GSF.Security
Initializes a new instance of the
class representing an Azure AD user with a passthrough principal.
The name of the user on whose behalf the code is running.
Represents settings needed for Azure Active Directory (AD) authentication.
Default category for Azure AD settings.
Default value for property.
Default value for property.
Default value for property.
Default value for property.
Default value for property.
Default value for property.
Default value for property.
Gets or sets the Azure AD instance URL.
Gets or sets the Azure AD tenant ID.
Gets or sets the Azure AD client ID.
Gets or sets the redirect URI where authentication responses can be received by the application.
Gets or sets the Azure AD call-back path.
Gets or sets the Azure AD signed out call-back path.
Gets the flag that determines if Azure AD is enabled.
Gets the Azure AD authority (Instance + TenantID).
Gets the last exception, if any, encountered after getting a new Graph service client.
Gets a new Graph service client.
Settings category to use for determine configuration location.
Set to true to force refresh of Azure AD token.
New Graph service client when Azure AD is enabled; otherwise, null.
Loads Azure AD settings. Source based on target configuration.
Settings category to use for determine configuration location.
Loaded settings instance.
Loads Azure AD settings from the specified JSON application settings file.
JSON settings file to load. Defaults to local "appsettings.json".
Loaded settings instance.
Loads Azure AD settings from categorized settings.
Settings category to use for settings load.
Loaded settings instance.
Defines a JSON token response for the .
Access token.
ID token.
Represents an that uses openID Connect
Required config file entries (automatically added):
]]>
Defines the provider ID for the .
Initializes a new instance of the class.
Name that uniquely identifies the user.
Gets the object containing information about the user.
Gets last exception reported by the .
Gets or sets flag that determines if and should
write to the database. Defaults to true.
Setting this flag to false may be necessary in cases where a database has been setup to use authentication
but does not include an "AccessLog" or "ErrorLog" table.
The ClienID used to identify this Application with the Authorization Server
The Scope used to obtain UserInformation from the Authorization Server
A Nonce that has been verified manually and never expires. This is used for allowing Server-server logons.
The Endpoint used to redirect the User
The Endpoint to get the User Token
The URI the User get's redirected to after signing in.
The ClientSecret used to encrypt the user data
The Claim used to get the Roles for the user
Gets the flag that indicates whether the user
needs to be redirected after the Authentication attempt.
Gets the URI that user will be redirected to if is set.
Indicates if the Login Page should display detailed Debugging Information when OAuth Fails.
Loads saved security provider settings from the config file if the property is set to true.
has a value of null or empty string.
Not implemented by ; always returns false.
true if is refreshed, otherwise false.
Authenticates the user.
true if the user is authenticated, otherwise false.
Logs user authentication attempt.
true if user authentication was successful, otherwise false.
Logs information about an encountered exception to the backend data store.
Source of the exception.
Detailed description of the exception.
true if logging was successful, otherwise false.
Exchange Authorization Code for a Token
The Authorization Code returned by the Auth Server
Performs a translation of the default login page to a different endpoint.
The URI of the login page specified in the AppSettings
The URI originally requested.
The URI requested by the client
The Referrer as specified in the request header
The URI to be redirected to
Not implemented by ; always returns false.
Answer to the user's security question.
true if the password is reset, otherwise false.
Not implemented by ; always returns false.
User's current password.
User's new password.
true if the password is changed, otherwise false.
Not implemented by ; always returns false.
Obtains the Token from the OIDC Server using a code.
Represents an that uses ADO.NET data source (SQL Server, MySQL, Oracle, etc.) for its
back-end data store and authenticates internal users against Active Directory and external users against the database.
Required config file entries (automatically added):
]]>
Minimum expected table schema for ADO Security Provider:
Default Roles to be used if no Roles are supplied for a user.
Default regular expression used to validate new database user passwords.
Default error message displayed when databases users fail regular expression test.
Default value for .
Default message displayed when user is not defined.
Default message displayed when user is disabled.
Default message displayed when user is locked out.
Default message displayed when password is expired or has not been set.
Default message displayed when user is not a member of any roles.
Defines the provider ID for the .
Initializes a new instance of the class.
Name that uniquely identifies the user.
Initializes a new instance of the class.
Name that uniquely identifies the user.
true if the security provider can refresh from the back-end data store, otherwise false.
true if the security provider can reset user password, otherwise false.
true if the security provider can change user password, otherwise false.
Gets last exception reported by the .
Gets or sets flag that determines if and should
write to the database. Defaults to true.
