Search Results

Search found 5 results on 1 pages for 'authorizationmanager'.

Page 1/1 | 1

Get list of users belonging to a role using Authorization Manager (AzMan)

- by Sam

Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get the user name? Either way, how can I get the users belonging to a role? The table to manage roles would basically be like this: Role User ---- ---- admin DOMAIN\UserName [delete] DOMAIN\UserName2 [delete] [add user text box] news DOMAIN\UserName3 [delete] [add user text box]

Read the article
Improving WIF’s Claims-based Authorization - Part 1

- by Your DisplayName here!

As mentioned in my last post, I made several additions to WIF’s built-in authorization infrastructure to make it more flexible and easy to use. The foundation for all this work is that you have to be able to directly call the registered ClaimsAuthorizationManager. The following snippet is the universal way to get to the WIF configuration that is currently in effect: public static ServiceConfiguration ServiceConfiguration { get { if (OperationContext.Current == null) { // no WCF return FederatedAuthentication.ServiceConfiguration; } // search message property if (OperationContext.Current.IncomingMessageProperties. ContainsKey("ServiceConfiguration")) { var configuration = OperationContext.Current. IncomingMessageProperties["ServiceConfiguration"] as ServiceConfiguration; if (configuration != null) { return configuration; } } // return configuration from configuration file return new ServiceConfiguration(); } } From here you can grab ServiceConfiguration.ClaimsAuthoriationManager which give you direct access to the CheckAccess method (and thus control over claim types and values). I then created the following wrapper methods: public static bool CheckAccess(string resource, string action) { return CheckAccess(resource, action, Thread.CurrentPrincipal as IClaimsPrincipal); } public static bool CheckAccess(string resource, string action, IClaimsPrincipal principal) { var context = new AuthorizationContext(principal, resource, action); return AuthorizationManager.CheckAccess(context); } public static bool CheckAccess(Collection<Claim> actions, Collection<Claim> resources) { return CheckAccess(new AuthorizationContext( Thread.CurrentPrincipal.AsClaimsPrincipal(), resources, actions)); } public static bool CheckAccess(AuthorizationContext context) { return AuthorizationManager.CheckAccess(context); } I also created the same set of methods but called DemandAccess. They internally use CheckAccess and will throw a SecurityException when false is returned. All the code is part of Thinktecture.IdentityModel on Codeplex – or via NuGet (Install-Package Thinktecture.IdentityModel).

Read the article
Failed Administrator login on WSO2 IS with external OpenLDAP

- by Marco Rivadeneyra

I have an installation of WSO2 Identity Server and I'm trying to make it work with an external OpenLDAP instance I have followed this guide: http://wso2.org/project/solutions/identity/3.2.3/docs/user-core/admin_guide.html#LDAP For the read-only mode. But when I try to log-in I get a failed login and the following error on the console: TID: [0] [WSO2 Identity Server] [2012-08-10 17:10:25,493] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'john[0]' at [2012-08-10 17:10:25,0493] from IP address 127.0.0.1 {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} Full log: http://pastebin.com/pHUGXBqv My configuration file looks as follows: <UserManager> <Realm> <Configuration> <AdminRole>admin</AdminRole> <AdminUser> <UserName>john</UserName> <Password>johnldap</Password> </AdminUser> <EveryOneRoleName>everyone</EveryOneRoleName>  <ReadOnly>true</ReadOnly> <MaxUserNameListLength>500</MaxUserNameListLength> <Property name="url">jdbc:h2:repository/database/WSO2CARBON_DB</Property> <Property name="userName">wso2carbon</Property> <Property name="password">wso2carbon</Property> <Property name="driverName">org.h2.Driver</Property> <Property name="maxActive">50</Property> <Property name="maxWait">60000</Property> <Property name="minIdle">5</Property> </Configuration> <UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> <Property name="ReadOnly">true</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionURL">ldap://192.168.81.144:389</Property> <Property name="ConnectionName">cn=admin,dc=example,dc=com</Property> <Property name="ConnectionPassword">admin</Property> <Property name="UserSearchBase">ou=People,dc=example,dc=com</Property> <Property name="UserNameListFilter">(objectClass=inetOrgPerson)</Property> <Property name="UserNameAttribute">uid</Property> <Property name="ReadLDAPGroups">false</Property> <Property name="GroupSearchBase">ou=Groups,dc=example,dc=com</Property> <Property name="GroupSearchFilter">(objectClass=groupOfNames)</Property> <Property name="GroupNameAttribute">uid</Property> <Property name="MembershipAttribute">member</Property> </UserStoreManager> <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"></AuthorizationManager> </Realm> I followed this guide to configure my LDAP server up to Loggging: https://help.ubuntu.com/12.04/serverguide/openldap-server.html Could you suggest what might be wrong? The LDAP log is available at: http://pastebin.com/T9rFYEAW

