Click or drag to resize

AdoSecurityProvider Class

Represents an ISecurityProvider that uses ADO.NET data source (SQL Server, MySQL, Oracle, etc.) for its back-end data store and authenticates internal users against Active Directory and external users against the database.
Inheritance Hierarchy
SystemObject
  GSF.SecuritySecurityProviderBase
    GSF.SecurityLdapSecurityProvider
      GSF.SecurityAdoSecurityProvider

Namespace: GSF.Security
Assembly: GSF.Security (in GSF.Security.dll) Version: 2.4.207-beta
Syntax
public class AdoSecurityProvider : LdapSecurityProvider
View Source

The AdoSecurityProvider type exposes the following members.

Constructors
 NameDescription
Public methodAdoSecurityProvider(String) Initializes a new instance of the AdoSecurityProvider class.
Protected methodAdoSecurityProvider(String, Boolean, Boolean, Boolean) Initializes a new instance of the AdoSecurityProvider class.
Top
Properties
 NameDescription
Public propertyApplicationName Gets or sets the name of the application being secured as defined in the backend security datastore.
(Inherited from SecurityProviderBase)
Public propertyAuthenticationFailureReason Gets or allows derived classes to set an authentication failure reason.
(Inherited from SecurityProviderBase)
Public propertyCacheMaximumRetryAttempts Gets or sets the maximum retry attempts allowed for loading offline user data cache.
(Inherited from LdapSecurityProvider)
Public propertyCacheRetryDelayInterval Gets or sets the wait interval (in milliseconds) before retrying load of offline user data cache.
(Inherited from LdapSecurityProvider)
Public propertyCanChangePassword Gets a boolean value that indicates whether ChangePassword(String, String) operation is supported.
(Inherited from SecurityProviderBase)
Public propertyCanRefreshData Gets a boolean value that indicates whether RefreshData operation is supported.
(Inherited from SecurityProviderBase)
Public propertyCanResetPassword Gets a boolean value that indicates whether ResetPassword(String) operation is supported.
(Inherited from SecurityProviderBase)
Public propertyConnectionString Gets or sets the connection string to be used for connection to the backend security datastore.
(Inherited from SecurityProviderBase)
Public propertyDefaultRoles Gets or sets the Default Roles used when a user does not have a role defined. The user still needs to exist but they won't require a Role and will be assigned the DefaultRoles. It is a comma separate list for multiple Roles. If an empty String is supplied a Role is required for the user.
Public propertyEnableOfflineCaching Gets or sets a boolean value that indicates whether user information is to be cached for offline authentication.
(Inherited from LdapSecurityProvider)
Public propertyIsRedirectRequested Gets the flag that indicates whether the user needs to be redirected after the Authentication attempt.
(Inherited from SecurityProviderBase)
Public propertyIsUserAuthenticated Gets the flag that indicates whether the user was authenticated during the last authentication attempt.
(Inherited from SecurityProviderBase)
Public propertyLastException Gets last exception reported by the AdoSecurityProvider.
Public propertyLogEvent Gets or sets the LogEventFunctionSignature to use for logging security events for the SecurityProviderBase implementation.
(Inherited from SecurityProviderBase)
Public propertyPassthroughPrincipal Gets or sets the principal used for passthrough authentication.
(Inherited from SecurityProviderBase)
Public propertyPassword Gets or sets SecurePassword as clear text password.
(Inherited from SecurityProviderBase)
Public propertyPersistSettings Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file.
(Inherited from SecurityProviderBase)
Public propertyRequestedRedirect Gets the URI that user will be redirected to if IsRedirectRequested is set.
(Inherited from SecurityProviderBase)
Public propertySecurePassword Gets or sets the password as a SecureString.
(Inherited from SecurityProviderBase)
Public propertySettingsCategory Gets or sets the category under which security provider settings are to be saved to the config file if the PersistSettings property is set to true.
(Inherited from SecurityProviderBase)
Public propertyUseDatabaseLogging Gets or sets flag that determines if LogAuthenticationAttempt(Boolean) and LogError(String, String) should write to the database. Defaults to true.
Public propertyUserData Gets the UserData object containing information about the user.
(Inherited from SecurityProviderBase)
Public propertyWindowsPrincipal Gets the original WindowsPrincipal of the user if the user exists in Active Directory.
