LdapSecurityProvider Class

Represents an ISecurityProvider that uses Active Directory for its backend data store and credential authentication.

Inheritance Hierarchy

SystemObject
  GSF.SecuritySecurityProviderBase
    GSF.SecurityLdapSecurityProvider
      GSF.SecurityAdoSecurityProvider

Namespace: GSF.Security
Assembly: GSF.Security (in GSF.Security.dll) Version: 2.4.181-beta

Syntax

C++

JavaScript

Copy

public class LdapSecurityProvider : SecurityProviderBase

Public Class LdapSecurityProvider
	Inherits SecurityProviderBase

public ref class LdapSecurityProvider : public SecurityProviderBase

type LdapSecurityProvider = 
    class
        inherit SecurityProviderBase
    end

GSF.Security.LdapSecurityProvider = function();

Type.createClass(
	'GSF.Security.LdapSecurityProvider',
	GSF.Security.SecurityProviderBase);

View Source

The LdapSecurityProvider type exposes the following members.

Constructors

	Name	Description
	LdapSecurityProvider(String)	Initializes a new instance of the LdapSecurityProvider class.
	LdapSecurityProvider(String, Boolean, Boolean, Boolean)	Initializes a new instance of the LdapSecurityProvider class.

Top

Properties

	Name	Description
	ApplicationName	Gets or sets the name of the application being secured as defined in the backend security datastore. (Inherited from SecurityProviderBase)
	AuthenticationFailureReason	Gets or allows derived classes to set an authentication failure reason. (Inherited from SecurityProviderBase)
	CacheMaximumRetryAttempts	Gets or sets the maximum retry attempts allowed for loading offline user data cache.
	CacheRetryDelayInterval	Gets or sets the wait interval (in milliseconds) before retrying load of offline user data cache.
	CanChangePassword	Gets a boolean value that indicates whether ChangePassword(String, String) operation is supported. (Inherited from SecurityProviderBase)
	CanRefreshData	Gets a boolean value that indicates whether RefreshData operation is supported. (Inherited from SecurityProviderBase)
	CanResetPassword	Gets a boolean value that indicates whether ResetPassword(String) operation is supported. (Inherited from SecurityProviderBase)
	ConnectionString	Gets or sets the connection string to be used for connection to the backend security datastore. (Inherited from SecurityProviderBase)
	EnableOfflineCaching	Gets or sets a boolean value that indicates whether user information is to be cached for offline authentication.
	IsRedirectRequested	Gets the flag that indicates whether the user needs to be redirected after the Authentication attempt. (Inherited from SecurityProviderBase)
	IsUserAuthenticated	Gets the flag that indicates whether the user was authenticated during the last authentication attempt. (Inherited from SecurityProviderBase)
	LogEvent	Gets or sets the LogEventFunctionSignature to use for logging security events for the SecurityProviderBase implementation. (Inherited from SecurityProviderBase)
	PassthroughPrincipal	Gets or sets the principal used for passthrough authentication. (Inherited from SecurityProviderBase)
	Password	Gets or sets SecurePassword as clear text password. (Inherited from SecurityProviderBase)
	PersistSettings	Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file. (Inherited from SecurityProviderBase)
	RequestedRedirect	Gets the URI that user will be redirected to if IsRedirectRequested is set. (Inherited from SecurityProviderBase)
	SecurePassword	Gets or sets the password as a SecureString. (Inherited from SecurityProviderBase)
	SettingsCategory	Gets or sets the category under which security provider settings are to be saved to the config file if the PersistSettings property is set to true. (Inherited from SecurityProviderBase)
	UserData	Gets the UserData object containing information about the user. (Inherited from SecurityProviderBase)
	WindowsPrincipal	Gets the original WindowsPrincipal of the user if the user exists in Active Directory.

