Neutral: sAuthType = Globalization.MultilanguageResource.GetString("Domain_Neutral"); break;
case AuthorizationType.Allow: sAuthType = Globalization.MultilanguageResource.GetString("Domain_Allow"); break;
case AuthorizationType.AllowWithDelegation: sAuthType = Globalization.MultilanguageResource.GetString("Domain_AllowWithDelegation"); break;
case AuthorizationType.Deny: sAuthType = Globalization.MultilanguageResource.GetString("Domain_Deny"); break;
}
resultNode.SubItemDisplayNames[0] = sAuthType;
}
}
catch (Exception ex)
{
this.ShowError(ex.Message, Globalization.MultilanguageResource.GetString("AuthorizationsListView_Tit10"));
}
finally
{
/*Application.DoEvents();*/
}
}
public OpinionsServices(AuthorizationType yes, AuthorizationType no, AuthorizationType indefinitely)
{
this.yes = yes;
this.no = no;
this.indefinitely = indefinitely;
}
internal ItemNode(int itemId, string itemName, ItemType itemType, AuthorizationType authorizationType, int? bizRuleId, string bizRuleSource, byte? bizRuleType, IAzManItem azmanItem)
{
this.parentItemNodes = new HybridDictionary();
this.itemId = itemId;
this.itemName = itemName;
this.itemType = itemType;
this.authorizationType = authorizationType;
this.bizRuleId = bizRuleId;
this.bizRuleSource = bizRuleSource;
this.bizRuleLanguage = bizRuleType;
this.azmanItem = azmanItem;
}
/// <summary>Creates a new instance of the AuthorizedRole class associating it with a content item and defining the role name.</summary>
/// <param name="item">The item this role is associated with.</param>
/// <param name="operation"></param>
/// <param name="roleOrUser">The role or user name.</param>
/// <param name="type"></param>
public AuthorizationRule(ContentItem item, string operation, string roleOrUser, AuthorizationType type, bool allowed)
: this(item, operation, (type == AuthorizationType.Role) ? roleOrUser : null, (type == AuthorizationType.User) ? roleOrUser : null, allowed)
{
}
private void CreateRow(string roleOrUser, AuthorizationType type, IEnumerable<string> allowedOperations)
{
int index = tblPermissions.Rows.Count;
Icon icon = (type == AuthorizationType.Role) ? Icon.Group : Icon.User;
GenericIdentity identity = new GenericIdentity((type == AuthorizationType.User) ? roleOrUser : string.Empty);
string[] roles = (type == AuthorizationType.Role) ? new[] { roleOrUser } : new string[] { };
IPrincipal user = new GenericPrincipal(identity, roles);
TableRow row = new TableRow();
TableCell imageCell = new TableCell();
imageCell.Controls.Add(new LiteralControl("<img src=\"" + Utility.GetCooliteIconUrl(icon) + "\" />"));
imageCell.Controls.Add(new HiddenField { ID = "hdn" + index + "Type", Value = type.ToString() });
imageCell.Controls.Add(new HiddenField { ID = "hdn" + index + "RoleOrUser", Value = roleOrUser });
row.Cells.Add(imageCell);
row.Cells.Add(new TableCell { Text = roleOrUser });
foreach (string operation in allowedOperations)
{
CheckBox checkBox = new CheckBox
{
ID = "chk" + index + operation,
Checked = Engine.SecurityManager.IsAuthorized(SelectedItem, user, operation)
};
TableCell cell = new TableCell { CssClass = "operation" };
cell.Controls.Add(checkBox);
row.Cells.Add(cell);
}
TableCell deleteCell = new TableCell();
LinkButton deleteButton = new LinkButton { ID = "btnDelete" + index, Text = "Delete" };
deleteButton.Click += deleteButton_Click;
deleteCell.Controls.Add(deleteButton);
row.Cells.Add(deleteCell);
tblPermissions.Rows.Add(row);
switch (type)
{
case AuthorizationType.Role:
_displayedRoles.Add(roleOrUser);
break;
case AuthorizationType.User:
_displayedUsers.Add(roleOrUser);
break;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="OAuthAuthorization"/> class with specific authorization type and value.