Read the article
Wrong perspective is showing in Eclipse plugin project [closed]

- by Arun Kumar Choudhary

I am working in Eclipse Modeling Framework (Eclipse plugin development) in my project the tool(project i am working) provides three perspectives. 1.Accelerator Analyst perspective 2.Contract Validation and 3.Underwriter rules Editor... By default it starts with Contract validation perspective (As we define it within the plugin_customization.ini). However after switching to other perspective does not change the perspective shown... As all perspective (Class, Id and Name) is define only inside Plugin.XML as it is the task of org.eclipse.ui.perspective that that perspective name should be come forefront. Out of 10 7 times it is working fine but I am not getting why this is not working in that 3 cases. I am pasting my plugin.XML file <?xml version="1.0" encoding="UTF-8"?> <?eclipse version="3.0"?> <plugin> <extension id="RuleEditor.application" name="Accelerator Tooling" point="org.eclipse.core.runtime.applications"> <application> <run class="com.csc.fs.underwriting.product.UnderWritingApplication"> </run> </application> </extension> <extension point="org.eclipse.ui.perspectives"> <perspective class="com.csc.fs.underwriting.product.ContractValidationPerspective" icon="icons/javadevhov_obj.gif" id="com.csc.fs.underwriting.product.ContractValidationPerspective" name="Contract Validation"> </perspective> </extension> <extension point="org.eclipse.ui.perspectives"> <perspective class="com.csc.fs.underwriting.product.UnderwritingPerspective" icon="icons/javadevhov_obj.gif" id="com.csc.fs.underwriting.product.UnderwritingPerspective" name="Underwriting"> </perspective> </extension> <extension id="product" point="org.eclipse.core.runtime.products"> <product application="com.csc.fs.nba.underwriting.application.RuleEditor.application" name="Rule Configurator Workbench" description="%AppName"> <property name="introTitle" value="Welcome to Accelerator Tooling"/> <property name="introVer" value="%version"/> <property name="introBrandingImage" value="product:csclogo.png"/> <property name="introBrandingImageText" value="CSC FSG"/> <property name="preferenceCustomization" value="plugin_customization.ini"/> <property name="appName" value="Rule Configurator Workbench"> </property> </product> </extension> <extension point="org.eclipse.ui.intro"> <intro class="org.eclipse.ui.intro.config.CustomizableIntroPart" icon="icons/Welcome.gif" id="com.csc.fs.nba.underwriting.intro"/> <introProductBinding introId="com.csc.fs.nba.underwriting.intro" productId="com.csc.fs.nba.underwriting.application.product"/> <intro class="org.eclipse.ui.intro.config.CustomizableIntroPart" id="com.csc.fs.nba.underwriting.application.intro"> </intro> <introProductBinding introId="com.csc.fs.nba.underwriting.application.intro" productId="com.csc.fs.nba.underwriting.application.product"> </introProductBinding> </extension> <extension name="Accelerator Tooling" point="org.eclipse.ui.intro.config"> <config content="$nl$/intro/introContent.xml" id="org.eclipse.platform.introConfig.mytest" introId="com.csc.fs.nba.underwriting.intro"> <presentation home-page-id="news"> <implementation kind="html" os="win32,linux,macosx" style="$nl$/intro/css/shared.css"/> </presentation> </config> <config content="introContent.xml" id="com.csc.fs.nba.underwriting.application.introConfigId" introId="com.csc.fs.nba.underwriting.application.intro"> <presentation home-page-id="root"> <implementation kind="html" os="win32,linux,macosx" style="content/shared.css"> </implementation> </presentation> </config> </extension> <extension point="org.eclipse.ui.intro.configExtension"> <theme default="true" id="org.eclipse.ui.intro.universal.circles" name="%theme.name.circles" path="$nl$/themes/circles" previewImage="themes/circles/preview.png"> <property name="introTitle" value="Accelerator Tooling"/> <property name="introVer" value="%version"/> </theme> </extension> <extension point="org.eclipse.ui.ide.resourceFilters"> <filter pattern="*.dependency" selected="true"/> <filter pattern="*.producteditor" selected="true"/> <filter pattern="*.av" selected="true"/> <filter pattern=".*" selected="true"/> </extension> <extension point="org.eclipse.ui.splashHandlers"> <splashHandler class="com.csc.fs.nba.underwriting.application.splashHandlers.InteractiveSplashHandler" id="com.csc.fs.nba.underwriting.application.splashHandlers.interactive"> </splashHandler> <splashHandler class="com.csc.fs.underwriting.application.splashHandlers.InteractiveSplashHandler" id="com.csc.fs.underwriting.application.splashHandlers.interactive"> </splashHandler> <splashHandlerProductBinding productId="com.csc.fs.nba.underwriting.application" splashId="com.csc.fs.underwriting.application.splashHandlers.interactive"> </splashHandlerProductBinding> </extension> <extension id="com.csc.fs.pa.security" point="com.csc.fs.pa.security.implementation.secure"> <securityImplementation class="com.csc.fs.pa.security.PASecurityImpl"> </securityImplementation> </extension> <extension id="productApplication.security.pep" name="com.csc.fs.pa.producteditor.application.security.pep" point="com.csc.fs.pa.security.implementation.authorize"> <authorizationManager class="com.csc.fs.pa.security.authorization.PAAuthorizationManager"> </authorizationManager> </extension> <extension point="org.eclipse.ui.editors"> <editor class="com.csc.fs.underwriting.product.editors.PDFViewer" extensions="pdf" icon="icons/pdficon_small.gif" id="com.csc.fs.pa.producteditor.application.editors.PDFViewer" name="PDF Viewer"> </editor> </extension> <extension point="org.eclipse.ui.views"> <category id="com.csc.fs.pa.application.viewCategory" name="%category"> </category> </extension> <extension point="org.eclipse.ui.newWizards"> <category id="com.csc.fs.pa.application.newWizardCategory" name="%category"> </category> <category id="com.csc.fs.pa.application.newWizardInitialize" name="%initialize" parentCategory="com.csc.fs.pa.application.newWizardCategory"> </category> </extension> <extension point="com.csc.fs.pa.common.usability.addNewCategory"> <addNewCategoryId id="com.csc.fs.pa.application.newWizardCategory"> </addNewCategoryId> </extension>  </plugin> class="com.csc.fs.underwriting.product.editors.PDFViewer" extensions="pdf" icon="icons/pdficon_small.gif" id="com.csc.fs.pa.producteditor.application.editors.PDFViewer" name="PDF Viewer"> </editor> </extension> <extension point="org.eclipse.ui.views"> <category id="com.csc.fs.pa.application.viewCategory" name="%category"> </category> </extension> <extension point="org.eclipse.ui.newWizards"> <category id="com.csc.fs.pa.application.newWizardCategory" name="%category"> </category> <category id="com.csc.fs.pa.application.newWizardInitialize" name="%initialize" parentCategory="com.csc.fs.pa.application.newWizardCategory"> </category> </extension> <extension point="com.csc.fs.pa.common.usability.addNewCategory"> <addNewCategoryId id="com.csc.fs.pa.application.newWizardCategory"> </addNewCategoryId> </extension>  </plugin> Inside each class(the qualified classes in above xml) i did only hide and show the view according to perspective and that is working very fine.. Please provide any method that Eclipse provide so that I can override it in each classed so that it can work accordingly.

