|
Ado
|
Represents an ISecurityProvider that uses ADO.NET data source (SQL Server, MySQL, Oracle, etc.) for its
back-end data store and authenticates internal users against Active Directory and external users against the database.
Inheritance Hierarchy
SystemObject
GSF.SecuritySecurityProviderBase
GSF.SecurityLdapSecurityProvider
GSF.SecurityAdoSecurityProvider
GSF.SecuritySecurityProviderBase
GSF.SecurityLdapSecurityProvider
GSF.SecurityAdoSecurityProvider
Namespace: GSF.Security
Assembly: GSF.Security (in GSF.Security.dll) Version: 2.4.181-beta
Syntaxpublic class AdoSecurityProvider : LdapSecurityProvider
The AdoSecurityProvider type exposes the following members.
Constructors| Name | Description | |
|---|---|---|
 | AdoSecurityProvider(String) | Initializes a new instance of the AdoSecurityProvider class. |
 | AdoSecurityProvider(String, Boolean, Boolean, Boolean) | Initializes a new instance of the AdoSecurityProvider class. |
Properties| Name | Description | |
|---|---|---|
 | ApplicationName |
Gets or sets the name of the application being secured as defined in the backend security datastore.
(Inherited from SecurityProviderBase) |
| AuthenticationFailureReason |
Gets or allows derived classes to set an authentication failure reason.
(Inherited from SecurityProviderBase) |
| CacheMaximumRetryAttempts |
Gets or sets the maximum retry attempts allowed for loading offline user data cache.
(Inherited from LdapSecurityProvider) |
| CacheRetryDelayInterval |
Gets or sets the wait interval (in milliseconds) before retrying load of offline user data cache.
(Inherited from LdapSecurityProvider) |
| CanChangePassword |
Gets a boolean value that indicates whether ChangePassword(String, String) operation is supported.
(Inherited from SecurityProviderBase) |
| CanRefreshData |
Gets a boolean value that indicates whether RefreshData operation is supported.
(Inherited from SecurityProviderBase) |
| CanResetPassword |
Gets a boolean value that indicates whether ResetPassword(String) operation is supported.
(Inherited from SecurityProviderBase) |
| ConnectionString |
Gets or sets the connection string to be used for connection to the backend security datastore.
(Inherited from SecurityProviderBase) |
| DefaultRoles | Gets or sets the Default Roles used when a user does not have a role defined. The user still needs to exist but they won't require a Role and will be assigned the DefaultRoles. It is a comma separate list for multiple Roles. If an empty String is supplied a Role is required for the user. |
| EnableOfflineCaching |
Gets or sets a boolean value that indicates whether user information is to be cached for offline authentication.
(Inherited from LdapSecurityProvider) |
| IsRedirectRequested |
Gets the flag that indicates whether the user
needs to be redirected after the Authentication attempt.
(Inherited from SecurityProviderBase) |
| IsUserAuthenticated |
Gets the flag that indicates whether the user was
authenticated during the last authentication attempt.
(Inherited from SecurityProviderBase) |
| LastException | Gets last exception reported by the AdoSecurityProvider. |
| LogEvent |
Gets or sets the LogEventFunctionSignature to use for logging security events for the SecurityProviderBase implementation.
(Inherited from SecurityProviderBase) |
| PassthroughPrincipal |
Gets or sets the principal used for passthrough authentication.
(Inherited from SecurityProviderBase) |
| Password |
Gets or sets SecurePassword as clear text password.
(Inherited from SecurityProviderBase) |
| PersistSettings |
Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file.
(Inherited from SecurityProviderBase) |
| RequestedRedirect |
Gets the URI that user will be redirected to if IsRedirectRequested is set.
(Inherited from SecurityProviderBase) |
| SecurePassword |
Gets or sets the password as a SecureString.
(Inherited from SecurityProviderBase) |
| SettingsCategory |
Gets or sets the category under which security provider settings are to be saved to the config file if the PersistSettings property is set to true.
(Inherited from SecurityProviderBase) |
| UseDatabaseLogging | Gets or sets flag that determines if LogAuthenticationAttempt(Boolean) and LogError(String, String) should write to the database. Defaults to true. |
| UserData |
Gets the UserData object containing information about the user.
(Inherited from SecurityProviderBase) |
| WindowsPrincipal |
Gets the original WindowsPrincipal of the user if the user exists in Active Directory.