(Inherited from LdapSecurityProvider)
Top
Methods
 NameDescription
Public methodAuthenticate Authenticates the user.
(Overrides LdapSecurityProviderAuthenticate)
Public methodChangePassword Changes user password in the backend data store.
(Overrides LdapSecurityProviderChangePassword(String, String))
Public methodEqualsDetermines whether the specified object is equal to the current object.
(Inherited from Object)
Public methodStatic memberExtractSecurityContext Extracts the current security context from the database.
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.
(Inherited from Object)
Public methodGetHashCodeServes as the default hash function.
(Inherited from Object)
Protected methodGetLdapPath Gets the LDAP path.
(Overrides LdapSecurityProviderGetLdapPath)
Public methodGetTypeGets the Type of the current instance.
(Inherited from Object)
Public methodGetUserRoles Gets a list of roles for this user for a specified application ID, i.e., target node ID.
(Overrides LdapSecurityProviderGetUserRoles(String))
Public methodLoadSettings Loads saved security provider settings from the config file if the PersistSettings property is set to true.
(Overrides LdapSecurityProviderLoadSettings)
Protected methodLogAuthenticationAttempt Logs user authentication attempt.
Protected methodLogError Logs information about an encountered exception to the backend data store.
Protected methodMemberwiseCloneCreates a shallow copy of the current Object.
(Inherited from Object)
Public methodRefreshData Refreshes the UserData.
(Overrides LdapSecurityProviderRefreshData)
Protected methodRefreshData(UserData, ListString, Int32) Refreshes the UserData from the backend data store loading user groups into desired collection.
(Inherited from LdapSecurityProvider)
Public methodResetPassword Resets user password in the backend data store.
(Inherited from LdapSecurityProvider)
Public methodSaveSettings Saves LdapSecurityProvider settings to the config file if the PersistSettings property is set to true.
(Inherited from LdapSecurityProvider)
Public methodToStringReturns a string that represents the current object.
(Inherited from Object)
Public methodTranslateRedirect Performs a translation of the default login page to a different endpoint.
(Inherited from SecurityProviderBase)
Public methodTranslateRole Performs a translation of the specified user role.
(Inherited from LdapSecurityProvider)
Top
Events
 NameDescription
Public eventStatic memberSecurityContextRefreshed Raised when the security context is refreshed.
Top
Fields
 NameDescription
Protected fieldStatic memberDefaultMessageUserHasNoRoles Default message displayed when user is not a member of any roles.
Protected fieldStatic memberDefaultMessageUserIsDisabled Default message displayed when user is disabled.
Protected fieldStatic memberDefaultMessageUserIsLockedOut Default message displayed when user is locked out.
Protected fieldStatic memberDefaultMessageUserNotDefined Default message displayed when user is not defined.
Protected fieldStatic memberDefaultMessageUserPasswordExpired Default message displayed when password is expired or has not been set.
Public fieldStatic memberDefaultNodeID Gets current default Node ID for security.
Public fieldStatic memberDefaultPasswordRequirementsError Default error message displayed when databases users fail regular expression test.
Public fieldStatic memberDefaultPasswordRequirementsRegex Default regular expression used to validate new database user passwords.
Public fieldStatic memberDefaultUseDatabaseLogging Default value for UseDatabaseLogging.
Public fieldStatic memberProviderID Defines the provider ID for the AdoSecurityProvider.
Top
Extension Methods
 NameDescription
Public Extension MethodGetEnumValueOrDefault Gets the enumeration constant for value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions)
Public Extension MethodGetEnumValueOrDefaultT Gets the enumeration constant for this value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions)
Top
Remarks
Minimum expected table schema for ADO Security Provider:
C#
CREATE TABLE UserAccount
(
    ID UNIQUEINDENTIFIER NOT NULL DEFAULT NEWID(),
    Name VARCHAR(200) NOT NULL,
    Password VARCHAR(200) DEFAULT NULL,
    FirstName VARCHAR(200) DEFAULT NULL,
    LastName VARCHAR(200) DEFAULT NULL,
    Phone VARCHAR(200) DEFAULT NULL,
    Email VARCHAR(200) DEFAULT NULL,
    LockedOut TINYINT NOT NULL DEFAULT 0,
    UseADAuthentication TINYINT NOT NULL DEFAULT 1,
    ChangePasswordOn DATETIME DEFAULT NULL,
    CONSTRAINT PK_UserAccount PRIMARY KEY (ID ASC),
    CONSTRAINT IX_UserAccount UNIQUE KEY (Name)
);

