/// <summary> /// Code access permission. /// </summary> /// <param name="permission">Defines the underlying structure of all code access permissions.</param> /// <param name="source">Permission source provider.</param> /// <exception cref="System.ArgumentNullException"></exception> public CodeAccess(CodeAccessPermission permission, Nequeo.Security.IPermission source) { if (permission == null) { throw new ArgumentNullException(nameof(permission)); } if (source == null) { throw new ArgumentNullException(nameof(source)); } _permission = permission; _source = source; }
/// <summary> /// Get the permission source. /// </summary> /// <param name="section">The config section group and section name.</param> /// <returns>The permission source.</returns> /// <exception cref="System.Exception">Configuration load exception is thrown.</exception> public Nequeo.Security.IPermission GetPermission(string section = "NequeoSecurityGroup/NequeoSecurityPermission") { Nequeo.Security.IPermission encoder = null; try { // Refreshes the named section so the next time that it is retrieved it will be re-read from disk. System.Configuration.ConfigurationManager.RefreshSection(section); // Create a new default host type // an load the values from the configuration // file into the default host type. SecurityPermission defaultEncoder = (SecurityPermission)System.Configuration.ConfigurationManager.GetSection(section); // Make sure the section is defined. if (defaultEncoder == null) { throw new Exception("Configuration section has not been defined."); } // Get the encoder element. SourceElement sourceElement = defaultEncoder.SourceSection; if (sourceElement == null) { throw new Exception("Configuration element Source has not been defined."); } // Create an instance of the encoder type. Type ecoderType = Nequeo.Reflection.TypeAccessor.GetType(sourceElement.TypeValue); encoder = (Nequeo.Security.IPermission)Nequeo.Reflection.TypeAccessor.CreateInstance(ecoderType); encoder.Permission = sourceElement.PermissionType; } catch (Exception) { throw; } // Return the encoder. return(encoder); }
/// <summary> /// FileDetails /// </summary> /// <param name="context">The web context.</param> /// <returns>True if error; else false.</returns> private bool FileDetails(HttpContext context) { bool isError = false; AutoResetEvent waitEvent = new AutoResetEvent(false); try { // Get the user unique id and the current token issued. string uniqueIdentifier = context.Request.QueryString["UniqueIdentifier"]; string token = context.Request.QueryString["Token"]; // State object. Common.TokenState tokenState = new Common.TokenState(); tokenState.IsValid = false; tokenState.Permission = null; // Is token valid. _token.IsValid(uniqueIdentifier, _serviceName, token, (result, permission, state) => { try { // Get the token validation data. Common.TokenState stateToken = (Common.TokenState)state; stateToken.IsValid = result; stateToken.Permission = permission; } catch { } // Validation has ended. waitEvent.Set(); }, uniqueIdentifier, tokenState); // Wait until the token validation. waitEvent.WaitOne((int)(_requestTimeout + 10000)); // If not valid vredentails if (!tokenState.IsValid) { throw new Nequeo.Exceptions.InvalidCredentailsException("Invalid credentails."); } // Attempt to find the permission. Nequeo.Security.IPermission perState = tokenState.Permission; // If download permission is denied. if (perState == null || !perState.Access() || !perState.Permission.HasFlag(Nequeo.Security.PermissionType.Download)) { throw new Nequeo.Exceptions.PermissionException("Permission denied"); } // Get the user unique id. string fileNameQuery = context.Request.QueryString["FileName"]; string fileSubDirectoryQuery = context.Request.QueryString["Directory"]; string fileNamePath = Common.Helper.GetFilePath(fileNameQuery, fileSubDirectoryQuery); string[] details = new string[15]; // Get the file information. FileInfo fileInfo = new FileInfo(fileNamePath); details[0] = fileInfo.Attributes.ToString(); details[1] = fileInfo.CreationTime.ToString(); details[2] = fileInfo.CreationTimeUtc.ToString(); details[3] = Common.Helper.GetRelativePath(fileInfo.Directory.FullName); details[4] = Common.Helper.GetRelativePath(fileInfo.DirectoryName); details[5] = fileInfo.Exists.ToString(); details[6] = fileInfo.Extension.ToString(); details[7] = Common.Helper.GetRelativePath(fileInfo.FullName); details[8] = fileInfo.IsReadOnly.ToString(); details[9] = fileInfo.LastAccessTime.ToString(); details[10] = fileInfo.LastAccessTimeUtc.ToString(); details[11] = fileInfo.LastWriteTime.ToString(); details[12] = fileInfo.LastWriteTimeUtc.ToString(); details[13] = fileInfo.Length.ToString(); details[14] = fileInfo.Name.ToString(); // Convert the paths to byte array. string buffer = String.Join("\r\n", details); // Send the file. context.Response.AddHeader("Content-Length", buffer.Length.ToString()); context.Response.ContentType = "text/txt"; context.Response.AddHeader("MemberResult", true.ToString()); // Write the data to the stream. context.Response.Write(buffer); } catch (Nequeo.Exceptions.InvalidPathException) { try { // Send an error response. context.Response.StatusCode = 500; context.Response.StatusDescription = "Internal server error"; context.Response.AddHeader("Content-Length", "0"); context.Response.AddHeader("MemberResult", false.ToString()); context.Response.Write(""); } catch { } } catch (Nequeo.Exceptions.PermissionException) { try { // Send an error response. context.Response.StatusCode = 500; context.Response.StatusDescription = "Internal server error"; context.Response.AddHeader("Content-Length", "0"); context.Response.AddHeader("MemberResult", false.ToString()); context.Response.Write(""); } catch { } } catch (Nequeo.Exceptions.InvalidCredentailsException) { try { // Send an error response. context.Response.StatusCode = 500; context.Response.StatusDescription = "Internal server error"; context.Response.AddHeader("Content-Length", "0"); context.Response.AddHeader("MemberResult", false.ToString()); context.Response.Write(""); } catch { } } catch { } finally { if (waitEvent != null) { waitEvent.Dispose(); } } // Return the result. return(isError); }
/// <summary> /// DownloadFile /// </summary> /// <param name="context">The web context.</param> /// <returns>True if error; else false.</returns> private bool DownloadFile(HttpContext context) { bool isError = false; AutoResetEvent waitEvent = new AutoResetEvent(false); FileStream requestStream = null; try { // Get the user unique id and the current token issued. string uniqueIdentifier = context.Request.QueryString["UniqueIdentifier"]; string token = context.Request.QueryString["Token"]; // State object. Common.TokenState tokenState = new Common.TokenState(); tokenState.IsValid = false; tokenState.Permission = null; // Is token valid. _token.IsValid(uniqueIdentifier, _serviceName, token, (result, permission, state) => { try { // Get the token validation data. Common.TokenState stateToken = (Common.TokenState)state; stateToken.IsValid = result; stateToken.Permission = permission; } catch { } // Validation has ended. waitEvent.Set(); }, uniqueIdentifier, tokenState); // Wait until the token validation. waitEvent.WaitOne((int)(_requestTimeout + 10000)); // If not valid vredentails if (!tokenState.IsValid) { throw new Nequeo.Exceptions.InvalidCredentailsException("Invalid credentails."); } // Attempt to find the permission. Nequeo.Security.IPermission perState = tokenState.Permission; // If download permission is denied. if (perState == null || !perState.Access() || !perState.Permission.HasFlag(Nequeo.Security.PermissionType.Download)) { throw new Nequeo.Exceptions.PermissionException("Permission denied"); } // Get the file location. string fileNameQuery = context.Request.QueryString["FileName"]; string fileSubDirectoryQuery = context.Request.QueryString["Directory"]; string fileNamePath = Common.Helper.GetDownloadFile(fileNameQuery, fileSubDirectoryQuery); string fileName = System.IO.Path.GetFileName(fileNamePath); string extension = System.IO.Path.GetExtension(fileNamePath); FileInfo fileInfo = new FileInfo(fileNamePath); // Get the file read position. long fileReadPosition = 0; long contentLength = fileInfo.Length; // Get the read position of the file. if (context.Request.QueryString["FileReadPosition"] != null) { fileReadPosition = Int64.Parse(context.Request.QueryString["FileReadPosition"]); } // If the file read position is too large. if (fileReadPosition > fileInfo.Length) { // Throw position too large. throw new Nequeo.Exceptions.InvalidLengthException("File read position invalid."); } else { // Open and read the file. requestStream = new FileStream(fileNamePath, FileMode.Open, FileAccess.Read, FileShare.Read); // Set the position to start reading from. requestStream.Seek(fileReadPosition, SeekOrigin.Begin); } // If the read position has been set. if (fileReadPosition > 0) { // Get the difference. contentLength = fileInfo.Length - fileReadPosition; } // Send the file. context.Response.AddHeader("Content-Length", contentLength.ToString()); context.Response.ContentType = "application/" + extension; context.Response.AddHeader("content-disposition", "attachment; filename=\"" + fileName + "\""); context.Response.AddHeader("MemberResult", true.ToString()); // Send the file to the stream. Nequeo.IO.Stream.Operation.CopyStream(requestStream, context.Response.OutputStream, contentLength, _responseTimeout, _writeBufferSize); requestStream.Close(); } catch (Nequeo.Exceptions.InvalidPathException) { try { // Send an error response. context.Response.StatusCode = 500; context.Response.StatusDescription = "Internal server error"; context.Response.AddHeader("Content-Length", "0"); context.Response.AddHeader("MemberResult", false.ToString()); context.Response.Write(""); } catch { } } catch (Nequeo.Exceptions.PermissionException) { try { // Send an error response. context.Response.StatusCode = 500; context.Response.StatusDescription = "Internal server error"; context.Response.AddHeader("Content-Length", "0"); context.Response.AddHeader("MemberResult", false.ToString()); context.Response.Write(""); } catch { } } catch (Nequeo.Exceptions.InvalidCredentailsException) { try { // Send an error response. context.Response.StatusCode = 500; context.Response.StatusDescription = "Internal server error"; context.Response.AddHeader("Content-Length", "0"); context.Response.AddHeader("MemberResult", false.ToString()); context.Response.Write(""); } catch { } } catch { } finally { // Dispose of the buffer. if (requestStream != null) { requestStream.Dispose(); } if (waitEvent != null) { waitEvent.Dispose(); } } // Return the result. return(isError); }