/// <summary>
/// Code access permission.
/// </summary>
/// <param name="permission">Defines the underlying structure of all code access permissions.</param>
/// <param name="source">Permission source provider.</param>
/// <exception cref="System.ArgumentNullException"></exception>
public CodeAccess(CodeAccessPermission permission, Nequeo.Security.IPermission source)
{
if (permission == null)
{
throw new ArgumentNullException(nameof(permission));
}
if (source == null)
{
throw new ArgumentNullException(nameof(source));
}
_permission = permission;
_source = source;
}
/// <summary>
/// Get the permission source.
/// </summary>
/// <param name="section">The config section group and section name.</param>
/// <returns>The permission source.</returns>
/// <exception cref="System.Exception">Configuration load exception is thrown.</exception>
public Nequeo.Security.IPermission GetPermission(string section = "NequeoSecurityGroup/NequeoSecurityPermission")
{
Nequeo.Security.IPermission encoder = null;
try
{
// Refreshes the named section so the next time that it is retrieved it will be re-read from disk.
System.Configuration.ConfigurationManager.RefreshSection(section);
// Create a new default host type
// an load the values from the configuration
// file into the default host type.
SecurityPermission defaultEncoder =
(SecurityPermission)System.Configuration.ConfigurationManager.GetSection(section);
// Make sure the section is defined.
if (defaultEncoder == null)
{
throw new Exception("Configuration section has not been defined.");
}
// Get the encoder element.
SourceElement sourceElement = defaultEncoder.SourceSection;
if (sourceElement == null)
{
throw new Exception("Configuration element Source has not been defined.");
}
// Create an instance of the encoder type.
Type ecoderType = Nequeo.Reflection.TypeAccessor.GetType(sourceElement.TypeValue);
encoder = (Nequeo.Security.IPermission)Nequeo.Reflection.TypeAccessor.CreateInstance(ecoderType);
encoder.Permission = sourceElement.PermissionType;
}
catch (Exception)
{
throw;
}
// Return the encoder.
return(encoder);
}
/// <summary>
/// FileDetails
/// </summary>
/// <param name="context">The web context.</param>
/// <returns>True if error; else false.</returns>
private bool FileDetails(HttpContext context)
{
bool isError = false;
AutoResetEvent waitEvent = new AutoResetEvent(false);
try
{
// Get the user unique id and the current token issued.
string uniqueIdentifier = context.Request.QueryString["UniqueIdentifier"];
string token = context.Request.QueryString["Token"];
// State object.
Common.TokenState tokenState = new Common.TokenState();
tokenState.IsValid = false;
tokenState.Permission = null;
// Is token valid.
_token.IsValid(uniqueIdentifier, _serviceName, token, (result, permission, state) =>
{
try
{
// Get the token validation data.
Common.TokenState stateToken = (Common.TokenState)state;
stateToken.IsValid = result;
stateToken.Permission = permission;
}
catch { }
// Validation has ended.
waitEvent.Set();
}, uniqueIdentifier, tokenState);
// Wait until the token validation.
waitEvent.WaitOne((int)(_requestTimeout + 10000));
// If not valid vredentails
if (!tokenState.IsValid)
{
throw new Nequeo.Exceptions.InvalidCredentailsException("Invalid credentails.");
}
// Attempt to find the permission.
Nequeo.Security.IPermission perState = tokenState.Permission;
// If download permission is denied.
if (perState == null || !perState.Access() || !perState.Permission.HasFlag(Nequeo.Security.PermissionType.Download))
{
throw new Nequeo.Exceptions.PermissionException("Permission denied");
}
// Get the user unique id.
string fileNameQuery = context.Request.QueryString["FileName"];
string fileSubDirectoryQuery = context.Request.QueryString["Directory"];
string fileNamePath = Common.Helper.GetFilePath(fileNameQuery, fileSubDirectoryQuery);
string[] details = new string[15];
// Get the file information.
FileInfo fileInfo = new FileInfo(fileNamePath);
details[0] = fileInfo.Attributes.ToString();
details[1] = fileInfo.CreationTime.ToString();
details[2] = fileInfo.CreationTimeUtc.ToString();
details[3] = Common.Helper.GetRelativePath(fileInfo.Directory.FullName);
details[4] = Common.Helper.GetRelativePath(fileInfo.DirectoryName);
details[5] = fileInfo.Exists.ToString();
details[6] = fileInfo.Extension.ToString();
details[7] = Common.Helper.GetRelativePath(fileInfo.FullName);
details[8] = fileInfo.IsReadOnly.ToString();
details[9] = fileInfo.LastAccessTime.ToString();
details[10] = fileInfo.LastAccessTimeUtc.ToString();
details[11] = fileInfo.LastWriteTime.ToString();
details[12] = fileInfo.LastWriteTimeUtc.ToString();
details[13] = fileInfo.Length.ToString();
details[14] = fileInfo.Name.ToString();
// Convert the paths to byte array.
string buffer = String.Join("\r\n", details);
// Send the file.
context.Response.AddHeader("Content-Length", buffer.Length.ToString());
context.Response.ContentType = "text/txt";
context.Response.AddHeader("MemberResult", true.ToString());
// Write the data to the stream.
context.Response.Write(buffer);
}
catch (Nequeo.Exceptions.InvalidPathException)
{
try
{
// Send an error response.
context.Response.StatusCode = 500;
context.Response.StatusDescription = "Internal server error";
context.Response.AddHeader("Content-Length", "0");
context.Response.AddHeader("MemberResult", false.ToString());
context.Response.Write("");
}
catch { }
}
catch (Nequeo.Exceptions.PermissionException)
{
try
{
// Send an error response.
