ASP.NET 2.0 #5: Security II: Windows Server 2003 Authorization Manager Role Provider
Here's my custom Windows Server 2003 Authorization Manager Role Provider:
using System;
using System.Collections;
using System.Configuration;
using System.Web;
using System.Web.Security;
using AZROLESLib;
public class AuthorizationManagerRoleProvider: RoleProvider
{
private string name;
private string applicationName;
private string storeLocation;
private AZROLESLib.AzAuthorizationStore store;
private const int AZ_AZSTORE_FORCE_APPLICATION_CLOSE = 0x10;
public AuthorizationManagerRoleProvider()
{
}
private AZROLESLib.IAzApplication OpenApplication()
{
return store.OpenApplication(this.applicationName, null);
}
private void CloseApplication()
{
//this.store.CloseApplication(this.ApplicationName, 0);
}
#region Validation Routines
private void ValidateUserName(string userName)
{
if (StringUtility.IsEmpty(userName))
{
throw new HttpException("User names cannot be empty or null.");
}
if (userName.IndexOf(',') > 0)
{
throw new HttpException("User names cannot contain commas.");
}
}
private void ValidateUserNames(string[] userNames)
{
foreach (string userName in userNames)
{
this.ValidateUserName(userName);
}
}
private void ValidateRoleName(string roleName, bool shouldExist)
{
if (StringUtility.IsEmpty(roleName))
{
throw new HttpException("Role names cannot be empty or null.");
}
bool exists = this.RoleExists(roleName);
if (shouldExist != exists)
{
if (shouldExist)
{
throw new HttpException("Invalid role name.");
}
else
{
//ignore
//throw new HttpException("Duplicate role name.");
}
}
}
private void ValidateRoleNames(string[] roleNames, bool shouldExist)
{
foreach (string roleName in roleNames)
{
this.ValidateRoleName(roleName, shouldExist);
}
}
#endregion
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection configuration)
{
try
{
this.name = name;
this.storeLocation = configuration["store"];
this.store = new AZROLESLib.AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
this.ApplicationName = configuration["applicationName"];
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
public override string Name
{
get
{
return this.name;
}
}
public override string ApplicationName
{
get
{
return this.applicationName;
}
set
{
this.applicationName = value;
}
}
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
ArrayList usersInRole = new ArrayList();
string[] users = this.GetUsersInRole(roleName);
foreach (string userName in users)
{
if (userName.IndexOf(usernameToMatch) >= 0)
{
usersInRole.Add(userName);
}
}
return (string[])usersInRole.ToArray(typeof(string));
}
public override string[] GetAllRoles()
{
AZROLESLib.IAzApplication application = this.OpenApplication();
string[] roleNames = null;
try
{
AZROLESLib.IAzApplicationGroups roles = application.ApplicationGroups;
AZROLESLib.IAzApplicationGroup currentRole = null;
int limit = roles.Count;
roleNames = new string[limit];
for (int index = 1; index <= limit; index++)
{
currentRole = roles[index] as IAzApplicationGroup;
roleNames[index - 1] = currentRole.Name;
}
}
finally
{
this.CloseApplication();
}
return roleNames;
}
public override string[] GetRolesForUser(string userName)
{
ArrayList rolesForUser = new ArrayList();
string[] roleNames = this.GetAllRoles();
string[] userNames = null;
foreach (string roleName in roleNames)
{
userNames = this.GetUsersInRole(roleName);
foreach (string currentUserName in userNames)
{
if (string.Compare(userName, currentUserName, true) == 0)
{
rolesForUser.Add(roleName);
}
}
}
return (string[])rolesForUser.ToArray(typeof(string));
}
public override string[] GetUsersInRole(string roleName)
{
AZROLESLib.IAzApplication application = this.OpenApplication();
string[] usersInRole = null;
try
{
AZROLESLib.IAzApplicationGroup group = application.OpenApplicationGroup(roleName, null);
object[] userNames = group.MembersName as object[];
