/// <summary>
/// Called when a client tries to change its user identity.
/// </summary>
private void SessionManager_ImpersonateUser(Session session, ImpersonateEventArgs args)
{
// check for a user name token
UserNameIdentityToken userNameToken = args.NewIdentity as UserNameIdentityToken;
if (userNameToken != null)
{
if (VerifyPassword(userNameToken))
{
switch (userNameToken.UserName)
{
// Server configuration administrator, manages the GDS server security
case "sysadmin":
{
args.Identity = new SystemConfigurationIdentity(new UserIdentity(userNameToken));
Utils.Trace("SystemConfigurationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS administrator
case "appadmin":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationAdmin);
Utils.Trace("ApplicationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS user
case "appuser":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationUser);
Utils.Trace("ApplicationUser Token Accepted: {0}", args.Identity.DisplayName);
return;
}
}
}
}
// check for x509 user token.
X509IdentityToken x509Token = args.NewIdentity as X509IdentityToken;
if (x509Token != null)
{
GdsRole role = GdsRole.ApplicationUser;
VerifyUserTokenCertificate(x509Token.Certificate);
// todo: is cert listed in admin list? then
// role = GdsRole.ApplicationAdmin;
Utils.Trace("X509 Token Accepted: {0} as {1}", args.Identity.DisplayName, role.ToString());
args.Identity = new RoleBasedIdentity(new UserIdentity(x509Token), role);
return;
}
}
/// <summary>
/// Called when a client tries to change its user identity.
/// </summary>
protected virtual void SessionManager_ImpersonateUser(Session session, ImpersonateEventArgs args)
{
// check for a user name token
if (args.NewIdentity is AnonymousIdentityToken anonymousToken)
{
args.Identity = new RoleBasedIdentity(new UserIdentity(), GdsRole.ApplicationUser);
return;
}
// check for a user name token
if (args.NewIdentity is UserNameIdentityToken userNameToken)
{
#if UNITTESTONLY
if (VerifyPassword(userNameToken))
{
switch (userNameToken.UserName)
{
// Server configuration administrator, manages the GDS server security
case "sysadmin":
{
args.Identity = new SystemConfigurationIdentity(new UserIdentity(userNameToken));
Utils.Trace("SystemConfigurationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS administrator
case "appadmin":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationAdmin);
Utils.Trace("ApplicationAdmin Token Accepted: {0}", args.Identity.DisplayName);
return;
}
// GDS user
case "appuser":
{
args.Identity = new RoleBasedIdentity(new UserIdentity(userNameToken), GdsRole.ApplicationUser);
Utils.Trace("ApplicationUser Token Accepted: {0}", args.Identity.DisplayName);
return;
}
}
}
#endif
}
// check for x509 user token.
if (args.NewIdentity is X509IdentityToken x509Token)
{
GdsRole role = GdsRole.ApplicationAdmin;
VerifyUserTokenCertificate(x509Token.Certificate);
Utils.Trace("X509 Token Accepted: {0} as {1}", args.Identity.DisplayName, role.ToString());
args.Identity = new RoleBasedIdentity(new UserIdentity(x509Token), role);
return;
}
throw new ServiceResultException(new ServiceResult(StatusCodes.BadUserAccessDenied));
}