Setting this flag to false may be necessary in cases where a database has been setup to use authentication
but does not include an "AccessLog" or "ErrorLog" table.
Gets or sets the Default Roles used when a user does not have a role defined.
The user still needs to exist but they won't require a Role and will be assigned the DefaultRoles.
It is a comma separate list for multiple Roles. If an empty String is supplied a Role is required for the user.
Loads saved security provider settings from the config file if the property is set to true.
has a value of null or empty string.
Refreshes the .
true if is refreshed, otherwise false.
Authenticates the user.
true if the user is authenticated, otherwise false.
Changes user password in the backend data store.
User's current password.
User's new password.
true if the password is changed, otherwise false.
does not meet password requirements.
Logs user authentication attempt.
true if user authentication was successful, otherwise false.
Logs information about an encountered exception to the backend data store.
Source of the exception.
Detailed description of the exception.
true if logging was successful, otherwise false.
Gets the LDAP path.
The LDAP path.
Gets a list of roles for this user for a specified application ID, i.e., target node ID.
The node ID for the roles to be returned.
The roles that the specified user has.
Raised when the security context is refreshed.
Gets current default Node ID for security.
Extracts the current security context from the database.
Existing database connection used to extract security context.
Exception handler to use for any exceptions encountered while updating security cache.
Current user name, if applicable in calling context.
A new containing the latest security context.
Represents a secured inter-process cache for the security context needed by the .
This is a system cache that contains the last known security information loaded from the database related to users,
roles and groups. This cache allows the to start-up without database access
using latest cached security context. Even though this cache contains role information for all users, it does
not overlap information in the since the user role cache contains role assignments
for a user at last login and is used for auditing.
Creates a new instance of the with the specified number of .
Maximum concurrent reader locks to allow.
Gets or sets the internal ; returned value will be a copy of the internal.
Initiates inter-process synchronized save of .
Handles serialization of file to disk; virtual method allows customization (e.g., pre-save encryption and/or data merge).
used to serialize data.
File data to be serialized.
Consumers overriding this method should not directly call property to avoid potential dead-locks.
Handles deserialization of file from disk; virtual method allows customization (e.g., pre-load decryption and/or data merge).
used to deserialize data.
Deserialized file data.
Consumers overriding this method should not directly call property to avoid potential dead-locks.
Loads the for the current local user.
Loaded instance of the .
Model for AccessLog table.
Unique ID field.
User name field.
Access granted flag field.
Node ID of the Application.
Created on field.
Model for ErrorLog table.
Unique ID field.
Source field.
Type field.
Message field.
Detail field.
Created on field.
Model for ApplicationRole table.
Unique application role ID field.
Name field.
Description field.
Node ID field.
Created on field.
Created by field.
Updated on field.
Updated by field.
Model for ApplicationRoleSecurityGroup table.
Application role ID field.
Security group ID field.
Model for SecurityGroupUserAccount table.
Security group ID field.
User account ID field.
Model for ApplicationRoleUserAccount table.
Application role ID field.
User account ID field.
Model for Node table.
Unique node ID field.
Name field.
Company ID field.
Longitude field.
Latitude field.
Description field.
Image path field.
Settings field.
Menu type field.
Description field.
Master field.
Load order field.
Enabled field.
Created on field.
Created by field.
Updated on field.
Updated by field.
Model for SecurityGroup table.
A record in this table can represent a database defined group with associated users
or an Active Directory group that maintains its own users.
Unique security group ID field.
Group name field - stores SID for AD authentication.
Description field.
Created on field.
Created by field.
Updated on field.
Updated by field.
Group account name, converted from security ID as needed.
Model for UserAccount table.
A record in this table can represent a database defined user with associated detail
or an Active Directory user that maintains its own user details.
Unique user account ID field.
User name field - stores SID for AD authentication.
Password field - stores password hash for DB authentication only.
First name field - for DB authentication only.
Last name field - for DB authentication only.
Default Node ID field.
Phone number field - for DB authentication only.
E-mail field - for DB authentication only.
Change password on date field - for DB authentication only.
Use Active Directory authentication field.
User locked-out field.
Created on field.
Created by field.
Updated on field.
Updated by field.
User account name, converted from security ID as needed.
Defines for the .
Initializes a new instance of the class.
Initializes a new instance of the class.
User's logon name.
Gets or sets OIDC Nonce value associated with this user.
Gets or sets the associated with this user.
Defines a helper class for token cache management.