/// </summary>
public HttpAuthorization(AuthorizationType type, UniValue value)
{
this.AuthorizationType = type;
this.Value = value;
}
/// <summary>
/// ویژگی طراحی شده جهت مشخص سازی وضعیت دسترسی به یک صفحه خاص
/// </summary>
/// <param name="authorizationType">وضعیت دسترسی به صفحه</param>
/// <param name="requiredRoles">نقشهای مورد نیاز جدا شده با کاما از هم</param>
public PageAuthorizationAttribute(AuthorizationType authorizationType, string requiredRoles = "")
{
_authorizationType = authorizationType;
_requiredRoles = requiredRoles;
}
/// <summary>
/// Gets the string response from the passed endpoint. First converts the request parameters hashtable into a URLEncoded request body.
/// </summary>
/// <returns>The string response, if any.</returns>
/// <param name="url">Endpoint URL.</param>
/// <param name="verb">HTTP Verb.</param>
/// <param name="authToken">Auth token, if any.</param>
/// <param name="requestParameters">Parameters to convert into a URLEncoded string in the request body.</param>
/// <param name="format">Request Format.</param>
/// <param name="encoding">Request Encoding.</param>
/// <param name="additionalHeaders">Additional headers.</param>
public async Task<WebServiceStringResult> GetStringResponse (
String url,
HttpVerb verb,
String authToken,
AuthorizationType authType = AuthorizationType.NOT_APPLICABLE,
Dictionary<String, String> requestParameters = null,
RequestDataFormatType format = RequestDataFormatType.JSON,
RequestEncodingType encoding = RequestEncodingType.UTF8,
List<HttpRequestHeader> additionalHeaders = null
)
{
// Make sure they actually passed parameters for non-GET requests.
if (verb != HttpVerb.GET && (requestParameters == null || requestParameters.Count == 0))
throw new ArgumentException ("Request parameter list cannot be null or empty.");
// Convert the parameters to a URLEncoded request body.
string requestBody = GetUrlEncodedParameterList (requestParameters);
// Call the webservice.
return await GetStringResponse (url, verb, authToken, authType, requestBody, format, encoding, additionalHeaders);
}
// eo GetStringResponse
/// <summary>
/// Gets the string response from the passed endpoint.
/// </summary>
/// <returns>The string response, if any.</returns>
/// <param name="url">Endpoint URL.</param>
/// <param name="verb">HTTP Verb.</param>
/// <param name="authToken">Auth token, if any.</param>
/// <param name="requestBody">Request body.</param>
/// <param name="format">Request Format.</param>
/// <param name="encoding">Request Encoding.</param>
/// <param name="additionalHeaders">Additional headers.</param>
public async Task<WebServiceStringResult> GetStringResponse (
String url,
HttpVerb verb,
String authToken,
AuthorizationType authType = AuthorizationType.NOT_APPLICABLE,
String requestBody = null,
RequestDataFormatType format = RequestDataFormatType.JSON,
RequestEncodingType encoding = RequestEncodingType.UTF8,
List<HttpRequestHeader> additionalHeaders = null
)
{
// Set up the call details.
if (String.IsNullOrWhiteSpace (url))
throw new ArgumentException ("URL cannot be null or whitespace.");
else
this.EndpointUri = new Uri (url);
this.RequestDataFormat = format;
this.ResponseDataFormat = ResponseDataFormatType.JSON;
this.RequestEncoding = encoding;
this.AdditionalHeaders = additionalHeaders;
this.RequestBody = requestBody;
if (String.IsNullOrWhiteSpace (authToken)) {
this.AuthenticationToken = null;
this.AuthenticationTokenType = AuthorizationType.NOT_APPLICABLE;
} else {
this.AuthenticationToken = authToken;
this.AuthenticationTokenType = authType;
}
// Make the call and return the result.
