private RoleRow GetUserInRole(DataServiceContext svc, string rolename, string username)
{
SecUtility.CheckParameter(ref username, true, true, true, Constants.MaxTableUsernameLength, "username");
SecUtility.CheckParameter(ref rolename, true, true, true, MaxTableRoleNameLength, "rolename");
try
{
DataServiceQuery <RoleRow> queryObj = svc.CreateQuery <RoleRow>(_tableName);
var query = (from user in queryObj
where user.PartitionKey == SecUtility.CombineToKey(_applicationName, username) &&
user.RowKey == SecUtility.Escape(rolename)
select user).AsTableServiceQuery();
try
{
IEnumerable <RoleRow> userRows = query.Execute();
return(userRows.FirstOrDefault());
}
catch (InvalidOperationException e)
{
if (e.InnerException is DataServiceClientException && (e.InnerException as DataServiceClientException).StatusCode == (int)HttpStatusCode.NotFound)
{
return(null);
}
throw;
}
}
catch (Exception e)
{
throw new ProviderException("Error while accessing the data store.", e);
}
}
public override bool RoleExists(string roleName)
{
SecUtility.CheckParameter(ref roleName, true, true, true, MaxTableRoleNameLength, "rolename");
try
{
TableServiceContext svc = CreateDataServiceContext();
DataServiceQuery <RoleRow> queryObj = svc.CreateQuery <RoleRow>(_tableName);
var query = (from role in queryObj
where role.PartitionKey == SecUtility.CombineToKey(_applicationName, string.Empty) &&
role.RowKey == SecUtility.Escape(roleName)
select role).AsTableServiceQuery();
try
{
// this query addresses exactly one result
// we thus should get an exception if there is no element
return(query.Execute().Any());
}
catch (InvalidOperationException e)
{
if ((e.InnerException is DataServiceClientException && (e.InnerException as DataServiceClientException).StatusCode == (int)HttpStatusCode.NotFound) ||
(e.InnerException.InnerException is DataServiceClientException &&
(e.InnerException.InnerException as DataServiceClientException).StatusCode == (int)HttpStatusCode.NotFound))
{
return(false);
}
throw;
}
}
catch (InvalidOperationException e)
{
throw new ProviderException("Error while accessing the data store.", e);
}
}
// applicationName + userName is partitionKey
// roleName is rowKey
public RoleRow(string applicationName, string roleName, string userName)
: base(SecUtility.CombineToKey(applicationName, userName), SecUtility.Escape(roleName))
{
SecUtility.CheckParameter(ref applicationName, true, true, true, Constants.MaxTableApplicationNameLength, "applicationName");
SecUtility.CheckParameter(ref roleName, true, true, true, 512, "roleName");
SecUtility.CheckParameter(ref userName, true, false, true, Constants.MaxTableUsernameLength, "userName");
ApplicationName = applicationName;
RoleName = roleName;
UserName = userName;
}
public override bool IsUserInRole(string username, string roleName)
{
SecUtility.CheckParameter(ref roleName, true, true, true, MaxTableRoleNameLength, "rolename");
SecUtility.CheckParameter(ref username, true, false, true, Constants.MaxTableUsernameLength, "username");
if (username.Length < 1)
{
return(false);
}
try
{
TableServiceContext svc = CreateDataServiceContext();
DataServiceQuery <RoleRow> queryObj = svc.CreateQuery <RoleRow>(_tableName);
var query = (from user in queryObj
where (user.PartitionKey == SecUtility.CombineToKey(_applicationName, username) ||
user.PartitionKey == SecUtility.CombineToKey(_applicationName, string.Empty)) &&
user.RowKey == SecUtility.Escape(roleName)
select user).AsTableServiceQuery();
IEnumerable <RoleRow> userRows = query.Execute();
if (userRows == null)
{
throw new ProviderException(string.Format(CultureInfo.InstalledUICulture, "The role {0} does not exist.", roleName));
}
var l = new List <RoleRow>(userRows);
if (l.Count == 0)
{
throw new ProviderException(string.Format(CultureInfo.InstalledUICulture, "The role {0} does not exist.", roleName));
}
RoleRow row;
