public CustomPrincipal(WindowsIdentity winIdentity) { this.identity = winIdentity; foreach (IdentityReference group in winIdentity.Groups) { SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); var name = sid.Translate(typeof(NTAccount)); string groupName = Formatter.ParseName(name.ToString()); List <GrupaPermisija> lista = r.CitajIzXML(); foreach (GrupaPermisija g in lista) { if (g.NazivGrupe == groupName) { if (!roles.ContainsKey(groupName)) { roles.Add(groupName, g.Permisije.ToArray()); break; } } } } }
public bool IsInRole(string permission) { foreach (IdentityReference group in this.identity.Groups) { //dobijamo naziv grupe SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); var name = sid.Translate(typeof(NTAccount)); //proveravamo ime grupe preko klase Formatter string groupName = Formatter.ParseName(name.ToString()); //ovo nam vraca funcija iz RoleConfig klase string[] permissions; //proverava da li odredjena grupa ima permisiju za tu funkciju if (RoleConfig.GetPermissions(groupName, out permissions)) { foreach (string permision in permissions) { if (permision.Equals(permission)) { return(true); } } } } return(false); }
/// <summary> /// Implementation of a custom certificate validation on the service side. /// Service should consider certificate valid if its issuer is the same as the issuer of the service. /// If validation fails, throw an exception with an adequate message. /// </summary> /// <param name="certificate"> certificate to be validate </param> public override void Validate(X509Certificate2 certificate) { string service = Formatter.ParseName(WindowsIdentity.GetCurrent().Name); //servis X509Certificate2 certificateOfService = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, service); if (!certificate.Issuer.Equals(certificateOfService.Subject)) { throw new Exception("Client certificate is not from the valid issuer."); } }
/// <summary> /// Implementation of a custom certificate validation on the service side. /// Service should consider certificate valid if its issuer is the same as the issuer of the service. /// If validation fails, throw an exception with an adequate message. /// </summary> /// <param name="certificate"> certificate to be validate </param> public override void Validate(X509Certificate2 certificate) { /// This will take service's certificate from storage X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name)); if (!certificate.Issuer.Equals(srvCert.Issuer)) { throw new Exception("Certificate is not from the valid issuer."); } }
public bool IsInRole(string permission) { foreach (IdentityReference group in this.identity.Groups) { SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); var name = sid.Translate(typeof(NTAccount)); string groupName = Formatter.ParseName(name.ToString()); string[] permissions; if (RolesConfig.GetPermissions(groupName, out permissions)) { foreach (string permision in permissions) { if (permision.Equals(permission)) { return(true); } } } } return(false); }
public bool IsInRole(string dozvola) { foreach (IdentityReference grupa in this.identity.Groups) { SecurityIdentifier sid = (SecurityIdentifier)grupa.Translate(typeof(SecurityIdentifier)); var ime = sid.Translate(typeof(NTAccount)); string imeGrupe = Formatter.ParseName(ime.ToString()); string[] dozvole; //pozivamo metodu koja nam vraca sve dozvole iz RoleConfigFile.resx za datu grupu, ako dozvole ne postoje, metoda vraca false if (RoleConfig.GetPermissions(imeGrupe, out dozvole)) { foreach (string doz in dozvole) { if (doz.Equals(dozvola)) { return(true); } } } } return(false); }
/// <summary> /// Implementation of a custom certificate validation on the client side. /// Client should consider certificate valid if the given certifiate is not self-signed. /// If validation fails, throw an exception with an adequate message. /// </summary> /// <param name="certificate"> certificate to be validate </param> public override void Validate(X509Certificate2 certificate) { X509Certificate2 clnCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name)); if (certificate == null) { Audit.AuthenticationFailed("Nema sertifikat"); throw new Exception("Client certificate not found."); } if (!certificate.Subject.Equals(certificate.Issuer)) { Audit.AuthenticationFailed("Certificate is not self-signed."); throw new Exception("Certificate is not self-signed."); } Audit.AuthenticationSuccess(certificate.Subject); }
public override void Validate(X509Certificate2 certificate) { X509Certificate2 cert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name)); if (!certificate.Issuer.Equals(cert.Issuer)) { throw new Exception("Certificate is not from the valid issuer."); } if (certificate.NotAfter.Ticks <= DateTime.Now.Ticks) { throw new Exception("Certificate has expired."); } }
/// <summary> /// Implementation of a custom certificate validation on the service side. /// Service should consider certificate valid if its issuer is the same as the issuer of the service. /// If validation fails, throw an exception with an adequate message. /// </summary> /// <param name="certificate"> certificate to be validate </param> public override void Validate(X509Certificate2 certificate) { if (certificate == null) { Audit.AuthenticationFailed("Nema sertifikat"); throw new Exception("Nema sertifikat"); } /// This will take service's certificate from storage X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name)); if (!certificate.Issuer.Equals(srvCert.Subject)) { Audit.AuthenticationFailed("Certificate is not issued by the service."); throw new Exception("Certificate is not issued by the service."); } Audit.AuthenticationSuccess(certificate.Subject); }
/// <summary> /// Implementation of a custom certificate validation on the service side. /// Service should consider certificate valid if its issuer is the same as the issuer of the service. /// If validation fails, throw an exception with an adequate message. /// </summary> /// <param name="certificate"> certificate to be validate </param> public override void Validate(X509Certificate2 certificate) { /// This will take service's certificate from storage X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name)); if (!certificate.Issuer.Equals(srvCert.Issuer)) //server proverava da li je klijentski sertifikat potpisan od strane istog CA kao i sopstveni { throw new Exception("Certificate is not from the valid issuer."); } }