BizRule & Custom DBUsers

Apr 15, 2009 at 10:23 PM
We are using custom DBUsers. When doing a StorageCache.CheckAccess, it accepts a string version of the SID. Down in the BizRule logic, it takes that string version of the SID and creates a SqlAzManSID

#region BIZ RULE CHECK

if (!String.IsNullOrEmpty(item.BizRuleSource))

{

    try

    {

        AuthorizationType forcedCheckAccessResult = authorizationType;

        Hashtable ctxParameters = new Hashtable();

        foreach (KeyValuePair<string, object> kv in contextParameters)

        {

            ctxParameters.Add(kv.Key, kv.Value);

        }

        bool bizRuleResult = this.storage.executeBizRule(item, new SqlAzManSID(userSSid), ctxParameters, ref forcedCheckAccessResult);  // <-----HERE

        if (bizRuleResult == true)

        {

            authorizationType = forcedCheckAccessResult;

        }

        else

        {

            authorizationType = AuthorizationType.Neutral;

            attributes.Clear(); //biz rule fault ? No Party ! (no attributes !)

        }

    }

    catch (Exception ex)

    {

        string msg = String.Format("Business Rule Error:{0}\r\nItem Name:{1}, Application Name: {2}, Store Name: {3}", ex.Message, itemName, application.Name, storeName);

        throw new Exception(msg, ex);

    }

}

#endregion BIZ RULE CHECK


But for the custom user, it fails because it goes through the SDDLForm constructor and eventually tries to convert the custom hex version of the DBUserID into a GUID, which of course fails.

public SqlAzManSID(string sddlForm)

{

    if (sddlForm.StartsWith("S-1"))

        this.securityIdentifier = new SecurityIdentifier(sddlForm);

    else

        guid = new Guid(sddlForm);  // <--------HERE

}


What can be done?

Apr 15, 2009 at 10:29 PM
It appears to make sense to do the conversion to the SqlAzManSID up in the CheckAccess methods which are unique for Windows and DBUsers and then pass the instantiated SqlAzManSID into the internalCheckAccess method. What do you think?
Apr 16, 2009 at 7:11 AM
Hi,
just use the 3th SqlAzManSid constructor (string sid, bool customSid):
new SqlAzManSid(userSSid, true)
Regards,
Andrea.