Imports System.Security.Principal
Imports System.Collections
Imports CSLA.Data
Imports System.Security.Cryptography
Imports System.Text
Imports GZTW.Data
Imports System.Reflection
'''
'''
'''
Namespace Security
'''
''' Implements a custom Identity class that supports
''' CSLA .NET data access via the DataPortal.
'''
_
Public Class BusinessIdentity
Inherits ReadOnlyBase
Implements IIdentity
Private mUsername As String
Private mRoles As New ArrayList
#Region "AyaNova Specific"
''Store the rights for this user when logged in
Private mUserRightsTable As New Hashtable
''Store the user GUID for this user
Private mID As New Guid
'*********************************************************
'VALUES REPLICATED HERE SO THEY CAN BE PASSED THROUGH A
'DATAPORTAL FOR THE BIZ OBJECTS USAGE
'Users language setting
Private mLanguage As String
'corresponds to the Global object's cjk index value
Private mCJKIndex As Boolean
'corresponds to the global objects same value
Private mUseNotification As Boolean
'Used for diagnostics purposes so any code remote
'or local can know if a remote data portal is in use
'or a direct database connection
Private mUsingRemoteDataPortal As Boolean
'handy dandy flag for notification server
'so biz objects can allow only if is one
'for security
Private mIsGenerator As Boolean
'*********************************************************
'''
''' Rights property.
'''
Public ReadOnly Property UserRightsTable() As Hashtable
Get
Return mUserRightsTable
End Get
End Property
'''
''' Right - return a user right based on passed in rights string
'''
Friend Function UserRight(ByVal RightName As String) As Int16
Return CType(mUserRightsTable(RightName), Int16)
End Function
'''
''' User ID property
'''
Public ReadOnly Property ID() As Guid
Get
Return mID
End Get
End Property
'''
''' IsGenerator property
'''
Public ReadOnly Property IsGenerator() As Boolean
Get
Return mIsGenerator
End Get
End Property
'''
''' User language property
'''
Public Property Language() As String
Get
Return mLanguage
End Get
Set(ByVal Value As String)
mLanguage = Value
End Set
End Property
'''
''' Index method property
'''
Public Property CJKIndex() As Boolean
Get
Return mCJKIndex
End Get
Set(ByVal Value As Boolean)
mCJKIndex = Value
End Set
End Property
'''
''' Notification property
'''
Public Property UseNotification() As Boolean
Get
Return mUseNotification
End Get
Set(ByVal Value As Boolean)
mUseNotification = Value
End Set
End Property
'''
''' Flag - true = remote dataportal, false=direct db connection
''' Used for diagnostics purposes so any code remote
''' or local can know if a remote data portal is in use
''' or a direct database connection
'''
Public Property UsingRemoteDataPortal() As Boolean
Get
Return mUsingRemoteDataPortal
End Get
Set(ByVal Value As Boolean)
mUsingRemoteDataPortal = Value
End Set
End Property
#End Region
#Region " IIdentity "
'''
''' Implements the IsAuthenticated property defined by IIdentity.
'''
Public ReadOnly Property IsAuthenticated() As Boolean _
Implements IIdentity.IsAuthenticated
Get
Return Len(mUsername) > 0
End Get
End Property
'''
''' Implements the AuthenticationType property defined by IIdentity.
'''
Public ReadOnly Property AuthenticationType() As String _
Implements IIdentity.AuthenticationType
Get
Return "CSLA"
End Get
End Property
'''
''' Implements the Name property defined by IIdentity.
'''
Public ReadOnly Property Name() As String _
Implements IIdentity.Name
Get
Return mUsername
End Get
End Property
#End Region
#Region " Create and Load "
Friend Shared Function LoadIdentity(ByVal UserName As String, ByVal Password As String) As BusinessIdentity
Return CType(DataPortal.Fetch(New Criteria(UserName, Password)), BusinessIdentity)
End Function
_
Private Class Criteria
Public Username As String
Public Password As String
Public Sub New(ByVal Username As String, ByVal Password As String)
Me.Username = Username
Me.Password = Password
End Sub
End Class
Private Sub New()
' prevent direct creation
End Sub
#End Region
#Region " Data access "
'''
''' Retrieves the identity data for a specific user.
