Click or drag to resize

LdapSecurityProvider Class

Represents an ISecurityProvider that uses Active Directory for its backend data store and credential authentication.
Inheritance Hierarchy
SystemObject
  GSF.SecuritySecurityProviderBase
    GSF.SecurityLdapSecurityProvider
      GSF.SecurityAdoSecurityProvider

Namespace: GSF.Security
Assembly: GSF.Security (in GSF.Security.dll) Version: 2.4.207-beta
Syntax
public class LdapSecurityProvider : SecurityProviderBase
View Source

The LdapSecurityProvider type exposes the following members.

Constructors
 NameDescription
Public methodLdapSecurityProvider(String) Initializes a new instance of the LdapSecurityProvider class.
Protected methodLdapSecurityProvider(String, Boolean, Boolean, Boolean) Initializes a new instance of the LdapSecurityProvider class.
Top
Properties
 NameDescription
Public propertyApplicationName Gets or sets the name of the application being secured as defined in the backend security datastore.
(Inherited from SecurityProviderBase)
Public propertyAuthenticationFailureReason Gets or allows derived classes to set an authentication failure reason.
(Inherited from SecurityProviderBase)
Public propertyCacheMaximumRetryAttempts Gets or sets the maximum retry attempts allowed for loading offline user data cache.
Public propertyCacheRetryDelayInterval Gets or sets the wait interval (in milliseconds) before retrying load of offline user data cache.
Public propertyCanChangePassword Gets a boolean value that indicates whether ChangePassword(String, String) operation is supported.
(Inherited from SecurityProviderBase)
Public propertyCanRefreshData Gets a boolean value that indicates whether RefreshData operation is supported.
(Inherited from SecurityProviderBase)
Public propertyCanResetPassword Gets a boolean value that indicates whether ResetPassword(String) operation is supported.
(Inherited from SecurityProviderBase)
Public propertyConnectionString Gets or sets the connection string to be used for connection to the backend security datastore.
(Inherited from SecurityProviderBase)
Public propertyEnableOfflineCaching Gets or sets a boolean value that indicates whether user information is to be cached for offline authentication.
Public propertyIsRedirectRequested Gets the flag that indicates whether the user needs to be redirected after the Authentication attempt.
(Inherited from SecurityProviderBase)
Public propertyIsUserAuthenticated Gets the flag that indicates whether the user was authenticated during the last authentication attempt.
(Inherited from SecurityProviderBase)
Public propertyLogEvent Gets or sets the LogEventFunctionSignature to use for logging security events for the SecurityProviderBase implementation.
(Inherited from SecurityProviderBase)
Public propertyPassthroughPrincipal Gets or sets the principal used for passthrough authentication.
(Inherited from SecurityProviderBase)
Public propertyPassword Gets or sets SecurePassword as clear text password.
(Inherited from SecurityProviderBase)
Public propertyPersistSettings Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file.
(Inherited from SecurityProviderBase)
Public propertyRequestedRedirect Gets the URI that user will be redirected to if IsRedirectRequested is set.
(Inherited from SecurityProviderBase)
Public propertySecurePassword Gets or sets the password as a SecureString.
(Inherited from SecurityProviderBase)
Public propertySettingsCategory Gets or sets the category under which security provider settings are to be saved to the config file if the PersistSettings property is set to true.
(Inherited from SecurityProviderBase)
Public propertyUserData Gets the UserData object containing information about the user.
(Inherited from SecurityProviderBase)
Public propertyWindowsPrincipal Gets the original WindowsPrincipal of the user if the user exists in Active Directory.
Top
Methods
 NameDescription
Public methodAuthenticate Authenticates the user.
(Overrides SecurityProviderBaseAuthenticate)
Public methodChangePassword Changes user password in the backend data store.
(Overrides SecurityProviderBaseChangePassword(String, String))
Public methodEqualsDetermines whether the specified object is equal to the current object.
(Inherited from Object)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.
(Inherited from Object)
Public methodGetHashCodeServes as the default hash function.
(Inherited from Object)
Protected methodGetLdapPath Gets the LDAP path.
Public methodGetTypeGets the Type of the current instance.
(Inherited from Object)
Public methodGetUserRoles Gets a list of Roles for this user for a specified ApplicationId.
(Overrides SecurityProviderBaseGetUserRoles(String))
Public methodLoadSettings Loads saved LdapSecurityProvider settings from the config file if the PersistSettings property is set to true.