if (IsStaleRole(l, out row))
{
throw new ProviderException(string.Format(CultureInfo.InstalledUICulture, "The role {0} does not exist.", roleName));
}
if (l.Count > 2)
{
throw new ProviderException("User name appears twice in the same role!");
}
if (l.Count == 1)
{
Debug.Assert(string.IsNullOrEmpty(l.ElementAt(0).UserName));
return(false);
}
return(true);
}
catch (InvalidOperationException e)
{
throw new ProviderException("Error while accessing the data store.", e);
}
}
public override string[] GetUsersInRole(string roleName)
{
SecUtility.CheckParameter(ref roleName, true, true, true, MaxTableRoleNameLength, "rolename");
try
{
TableServiceContext svc = CreateDataServiceContext();
DataServiceQuery <RoleRow> queryObj = svc.CreateQuery <RoleRow>(_tableName);
var query = (from user in queryObj
where user.PartitionKey.CompareTo(SecUtility.EscapedFirst(_applicationName)) >= 0 &&
user.PartitionKey.CompareTo(SecUtility.NextComparisonString(SecUtility.EscapedFirst(_applicationName))) < 0 &&
user.RowKey == SecUtility.Escape(roleName)
select user).AsTableServiceQuery();
IEnumerable <RoleRow> userRows = query.Execute();
if (userRows == null)
{
// role does not exist; we are supposed to throw an exception here
throw new ProviderException(string.Format(CultureInfo.InstalledUICulture, "The role {0} does not exist!", roleName));
}
List <RoleRow> l = new List <RoleRow>(userRows);
if (l.Count == 0 || IsStaleRole(l, roleName))
{
throw new ProviderException(string.Format(CultureInfo.InstalledUICulture, "The role {0} does not exist!", roleName));
}
List <string> ret = new List <string>();
foreach (RoleRow user in l)
{
if (!string.IsNullOrEmpty(user.UserName))
{
ret.Add(user.UserName);
}
}
return(ret.ToArray());
}
catch (InvalidOperationException e)
{
throw new ProviderException("Error while accessing the data store.", e);
}
}
// Because of limited transactional support in the table storage offering, this function gives limited guarantees
// for inserting all users into all roles.
// We do not recommend using this function because of missing transactional support.
// the username to match can be in a format that varies between providers
// for this implementation, a syntax similar to the one used in the SQL provider is applied
// "user%" will return all users in a role that start with the string "user"
// the % sign can only appear at the end of the usernameToMatch parameter
// because the current version of the table storage service does not support StartsWith in LINQ queries,
// calling this function can cause significant network trafic when '%' is used in the usernameToMach
// parameter
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
SecUtility.CheckParameter(ref roleName, true, true, true, MaxTableRoleNameLength, "rolename");
SecUtility.CheckParameter(ref usernameToMatch, true, true, false, Constants.MaxTableUsernameLength, "usernameToMatch");
bool startswith = false;
if (usernameToMatch.Contains('%'))
{
if (usernameToMatch.IndexOf('%') != usernameToMatch.Length - 1)
{
throw new ArgumentException("The TableStorageRoleProvider only supports search strings that contain '%' as the last character!");
}
usernameToMatch = usernameToMatch.Substring(0, usernameToMatch.Length - 1);
startswith = true;
}
try
{
TableServiceContext svc = CreateDataServiceContext();
DataServiceQuery <RoleRow> queryObj = svc.CreateQuery <RoleRow>(_tableName);
CloudTableQuery <RoleRow> query;
if (startswith && string.IsNullOrEmpty(usernameToMatch))
{
// get all users in the role
query = (from userRole in queryObj
where userRole.PartitionKey.CompareTo(SecUtility.EscapedFirst(_applicationName)) >= 0 &&
userRole.PartitionKey.CompareTo(SecUtility.NextComparisonString(SecUtility.EscapedFirst(_applicationName))) < 0 &&
userRole.RowKey == SecUtility.Escape(roleName)
select userRole).AsTableServiceQuery();
}