'''
Protected Overrides Sub DataPortal_Fetch(ByVal Criteria As Object)
Dim crit As Criteria = CType(Criteria, Criteria)
'Dim lText As String
'exeAssembly
Try
' mRoles.Clear()
mUserRightsTable.Clear()
Dim acs As New GZTW.Profile.AyaNovaConnectionSettings
acs.GetConnectionData()
Dim dbase As GZTWDatabase = GZTWDatabaseFactory.CreateDatabase(acs)
Dim cm As DBCommandWrapper = dbase.GetSqlStringCommandWrapper("SELECT aID, aUserType, aFirstName, aLastName, aInitials, aLanguage FROM aUser WHERE aUser.aLogin=@Login AND aUser.aPassword=@Password AND aUser.AACTIVE=@aTrue;")
'Modifications to work with AyaNova
'md5 style pass / login
Dim shaM As New SHA256Managed
Dim encoder As New UTF8Encoding
'Hash and convert the hash bytes to hex string of 64 characters
Dim sLogin As String = BitConverter.ToString(shaM.ComputeHash(encoder.GetBytes(crit.Username))).Replace("-", "")
Dim sPassword As String = BitConverter.ToString(shaM.ComputeHash(encoder.GetBytes(crit.Username + crit.Password))).Replace("-", "")
Dim sCallerSig As String = "nada"
Dim sCallerName As String = ""
' A data portal doesn't have an entry assembly (apparently)
If [Assembly].GetEntryAssembly() Is Nothing Then
sCallerName = "DataPortal"
Else
sCallerName = [Assembly].GetEntryAssembly().GetName().Name()
If [Assembly].GetEntryAssembly().GetName().GetPublicKeyToken() Is Nothing Then
sCallerSig = "nada"
Else
sCallerSig = BitConverter.ToString([Assembly].GetEntryAssembly().GetName().GetPublicKeyToken())
End If
End If
cm.AddInParameter("@Password", DbType.String, sPassword)
cm.AddInParameter("@Login", DbType.String, sLogin)
cm.AddInParameter("@aTrue", DbType.Boolean, True)
Dim dr As New SafeDataReader(dbase.ExecuteReader(cm))
Try
If dr.Read() Then
'ID is first result
mID = dr.GetGuid(0)
' Firstname and lastname
mUsername = dr.GetString(2) + " " + dr.GetString(3)
'Language
mLanguage = dr.GetString(5)
'usertype notification server?
If dr.GetInt16(1) = 6 Then
'ensure generator is logging in from one of our own apps only
If "DF-66-A8-D8-E4-98-33-D3" <> sCallerSig Or sCallerName <> "Generator" Then
Throw New System.Security.SecurityException("Generator login exception")
End If
mIsGenerator = True
Else
mIsGenerator = False
End If
'Get the security rights result set
'and stuff into the rights table
dr.Close()
cm.Command.CommandText = "SELECT aUserRight.aRight, " & _
"aUserRight.aSecurityLevel FROM aUser " & _
"INNER JOIN aUserRight ON aUser.aMemberOfGroup " & _
"= aUserRight.aSecurityGroupID WHERE aUser.aLogin=@Login AND aUser.aPassword=@Password;"
dr = New SafeDataReader(dbase.ExecuteReader(cm))
While dr.Read
If mIsGenerator = True Then
mUserRightsTable.Add(dr.GetString(0), 2) 'set all rights to read only for notification server
Else
mUserRightsTable.Add(dr.GetString(0), dr.GetInt16(1))
End If
End While
Else
mUsername = ""
End If
Finally
dr.Close()
End Try
Finally
'cn.Close()
End Try
End Sub
#End Region
End Class
End Namespace