(Overrides SecurityProviderBaseLoadSettings)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object.
(Inherited from Object)
Public methodRefreshData Refreshes the UserData from the backend data store.
(Overrides SecurityProviderBaseRefreshData)
Protected methodRefreshData(UserData, ListString, Int32) Refreshes the UserData from the backend data store loading user groups into desired collection.
Public methodResetPassword Resets user password in the backend data store.
(Overrides SecurityProviderBaseResetPassword(String))
Public methodSaveSettings Saves LdapSecurityProvider settings to the config file if the PersistSettings property is set to true.
(Overrides SecurityProviderBaseSaveSettings)
Public methodToStringReturns a string that represents the current object.
(Inherited from Object)
Public methodTranslateRedirect Performs a translation of the default login page to a different endpoint.
(Inherited from SecurityProviderBase)
Public methodTranslateRole Performs a translation of the specified user role.
(Overrides SecurityProviderBaseTranslateRole(String))
Top
Fields
 NameDescription
Public fieldStatic memberDefaultCacheMaximumRetryAttempts Specifies the default value for the CacheMaximumRetryAttempts property.
Public fieldStatic memberDefaultCacheRetryDelayInterval Specifies the default value for the CacheRetryDelayInterval property.
Public fieldStatic memberDefaultEnableOfflineCaching Specifies the default value for the EnableOfflineCaching property.
Public fieldStatic memberProviderID Defines the provider ID for the LdapSecurityProvider.
Top
Extension Methods
 NameDescription
Public Extension MethodGetEnumValueOrDefault Gets the enumeration constant for value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions)
Public Extension MethodGetEnumValueOrDefaultT Gets the enumeration constant for this value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions)
Top
Remarks
A Security Identifier can also be specified in IncludedResources instead of a role name in the format of 'SID:<Security Identifier>' (Example: SID:S-1-5-21-19610888-1443184010-1631745340-269783).
Example
Required config file entries:
C#
<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="categorizedSettings" type="GSF.Configuration.CategorizedSettingsSection, GSF.Core" />
  </configSections>
  <categorizedSettings>
    <securityProvider>
      <add name="ApplicationName" value="" description="Name of the application being secured as defined in the backend security datastore."
        encrypted="false" />
      <add name="ConnectionString" value="LDAP://DC=COMPANY,DC=COM" description="Connection string to be used for connection to the backend security data store."
        encrypted="false" />
      <add name="ProviderType" value="GSF.Security.LdapSecurityProvider, GSF.Security" description="The type to be used for enforcing security."
        encrypted="false" />
      <add name="UserCacheTimeout" value="5" description="Defines the timeout, in whole minutes, for a user's provider cache. Any value less than 1 will cause cache reset every minute."
        encrypted="false" />
      <add name="IncludedResources" value="*=*" description="Semicolon delimited list of resources to be secured along with role names."
        encrypted="false" />
      <add name="ExcludedResources" value="" description="Semicolon delimited list of resources to be excluded from being secured."
        encrypted="false" />
      <add name="NotificationSmtpServer" value="localhost" description="SMTP server to be used for sending out email notification messages."
        encrypted="false" />
      <add name="NotificationSenderEmail" value="sender@company.com" description="Email address of the sender of email notification messages." 
        encrypted="false" />
      <add name="EnableOfflineCaching" value="True" description="True to enable caching of user information for authentication in offline state, otherwise False."
        encrypted="false" />
      <add name="CacheRetryDelayInterval" value="200" description="Wait interval, in milliseconds, before retrying load of user data cache."
        encrypted="false" />
      <add name="CacheMaximumRetryAttempts" value="10" description="Maximum retry attempts allowed for loading user data cache."
        encrypted="false" />
    </securityProvider>
    <activeDirectory>
      <add name="PrivilegedDomain" value="" description="Domain of privileged domain user account."
        encrypted="false" />
      <add name="PrivilegedUserName" value="" description="Username of privileged domain user account."
        encrypted="false" />
      <add name="PrivilegedPassword" value="" description="Password of privileged domain user account."
        encrypted="true" />
    </activeDirectory>
  </categorizedSettings>
</configuration>
See Also