Path to the token cache.
Represents a secured inter-process cache for a of serialized user role information.
This is a system cache that contains the role assignments for each user that has logged in successfully. This cache is used
to check for changes in role assignments for a user - that is, a role change in the database that may now be different than
what is in the current cache. Any kind of role changes are logged as security events in the Windows event log for auditing.
Note that this is kept as a separate cache from the since the user role cache is used for
auditing and contains information relative to a user's roles at last login.
Creates a new instance of the with the specified number of .
Maximum concurrent reader locks to allow.
Gets a copy of the internal user role dictionary.
Gets or sets access roles for given .
User name for associated access role to load or save.
Access roles for given if found; otherwise null.
Attempts to retrieve access role for given .
User name associated with access role to retrieve.
Access roles to populate if found.
true if access roles for given were retrieved; otherwise false.
Serializes the for the given into the .
User name associated with access role to retrieve.
Access roles to update or populate.
This will add an entry into the user roles cache for if it doesn't exist;
otherwise existing entry will be updated.
Updates are automatically queued up for serialization so user does not need to call .
Merge user roles from another , local cache taking precedence.
Other to merge with.
Merge user roles from another , other cache taking precedence.
Other to merge with.
Initiates inter-process synchronized save of user role cache.
Handles serialization of file to disk; virtual method allows customization (e.g., pre-save encryption and/or data merge).
used to serialize data.
File data to be serialized.
Consumers overriding this method should not directly call property to avoid potential dead-locks.
Handles deserialization of file from disk; virtual method allows customization (e.g., pre-load decryption and/or data merge).
used to deserialize data.
Deserialized file data.
Consumers overriding this method should not directly call property to avoid potential dead-locks.
Calculates the hash of the used as the key for the user roles dictionary.
User name to hash.
The Base64 encoded calculated SHA-2 hash of the used as the key for the user roles dictionary.
For added security, a hash of the is used as the key for accessing roles
in the user roles cache instead of the actual . This method allows the
consumer to properly calculate this hash when directly using the user data cache.
Loads the for the current local user.
Loaded instance of the .
Represents an that uses Active Directory for its backend data store and credential authentication.
A Security Identifier can also be specified in
IncludedResources instead of a role name in the format of 'SID:<Security Identifier>' (Example: SID:S-1-5-21-19610888-1443184010-1631745340-269783).
Required config file entries:
]]>
Defines the provider ID for the .
Specifies the default value for the property.
Specifies the default value for the property.
Specifies the default value for the property.
Initializes a new instance of the class.
Name that uniquely identifies the user.
Initializes a new instance of the class.
Name that uniquely identifies the user.
true if the security provider can refresh from the backend data store, otherwise false.
true if the security provider can reset user password, otherwise false.
true if the security provider can change user password, otherwise false.
Gets or sets a boolean value that indicates whether user information is to be cached for offline authentication.
Gets or sets the wait interval (in milliseconds) before retrying load of offline user data cache.
Gets or sets the maximum retry attempts allowed for loading offline user data cache.
Gets the original of the user if the user exists in Active Directory.
Resets user password in the backend data store.
Answer to the user's security question.
true if the password is reset, otherwise false.
Always
Saves settings to the config file if the property is set to true.
Loads saved settings from the config file if the property is set to true.
Authenticates the user.
true if the user is authenticated, otherwise false.
Refreshes the from the backend data store.
true if is refreshed, otherwise false.
Refreshes the from the backend data store loading user groups into desired collection.
The structure for the data being refreshed.
Target collection for user groups.
Unique provider ID used to distinguish cached user data that may be different based on provider.
true if is refreshed, otherwise false.
Changes user password in the backend data store.
User's current password.
User's new password.
true if the password is changed, otherwise false.
This method always returns false under Mono deployments.
Performs a translation of the specified user .
The user role to be translated.
The user role that the specified user translates to.
Gets the LDAP path.
The LDAP path.
Gets a list of Roles for this user for a specified ApplicationId.
The applicationId for the roles to be returned.
The roles that the specified user has.
Represents an that can be used restrict access to a class when using role-based security.
Initializes a new instance of the class.
Initializes a new instance of the class.
List of either roles the current thread principal must have in order to have access.
Gets or sets the list of either roles the current thread principal must have in order to have access.
Checks if the current thread principal has at least one of the in order to have access.
true if the current thread principal has access, otherwise false.
Defines the function signature delegate used for logging events from the .
The source by which the application is registered on the specified computer.
The string to write to the event log.
