Check Access with custom DBUser object

Mar 20, 2009 at 4:19 PM
When checking access for a user, I would like to be able to pass a custom dbUser object into the CheckAccess method. OR, I would like to be able to wrap our existing user object into a AzManDBUser to pass into the CheckAccess method. OR, I would like to take our integer based UserID and create an AzManDBUser from that ID to pass into the CheckAccess method.

Currently, the only way I see to create an AzManDBUser is with a string typed UserName (which I don't want to use since it won't necessarily be unique, and as I understand it from the SQL DB GetDBUsers function, is a friendly name anyway), or to use an IAzManSid which I haven't been able to figure out  how to generate from my integer typed custom dbUserID.

Basically, I'm looking for an example on how to check access with a custom dbUser where the UserName is NOT used to retrieve the AzManDBUser, but rather the unique identifier of the dbUser is used.

I certainly could be approaching this all wrong as well, which if I am, could you please direct me to the correct way to do this? (again, a sample would be GREAT!)

Thank you in advance!
Mar 21, 2009 at 10:13 AM
Edited Mar 21, 2009 at 12:02 PM

Hi,

Suppose we have the UsersDemo table with these 2 records:


SID     UserName  Password       FullName
 1        Andrea         <Binary>         Andrea Ferendeles 
 2        John              <Binary>         John Doe 

you can retrieve a DB User using its SID instead of its name in this way:

Just create a SqlAzManSid instance passing a SID in the binary form (at least 4 bytes)

IAzManStorage storage = new SqlAzManStorage("data source=.;Initial Catalog=NetSqlAzManStorage;Integrated Security = SSPI;");

IAzManDBUser dbUserAndrea = storage.GetDBUser(new SqlAzManSID(new byte[] { 0, 0, 0, 1 }, true));
IAzManDBUser dbUserJohn = storage.GetDBUser(new SqlAzManSID(new byte[] { 0, 0, 0, 2 }, true));

And the Check the Access:

AuthorizationType auth1 = storage.CheckAccess("My Store", "My Application", "My Operation", dbUser1, DateTime.Now, false);
AuthorizationType auth2 = storage.CheckAccess("My Store", "My Application", "My Operation", dbUser1, DateTime.Now, false);

If you want you can write an helper method to convert an Int32 to the relative byte array:

        private byte[] GetBytesFromInt32(int n)
        {
            byte[] result = BitConverter.GetBytes(n);
            if (BitConverter.IsLittleEndian)
                Array.Reverse(result);
            return result;
        }

And use as following:

IAzManDBUser dbUser1 = storage.GetDBUser(new SqlAzManSID(this.GetBytesFromInt32(1), true));
IAzManDBUser dbUser2 = storage.GetDBUser(new SqlAzManSID(this.GetBytesFromInt32(2), true));

Let me know if this method works.

Regards,
Andrea

Mar 23, 2009 at 2:40 PM
Works Great! Thanks!