(Inherited from LdapSecurityProvider) |
Methods| Name | Description | |
|---|---|---|
| Authenticate |
Authenticates the user.
(Overrides LdapSecurityProviderAuthenticate) |
| ChangePassword |
Changes user password in the backend data store.
(Overrides LdapSecurityProviderChangePassword(String, String)) |
| Equals | Determines whether the specified object is equal to the current object. (Inherited from Object) |
 | ExtractSecurityContext | Extracts the current security context from the database. |
| Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object) |
| GetHashCode | Serves as the default hash function. (Inherited from Object) |
| GetLdapPath |
Gets the LDAP path.
(Overrides LdapSecurityProviderGetLdapPath) |
| GetType | Gets the Type of the current instance. (Inherited from Object) |
| GetUserRoles |
Gets a list of roles for this user for a specified application ID, i.e., target node ID.
(Overrides LdapSecurityProviderGetUserRoles(String)) |
| LoadSettings |
Loads saved security provider settings from the config file if the PersistSettings property is set to true.
(Overrides LdapSecurityProviderLoadSettings) |
| LogAuthenticationAttempt | Logs user authentication attempt. |
| LogError | Logs information about an encountered exception to the backend data store. |
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object) |
| RefreshData |
Refreshes the UserData.
(Overrides LdapSecurityProviderRefreshData) |
| RefreshData(UserData, ListString, Int32) |
Refreshes the UserData from the backend data store loading user groups into desired collection.
(Inherited from LdapSecurityProvider) |
| ResetPassword |
Resets user password in the backend data store.
(Inherited from LdapSecurityProvider) |
| SaveSettings |
Saves LdapSecurityProvider settings to the config file if the PersistSettings property is set to true.
(Inherited from LdapSecurityProvider) |
| ToString | Returns a string that represents the current object. (Inherited from Object) |
| TranslateRedirect |
Performs a translation of the default login page to a different endpoint.
(Inherited from SecurityProviderBase) |
| TranslateRole |
Performs a translation of the specified user role.
(Inherited from LdapSecurityProvider) |
Events| Name | Description | |
|---|---|---|
 | SecurityContextRefreshed | Raised when the security context is refreshed. |
Fields| Name | Description | |
|---|---|---|
 | DefaultMessageUserHasNoRoles | Default message displayed when user is not a member of any roles. |
| DefaultMessageUserIsDisabled | Default message displayed when user is disabled. |
| DefaultMessageUserIsLockedOut | Default message displayed when user is locked out. |
| DefaultMessageUserNotDefined | Default message displayed when user is not defined. |
| DefaultMessageUserPasswordExpired | Default message displayed when password is expired or has not been set. |
 | DefaultNodeID | Gets current default Node ID for security. |
| DefaultPasswordRequirementsError | Default error message displayed when databases users fail regular expression test. |
| DefaultPasswordRequirementsRegex | Default regular expression used to validate new database user passwords. |
| DefaultUseDatabaseLogging | Default value for UseDatabaseLogging. |
| ProviderID | Defines the provider ID for the AdoSecurityProvider. |
Extension Methods| Name | Description | |
|---|---|---|
 | GetEnumValueOrDefault |
Gets the enumeration constant for value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions) |
| GetEnumValueOrDefaultT |
Gets the enumeration constant for this value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions) |
Remarks
Minimum expected table schema for ADO Security Provider:
C#
CREATE TABLE UserAccount
(
ID UNIQUEINDENTIFIER NOT NULL DEFAULT NEWID(),
Name VARCHAR(200) NOT NULL,
Password VARCHAR(200) DEFAULT NULL,
FirstName VARCHAR(200) DEFAULT NULL,
LastName VARCHAR(200) DEFAULT NULL,
Phone VARCHAR(200) DEFAULT NULL,
Email VARCHAR(200) DEFAULT NULL,
LockedOut TINYINT NOT NULL DEFAULT 0,
UseADAuthentication TINYINT NOT NULL DEFAULT 1,
ChangePasswordOn DATETIME DEFAULT NULL,
CONSTRAINT PK_UserAccount PRIMARY KEY (ID ASC),
CONSTRAINT IX_UserAccount UNIQUE KEY (Name)
);
CREATE TABLE SecurityGroup
(