One of the values.
The application-specific identifier for the event.
Defines a provider of role-based security in applications.
Gets or sets the name of the application being secured as defined in the backend security data store.
Gets or sets the connection string to be used for connection to the backend security data store.
Gets or sets the principal used for passthrough authentication.
Gets or sets the password as a .
Gets or sets as clear text password.
Gets the object containing information about the user.
Gets the flag that indicates whether the user was
authenticated during the last authentication attempt.
Gets the flag that indicates whether the user
needs to be redirected after the Authentication attempt.
Could be used for asking Users to confirm Messages etc.
Gets the URI that user will be redirected to if is set.
Gets a boolean value that indicates whether operation is supported.
Gets a boolean value that indicates whether operation is supported.
Gets a boolean value that indicates whether operation is supported.
Gets an authentication failure reason, if set by the provider when authentication fails.
Gets or sets the to use for logging security events for the implementation.
Set to null to use default handler, i.e., .
Authenticates the user.
true if the user is authenticated, otherwise false.
Refreshes the from the backend data store.
true if is refreshed, otherwise false.
Resets user password in the backend data store.
Answer to the user's security question.
true if the password is reset, otherwise false.
Changes user password in the backend data store.
User's current password.
User's new password.
true if the password is changed, otherwise false.
Performs a translation of the specified user .
The user role to be translated.
The user role that the specified user translates to.
Performs a translation of the default login page to a different endpoint.
The URI of the login page specified in the AppSettings
The URI originally requested.
The URI requested by the client
The Referrer as specified in the request header
The URI to be redirected to
Gets a list of Roles for this user for a specified ApplicationId.
The applicationId for the roles to be returned.
The roles that the specified user has.
Contains fundamental classes that define the security framework for role-based security.
Base class for a provider of role-based security in applications.
This examples shows how to extend to use a flat-file for the security data store:
using System.Data;
using System.IO;
using GSF;
using GSF.Data;
using GSF.IO;
using GSF.Security;
namespace CustomSecurity
{
public class FlatFileSecurityProvider : SecurityProviderBase
{
private const int LeastPrivilegedLevel = 5;
public FlatFileSecurityProvider(string username)
: base(username)
{
}
public override bool RefreshData()
{
// Check for a valid username.
if (string.IsNullOrEmpty(UserData.Username))
return false;
// Check if a file name is specified.
if (string.IsNullOrEmpty(ConnectionString))
return false;
// Check if file exist on file system.
string file = FilePath.GetAbsolutePath(ConnectionString);
if (!File.Exists(file))
return false;
// Read the data from the specified file.
DataTable data = File.ReadAllText(file).ToDataTable(",", true);
DataRow[] user = data.Select(string.Format("Username = '{0}'", UserData.Username));
if (user.Length > 0)
{
// User exists in the specified file.
UserData.IsDefined = true;
UserData.Password = user[0]["Password"].ToNonNullString();
for (int i = LeastPrivilegedLevel; i >= int.Parse(user[0]["Level"].ToNonNullString()); i--)
{
UserData.Roles.Add(i.ToString());
}
}
return true;
}
public override bool Authenticate(string password)
{
// Compare password hashes to authenticate.
return (UserData.Password == SecurityProviderUtility.EncryptPassword(password));
}
}
}
Config file entries that go along with the above example:
]]>
Specifies the default value for the property.
Specifies the default value for the property.
Specifies the default value for the property.
Specifies the default value for the property.
Initializes a new instance of the security provider.
Name that uniquely identifies the user.
true if the security provider can refresh from the backend data store, otherwise false.
true if the security provider can reset user password, otherwise false.
true if the security provider can change user password, otherwise false.
Gets or sets the name of the application being secured as defined in the backend security datastore.
Gets or sets the connection string to be used for connection to the backend security datastore.
Gets or sets the principal used for passthrough authentication.
Gets or sets the password as a .
Gets or sets as clear text password.
Gets or sets the to use for logging security events for the implementation.
Set to null to use default handler, i.e., .
Gets or sets a boolean value that indicates whether security provider settings are to be saved to the config file.
Gets or sets the category under which security provider settings are to be saved to the config file if the property is set to true.
The value being assigned is a null or empty string.
Gets the object containing information about the user.
Gets the flag that indicates whether the user was
authenticated during the last authentication attempt.
Gets a boolean value that indicates whether operation is supported.
Gets a boolean value that indicates whether operation is supported.
Gets a boolean value that indicates whether operation is supported.
