ASP.NET 2.0 #5: Security II: Windows Server 2003 Authorization Manager Role Provider

  • Article

Here's my custom Windows Server 2003 Authorization Manager Role Provider:

 

using System;
using System.Collections;
using System.Configuration;
using System.Web;
using System.Web.Security;

using AZROLESLib;

public class AuthorizationManagerRoleProvider: RoleProvider
{
private string name;
private string applicationName;
private string storeLocation;
private AZROLESLib.AzAuthorizationStore store;

private const int AZ_AZSTORE_FORCE_APPLICATION_CLOSE = 0x10;

 public AuthorizationManagerRoleProvider()
{

 }

 private AZROLESLib.IAzApplication OpenApplication()
{
return store.OpenApplication(this.applicationName, null);
}

 private void CloseApplication()
{
//this.store.CloseApplication(this.ApplicationName, 0);
}

 

 #region Validation Routines
private void ValidateUserName(string userName)
{
if (StringUtility.IsEmpty(userName))
{
throw new HttpException("User names cannot be empty or null.");
}
if (userName.IndexOf(',') > 0)
{
throw new HttpException("User names cannot contain commas.");
}
}

 private void ValidateUserNames(string[] userNames)
{
foreach (string userName in userNames)
{
this.ValidateUserName(userName);

  }
}

private void ValidateRoleName(string roleName, bool shouldExist)
{
if (StringUtility.IsEmpty(roleName))
{
throw new HttpException("Role names cannot be empty or null.");
}
bool exists = this.RoleExists(roleName);
if (shouldExist != exists)
{
if (shouldExist)
{
throw new HttpException("Invalid role name.");
}
else
{
//ignore
//throw new HttpException("Duplicate role name.");
}
}

 }

 private void ValidateRoleNames(string[] roleNames, bool shouldExist)
{
foreach (string roleName in roleNames)
{
this.ValidateRoleName(roleName, shouldExist);
}
}
#endregion

 public override void Initialize(string name, System.Collections.Specialized.NameValueCollection configuration)
{
try
{
this.name = name;

   this.storeLocation = configuration["store"];

this.store = new AZROLESLib.AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);

   this.ApplicationName = configuration["applicationName"];
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}

 }

public override string Name
{
get
{
return this.name;
}
}

 public override string ApplicationName
{
get
{
return this.applicationName;
}

  set
{
this.applicationName = value;
}
}

 public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
ArrayList usersInRole = new ArrayList();
string[] users = this.GetUsersInRole(roleName);
foreach (string userName in users)
{
if (userName.IndexOf(usernameToMatch) >= 0)
{
usersInRole.Add(userName);
}
}
return (string[])usersInRole.ToArray(typeof(string));
}

 public override string[] GetAllRoles()
{
AZROLESLib.IAzApplication application = this.OpenApplication();
string[] roleNames = null;
try
{
AZROLESLib.IAzApplicationGroups roles = application.ApplicationGroups;
AZROLESLib.IAzApplicationGroup currentRole = null;
int limit = roles.Count;
roleNames = new string[limit];
for (int index = 1; index <= limit; index++)
{
currentRole = roles[index] as IAzApplicationGroup;
roleNames[index - 1] = currentRole.Name;
}
}
finally
{
this.CloseApplication();
}
return roleNames;
}

 public override string[] GetRolesForUser(string userName)
{
ArrayList rolesForUser = new ArrayList();
string[] roleNames = this.GetAllRoles();
string[] userNames = null;
foreach (string roleName in roleNames)
{
userNames = this.GetUsersInRole(roleName);
foreach (string currentUserName in userNames)
{
if (string.Compare(userName, currentUserName, true) == 0)
{
rolesForUser.Add(roleName);
}
}
}
return (string[])rolesForUser.ToArray(typeof(string));
}

