/// <summary>
/// Instantiates a ServicePartitionResolver, uses the given security credentials, FabricClient Settings and the connectionEndpoints
/// to create a new instance of FabricClient.
/// </summary>
/// <param name="credential">Security credentials for the fabric client.</param>
/// <param name="settings">Fabric client Settings.</param>
/// <param name="connectionEndpoints">Array of management endpoints of the cluster.</param>
public ServicePartitionResolver(
SecurityCredentials credential,
FabricClientSettings settings,
params string[] connectionEndpoints)
: this(() => new FabricClient(credential, settings, connectionEndpoints))
{
}
internal IImageStore CreateImageStore(string imageStoreConnectionString, string workingDirectory)
{
if (!imageStoreConnectionString.StartsWith(Constants.ImageStoreConnectionFileType, StringComparison.OrdinalIgnoreCase) &&
!imageStoreConnectionString.StartsWith(Constants.ImageStoreConnectionXStoreType, StringComparison.OrdinalIgnoreCase) &&
!imageStoreConnectionString.StartsWith(Constants.ImageStoreConnectionFabricType, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentException(StringResources.Error_InvalidImageStoreConnectionString);
}
SecurityCredentials credentials = null;
string[] connectionEndpoints = null;
var clusterConnection = this.GetClusterConnection();
if (clusterConnection != null)
{
credentials = clusterConnection.SecurityCredentials;
connectionEndpoints = clusterConnection.ConnectionEndpoint;
}
return(ImageStoreFactory.CreateImageStore(
imageStoreConnectionString,
null,
connectionEndpoints,
credentials,
workingDirectory,
false /*isInternal*/));
}
/// <summary>
/// Verifies the provided credentials against the stored user password.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="password">The password in plaintext.</param>
/// <returns>An awaitable task that returns the <see cref="Account"/>.</returns>
/// <remarks>If the user does not exist, a new one will be created.</remarks>
public async Task <Account> LoginAsync(string username, string password)
{
if (string.IsNullOrWhiteSpace(username))
{
throw new ArgumentNullException(nameof(username));
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentNullException(nameof(password));
}
// Get user by username
var account = await accountRepository.GetAccountAsync(username);
if (account == null)
{
// Create new account
account = await accountRepository.CreateAccountAsync(username, password);
}
else
{
// Check password
var credentials = new SecurityCredentials
{
PasswordHash = account.PasswordHash,
SaltValue = account.Salt
};
var comparisonResult = PasswordSecurity.VerifyPassword(credentials, password);
if (!comparisonResult)
{
return(null);
}
}
return(account);
}
internal void SetSecurityCredentialsWrapper(SecurityCredentials credentials)
{
using (var pin = new PinCollection())
{
this.nativeClient.SetSecurityCredentials(credentials.ToNative(pin));
}
}
/// <summary>
/// This is used by Kvs and Volatile actor state provider.
/// </summary>
/// <param name="codePackage"></param>
/// <param name="actorImplType"></param>
/// <returns></returns>
internal static ReplicatorSettings GetActorReplicatorSettings(CodePackageActivationContext codePackage, Type actorImplType)
{
var settings = ReplicatorSettings.LoadFrom(
codePackage,
ActorNameFormat.GetConfigPackageName(actorImplType),
ActorNameFormat.GetFabricServiceReplicatorConfigSectionName(actorImplType));
settings.SecurityCredentials = SecurityCredentials.LoadFrom(
codePackage,
ActorNameFormat.GetConfigPackageName(actorImplType),
ActorNameFormat.GetFabricServiceReplicatorSecurityConfigSectionName(actorImplType));
var nodeContext = FabricRuntime.GetNodeContext();
var endpoint = codePackage.GetEndpoint(ActorNameFormat.GetFabricServiceReplicatorEndpointName(actorImplType));
settings.ReplicatorAddress = string.Format(
CultureInfo.InvariantCulture,
"{0}:{1}",
nodeContext.IPAddressOrFQDN,
endpoint.Port);
if (!settings.MaxPrimaryReplicationQueueSize.HasValue)
{
settings.MaxPrimaryReplicationQueueSize = DefaultMaxPrimaryReplicationQueueSize;
}
if (!settings.MaxSecondaryReplicationQueueSize.HasValue)
{
settings.MaxSecondaryReplicationQueueSize = DefaultMaxSecondaryReplicationQueueSize;
}
return(settings);
}
protected override CredentialsRefreshState GenerateNewCredentials()
{
SecurityCredentials credentials = null;
Uri ecsEndpointUri = Uri;
JitteredDelay retry = new JitteredDelay(new TimeSpan(0, 0, 0, 0, 200), new TimeSpan(0, 0, 0, 0, 50));
// Attempt to get the credentials 4 times ignoring null return/exceptions and on the 5th try, escalate the exception if there is one.
