|
Security
|
Base class for a provider of role-based security in applications.
Inheritance Hierarchy
SystemObject
GSF.SecuritySecurityProviderBase
GSF.SecurityLdapSecurityProvider
GSF.SecurityOIDCSecurityProvider
GSF.SecuritySecurityProviderBase
GSF.SecurityLdapSecurityProvider
GSF.SecurityOIDCSecurityProvider
Namespace: GSF.Security
Assembly: GSF.Security (in GSF.Security.dll) Version: 2.4.181-beta
Syntaxpublic abstract class SecurityProviderBase : ISecurityProvider, IPersistSettings
The SecurityProviderBase type exposes the following members.
Constructors| Name | Description | |
|---|---|---|
 | SecurityProviderBase | Initializes a new instance of the security provider. |
Properties| Name | Description | |
|---|---|---|
 | ApplicationName | Gets or sets the name of the application being secured as defined in the backend security datastore. |
| AuthenticationFailureReason | Gets or allows derived classes to set an authentication failure reason. |
| CanChangePassword | Gets a boolean value that indicates whether ChangePassword(String, String) operation is supported. |
| CanRefreshData | Gets a boolean value that indicates whether RefreshData operation is supported. |
| CanResetPassword | Gets a boolean value that indicates whether ResetPassword(String) operation is supported. |
| ConnectionString | Gets or sets the connection string to be used for connection to the backend security datastore. |
| IsRedirectRequested | Gets the flag that indicates whether the user needs to be redirected after the Authentication attempt. |
| IsUserAuthenticated | Gets the flag that indicates whether the user was authenticated during the last authentication attempt. |
| LogEvent | Gets or sets the LogEventFunctionSignature to use for logging security events for the SecurityProviderBase implementation. |
| PassthroughPrincipal | Gets or sets the principal used for passthrough authentication. |
| Password | Gets or sets SecurePassword as clear text password. |
| PersistSettings | Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file. |
| RequestedRedirect | Gets the URI that user will be redirected to if IsRedirectRequested is set. |
| SecurePassword | Gets or sets the password as a SecureString. |
| SettingsCategory | Gets or sets the category under which security provider settings are to be saved to the config file if the PersistSettings property is set to true. |
| UserData | Gets the UserData object containing information about the user. |
Methods| Name | Description | |
|---|---|---|
 | Authenticate | When overridden in a derived class, authenticates the user. |
| ChangePassword | When overridden in a derived class, changes user password in the backend datastore. |
| Equals | Determines whether the specified object is equal to the current object. (Inherited from Object) |
| Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object) |
| GetHashCode | Serves as the default hash function. (Inherited from Object) |
| GetType | Gets the Type of the current instance. (Inherited from Object) |
| GetUserRoles | Gets a list of Roles for this user for a specified ApplicationId. |
| LoadSettings | Loads saved security provider settings from the config file if the PersistSettings property is set to true. |
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object) |
| RefreshData | When overridden in a derived class, refreshes the UserData from the backend datastore. |
| ResetPassword | When overridden in a derived class, resets user password in the backend datastore. |
| SaveSettings | Saves security provider settings to the config file if the PersistSettings property is set to true. |
| ToString | Returns a string that represents the current object. (Inherited from Object) |
| TranslateRedirect | Performs a translation of the default login page to a different endpoint. |
| TranslateRole | Performs a translation of the specified user role. |
Fields| Name | Description | |
|---|---|---|
  | DefaultApplicationName | Specifies the default value for the ApplicationName property. |
| DefaultConnectionString | Specifies the default value for the ConnectionString property. |
| DefaultPersistSettings | Specifies the default value for the PersistSettings property. |
| DefaultSettingsCategory | Specifies the default value for the SettingsCategory property. |
Extension Methods| Name | Description | |
|---|---|---|
 | GetEnumValueOrDefault |
Gets the enumeration constant for value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions) |
| GetEnumValueOrDefaultT |
Gets the enumeration constant for this value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions) |
Example
This examples shows how to extend SecurityProviderBase to use a flat-file for the security data store:
Config file entries that go along with the above example:
C#
using System.Data; using System.IO; using GSF; using GSF.Data; using GSF.IO; using GSF.Security; namespace CustomSecurity { public class FlatFileSecurityProvider : SecurityProviderBase { private const int LeastPrivilegedLevel = 5; public FlatFileSecurityProvider(string username) : base(username) { } public override bool RefreshData() { // Check for a valid username. if (string.IsNullOrEmpty(UserData.Username)) return false; // Check if a file name is specified. if (string.IsNullOrEmpty(ConnectionString)) return false; // Check if file exist on file system. string file = FilePath.GetAbsolutePath(ConnectionString); if (!File.Exists(file)) return false; // Read the data from the specified file. DataTable data = File.ReadAllText(file).ToDataTable(",", true); DataRow[] user = data.Select(string.Format("Username = '{0}'", UserData.Username)); if (user.Length > 0) { // User exists in the specified file. UserData.IsDefined = true; UserData.Password = user[0]["Password"].ToNonNullString(); for (int i = LeastPrivilegedLevel; i >= int.Parse(user[0]["Level"].ToNonNullString()); i--) { UserData.Roles.Add(i.ToString()); } } return true; } public override bool Authenticate(string password) { // Compare password hashes to authenticate. return (UserData.Password == SecurityProviderUtility.EncryptPassword(password)); } } }
C#
<?xml version="1.0"?> <configuration> <configSections> <section name="categorizedSettings" type="GSF.Configuration.CategorizedSettingsSection, GSF.Core" /> </configSections> <categorizedSettings> <securityProvider> <add name="ApplicationName" value="SEC_APP" description="Name of the application being secured as defined in the backend security datastore." encrypted="false" /> <add name="ConnectionString" value="Security.csv" description="Connection string to be used for connection to the backend security datastore." encrypted="false" /> <add name="ProviderType" value="CustomSecurity.FlatFileSecurityProvider, CustomSecurity" description="The type to be used for enforcing security." encrypted="false" /> <add name="IncludedResources" value="*=*" description="Semicolon delimited list of resources to be secured along with role names." encrypted="false" /> <add name="ExcludedResources" value="" description="Semicolon delimited list of resources to be excluded from being secured." encrypted="false" /> <add name="NotificationSmtpServer" value="localhost" description="SMTP server to be used for sending out email notification messages." encrypted="false" /> <add name="NotificationSenderEmail" value="sender@company.com" description="Email address of the sender of email notification messages." encrypted="false" /> </securityProvider> </categorizedSettings> </configuration>
See Also