 public override string[] GetUsersInRole(string roleName)
{
AZROLESLib.IAzApplication application = this.OpenApplication();
string[] usersInRole = null;
try
{
AZROLESLib.IAzApplicationGroup group = application.OpenApplicationGroup(roleName, null);
object[] userNames = group.MembersName as object[];
int limit = userNames.Length;
usersInRole = new string[limit];
for (int index = 0; index < limit; index++)
{
usersInRole[index] = userNames[index] as string;
}
}
finally
{
this.CloseApplication();
}
return StringUtility.EliminateDuplicateArrayElements(usersInRole,true);
}

 public override bool IsUserInRole(string userName, string roleName)
{
string abbreviatedUserName = userName;
int index = abbreviatedUserName.IndexOf('\\');
if(index >= 0)
{
abbreviatedUserName = abbreviatedUserName.Substring(++index);
}

  string[] usersInRole = this.GetUsersInRole(roleName);
foreach (string currentUserName in usersInRole)
{
if (string.Compare(currentUserName, abbreviatedUserName, true) == 0)
{
return true;
}
}
return false;
}

 public override void RemoveUsersFromRoles(string[] userNames, string[] roleNames)
{
string[] uniqueUserNames = StringUtility.EliminateDuplicateArrayElements(userNames, true);
string[] uniqueRoleNames = StringUtility.EliminateDuplicateArrayElements(roleNames, true);

  this.ValidateRoleNames(uniqueRoleNames, true);
this.ValidateUserNames(uniqueUserNames);

  foreach (string userName in uniqueUserNames)
{
foreach (string roleName in uniqueRoleNames)
{
if (!(this.IsUserInRole(userName, roleName)))
{
throw new HttpException(string.Format("User, {0}, is not the role, {1}",userName,roleName));
}
}
}

  AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
AZROLESLib.IAzApplicationGroup group = null;
foreach (string roleName in uniqueRoleNames)
{
group = application.OpenApplicationGroup(roleName, null);
foreach (string userName in uniqueUserNames)
{
group.DeleteMemberName(userName, null);
}
group.Submit(0, null);
}
}
finally
{
this.CloseApplication();
}

 }

 public override bool RoleExists(string roleName)
{
string[] roleNames = this.GetAllRoles();
foreach (string currentRoleName in roleNames)
{
if (string.Compare(roleName, currentRoleName, true) == 0)
{
return true;
}
}
return false;
}

 

 public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
this.ValidateRoleName(roleName, true);
if (throwOnPopulatedRole)
{
string[] users = this.GetUsersInRole(roleName);
if (users.Length > 0)
{
throw new HttpException("Cannot delete a populated role.");

   }
}
AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
application.DeleteApplicationGroup(roleName, null);
application.DeleteRole(roleName, null);
}
finally
{
this.CloseApplication();
}

  return true;
}

 public override void CreateRole(string roleName)
{
this.ValidateRoleName(roleName,false);
AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
AZROLESLib.IAzApplicationGroup group = application.CreateApplicationGroup(roleName, null);
group.Submit(0, null);
AZROLESLib.IAzRole role = application.CreateRole(roleName, null);
role.Submit(0, null);
role.AddAppMember(group.Name, null);
role.Submit(0, null);
}
finally
{
this.CloseApplication();
}
}

 public override void AddUsersToRoles(string[] userNames, string[] roleNames)
{
string[] uniqueUserNames = StringUtility.EliminateDuplicateArrayElements(userNames,true);
string[] uniqueRoleNames = StringUtility.EliminateDuplicateArrayElements(roleNames,true);

  this.ValidateRoleNames(uniqueRoleNames,true);
this.ValidateUserNames(uniqueUserNames);

  foreach (string userName in uniqueUserNames)
{
foreach (string roleName in uniqueRoleNames)
{
if (this.IsUserInRole(userName, roleName))
{
throw new HttpException("A user is already in a role.");
}
}
}

  AZROLESLib.IAzApplication application = this.OpenApplication();
try
{
AZROLESLib.IAzApplicationGroup group = null;
foreach (string roleName in uniqueRoleNames)
{
group = application.OpenApplicationGroup(roleName, null);
foreach (string userName in uniqueUserNames)
{
group.AddMemberName(userName, null);
}
group.Submit(0, null);
}
}
catch
{
this.CloseApplication();
}

 }

 

}