switch (verb) {
case HttpVerb.GET:
return await GetCall ();
case HttpVerb.POST:
return await PostCall ();
case HttpVerb.PUT:
return await PutCall ();
case HttpVerb.DELETE:
return await DeleteCall ();
default:
throw new NotImplementedException (String.Format ("Support for verb {0} is not yet implemented.", verb.ToString ()));
}
}
private string RenderAuthorizationType(AuthorizationType authorizationType)
{
switch (authorizationType)
{
case AuthorizationType.AllowWithDelegation:
return this.getImageUrl("AllowForDelegation.bmp");
case AuthorizationType.Allow:
return this.getImageUrl("Allow.bmp");
case AuthorizationType.Deny:
return this.getImageUrl("Deny.bmp");
default:
case AuthorizationType.Neutral:
return this.getImageUrl("Neutral.bmp");
}
}
void SqlAzManENS_AuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime? oldValidFrom, DateTime? oldValidTo)
{
logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nAuthorization: {1}\r\nOld Owner SID: {2}\r\nOld Owner SID Where Defined: {3}\r\nOld SID: {4}\r\nOld SID Where Defined: {5}\r\nOld Authorization Type: {6}\r\nOld Valid From: {7}\r\nOld Valid To: {8}\r\n",
"AuthorizationUpdated", authorization.ToString(), oldOwner.ToString(), oldOwnerSidWhereDefined, oldSid.ToString(), oldSidWhereDefined, oldAuthorizationType, (oldValidFrom.HasValue ? oldValidFrom.Value.ToString() : ""), (oldValidTo.HasValue ? oldValidTo.Value.ToString() : "")));
}
public static void Request(AuthorizationType category) => PlatformRequest(category);
internal bool executeBizRule(IAzManItem item, IAzManSid identity, Hashtable contextParameters, ref AuthorizationType forcedCheckAccessResult)
{
try
{
Assembly assembly = item.LoadBizRuleAssembly();
Type bizRuleType = null;
foreach (Type t in assembly.GetTypes())
{
Type[] interfaces = t.FindInterfaces(new TypeFilter(
delegate(Type typeObj, Object criteriaObj)
{
if (typeObj.ToString() == criteriaObj.ToString())
return true;
else
return false;
}), typeof(NetSqlAzMan.Interfaces.IAzManBizRule).FullName);
if (interfaces.Length > 0)
{
bizRuleType = t;
break;
}
}
IAzManBizRule bizRule = (IAzManBizRule)bizRuleType.InvokeMember("cctor", BindingFlags.CreateInstance, null, bizRuleType, null);
return bizRule.Execute(contextParameters, identity, item, ref forcedCheckAccessResult);
}
catch (Exception ex)
{
string msg = String.Format("Business Rule Error:{0}\r\nItem Name:{1}, Application Name: {2}, Store Name: {3}", ex.Message, item.Name, item.Application.Name, item.Application.Store.Name);
throw new SqlAzManException(msg, ex);
}
}
private void changePermission(IAzManAuthorization authorization, AuthorizationType authorizationType)
{
authorization.Update(authorization.Owner, authorization.SID, authorization.SidWhereDefined, authorizationType, authorization.ValidFrom, authorization.ValidTo);
}
private void raiseAuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime? oldValidFrom, DateTime? oldValidTo)
{
if (this.AuthorizationUpdated != null)
this.AuthorizationUpdated(authorization, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
/// <summary>
/// 设置授权类型
/// </summary>
/// <param name="descriptor">服务描述符。</param>
/// <param name="authType">授权类型</param>
/// <returns>服务描述符。</returns>
public static ServiceDescriptor AuthType(this ServiceDescriptor descriptor, AuthorizationType authType)
{
descriptor.Metadatas["AuthType"] = authType.ToString();
return(descriptor);
}
/// <summary>
/// Updates the specified authorization type.
