/// <summary> /// Get roles for specified user. /// </summary> /// <param name="username">User to check.</param> /// <returns>List of roles</returns> public override string[] GetRolesForUser(string username) { // Define private variables. string[] roles = null; // Check cache. string cacheKey = "__ACTIVEDIRECTORYROLEPROVIDER__" + this.Config.Name + "_" + username; HttpContext currentContext = HttpContext.Current; if (currentContext != null) { ActiveDirectoryRoleProviderCache cache = (ActiveDirectoryRoleProviderCache)currentContext.Cache.Get(cacheKey); if (cache != null) { // Value found in cache. Return it. return(cache.Roles); } } // Value not found in cache. Get roles for specified user. roles = this.adConnect.GetGroupNamesForUser(username, this.Config.RecursiveGroupMembership).ToArray(); // Store value in cache. if (currentContext != null) { currentContext.Cache.Insert(cacheKey, new ActiveDirectoryRoleProviderCache(roles), null, DateTime.Now.AddMinutes(this.Config.CacheDurationInMinutes), Cache.NoSlidingExpiration); } return(roles); }
/// <summary> /// Validate user to make sure they have valid roles. /// </summary> /// <param name="username">Username to check.</param> /// <param name="password">Password to check.</param> /// <returns>True/false if user login is valid and if they are a member of allowed roles.</returns> public override bool ValidateUser(string username, string password) { // Check to make sure user if allowed, if appropriate. if (this.Config.AllowedUsers.Any() && !this.Config.AllowedUsers.Contains(username)) { // Restricted users, and this user is not one of them. return(false); } // Initialize AdConnection. this.InitializeAdConnection(); // Determine if user is valid. var validUser = this.adConnect.ValidateUser(username, password); // If user is not valid, return now. if (!validUser) { return(false); } // If allowedRoles is restricted, check further. if (this.Config.AllowedGroups.Any()) { // Define private variables. string[] roles = null; // Check cache. Use different key than ActiveDirectoryRoleProvider to avoid complications in case of different settings. string cacheKey = "__ACTIVEDIRECTORYMEMBERSHIPPROVIDER__" + this.Config.Name + "_" + username; HttpContext currentContext = HttpContext.Current; if (currentContext != null) { ActiveDirectoryRoleProviderCache cache = (ActiveDirectoryRoleProviderCache)currentContext.Cache.Get(cacheKey); if (cache != null) { // Value found in cache. See if it contains any roles. return((cache.Roles != null) && (cache.Roles.Any())); } } // Check if user has any roles. If so, they can proceed. roles = this.adConnect.GetGroupNamesForUser(username, this.Config.RecursiveGroupMembership).ToArray(); // Store value in cache. if (currentContext != null) { currentContext.Cache.Insert(cacheKey, new ActiveDirectoryRoleProviderCache(roles), null, DateTime.Now.AddMinutes(this.Config.CacheDurationInMinutes), Cache.NoSlidingExpiration); } return((roles != null) && (roles.Any())); } else { // User is valid. return(true); } }
/// <summary> /// Get listing of all roles. /// </summary> /// <returns>List of roles</returns> public override string[] GetAllRoles() { // Verify that search methods are allowed. if (this.Config.EnableSearchMethods == false) { throw new NotSupportedException("Search methods are not enabled."); } // Define private variables. string[] roles = null; // Check cache. string cacheKey = "__ACTIVEDIRECTORYROLEPROVIDER__" + this.Config.Name; HttpContext currentContext = HttpContext.Current; if (currentContext != null) { ActiveDirectoryRoleProviderCache cache = (ActiveDirectoryRoleProviderCache)currentContext.Cache.Get(cacheKey); if (cache != null) { // Value found in cache. Return it. return(cache.Roles); } } // Value not found in cache. Get all roles roles = this.adConnect.GetAllGroupNames().ToArray(); // Store value in cache. if (currentContext != null) { currentContext.Cache.Insert(cacheKey, new ActiveDirectoryRoleProviderCache(roles), null, DateTime.Now.AddMinutes(this.Config.CacheDurationInMinutes), Cache.NoSlidingExpiration); } return(roles); }