|
Security
|
Base class for a provider of role-based security in applications.
Inheritance Hierarchy
SystemObject
GSF.SecuritySecurityProviderBase
GSF.SecurityLdapSecurityProvider
GSF.SecurityOIDCSecurityProvider
GSF.SecuritySecurityProviderBase
GSF.SecurityLdapSecurityProvider
GSF.SecurityOIDCSecurityProvider
Namespace: GSF.Security
Assembly: GSF.Security (in GSF.Security.dll) Version: 2.4.282-beta
Syntaxpublic abstract class SecurityProviderBase : ISecurityProvider, IPersistSettings
The SecurityProviderBase type exposes the following members.
Constructors| Name | Description | |
|---|---|---|
 | SecurityProviderBase | Initializes a new instance of the security provider. |
Properties| Name | Description | |
|---|---|---|
 | ApplicationName | Gets or sets the name of the application being secured as defined in the backend security datastore. |
| AuthenticationFailureReason | Gets or allows derived classes to set an authentication failure reason. |
| CanChangePassword | Gets a boolean value that indicates whether ChangePassword(String, String) operation is supported. |
| CanRefreshData | Gets a boolean value that indicates whether RefreshData operation is supported. |
| CanResetPassword | Gets a boolean value that indicates whether ResetPassword(String) operation is supported. |
| ConnectionString | Gets or sets the connection string to be used for connection to the backend security datastore. |
| IsRedirectRequested | Gets the flag that indicates whether the user needs to be redirected after the Authentication attempt. |
| IsUserAuthenticated | Gets the flag that indicates whether the user was authenticated during the last authentication attempt. |
| LogEvent | Gets or sets the LogEventFunctionSignature to use for logging security events for the SecurityProviderBase implementation. |
| PassthroughPrincipal | Gets or sets the principal used for passthrough authentication. |
| Password | Gets or sets SecurePassword as clear text password. |
| PersistSettings | Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file. |
| RequestedRedirect | Gets the URI that user will be redirected to if IsRedirectRequested is set. |
| SecurePassword | Gets or sets the password as a SecureString. |
| SettingsCategory | Gets or sets the category under which security provider settings are to be saved to the config file if the PersistSettings property is set to true. |
| UserData | Gets the UserData object containing information about the user. |
Methods| Name | Description | |
|---|---|---|
 | Authenticate | When overridden in a derived class, authenticates the user. |
| ChangePassword | When overridden in a derived class, changes user password in the backend datastore. |
| Equals | Determines whether the specified object is equal to the current object. (Inherited from Object) |
| Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object) |
| GetHashCode | Serves as the default hash function. (Inherited from Object) |
| GetType | Gets the Type of the current instance. (Inherited from Object) |
| GetUserRoles | Gets a list of Roles for this user for a specified ApplicationId. |
| LoadSettings | Loads saved security provider settings from the config file if the PersistSettings property is set to true. |
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object) |
| RefreshData | When overridden in a derived class, refreshes the UserData from the backend datastore. |
| ResetPassword | When overridden in a derived class, resets user password in the backend datastore. |
| SaveSettings | Saves security provider settings to the config file if the PersistSettings property is set to true. |
| ToString | Returns a string that represents the current object. (Inherited from Object) |
| TranslateRedirect | Performs a translation of the default login page to a different endpoint. |
| TranslateRole | Performs a translation of the specified user role. |
Fields| Name | Description | |
|---|---|---|
  | DefaultApplicationName | Specifies the default value for the ApplicationName property. |
| DefaultConnectionString | Specifies the default value for the ConnectionString property. |
| DefaultPersistSettings | Specifies the default value for the PersistSettings property. |
| DefaultSettingsCategory | Specifies the default value for the SettingsCategory property. |
Extension Methods| Name | Description | |
|---|---|---|
 | GetEnumValueOrDefault |
Gets the enumeration constant for value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions) |
| GetEnumValueOrDefaultT |
Gets the enumeration constant for this value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions) |
Example
This examples shows how to extend SecurityProviderBase to use a flat-file for the security data store:
using System.Data;
using System.IO;
using GSF;
using GSF.Data;
using GSF.IO;
using GSF.Security;
namespace CustomSecurity
{
public class FlatFileSecurityProvider : SecurityProviderBase
{
private const int LeastPrivilegedLevel = 5;
public FlatFileSecurityProvider(string username)
: base(username)
{
}
public override bool RefreshData()
{
// Check for a valid username.
if (string.IsNullOrEmpty(UserData.Username))
return false;
// Check if a file name is specified.
if (string.IsNullOrEmpty(ConnectionString))
return false;
// Check if file exist on file system.
string file = FilePath.GetAbsolutePath(ConnectionString);
if (!File.Exists(file))
return false;
// Read the data from the specified file.
DataTable data = File.ReadAllText(file).ToDataTable(",", true);
DataRow[] user = data.Select(string.Format("Username = '{0}'", UserData.Username));
if (user.Length > 0)
{
// User exists in the specified file.
UserData.IsDefined = true;
UserData.Password = user[0]["Password"].ToNonNullString();
for (int i = LeastPrivilegedLevel; i >= int.Parse(user[0]["Level"].ToNonNullString()); i--)
{
UserData.Roles.Add(i.ToString());
}
}
return true;
}
public override bool Authenticate(string password)
{
// Compare password hashes to authenticate.
return (UserData.Password == SecurityProviderUtility.EncryptPassword(password));
}
}
}
Config file entries that go along with the above example:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="categorizedSettings" type="GSF.Configuration.CategorizedSettingsSection, GSF.Core" />
</configSections>
<categorizedSettings>
<securityProvider>
<add name="ApplicationName" value="SEC_APP" description="Name of the application being secured as defined in the backend security datastore."
encrypted="false" />
<add name="ConnectionString" value="Security.csv" description="Connection string to be used for connection to the backend security datastore."
encrypted="false" />
<add name="ProviderType" value="CustomSecurity.FlatFileSecurityProvider, CustomSecurity"
description="The type to be used for enforcing security." encrypted="false" />
<add name="IncludedResources" value="*=*" description="Semicolon delimited list of resources to be secured along with role names."
encrypted="false" />
<add name="ExcludedResources" value="" description="Semicolon delimited list of resources to be excluded from being secured."
encrypted="false" />
<add name="NotificationSmtpServer" value="localhost" description="SMTP server to be used for sending out email notification messages."
encrypted="false" />
<add name="NotificationSenderEmail" value="sender@company.com" description="Email address of the sender of email notification messages."
encrypted="false" />
</securityProvider>
</categorizedSettings>
</configuration>
See Also