for (int i = 1; ; i++)
{
try
{
// AWS_CONTAINER_AUTHORIZATION_TOKEN is optional environment variable
// If this variable is set the SDK will set the Authorization header on the HTTP request with the environment variable's value.
var headers = CreateAuthorizationHeader();
credentials = GetObjectFromResponse <SecurityCredentials>(ecsEndpointUri, Proxy, headers);
if (credentials != null)
{
break;
}
}
catch (Exception e)
{
if (i == MaxRetries)
{
throw new AmazonServiceException(string.Format(CultureInfo.InvariantCulture,
"Unable to retrieve credentials. Message = \"{0}\".",
e.Message));
}
};
Util.AWSSDKUtils.Sleep(retry.Next());
}
return(new CredentialsRefreshState(new ImmutableCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.Token), credentials.Expiration));
}
public FabricClientHelperInfo(string name,
string[] gatewayAddresses,
string[] httpGatewayAddresses,
SecurityCredentials securityCredentials,
FabricClientSettings clientSettings,
FabricClientTypes type)
{
ThrowIf.NullOrEmpty(name, "name");
this.Name = name;
if (gatewayAddresses != null && gatewayAddresses.Length > 0)
{
this.GatewayAddresses = gatewayAddresses;
}
if (httpGatewayAddresses != null && httpGatewayAddresses.Length > 0)
{
this.HttpGatewayAddresses = httpGatewayAddresses;
}
this.SecurityCredentials = securityCredentials;
this.ClientSettings = clientSettings;
this.ClientTypes = type;
}
public void EnsurePermissionTestSimpleScenario()
{
int groupId = 12;
GroupStorageView[] groups = new GroupStorageView[1];
groups[0] = new GroupStorageView(groupId, "test1");
UserStorageView[] users = new UserStorageView[1];
users[0] = new UserStorageView("username1", "password1", groupId);
_managerStorage.AddGroups(groups);
_managerStorage.AddUsers(users);
_managerStorage.AddGroupPermission(groupId, Permission.ExecuteThread);
SecurityCredentials sc = new SecurityCredentials("username1", HashUtil.GetHash("password1", HashType.MD5));
EnsurePermission(sc, Permission.ExecuteThread);
// the above throws an exception if something is wrong so we are doing OK if we get this far
Assert.IsTrue(true);
}
protected override CredentialsRefreshState GenerateNewCredentials()
{
SecurityCredentials securityCredentials = null;
Uri uri = new Uri(Server + Uri);
JitteredDelay jitteredDelay = new JitteredDelay(new TimeSpan(0, 0, 0, 0, 200), new TimeSpan(0, 0, 0, 0, 50));
int num = 1;
while (true)
{
try
{
securityCredentials = URIBasedRefreshingCredentialHelper.GetObjectFromResponse <SecurityCredentials>(uri);
if (securityCredentials != null)
{
break;
}
}
catch (Exception ex)
{
if (num == MaxRetries)
{
throw new AmazonServiceException(string.Format(CultureInfo.InvariantCulture, "Unable to retrieve credentials. Message = \"{0}\".", ex.Message));
}
}
AWSSDKUtils.Sleep(jitteredDelay.Next());
num++;
}
return(new CredentialsRefreshState
{
Credentials = new ImmutableCredentials(securityCredentials.AccessKeyId, securityCredentials.SecretAccessKey, securityCredentials.Token),
Expiration = securityCredentials.Expiration
});
}
public bool CheckPermission(SecurityCredentials sc, Permission perm)
{
// get the user's groupId
int groupId = -1;
foreach (UserStorageView user in _users)
{
if (String.Compare(user.Username, sc.Username, true) == 0 && user.PasswordMd5Hash == sc.Password)
{
groupId = user.GroupId;
break;
}
}
if (groupId == -1)
{
return(false);
}
foreach (Permission permission in GetGroupPermissions(groupId))
{
// in the SQL implementation the higher leverl permissions are considered to
// include the lower leverl permissions
if ((int)permission >= (int)perm)
{
return(true);
}
}
return(false);
}
private void SetupApplicationsGroupsAndUsers(Permission permission)
{
// add permissions
int groupId = 12;
GroupStorageView[] groups = new GroupStorageView[1];
groups[0] = new GroupStorageView(groupId, "test1");
UserStorageView[] users = new UserStorageView[1];
users[0] = new UserStorageView("username1", "password1", groupId);