context.Response.StatusCode = 500;
context.Response.StatusDescription = "Internal server error";
context.Response.AddHeader("Content-Length", "0");
context.Response.AddHeader("MemberResult", false.ToString());
context.Response.Write("");
}
catch { }
}
catch (Nequeo.Exceptions.InvalidCredentailsException)
{
try
{
// Send an error response.
context.Response.StatusCode = 500;
context.Response.StatusDescription = "Internal server error";
context.Response.AddHeader("Content-Length", "0");
context.Response.AddHeader("MemberResult", false.ToString());
context.Response.Write("");
}
catch { }
}
catch { }
finally
{
if (waitEvent != null)
{
waitEvent.Dispose();
}
}
// Return the result.
return(isError);
}
/// <summary>
/// DownloadFile
/// </summary>
/// <param name="context">The web context.</param>
/// <returns>True if error; else false.</returns>
private bool DownloadFile(HttpContext context)
{
bool isError = false;
AutoResetEvent waitEvent = new AutoResetEvent(false);
FileStream requestStream = null;
try
{
// Get the user unique id and the current token issued.
string uniqueIdentifier = context.Request.QueryString["UniqueIdentifier"];
string token = context.Request.QueryString["Token"];
// State object.
Common.TokenState tokenState = new Common.TokenState();
tokenState.IsValid = false;
tokenState.Permission = null;
// Is token valid.
_token.IsValid(uniqueIdentifier, _serviceName, token, (result, permission, state) =>
{
try
{
// Get the token validation data.
Common.TokenState stateToken = (Common.TokenState)state;
stateToken.IsValid = result;
stateToken.Permission = permission;
}
catch { }
// Validation has ended.
waitEvent.Set();
}, uniqueIdentifier, tokenState);
// Wait until the token validation.
waitEvent.WaitOne((int)(_requestTimeout + 10000));
// If not valid vredentails
if (!tokenState.IsValid)
{
throw new Nequeo.Exceptions.InvalidCredentailsException("Invalid credentails.");
}
// Attempt to find the permission.
Nequeo.Security.IPermission perState = tokenState.Permission;
// If download permission is denied.
if (perState == null || !perState.Access() || !perState.Permission.HasFlag(Nequeo.Security.PermissionType.Download))
{
throw new Nequeo.Exceptions.PermissionException("Permission denied");
}
// Get the file location.
string fileNameQuery = context.Request.QueryString["FileName"];
string fileSubDirectoryQuery = context.Request.QueryString["Directory"];
string fileNamePath = Common.Helper.GetDownloadFile(fileNameQuery, fileSubDirectoryQuery);
string fileName = System.IO.Path.GetFileName(fileNamePath);
string extension = System.IO.Path.GetExtension(fileNamePath);
FileInfo fileInfo = new FileInfo(fileNamePath);
// Get the file read position.
long fileReadPosition = 0;
long contentLength = fileInfo.Length;
// Get the read position of the file.
if (context.Request.QueryString["FileReadPosition"] != null)
{
fileReadPosition = Int64.Parse(context.Request.QueryString["FileReadPosition"]);
}
// If the file read position is too large.
if (fileReadPosition > fileInfo.Length)
{
// Throw position too large.
throw new Nequeo.Exceptions.InvalidLengthException("File read position invalid.");
}
else
{
// Open and read the file.
requestStream = new FileStream(fileNamePath, FileMode.Open, FileAccess.Read, FileShare.Read);
// Set the position to start reading from.
requestStream.Seek(fileReadPosition, SeekOrigin.Begin);
}
// If the read position has been set.
if (fileReadPosition > 0)
{
// Get the difference.
contentLength = fileInfo.Length - fileReadPosition;
}
// Send the file.
context.Response.AddHeader("Content-Length", contentLength.ToString());
context.Response.ContentType = "application/" + extension;
context.Response.AddHeader("content-disposition", "attachment; filename=\"" + fileName + "\"");
context.Response.AddHeader("MemberResult", true.ToString());
// Send the file to the stream.
Nequeo.IO.Stream.Operation.CopyStream(requestStream, context.Response.OutputStream, contentLength, _responseTimeout, _writeBufferSize);
requestStream.Close();
}
catch (Nequeo.Exceptions.InvalidPathException)
{
try
{
// Send an error response.
context.Response.StatusCode = 500;
context.Response.StatusDescription = "Internal server error";
context.Response.AddHeader("Content-Length", "0");
context.Response.AddHeader("MemberResult", false.ToString());
context.Response.Write("");
}
catch { }
}
catch (Nequeo.Exceptions.PermissionException)
{
try
{
// Send an error response.
context.Response.StatusCode = 500;
context.Response.StatusDescription = "Internal server error";
context.Response.AddHeader("Content-Length", "0");
context.Response.AddHeader("MemberResult", false.ToString());
context.Response.Write("");
}
catch { }
}
catch (Nequeo.Exceptions.InvalidCredentailsException)
{
try
{
// Send an error response.
context.Response.StatusCode = 500;
context.Response.StatusDescription = "Internal server error";
context.Response.AddHeader("Content-Length", "0");
context.Response.AddHeader("MemberResult", false.ToString());
context.Response.Write("");
}
catch { }
}
catch { }
finally
{
// Dispose of the buffer.
if (requestStream != null)
{
requestStream.Dispose();
}
if (waitEvent != null)
{
waitEvent.Dispose();
}
}
// Return the result.
return(isError);
}