Read the article
Improving WIF’s Claims-based Authorization - Part 3 (Usage)

- by Your DisplayName here!

In the previous posts I showed off some of the additions I made to WIF’s authorization infrastructure. I now want to show some samples how I actually use these extensions. The following code snippets are from Thinktecture.IdentityServer on Codeplex. The following shows the MVC attribute on the WS-Federation controller: [ClaimsAuthorize(Constants.Actions.Issue, Constants.Resources.WSFederation)] public class WSFederationController : Controller or… [ClaimsAuthorize(Constants.Actions.Administration, Constants.Resources.RelyingParty)] public class RelyingPartiesAdminController : Controller In other places I used the imperative approach (e.g. the WRAP endpoint): if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.WRAP)) { Tracing.Error("User not authorized"); return new UnauthorizedResult("WRAP", true); } For the WCF WS-Trust endpoints I decided to use the per-request approach since the SOAP actions are well defined here. The corresponding authorization manager roughly looks like this: public class AuthorizationManager : ClaimsAuthorizationManager { public override bool CheckAccess(AuthorizationContext context) { var action = context.Action.First(); var id = context.Principal.Identities.First(); // if application authorization request if (action.ClaimType.Equals(ClaimsAuthorize.ActionType)) { return AuthorizeCore(action, context.Resource, context.Principal.Identity as IClaimsIdentity); } // if ws-trust issue request if (action.Value.Equals(WSTrust13Constants.Actions.Issue)) { return AuthorizeTokenIssuance(new Collection<Claim> { new Claim(ClaimsAuthorize.ResourceType, Constants.Resources.WSTrust) }, id); } return base.CheckAccess(context); } } You see that it is really easy now to distinguish between per-request and application authorization which makes the overall design much easier. HTH

Read the article

1