Gets or allows derived classes to set an authentication failure reason.
Gets the flag that indicates whether the user
needs to be redirected after the Authentication attempt.
Gets the URI that user will be redirected to if is set.
When overridden in a derived class, authenticates the user.
true if the user is authenticated, otherwise false.
When overridden in a derived class, refreshes the from the backend datastore.
true if is refreshed, otherwise false.
When overridden in a derived class, resets user password in the backend datastore.
Answer to the user's security question.
true if the password is reset, otherwise false.
When overridden in a derived class, changes user password in the backend datastore.
User's current password.
User's new password.
true if the password is changed, otherwise false.
Saves security provider settings to the config file if the property is set to true.
has a value of null or empty string.
Loads saved security provider settings from the config file if the property is set to true.
has a value of null or empty string.
Performs a translation of the specified user .
The user role to be translated.
The user role that the specified user translates to.
Performs a translation of the default login page to a different endpoint.
The URI of the login page specified in the AppSettings
The URI originally requested.
The URI requested by the client
The Referrer as specified in the request header
The URI to be redirected to
Gets a list of Roles for this user for a specified ApplicationId.
The applicationId for the roles to be returned.
The roles that the specified user has.
A class that implements interface to facilitate custom role-based security.
Initializes a new instance of the class.
An of the user.
Value specified for is null.
Gets the type of authentication used to identify the user.
Gets a boolean value that indicates whether the user has been authenticated.
Gets the user's login name.
Gets the user type.
Gets the of the user.
A class that implements interface to facilitate custom role-based security.
Initializes a new instance of the class.
An object.
Value specified for is null.
Gets the object of the user.
Gets the object of the user.
Determines whether the user is a member of either of the specified .
Comma separated list of roles to check.
true if the user is a member of either of the specified , otherwise false.
Gets the reason phrase to return for an unauthorized response.
Security principal being authenticated, can be null.
Authentication scheme in use.
true to use detailed response from security provider.
Reason phrase to return for an unauthorized response.
Detailed provider response should normally only be used for diagnostics, a more obscure reason is considered
more secure since it limits knowledge about the successful elements of an authentication attempt.
A helper class that manages the caching of s.
A class that facilitates the caching of .
Initializes a new instance of the class.
Initializes a new instance of the class.
Gets the managed by this .
Gets the of when the was last refreshed.
Gets the of when the was last accessed.
Refreshes the provider managed by this .
Number of minutes up to which s are to be cached.
Number of milliseconds between calls to monitor the cache.
Creates a new .
Settings category.
Creates a new provider from data cached by the .
The username of the user for which to create a new provider.
obtained through alternative authentication mechanisms to provide authentication for the .
Indicates whether the provider should be automatically refreshed on a timer.
A new provider initialized from cached data.
Removes any cached information about the user with the given username.
The username of the user to be flushed from the cache.
Adds the given provider to the collection of providers being automatically refreshed on the user cache timeout interval.
The security provider to be cached.
Removes the given provider from the collection of providers being automatically refreshed.
The provider to be removed.
Forces all cached providers to refresh state.
Specifies the default value for the SettingsCategory property for the AlternateSecurityProvider.
Creates a new provider from data cached by the .
The username of the user for which to create a new provider.
obtained through alternative authentication mechanisms to provide authentication for the .
Indicates whether the provider should be automatically refreshed on a timer.
Indicates whether the alternate should be used.
A new provider initialized from cached data.
Removes any cached information about the user with the given username.
The username of the user to be flushed from the cache.
Indicates whether the alternate should be used.
Adds the given provider to the collection of providers being automatically refreshed on the user cache timeout interval.
The security provider to be cached.
Indicates whether the alternate should be used.
Removes the given provider from the collection of providers being automatically refreshed.
The provider to be removed.
Indicates whether the alternate should be used.
Forces all cached providers to refresh state.
Indicates whether the alternate should be used.
A helper class containing methods used in the implementation of role-based security.
Creates a new based on the settings in the config file.
Username of the user for whom the is to be created.
The category used to store configuration settings for the provider.
An object that implements .
Creates a new based on the settings in the config file.
Username of the user for whom the is to be created.
obtained through alternative authentication mechanisms to provide authentication for the .
The category used to store configuration settings for the provider.
An object that implements .
Creates a new based on the settings in the config file.
Object that contains data about the user to be used by the security provider.
The category used to store configuration settings for the provider.
An object that implements .
Determines if the specified is to be secured based on settings in the config file.