_managerStorage.AddGroups(groups);
_managerStorage.AddUsers(users);
_managerStorage.AddGroupPermission(groupId, permission);
SecurityCredentials sc = new SecurityCredentials("username1", HashUtil.GetHash("password1", HashType.MD5));
// add applications, only one assigned to this user
_managerStorage.AddApplication(new ApplicationStorageView("username1"));
_managerStorage.AddApplication(new ApplicationStorageView("username2"));
_managerStorage.AddApplication(new ApplicationStorageView("username3"));
}
/// <summary>
/// Modifica password per l'utente
/// </summary>
/// <param name="credentials"></param>
/// <returns></returns>
private static void InternalChangePassword(ChangePwdSecurityCredentials credentials)
{
Dpa.DataAccess.Database db = RubricaDatabase.CreateDatabase();
using (IDbConnection connection = db.GetConnection())
{
connection.Open();
using (IDbTransaction transaction = connection.BeginTransaction())
{
using (Dpa.DataAccess.DBCommandWrapper cw = db.GetStoredProcCommandWrapper(RubricaDatabase.GetSpNameForPackage(SP_CHANGE_PWD)))
{
cw.AddInParameter("pNomeUtente", DbType.String, credentials.UserName);
cw.AddInParameter("pPassword", DbType.String, SecurityCredentials.GetPasswordHash(credentials.UserName, credentials.Password));
cw.AddInParameter("pNewPassword", DbType.String, SecurityCredentials.GetPasswordHash(credentials.UserName, credentials.NewPassword));
db.ExecuteNonQuery(cw);
if (cw.RowsAffected == 0)
{
throw new ApplicationException(Properties.Resources.ConcurrencyException);
}
else
{
transaction.Commit();
}
}
}
}
}
protected override CredentialsRefreshState GenerateNewCredentials()
{
SecurityCredentials credentials = null;
Uri ecsEndpointUri = new Uri(Server + Uri);
JitteredDelay retry = new JitteredDelay(new TimeSpan(0, 0, 0, 0, 200), new TimeSpan(0, 0, 0, 0, 50));
// Attempt to get the credentials 4 times ignoring null return/exceptions and on the 5th try, escalate the exception if there is one.
for (int i = 1; ; i++)
{
try
{
credentials = GetObjectFromResponse <SecurityCredentials>(ecsEndpointUri, Proxy);
if (credentials != null)
{
break;
}
}
catch (Exception e)
{
if (i == MaxRetries)
{
throw new AmazonServiceException(string.Format(CultureInfo.InvariantCulture,
"Unable to retrieve credentials. Message = \"{0}\".",
e.Message));
}
};
Util.AWSSDKUtils.Sleep(retry.Next());
}
return(new CredentialsRefreshState(new ImmutableCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.Token), credentials.Expiration));
}
protected override string GetUserCountSqlQuery(SecurityCredentials sc)
{
return(String.Format(
"select cast(count(*) as int4) as authenticated from usr where usr_name = '{0}' and password = '******'"
, Utils.MakeSqlSafe(sc.Username)
, Utils.MakeSqlSafe(sc.Password)
));
}
private SecurityCredentials GetRoleCredentials()
{
string json = GetContents(CurrentRoleUri);
SecurityCredentials credentials = JsonMapper.ToObject <SecurityCredentials>(json);
ValidateResponse(credentials);
return(credentials);
}
public AddUserForm(ConsoleNode consoleNode)
{
InitializeComponent();
_ConsoleNode = consoleNode;
SecurityCredentials sc = _ConsoleNode.Credentials;
_AllGroups = _ConsoleNode.Manager.Admon_GetGroups(sc);
}
private static ReliableStateManagerReplicatorSettings GetReplicatorSettings(string endpoint)
{
var replicatorSettings = new ReliableStateManagerReplicatorSettings()
{
ReplicatorAddress = endpoint,
SecurityCredentials = SecurityCredentials.LoadClusterSettings()
};
return(replicatorSettings);
}
public void Admon_GetUserApplicationListTestNotEnoughPermissions()
{
SetupApplicationsGroupsAndUsers(Permission.ManageOwnApp);
SecurityCredentials sc = new SecurityCredentials("username1", HashUtil.GetHash("password1", HashType.MD5));
ApplicationStorageView[] result = Admon_GetLiveApplicationList(sc);
Assert.AreEqual(1, result.Length);
}
internal static IImageStore CreateImageStore(
string imageStoreUri,
string localRoot,