else if (startswith)
{
// get all users in the role that start with the specified string (we cannot restrict the query more because StartsWith is not supported)
// we cannot include the username to search for in the key, because the key might e escaped
query = (from userRole in queryObj
where userRole.PartitionKey.CompareTo(SecUtility.EscapedFirst(_applicationName)) >= 0 &&
userRole.PartitionKey.CompareTo(SecUtility.NextComparisonString(SecUtility.EscapedFirst(_applicationName))) < 0 &&
userRole.RowKey == SecUtility.Escape(roleName) &&
(userRole.UserName.CompareTo(usernameToMatch) >= 0 || userRole.UserName == string.Empty)
select userRole).AsTableServiceQuery();
}
else
{
// get a specific user
query = (from userRole in queryObj
where (userRole.PartitionKey == SecUtility.CombineToKey(_applicationName, usernameToMatch) ||
userRole.PartitionKey == SecUtility.CombineToKey(_applicationName, string.Empty)) &&
userRole.RowKey == SecUtility.Escape(roleName)
select userRole).AsTableServiceQuery();
}
IEnumerable <RoleRow> userRows = query.Execute();
if (userRows == null)
{
throw new ProviderException("The role does not exist!");
}
var l = new List <RoleRow>(userRows);
if (l.Count == 0)
{
// the role does not exist
throw new ProviderException("The role does not exist!");
}
RoleRow role;
if (IsStaleRole(l, out role))
{
throw new ProviderException("The role does not exist!");
}
var ret = new List <string>();
foreach (RoleRow row in l)
{
if (row != role)
{
if (startswith && !string.IsNullOrEmpty(usernameToMatch) && !row.UserName.StartsWith(usernameToMatch, StringComparison.Ordinal))
{
continue;
}
ret.Add(row.UserName);
}
}
return(ret.ToArray());
}
catch (InvalidOperationException e)
{
throw new ProviderException("Error while accessing the data store.", e);
}
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
SecUtility.CheckParameter(ref roleName, true, true, true, MaxTableRoleNameLength, "rolename");
try
{
TableServiceContext svc = CreateDataServiceContext();
DataServiceQuery <RoleRow> queryObj = svc.CreateQuery <RoleRow>(_tableName);
var query = (from userRole in queryObj
where userRole.PartitionKey.CompareTo(SecUtility.EscapedFirst(_applicationName)) >= 0 &&
userRole.PartitionKey.CompareTo(SecUtility.NextComparisonString(SecUtility.EscapedFirst(_applicationName))) < 0 &&
userRole.RowKey == SecUtility.Escape(roleName)
select userRole).AsTableServiceQuery();
IEnumerable <RoleRow> userRows = query.Execute();
if (userRows == null)
{
return(false);
}
var l = new List <RoleRow>(userRows);
if (l.Count == 0)
{
// the role does not exist
return(false);
}
RoleRow role;
if (IsStaleRole(l, out role))
{
return(false);
}
if (l.Count > 1 && throwOnPopulatedRole)
{
throw new ProviderException("Cannot delete populated role.");
}
svc.DeleteObject(role);
svc.SaveChangesWithRetries();
// lets try to remove all remaining elements in the role
foreach (RoleRow row in l)
{
if (row != role)
{
try
{
svc.DeleteObject(row);
svc.SaveChangesWithRetries();
}
catch (InvalidOperationException ex)
{
var dsce = ex.InnerException as DataServiceClientException;
if (dsce != null)
{
if (ex.InnerException is DataServiceClientException &&
(dsce.StatusCode == (int)HttpStatusCode.NoContent || dsce.StatusCode == (int)HttpStatusCode.NotFound))
{
// this element already was already deleted by another process or during a failed retry
// this is not a fatal error; continue deleting elements
Log.Write(EventKind.Warning,
string.Format(CultureInfo.InstalledUICulture, "The user {0} does not exist in the role {1}.", row.UserName, row.RoleName));
}
else
{
throw new ProviderException(string.Format(CultureInfo.InstalledUICulture, "Error deleting user {0} from role {1}.", row.UserName,
row.RoleName));
}
}
}
}
}
return(true);
}
catch (InvalidOperationException e)
{
throw new ProviderException("Error while accessing the data store.", e);
}
}