Free cookie consent management tool by TermsFeed Policy Generator

source: trunk/sources/HeuristicLab.Security.Core/3.2/PermissionManager.cs @ 2020

Last change on this file since 2020 was 1751, checked in by svonolfe, 15 years ago

Fixed authentication bug (#532)
File size: 4.8 KB
Line 
1using System;
2using System.Collections.Generic;
3using System.Text;
4using System.Threading;
5using HeuristicLab.Security.Contracts.Interfaces;
6using HeuristicLab.Security.Contracts.BusinessObjects;
7using HeuristicLab.Security.DataAccess;
8using HeuristicLab.DataAccess.Interfaces;
9using HeuristicLab.PluginInfrastructure;
10using System.Security.Cryptography;
11using System.ServiceModel;
12
13namespace HeuristicLab.Security.Core {
14  public class PermissionManager : IPermissionManager{
15
16    private static ISessionFactory factory = ServiceLocator.GetSessionFactory();
17
18    private static ISession session;
19   
20    private static IDictionary<Guid,string> currentSessions = new Dictionary<Guid, string>();
21    Object locker = new Object();
22
23    private static string getMd5Hash(string input) {
24      // Create a new instance of the MD5CryptoServiceProvider object.
25      MD5 md5Hasher = MD5.Create();
26
27      // Convert the input string to a byte array and compute the hash.
28      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
29
30      // Create a new Stringbuilder to collect the bytes
31      // and create a string.
32      StringBuilder sBuilder = new StringBuilder();
33
34      // Loop through each byte of the hashed data
35      // and format each one as a hexadecimal string.
36      for (int i = 0; i < data.Length; i++) {
37        sBuilder.Append(data[i].ToString("x2"));
38      }
39
40      // Return the hexadecimal string.
41      return sBuilder.ToString();
42    }
43
44   /// <summary>
45   /// If a session exists for this userName then it is returned, otherwise the given password
46   /// is checked and a new session is created.
47   /// </summary>
48   /// <param name="userName"></param>
49   /// <param name="password"></param>
50   /// <returns></returns>
51    public Guid Authenticate(String userName, String password) {
52      try {
53        session = factory.GetSessionForCurrentThread();
54
55        password = getMd5Hash(password);
56
57        IUserAdapter userAdapter = session.GetDataAdapter<User, IUserAdapter>();
58        User user = userAdapter.GetByLogin(userName);
59
60        if (user != null &&
61            user.Password.Equals(password)) {
62          Guid sessionId;
63
64          lock (locker) {
65            if (currentSessions.Values.Contains(userName)) {
66              sessionId = GetGuid(userName);
67            } else {
68              sessionId = Guid.NewGuid();
69              currentSessions.Add(sessionId, userName);
70            }
71          }
72
73          return sessionId;
74        } else
75          return Guid.Empty;
76      }
77      catch (Exception ex) { throw new FaultException("Server: " + ex.Message); }
78      finally {
79        if (session != null)
80          session.EndSession();
81      }
82    }
83
84    /// <summary>
85    /// Checks if the owner of the given session has the given permission.
86    /// </summary>
87    /// <param name="sessionId"></param>
88    /// <param name="permissionId"></param>
89    /// <param name="entityId"></param>
90    /// <returns></returns>
91    public bool CheckPermission(Guid sessionId, Guid permissionId, Guid entityId) {
92      string userName;
93      bool existsSession;
94      lock (locker)
95        existsSession = currentSessions.TryGetValue(sessionId, out userName);
96      if (existsSession) {
97        try {
98          session = factory.GetSessionForCurrentThread();
99         
100          IPermissionOwnerAdapter permOwnerAdapter = session.GetDataAdapter<PermissionOwner, IPermissionOwnerAdapter>();
101          PermissionOwner permOwner = permOwnerAdapter.GetByName(userName);
102
103          IPermissionAdapter permissionAdapter = session.GetDataAdapter<Permission, IPermissionAdapter>();
104          Permission permission = permissionAdapter.GetById(permissionId);
105         
106          if ((permission != null) && (permOwner != null))
107            return (permissionAdapter.getPermission(permOwner.Id, permission.Id, entityId) != null);
108          else return false;
109        }
110        catch (Exception ex) { throw new FaultException("Server: " + ex.Message); }
111        finally {
112          if (session != null)
113            session.EndSession();
114        }
115      } else return false;
116    }
117
118    /// <summary>
119    /// Removes the given session.
120    /// </summary>
121    /// <param name="sessionId"></param>
122    public void EndSession(Guid sessionId) {
123      lock (locker) {
124        if (currentSessions.Keys.Contains(sessionId))
125          currentSessions.Remove(sessionId);
126      }
127    }
128
129    /// <summary>
130    /// Gets the sessionId for a user.
131    /// </summary>
132    /// <param name="userName"></param>
133    /// <returns></returns>
134    public Guid GetGuid(string userName) {
135      foreach (Guid guid in currentSessions.Keys)
136        if (currentSessions[guid].CompareTo(userName) == 0)
137          return guid;
138      return Guid.Empty;
139    }
140  }
141}
Note: See TracBrowser for help on using the repository browser.