string[] connectionStrings,
SecurityCredentials credentials,
string workingDirectory,
bool isInternal)
{
if (imageStoreUri == null)
{
throw new ArgumentException(StringResources.Error_InvalidImageStoreConnectionString);
}
if (FileImageStore.IsFileStoreUri(imageStoreUri))
{
string rootUri;
string accountName, accountPassword;
bool isManagedServiceAccount;
ImageStoreFactory.ParseFileImageStoreConnectionString(
imageStoreUri,
out rootUri,
out accountName,
out accountPassword,
out isManagedServiceAccount);
ImageStoreAccessDescription accessDescription = null;
#if !DotNetCoreClrLinux
WindowsIdentity windowsIdentity = null;
windowsIdentity = GetWindowsIdentity(accountName, accountPassword, isManagedServiceAccount);
if (windowsIdentity != null)
{
accessDescription = new ImageStoreAccessDescription(windowsIdentity, localRoot);
}
#endif
return(new FileImageStore(rootUri, localRoot, accessDescription));
}
else if (XStoreProxy.IsXStoreUri(imageStoreUri))
{
return(new XStoreProxy(imageStoreUri, localRoot));
}
else if (NativeImageStoreClient.IsNativeImageStoreUri(imageStoreUri))
{
return(new NativeImageStoreClient(connectionStrings, isInternal, workingDirectory, credentials));
}
else
{
throw new ArgumentException(StringResources.ImageStoreError_InvalidImageStoreUriScheme);
}
}
public void IsApplicationCreatorTestFalseCreator()
{
ApplicationStorageView application = new ApplicationStorageView("username1");
string applicationId = _managerStorage.AddApplication(application);
SecurityCredentials sc = new SecurityCredentials("username2", HashUtil.GetHash("password1", HashType.MD5));
bool result = IsApplicationCreator(sc, applicationId);
Assert.IsFalse(result);
}
public void IsApplicationCreatorTestInvalidApplication()
{
ApplicationStorageView application = new ApplicationStorageView("username1");
String applicationId = m_managerStorage.AddApplication(application);
String invalidApplicationId = Guid.NewGuid().ToString();
SecurityCredentials sc = new SecurityCredentials("username1", HashUtil.GetHash("password1", HashUtil.HashType.MD5));
bool result = IsApplicationCreator(sc, invalidApplicationId);
Assert.IsFalse(result);
}
/// <summary>
/// Create a new image store.
/// </summary>
/// <param name="imageStoreUri">The uri of the image store.</param>
/// <param name="workingDirectory">The temporary working directory.</param>
/// <param name="localRoot">The local path of the working folder.</param>
/// <param name="isInternal">Indicates whether or not it's for internal use.</param>
/// <returns>An object of Image Store pointing to the given uri.</returns>
internal static IImageStore CreateImageStore(
string imageStoreUri,
string localRoot = null,
string workingDirectory = null,
bool isInternal = false)
{
if (imageStoreUri == null)
{
throw new ArgumentException(StringResources.Error_InvalidImageStoreConnectionString);
}
string[] connectionStrings = null;
SecurityCredentials credentials = null;
return(CreateImageStore(imageStoreUri, localRoot, connectionStrings, credentials, workingDirectory, isInternal));
}
private CredentialsRefreshState GetRefreshState(string token)
{
SecurityInfo info = GetServiceInfo(_proxy, token);
if (!string.IsNullOrEmpty(info.Message))
{
throw new AmazonServiceException(string.Format(CultureInfo.InvariantCulture,
"Unable to retrieve credentials. Message = \"{0}\".",
info.Message));
}
SecurityCredentials credentials = GetRoleCredentials(token);
CredentialsRefreshState refreshState = new CredentialsRefreshState(new ImmutableCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.Token), credentials.Expiration);
return(refreshState);
}
public void AuthenticateUserTestNoUsers()
{
SecurityCredentials sc = new SecurityCredentials("username1", HashUtil.GetHash("password1", HashType.MD5));
try
{
AuthenticateUser(sc);
}
catch (AuthenticationException)
{
Assert.IsTrue(true);
return;
}
Assert.IsFalse(true, "The authorization should fail");
}