Top

Methods

	Name	Description
	Authenticate	Authenticates the user. (Overrides SecurityProviderBaseAuthenticate)
	ChangePassword	Changes user password in the backend data store. (Overrides SecurityProviderBaseChangePassword(String, String))
	Equals	Determines whether the specified object is equal to the current object. (Inherited from Object)
	Finalize	Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object)
	GetHashCode	Serves as the default hash function. (Inherited from Object)
	GetLdapPath	Gets the LDAP path.
	GetType	Gets the Type of the current instance. (Inherited from Object)
	GetUserRoles	Gets a list of Roles for this user for a specified ApplicationId. (Overrides SecurityProviderBaseGetUserRoles(String))
	LoadSettings	Loads saved LdapSecurityProvider settings from the config file if the PersistSettings property is set to true. (Overrides SecurityProviderBaseLoadSettings)
	MemberwiseClone	Creates a shallow copy of the current Object. (Inherited from Object)
	RefreshData	Refreshes the UserData from the backend data store. (Overrides SecurityProviderBaseRefreshData)
	RefreshData(UserData, ListString, Int32)	Refreshes the UserData from the backend data store loading user groups into desired collection.
	ResetPassword	Resets user password in the backend data store. (Overrides SecurityProviderBaseResetPassword(String))
	SaveSettings	Saves LdapSecurityProvider settings to the config file if the PersistSettings property is set to true. (Overrides SecurityProviderBaseSaveSettings)
	ToString	Returns a string that represents the current object. (Inherited from Object)
	TranslateRedirect	Performs a translation of the default login page to a different endpoint. (Inherited from SecurityProviderBase)
	TranslateRole	Performs a translation of the specified user role. (Overrides SecurityProviderBaseTranslateRole(String))

Top

Fields

	Name	Description
	DefaultCacheMaximumRetryAttempts	Specifies the default value for the CacheMaximumRetryAttempts property.
	DefaultCacheRetryDelayInterval	Specifies the default value for the CacheRetryDelayInterval property.
	DefaultEnableOfflineCaching	Specifies the default value for the EnableOfflineCaching property.
	ProviderID	Defines the provider ID for the LdapSecurityProvider.

Top

Extension Methods

	Name	Description
	GetEnumValueOrDefault	Gets the enumeration constant for value, if defined in the enumeration, or a default value. (Defined by EnumExtensions)
	GetEnumValueOrDefaultT	Gets the enumeration constant for this value, if defined in the enumeration, or a default value. (Defined by EnumExtensions)

Top

Remarks

A Security Identifier can also be specified in IncludedResources instead of a role name in the format of 'SID:<Security Identifier>' (Example: SID:S-1-5-21-19610888-1443184010-1631745340-269783).

Example

Required config file entries:

Copy

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="categorizedSettings" type="GSF.Configuration.CategorizedSettingsSection, GSF.Core" />
  </configSections>
  <categorizedSettings>
    <securityProvider>
      <add name="ApplicationName" value="" description="Name of the application being secured as defined in the backend security datastore."
        encrypted="false" />
      <add name="ConnectionString" value="LDAP://DC=COMPANY,DC=COM" description="Connection string to be used for connection to the backend security data store."
        encrypted="false" />
      <add name="ProviderType" value="GSF.Security.LdapSecurityProvider, GSF.Security" description="The type to be used for enforcing security."
        encrypted="false" />
      <add name="UserCacheTimeout" value="5" description="Defines the timeout, in whole minutes, for a user's provider cache. Any value less than 1 will cause cache reset every minute."
        encrypted="false" />
      <add name="IncludedResources" value="*=*" description="Semicolon delimited list of resources to be secured along with role names."
        encrypted="false" />
      <add name="ExcludedResources" value="" description="Semicolon delimited list of resources to be excluded from being secured."
        encrypted="false" />
      <add name="NotificationSmtpServer" value="localhost" description="SMTP server to be used for sending out email notification messages."
        encrypted="false" />
      <add name="NotificationSenderEmail" value="sender@company.com" description="Email address of the sender of email notification messages." 
        encrypted="false" />
      <add name="EnableOfflineCaching" value="True" description="True to enable caching of user information for authentication in offline state, otherwise False."
        encrypted="false" />
      <add name="CacheRetryDelayInterval" value="200" description="Wait interval, in milliseconds, before retrying load of user data cache."
        encrypted="false" />
      <add name="CacheMaximumRetryAttempts" value="10" description="Maximum retry attempts allowed for loading user data cache."
        encrypted="false" />
    </securityProvider>
    <activeDirectory>
      <add name="PrivilegedDomain" value="" description="Domain of privileged domain user account."
        encrypted="false" />
      <add name="PrivilegedUserName" value="" description="Username of privileged domain user account."
        encrypted="false" />
      <add name="PrivilegedPassword" value="" description="Password of privileged domain user account."
        encrypted="true" />
    </activeDirectory>
  </categorizedSettings>
</configuration>

Reference

GSF.Security Namespace