CREATE TABLE SecurityGroup
(
    ID UNIQUEINDENTIFIER NOT NULL DEFAULT NEWID(),
    Name VARCHAR(200) NOT NULL,
    CONSTRAINT PK_SecurityGroup PRIMARY KEY (ID ASC),
    CONSTRAINT IX_SecurityGroup UNIQUE KEY (Name)
);

CREATE TABLE SecurityGroupUserAccount
(
    SecurityGroupID UNIQUEINDENTIFIER NOT NULL,
    UserAccountID UNIQUEINDENTIFIER NOT NULL
);

CREATE TABLE ApplicationRole
(
    ID UNIQUEINDENTIFIER NOT NULL DEFAULT NEWID(),
    Name VARCHAR(200) NOT NULL,
    NodeID UNIQUEINDENTIFIER NOT NULL,
    CONSTRAINT PK_ApplicationRole PRIMARY KEY (ID ASC),
    CONSTRAINT IX_ApplicationRole UNIQUE KEY (NodeID, Name)
);

CREATE TABLE ApplicationRoleUserAccount
(
    ApplicationRoleID UNIQUEINDENTIFIER NOT NULL,
    UserAccountID UNIQUEINDENTIFIER NOT NULL  
);

CREATE TABLE ApplicationRoleSecurityGroup
(
    ApplicationRoleID UNIQUEINDENTIFIER NOT NULL,
    SecurityGroupID UNIQUEINDENTIFIER NOT NULL  
);
Example
Required config file entries (automatically added):
C#
<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="categorizedSettings" type="GSF.Configuration.CategorizedSettingsSection, GSF.Core" />
  </configSections>
  <categorizedSettings>
    <securityProvider>
      <add name="ProviderType" value="GSF.Security.AdoSecurityProvider, GSF.Security" description="The type to be used for enforcing security."
        encrypted="false" />
      <add name="UserCacheTimeout" value="5" description="Defines the timeout, in whole minutes, for a user's provider cache. Any value less than 1 will cause cache reset every minute."
        encrypted="false" />
      <add name="ConnectionString" value="Eval(systemSettings.ConnectionString)" description="Configuration database connection string"
        encrypted="false"/>
      <add name="DataProviderString" value="Eval(systemSettings.DataProviderString)" description="Configuration database ADO.NET data provider assembly type creation string"
        encrypted="false"/>    
      <add name="LdapPath" value="" description="Specifies the LDAP path used to initialize the security provider."
        encrypted="false" />
      <add name="ApplicationName" value="SEC_APP" description="Name of the application being secured."
        encrypted="false" />
      <add name="IncludedResources" value="*=*" description="Semicolon delimited list of resources to be secured along with role names."
        encrypted="false" />
      <add name="ExcludedResources" value="" description="Semicolon delimited list of resources to be excluded from being secured."
        encrypted="false" />    
      <add name="NotificationSmtpServer" value="localhost" description="SMTP server to be used for sending out email notification messages."
        encrypted="false" />
      <add name="NotificationSenderEmail" value="sender@company.com" description="Email address of the sender of email notification messages." 
        encrypted="false" />
      <add name="CacheRetryDelayInterval" value="200" description="Wait interval, in milliseconds, before retrying load of user data cache."
        encrypted="false"/>
      <add name="CacheMaximumRetryAttempts" value="10" description="Maximum retry attempts allowed for loading user data cache."
        encrypted="false"/>
      <add name="EnableOfflineCaching" value="True" description="True to enable caching of user information for authentication in offline state, otherwise False."
        encrypted="false"/>
      <add name="PasswordRequirementsRegex" value="^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$" description="Regular expression used to validate new passwords for database users."
        encrypted="false" />
      <add name="PasswordRequirementsError" value="Invalid Password: Password must be at least 8 characters; must contain at least 1 number, 1 upper case letter, and 1 lower case letter" description="Error message to be displayed when new database user password fails regular expression test."
        encrypted="false" />
      <add name="DefaultRoles" value="Viewer" description="If set this is a list of Roles assigned to a user that has no defined Roles."
        encrypted="false" />
    </securityProvider>
    <activeDirectory>
      <add name="PrivilegedDomain" value="" description="Domain of privileged domain user account."
        encrypted="false" />
      <add name="PrivilegedUserName" value="" description="Username of privileged domain user account."
        encrypted="false" />
      <add name="PrivilegedPassword" value="" description="Password of privileged domain user account."
        encrypted="true" />
    </activeDirectory>
  </categorizedSettings>
</configuration>
See Also