public void EnsurePermissionTestNoPermission()
{
SecurityCredentials sc = new SecurityCredentials("username1", HashUtil.GetHash("password1", HashType.MD5));
try
{
EnsurePermission(sc, Permission.ExecuteThread);
}
catch (AuthorizationException)
{
Assert.IsTrue(true);
return;
}
Assert.IsFalse(true, "The authorization should fail");
}
private CredentialsRefreshState GetRefreshState()
{
SecurityInfo serviceInfo = GetServiceInfo();
if (!string.IsNullOrEmpty(serviceInfo.Message))
{
throw new AmazonServiceException(string.Format(CultureInfo.InvariantCulture, "Unable to retrieve credentials. Message = \"{0}\".", serviceInfo.Message));
}
SecurityCredentials roleCredentials = GetRoleCredentials();
return(new CredentialsRefreshState
{
Credentials = new ImmutableCredentials(roleCredentials.AccessKeyId, roleCredentials.SecretAccessKey, roleCredentials.Token),
Expiration = roleCredentials.Expiration
});
}
private ReplicatorSettings GetReplicatorSettings()
{
Trace.WriteInfo(TraceType, "Replicator address = {0}", this.replicatorAddress);
SecurityCredentials securityCredentials = null;
if (this.enableEndpointV2)
{
securityCredentials = SecurityCredentials.LoadClusterSettings();
}
return(new ReplicatorSettings
{
ReplicatorAddress = this.replicatorAddress,
SecurityCredentials = securityCredentials
});
}
public bool CheckPermission(SecurityCredentials sc, Permission perm)
{
if (sc == null)
{
return(false);
}
UserStorageView user = null;
IObjectContainer container = GetStorage();
int groupId = -1;
try
{
IList <UserStorageView> users = container.Query <UserStorageView>(delegate(UserStorageView userFinder)
{
return(String.Compare(userFinder.Username, sc.Username, true) == 0 && userFinder.PasswordMd5Hash == sc.Password);
});
if (users.Count > 0)
{
user = users[0];
}
if (user == null)
{
return(false);
}
else
{
groupId = user.GroupId;
}
}
finally
{
container.Close();
}
foreach (Permission permission in GetGroupPermissions(groupId))
{
// in the SQL implementation the higher leverl permissions are considered to
// include the lower leverl permissions
if ((int)permission >= (int)perm)
{
return(true);
}
}
return(false);
}
public void AuthenticateUserTestSimpleScenario()
{
int groupId = 12;
UserStorageView[] users = new UserStorageView[1];
users[0] = new UserStorageView("username1", "password1", groupId);
_managerStorage.AddUsers(users);
SecurityCredentials sc = new SecurityCredentials("username1", HashUtil.GetHash("password1", HashType.MD5));
AuthenticateUser(sc);
// the above throws an exception if something is wrong so we are doing OK if we get this far
Assert.IsTrue(true);
}
public static void Main(string[] args)
{
Program appel = new Program();
SecurityCredentials credentials = new SecurityCredentials()
{
AccessKeyId = _awsAccessKeyID,
SecretAccessKey = _awsSecretAccessKey,
Token = _awsSecretToken
};
AwsSignedWebRequest request = AwsSignedWebRequest.Create(_myUri);
request.Region = _awsRegionName;
request.Method = "POST";
request.ContentType = "application/json";
String jsonPayload = "SOME_PAYLOAD";
var sw = new StreamWriter(request.GetRequestStream(), new ASCIIEncoding());
sw.Write(jsonPayload);
//WebProxy proxy = new WebProxy();
//proxy.Address = new Uri("http://185.132.178.204:8080"); // Public proxy
//request.Proxy = proxy;
try
{
HttpWebResponse response = (HttpWebResponse)request.GetResponse(credentials);
Console.WriteLine("{0} {1}", (int)response.StatusCode, response.StatusDescription);
Console.WriteLine();
using (StreamReader responseReader = new StreamReader(response.GetResponseStream()))
{
Console.WriteLine(responseReader.ReadToEnd());
}
}
catch (WebException e)
{
Console.WriteLine(e.Message);
using (StreamReader responseReader = new StreamReader(e.Response.GetResponseStream()))
{
Console.WriteLine(responseReader.ReadToEnd());
}
}
}
public bool ValidateCredentials(SecurityCredentials credentials)
{
// sure, any user is valid! why not?
return true;
}
