Click or drag to resize

SecurityProviderBase Class

Base class for a provider of role-based security in applications.
Inheritance Hierarchy
SystemObject
  GSF.SecuritySecurityProviderBase
    GSF.SecurityLdapSecurityProvider
    GSF.SecurityOIDCSecurityProvider

Namespace: GSF.Security
Assembly: GSF.Security (in GSF.Security.dll) Version: 2.4.205-beta
Syntax
public abstract class SecurityProviderBase : ISecurityProvider, 
	IPersistSettings
View Source

The SecurityProviderBase type exposes the following members.

Constructors
 NameDescription
Protected methodSecurityProviderBase Initializes a new instance of the security provider.
Top
Properties
 NameDescription
Public propertyApplicationName Gets or sets the name of the application being secured as defined in the backend security datastore.
Public propertyAuthenticationFailureReason Gets or allows derived classes to set an authentication failure reason.
Public propertyCanChangePassword Gets a boolean value that indicates whether ChangePassword(String, String) operation is supported.
Public propertyCanRefreshData Gets a boolean value that indicates whether RefreshData operation is supported.
Public propertyCanResetPassword Gets a boolean value that indicates whether ResetPassword(String) operation is supported.
Public propertyConnectionString Gets or sets the connection string to be used for connection to the backend security datastore.
Public propertyIsRedirectRequested Gets the flag that indicates whether the user needs to be redirected after the Authentication attempt.
Public propertyIsUserAuthenticated Gets the flag that indicates whether the user was authenticated during the last authentication attempt.
Public propertyLogEvent Gets or sets the LogEventFunctionSignature to use for logging security events for the SecurityProviderBase implementation.
Public propertyPassthroughPrincipal Gets or sets the principal used for passthrough authentication.
Public propertyPassword Gets or sets SecurePassword as clear text password.
Public propertyPersistSettings Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file.
Public propertyRequestedRedirect Gets the URI that user will be redirected to if IsRedirectRequested is set.
Public propertySecurePassword Gets or sets the password as a SecureString.
Public propertySettingsCategory Gets or sets the category under which security provider settings are to be saved to the config file if the PersistSettings property is set to true.
Public propertyUserData Gets the UserData object containing information about the user.
Top
Methods
 NameDescription
Public methodAuthenticate When overridden in a derived class, authenticates the user.
Public methodChangePassword When overridden in a derived class, changes user password in the backend datastore.
Public methodEqualsDetermines whether the specified object is equal to the current object.
(Inherited from Object)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.
(Inherited from Object)
Public methodGetHashCodeServes as the default hash function.
(Inherited from Object)
Public methodGetTypeGets the Type of the current instance.
(Inherited from Object)
Public methodGetUserRoles Gets a list of Roles for this user for a specified ApplicationId.
Public methodLoadSettings Loads saved security provider settings from the config file if the PersistSettings property is set to true.
Protected methodMemberwiseCloneCreates a shallow copy of the current Object.
(Inherited from Object)
Public methodRefreshData When overridden in a derived class, refreshes the UserData from the backend datastore.
Public methodResetPassword When overridden in a derived class, resets user password in the backend datastore.
Public methodSaveSettings Saves security provider settings to the config file if the PersistSettings property is set to true.
Public methodToStringReturns a string that represents the current object.
(Inherited from Object)
Public methodTranslateRedirect Performs a translation of the default login page to a different endpoint.
Public methodTranslateRole Performs a translation of the specified user role.
Top
Fields
 NameDescription
Public fieldStatic memberDefaultApplicationName Specifies the default value for the ApplicationName property.
Public fieldStatic memberDefaultConnectionString Specifies the default value for the ConnectionString property.
Public fieldStatic memberDefaultPersistSettings Specifies the default value for the PersistSettings property.
Public fieldStatic memberDefaultSettingsCategory Specifies the default value for the SettingsCategory property.
Top
Extension Methods
 NameDescription
Public Extension MethodGetEnumValueOrDefault Gets the enumeration constant for value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions)
Public Extension MethodGetEnumValueOrDefaultT Gets the enumeration constant for this value, if defined in the enumeration, or a default value.
(Defined by EnumExtensions)
Top
Example
This examples shows how to extend SecurityProviderBase to use a flat-file for the security data store:
C#
using System.Data;
using System.IO;
using GSF;
using GSF.Data;
using GSF.IO;
using GSF.Security;

namespace CustomSecurity
{
    public class FlatFileSecurityProvider : SecurityProviderBase
    {
        private const int LeastPrivilegedLevel = 5;

        public FlatFileSecurityProvider(string username)
            : base(username)
        {
        }

        public override bool RefreshData()
        {
            // Check for a valid username.
            if (string.IsNullOrEmpty(UserData.Username))
                return false;

            // Check if a file name is specified.
            if (string.IsNullOrEmpty(ConnectionString))
                return false;

            // Check if file exist on file system.
            string file = FilePath.GetAbsolutePath(ConnectionString);
            if (!File.Exists(file))
                return false;

            // Read the data from the specified file.
            DataTable data = File.ReadAllText(file).ToDataTable(",", true);
            DataRow[] user = data.Select(string.Format("Username = '{0}'", UserData.Username));
            if (user.Length > 0)
            {
                // User exists in the specified file.
                UserData.IsDefined = true;
                UserData.Password = user[0]["Password"].ToNonNullString();

                for (int i = LeastPrivilegedLevel; i >= int.Parse(user[0]["Level"].ToNonNullString()); i--)
                {
                    UserData.Roles.Add(i.ToString());
                }
            }

            return true;
        }

        public override bool Authenticate(string password)
        {
            // Compare password hashes to authenticate.
            return (UserData.Password == SecurityProviderUtility.EncryptPassword(password));
        }
    }
}
Config file entries that go along with the above example:
C#
<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="categorizedSettings" type="GSF.Configuration.CategorizedSettingsSection, GSF.Core" />
  </configSections>
  <categorizedSettings>
    <securityProvider>
      <add name="ApplicationName" value="SEC_APP" description="Name of the application being secured as defined in the backend security datastore."
        encrypted="false" />
      <add name="ConnectionString" value="Security.csv" description="Connection string to be used for connection to the backend security datastore."
        encrypted="false" />
      <add name="ProviderType" value="CustomSecurity.FlatFileSecurityProvider, CustomSecurity"
        description="The type to be used for enforcing security." encrypted="false" />
      <add name="IncludedResources" value="*=*" description="Semicolon delimited list of resources to be secured along with role names."
        encrypted="false" />
      <add name="ExcludedResources" value="" description="Semicolon delimited list of resources to be excluded from being secured."
        encrypted="false" />
      <add name="NotificationSmtpServer" value="localhost" description="SMTP server to be used for sending out email notification messages."
        encrypted="false" />
      <add name="NotificationSenderEmail" value="sender@company.com" description="Email address of the sender of email notification messages." 
        encrypted="false" />
    </securityProvider>
  </categorizedSettings>
</configuration>
See Also