int limit = userNames.Length;
usersInRole = new string[limit];
for (int index = 0; index < limit; index++)
{
usersInRole[index] = userNames[index] as string;
}
}
finally
{
this.CloseApplication();
}
return StringUtility.EliminateDuplicateArrayElements(usersInRole,true);
}
public override bool IsUserInRole(string userName, string roleName)
{
string abbreviatedUserName = userName;
int index = abbreviatedUserName.IndexOf('\\');
if(index >= 0)
{
abbreviatedUserName = abbreviatedUserName.Substring(++index);
}
string[] usersInRole = this.GetUsersInRole(roleName);
foreach (string currentUserName in usersInRole)
{
if (string.Compare(currentUserName, abbreviatedUserName, true) == 0)
{
return true;
}
}
return false;
}
public override void RemoveUsersFromRoles(string[] userNames, string[] roleNames)
{
string[] uniqueUserNames = StringUtility.EliminateDuplicateArrayElements(userNames, true);
string[] uniqueRoleNames = StringUtility.EliminateDuplicateArrayElements(roleNames, true);
this.ValidateRoleNames(uniqueRoleNames, true);
this.ValidateUserNames(uniqueUserNames);
foreach (string userName in uniqueUserNames)
{
foreach (string roleName in uniqueRoleNames)
{
if (!(this.IsUserInRole(userName, roleName)))
{
throw new HttpException(string.Format("User, {0}, is not the role, {1}",userName,roleName));
}
}
}
AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
AZROLESLib.IAzApplicationGroup group = null;
foreach (string roleName in uniqueRoleNames)
{
group = application.OpenApplicationGroup(roleName, null);
foreach (string userName in uniqueUserNames)
{
group.DeleteMemberName(userName, null);
}
group.Submit(0, null);
}
}
finally
{
this.CloseApplication();
}
}
public override bool RoleExists(string roleName)
{
string[] roleNames = this.GetAllRoles();
foreach (string currentRoleName in roleNames)
{
if (string.Compare(roleName, currentRoleName, true) == 0)
{
return true;
}
}
return false;
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
this.ValidateRoleName(roleName, true);
if (throwOnPopulatedRole)
{
string[] users = this.GetUsersInRole(roleName);
if (users.Length > 0)
{
throw new HttpException("Cannot delete a populated role.");
}
}
AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
application.DeleteApplicationGroup(roleName, null);
application.DeleteRole(roleName, null);
}
finally
{
this.CloseApplication();
}
return true;
}
public override void CreateRole(string roleName)
{
this.ValidateRoleName(roleName,false);
AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
AZROLESLib.IAzApplicationGroup group = application.CreateApplicationGroup(roleName, null);
group.Submit(0, null);
AZROLESLib.IAzRole role = application.CreateRole(roleName, null);
role.Submit(0, null);
role.AddAppMember(group.Name, null);
role.Submit(0, null);
}
finally
{
this.CloseApplication();
}
}
public override void AddUsersToRoles(string[] userNames, string[] roleNames)
{
string[] uniqueUserNames = StringUtility.EliminateDuplicateArrayElements(userNames,true);
string[] uniqueRoleNames = StringUtility.EliminateDuplicateArrayElements(roleNames,true);
this.ValidateRoleNames(uniqueRoleNames,true);
this.ValidateUserNames(uniqueUserNames);
foreach (string userName in uniqueUserNames)
{
foreach (string roleName in uniqueRoleNames)
{
if (this.IsUserInRole(userName, roleName))
{
throw new HttpException("A user is already in a role.");
}
}
}
AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
AZROLESLib.IAzApplicationGroup group = null;
foreach (string roleName in uniqueRoleNames)
{
group = application.OpenApplicationGroup(roleName, null);
foreach (string userName in uniqueUserNames)
{
group.AddMemberName(userName, null);
}
group.Submit(0, null);
}
}
catch
{
this.CloseApplication();
}
}
}
Comments
- Anonymous
May 29, 2009
PingBack from http://paidsurveyshub.info/story.php?title=craig-mcmurtry-s-weblog-asp-net-2-0-5-security-ii-windows-server