ID UNIQUEINDENTIFIER NOT NULL DEFAULT NEWID(),
Name VARCHAR(200) NOT NULL,
CONSTRAINT PK_SecurityGroup PRIMARY KEY (ID ASC),
CONSTRAINT IX_SecurityGroup UNIQUE KEY (Name)
);
CREATE TABLE SecurityGroupUserAccount
(
SecurityGroupID UNIQUEINDENTIFIER NOT NULL,
UserAccountID UNIQUEINDENTIFIER NOT NULL
);
CREATE TABLE ApplicationRole
(
ID UNIQUEINDENTIFIER NOT NULL DEFAULT NEWID(),
Name VARCHAR(200) NOT NULL,
NodeID UNIQUEINDENTIFIER NOT NULL,
CONSTRAINT PK_ApplicationRole PRIMARY KEY (ID ASC),
CONSTRAINT IX_ApplicationRole UNIQUE KEY (NodeID, Name)
);
CREATE TABLE ApplicationRoleUserAccount
(
ApplicationRoleID UNIQUEINDENTIFIER NOT NULL,
UserAccountID UNIQUEINDENTIFIER NOT NULL
);
CREATE TABLE ApplicationRoleSecurityGroup
(
ApplicationRoleID UNIQUEINDENTIFIER NOT NULL,
SecurityGroupID UNIQUEINDENTIFIER NOT NULL
);Example
Required config file entries (automatically added):
C#
<?xml version="1.0"?> <configuration> <configSections> <section name="categorizedSettings" type="GSF.Configuration.CategorizedSettingsSection, GSF.Core" /> </configSections> <categorizedSettings> <securityProvider> <add name="ProviderType" value="GSF.Security.AdoSecurityProvider, GSF.Security" description="The type to be used for enforcing security." encrypted="false" /> <add name="UserCacheTimeout" value="5" description="Defines the timeout, in whole minutes, for a user's provider cache. Any value less than 1 will cause cache reset every minute." encrypted="false" /> <add name="ConnectionString" value="Eval(systemSettings.ConnectionString)" description="Configuration database connection string" encrypted="false"/> <add name="DataProviderString" value="Eval(systemSettings.DataProviderString)" description="Configuration database ADO.NET data provider assembly type creation string" encrypted="false"/> <add name="LdapPath" value="" description="Specifies the LDAP path used to initialize the security provider." encrypted="false" /> <add name="ApplicationName" value="SEC_APP" description="Name of the application being secured." encrypted="false" /> <add name="IncludedResources" value="*=*" description="Semicolon delimited list of resources to be secured along with role names." encrypted="false" /> <add name="ExcludedResources" value="" description="Semicolon delimited list of resources to be excluded from being secured." encrypted="false" /> <add name="NotificationSmtpServer" value="localhost" description="SMTP server to be used for sending out email notification messages." encrypted="false" /> <add name="NotificationSenderEmail" value="sender@company.com" description="Email address of the sender of email notification messages." encrypted="false" /> <add name="CacheRetryDelayInterval" value="200" description="Wait interval, in milliseconds, before retrying load of user data cache." encrypted="false"/> <add name="CacheMaximumRetryAttempts" value="10" description="Maximum retry attempts allowed for loading user data cache." encrypted="false"/> <add name="EnableOfflineCaching" value="True" description="True to enable caching of user information for authentication in offline state, otherwise False." encrypted="false"/> <add name="PasswordRequirementsRegex" value="^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$" description="Regular expression used to validate new passwords for database users." encrypted="false" /> <add name="PasswordRequirementsError" value="Invalid Password: Password must be at least 8 characters; must contain at least 1 number, 1 upper case letter, and 1 lower case letter" description="Error message to be displayed when new database user password fails regular expression test." encrypted="false" /> <add name="DefaultRoles" value="Viewer" description="If set this is a list of Roles assigned to a user that has no defined Roles." encrypted="false" /> </securityProvider> <activeDirectory> <add name="PrivilegedDomain" value="" description="Domain of privileged domain user account." encrypted="false" /> <add name="PrivilegedUserName" value="" description="Username of privileged domain user account." encrypted="false" /> <add name="PrivilegedPassword" value="" description="Password of privileged domain user account." encrypted="true" /> </activeDirectory> </categorizedSettings> </configuration>
See Also