Name of the resource to be checked.
true if the is to be secured; otherwise false/
Determines if the current user, as defined by the , has permission to access
the specified based on settings in the config file.
Name of the resource to be checked.
The principal providing the security context for the user.
true if the current user has permission to access the ; otherwise false.
Determines if the specified matches the specified .
Spec string that can include wildcards ('*'). For example, *.txt
Target string to be compared with the .
true if the matches the , otherwise false.
Encrypts the password to a one-way hash using the SHA1 hash algorithm.
Password to be encrypted.
Encrypted password.
Generates a random password of the specified with at least one uppercase letter, one lowercase letter, one special character and one digit.
Length of the password to generate.
Randomly generated password of the specified .
A value of less than 8 is specified for the .
Sends email notification message to the specified using settings specified in the config file.
Email address of the notification recipient.
Subject of the notification.
Content of the notification.
A serializable class that contains information about a user defined in the security data store.
Initializes a new instance of the class.
Initializes a new instance of the class.
User's logon name.
Initializes a new instance of the class by copying an existing instance.
The existing instance of the class.
Gets the user's login ID.
Gets the user's login name.
Gets the user's password.
This field is only used to store hashed user
passwords which are stored in the database.
Gets the user's first name.
Gets the user's last name.
Gets the user's company name.
Gets the user's phone number.
Gets the user's email address.
Gets the user's security question.
Gets the user's security answer.
Gets the UTC date and time when user must change the password.
Gets the UTC date and time when user account was created.
Gets a boolean value that indicates whether the user is defined in the backend security data store.
Gets a boolean value that indicates whether the user is defined as an external user in the backend security data store.
Gets a boolean value that indicates whether the user is defined as an AzureAD account.
Gets a boolean value that indicates whether the user account has been disabled.
Gets a boolean value that indicates whether the user account has been locked due to numerous unsuccessful login attempts.
Gets a read-only list of all the groups the user belongs to.
Gets a read-only list of all the roles assigned to the user.
Initializes this object.
Copies a new instance of the class by copying an existing instance.
The existing instance of the class.
Represents a secured inter-process cache for a of serialized .
This is a personal user data cache that only contains basic LDAP information for the user. It is used to load the local and
Active Directory groups a user is associated with when the user no longer has access to its domain server. This can happen
when a laptop that is normally connected to the Active Directory domain gets shutdown then restarted without access to the
domain, for example, on an airplane - in this mode the user can successfully still login to the laptop to their using domain
account cached by Windows but the groups the user is in will no longer be accessible. If role based security happens to be
based on Active Directory groups, this cache will make sure the user can still have needed role based access even when the
domain is unavailable. This cache is maintained as a separate user cache from the system level
since the user data cache only contains group information and is used by the which can be
used independently of the .
Creates a new instance of the .
Unique provider ID used to distinguish cached user data that may be different based on provider.
Creates a new instance of the with the specified number of .
Maximum concurrent reader locks to allow.
Unique provider ID used to distinguish cached user data that may be different based on provider.
Gets or sets for given .
Login ID of associated to load or save.
Reference to for given if found; otherwise null.
Gets or sets unique provider ID used to distinguish cached user data that may be different based on provider.
Attempts to retrieve for given .
Login ID of associated to retrieve.
Reference to object to populate if found.
true if for given was retrieved; otherwise false.
Serializes the for the given into the .
Login ID of associated to retrieve.
Reference to object to serialize into .
This will add an entry into the user data cache for if it doesn't exist;
otherwise existing entry will be updated.
Updates are automatically queued up for serialization so user does not need to call .
Initiates inter-process synchronized save of user data cache.
Handles serialization of file to disk; virtual method allows customization (e.g., pre-save encryption and/or data merge).
used to serialize data.
File data to be serialized.
Consumers overriding this method should not directly call property to avoid potential dead-locks.
Handles deserialization of file from disk; virtual method allows customization (e.g., pre-load decryption and/or data merge).
used to deserialize data.
Deserialized file data.
Consumers overriding this method should not directly call property to avoid potential dead-locks.
Calculates the hash of the used as the key for the user data cache.
Login ID to hash.
The Base64 encoded calculated SHA-2 hash of the used as the key for the user data cache.
For added security, a hash of the is used as the key for in the
user data cache instead of the actual . This method allows the
consumer to properly calculate this hash when directly using the user data cache.
Loads the for the current local user.
Unique security provider ID used to distinguish cached user data that may be different based on provider.
Loaded instance of the .