/// <summary> /// Evaluates the specified authority against the specified context. /// </summary> /// <param name="principal">Must be an <see cref="IPrincipal"/> object.</param> /// <param name="ruleName">The name of the rule to evaluate.</param> /// <returns><c>true</c> if the expression evaluates to true, /// otherwise <c>false</c>.</returns> public override bool Authorize(IPrincipal principal, string ruleName) { if (principal == null) { throw new ArgumentNullException("principal"); } if (ruleName == null || ruleName.Length == 0) { throw new ArgumentNullException("ruleName"); } InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, ruleName); BooleanExpression booleanExpression = GetParsedExpression(ruleName); if (booleanExpression == null) { throw new InvalidOperationException(string.Format(Properties.Resources.AuthorizationRuleNotFoundMsg, ruleName)); } bool result = booleanExpression.Evaluate(principal); if (result == false) { InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, ruleName); } return(result); }
/// <summary> /// Checks a user's authorization against a given rule /// </summary> /// <param name="principal">The user to authorize</param> /// <param name="context">The name of the rule to check</param> /// <returns>boolean indicating whether the user is authorized</returns> public override bool Authorize(System.Security.Principal.IPrincipal principal, string context) { if (principal == null) { throw new ArgumentNullException("principal"); } if (context == null || context.Length == 0) { throw new ArgumentNullException("context"); } //SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context); InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, context); DataTable dt = SqlHelper.ExecuteDataTable(CommandType.Text, "select * from tbOper where cnvcOperName='" + principal.Identity.Name + "'"); if (dt.Rows.Count == 0) { return(false); } Oper oper = new Oper(dt); object objOperFunc = SqlHelper.ExecuteScalar(CommandType.Text, "select count(*) from tbOperFunc where cnnOperID=" + oper.cnnOperID + " and cnvcFuncCode='" + context + "'"); object objDeptFunc = SqlHelper.ExecuteScalar(CommandType.Text, "select count(*) from tbDeptFunc where cnnDeptID=" + oper.cnnDeptID + " and cnvcFuncCode='" + context + "'"); int iOperFunc = Convert.ToInt32(objOperFunc); int iDeptFunc = Convert.ToInt32(objDeptFunc); bool result = iOperFunc + iDeptFunc > 0 ? true : false; if (result == false) { //SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context); InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, context); } return(result); }
/// <summary> /// Evaluates the specified authority against the specified context that is either a task or operation in Authorization Manager. If the context is an operation it should be prefixed by "O". /// </summary> /// <param name="principal">Principal object containing a windows identity.</param> /// <param name="context">Name of the task or operation to evaluate.</param> /// <returns><strong>True</strong> if AzMan evaluates to true, /// otherwise <strong>false</strong>.</returns> public override bool Authorize(IPrincipal principal, string context) { if (principal == null) { throw new ArgumentNullException("principal"); } if (context == null) { throw new ArgumentNullException("context"); } WindowsIdentity winIdentity = principal.Identity as WindowsIdentity; if (winIdentity == null) { throw new ArgumentException(Properties.Resources.WindowsIdentityOnly); } // INSTRUMENTATION //SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context); string auditIdentifier = this.auditIdentifierPrefix + principal.Identity.Name + ":" + context; bool result = false; bool operation = false; if (context.IndexOf(OperationContextPrefix) == 0) { operation = true; context = context.Substring(OperationContextPrefix.Length); } if (operation) { string[] operations = new string[] { context }; result = CheckAccessOperations(auditIdentifier, winIdentity, operations); } else { string[] tasks = new string[] { context }; result = CheckAccessTasks(auditIdentifier, winIdentity, tasks); } InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, context); if (result == false) { InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, context); } return(result); }
/// <summary> /// Evaluates the specified authority against the specified context. /// </summary> /// <param name="principal">Must be an <see cref="IPrincipal"/> object.</param> /// <param name="ruleName">The name of the rule to evaluate.</param> /// <returns><c>true</c> if the expression evaluates to true, /// otherwise <c>false</c>.</returns> public override bool Authorize(IPrincipal principal, string ruleName) { if (principal == null) { throw new ArgumentNullException("principal"); } if (ruleName == null || ruleName.Length == 0) { throw new ArgumentNullException("ruleName"); } //get the rules from the cache if (m_CacheManager.ContainsKey(CACHEKEY)) { GetAuthorizationRulesFromCache(); } else { GetAuthorizationRules(); } InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, ruleName); BooleanExpression booleanExpression = GetParsedExpression(ruleName); if (booleanExpression == null) { throw new InvalidOperationException(string.Format("Authorization Rule Not Found", ruleName)); } bool result = booleanExpression.Evaluate(principal); if (result == false) { InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, ruleName); } return(result); }
/// <summary> /// Checks a user's authorization against a given rule /// </summary> /// <param name="principal">The user to authorize</param> /// <param name="context">The name of the rule to check</param> /// <returns>boolean indicating whether the user is authorized</returns> public override bool Authorize(System.Security.Principal.IPrincipal principal, string context) { if (principal == null) { throw new ArgumentNullException("principal"); } if (context == null || context.Length == 0) { throw new ArgumentNullException("context"); } if (mgr == null) { mgr = new DbRulesManager(database); } //SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context); InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, context); BooleanExpression expression = GetParsedExpression(context, mgr); if (expression == null) { //todo : better exception throw new ApplicationException(String.Format("Authorization Rule {0} not found in the database.", context)); } bool result = expression.Evaluate(principal); if (result == false) { //SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context); InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, context); } return(result); }