/// </summary>
/// <param name="owner">The owner Sid.</param>
/// <param name="sid">The member Sid.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
public void Update(IAzManSid owner, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
if (this.owner.StringValue != owner.StringValue || this.sid.StringValue != sid.StringValue || this.sidWhereDefined != sidWhereDefined || this.authorizationType != authorizationType || this.validFrom != validFrom || this.validTo != validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
SqlAzManSID oldOwner = new SqlAzManSID(this.owner.StringValue, this.ownerSidWhereDefined == WhereDefined.Database);
SqlAzManSID oldSid = new SqlAzManSID(this.sid.StringValue, this.sidWhereDefined == WhereDefined.Database);
WhereDefined oldOwnerSidWhereDefined = this.ownerSidWhereDefined;
WhereDefined oldSidWhereDefined = this.SidWhereDefined;
AuthorizationType oldAuthorizationType = this.AuthorizationType;
DateTime? oldValidFrom = this.validFrom;
DateTime? oldValidTo = this.validTo;
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(owner.StringValue, out memberName, out isLocal);
WhereDefined ownerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.db.AuthorizationUpdate(this.item.ItemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.authorizationId, this.item.Application.ApplicationId);
this.owner = new SqlAzManSID(owner.BinaryValue);
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = sidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.raiseAuthorizationUpdated(this, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
}
/// <summary>
/// Creates the authorization.
/// </summary>
/// <param name="owner">The owner owner.</param>
/// <param name="ownerSidWhereDefined">The owner sid where defined.</param>
/// <param name="sid">The object owner.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <returns></returns>
public IAzManAuthorization CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create an Authorization on members defined on local in Administrator Mode");
}
var existing = (from aut in this.db.Authorizations()
where aut.ItemId == this.itemId && aut.OwnerSid == owner.BinaryValue && aut.OwnerSidWhereDefined == (byte)ownerSidWhereDefined && aut.ObjectSid == sid.BinaryValue && aut.AuthorizationType == (byte)authorizationType && aut.ValidFrom == validFrom && aut.ValidTo == validTo
select aut).FirstOrDefault();
if (existing == null)
{
int id = this.db.AuthorizationInsert(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.application.ApplicationId);
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, id, owner, ownerSidWhereDefined, sid, sidWhereDefined, authorizationType, validFrom, validTo, this.ens);
this.raiseAuthorizationCreated(this, result);
if (this.ens != null)
this.ens.AddPublisher(result);
this.authorizations = null; //Force cache refresh
return result;
}
else
{
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, existing.ItemId.Value, new SqlAzManSID(existing.OwnerSid.ToArray()), (WhereDefined)existing.OwnerSidWhereDefined, new SqlAzManSID(existing.ObjectSid.ToArray()), (WhereDefined)existing.ObjectSidWhereDefined, (AuthorizationType)existing.AuthorizationType.Value, existing.ValidFrom, existing.ValidTo, this.ens);
return result;
}
}
/// <summary>
/// Gets the authorizations.
/// </summary>
/// <param name="type">The type.</param>
/// <returns></returns>
public IAzManAuthorization[] GetAuthorizations(AuthorizationType type)
{
var auths = (from tf in this.db.Authorizations()
where
(this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && tf.ObjectSidWhereDefined != (byte)WhereDefined.Local
||
this.application.Store.Storage.Mode != NetSqlAzManMode.Administrator)
&&
tf.ItemId == this.itemId && tf.AuthorizationType == (byte)(type)
select tf).ToList();
int index = 0;
IAzManAuthorization[] authorizations = new SqlAzManAuthorization[auths.Count];
foreach (var row in auths)
{
authorizations[index] = new SqlAzManAuthorization(this.db, this, row.AuthorizationId.Value, new SqlAzManSID(row.OwnerSid.ToArray(), row.OwnerSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.OwnerSidWhereDefined, new SqlAzManSID(row.ObjectSid.ToArray(), row.ObjectSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.ObjectSidWhereDefined, (AuthorizationType)row.AuthorizationType, (row.ValidFrom.HasValue ? row.ValidFrom : new DateTime?()), (row.ValidTo.HasValue ? row.ValidTo : new DateTime?()), this.ens);
if (this.ens != null)
this.ens.AddPublisher(authorizations[index]);
index++;
}
return authorizations;
}
