Interface ISecurityManager
Represents an entity that performs user authentication based on passed credentials and other security-related global tasks
Inherited Members
Namespace: NFX.Security
Assembly: NFX.dll
Syntax
public interface ISecurityManager : IApplicationComponent, IDisposableProperties
PasswordManager
References an entity that manages passwords such as: computes and verified hash tokens and provides password strength verification
Declaration
IPasswordManager PasswordManager { get; }Property Value
| Type | Description |
|---|---|
| IPasswordManager |
Methods
Authenticate(AuthenticationToken)
Authenticates user by checking the supplied token against the authentication store that this manager represents. If token is invalid then UserKind.Invalid is returned. This method may populate user access rights completely or partially - depending on store implementation. If rights are computed on authentication than Authorize() just checks existing in-memory structure, otherwise Authorize() may re-fetch permissions from store on every call or cache them for the specified interval in memory
Declaration
User Authenticate(AuthenticationToken token)Parameters
| Type | Name | Description |
|---|---|---|
| AuthenticationToken | token | User authentication token |
Returns
| Type | Description |
|---|---|
| User | User object. Check User.Status for UserStatus.Invalid flag to see if authentication succeeded |
Authenticate(Credentials)
Authenticates user by checking the supplied credentials against the authentication store that this manager represents. If credential are invalid then UserKind.Invalid is returned. This method may populate user access rights completely or partially - depending on store implementation. If rights are computed on authentication than Authorize() just checks existing in-memory structure, otherwise Authorize() may re-fetch permissions from store on every call or cache them for the specified interval in memory
Declaration
User Authenticate(Credentials credentials)Parameters
| Type | Name | Description |
|---|---|---|
| Credentials | credentials | User credentials. Particular manager implementation may elect to support multiple credential types, i.e. IdPassword, Twitter, Facebook, OAuth, LegacySystemA/B/C etc. |
Returns
| Type | Description |
|---|---|
| User | User object. Check User.Status for UserStatus.Invalid flag to see if authentication succeeded |
Authenticate(User)
Authenticates user by checking the supplied user's token against the authentication store that this manager represents. This method is called by the framework after User object was deserialized and it's Rights need to be re-fetched. If token is invalid then UserStatus.Invalid is set. This method may populate user access rights completely or partially - depending on store implementation. If rights are computed on authentication than Authorize() just checks existing in-memory structure, otherwise Authorize() may re-fetch permissions from store on every call or cache them for the specified interval in memory
Declaration
void Authenticate(User user)Parameters
| Type | Name | Description |
|---|---|---|
| User | user | User object which is checked and updated |
Authorize(User, Permission)
Authorizes user by finding appropriate access level to permission by supplied path. Depending on particular implementation, rights may be fully or partially cached in memory. Note: this authorization call returns AccessLevel object that may contain a complex data structure. The final assertion of user's ability to perform a certain action is encapsulated in Permission.Check() method. Call Permission.AuthorizeAndGuardAction(MemberInfo, ISession) to guard classes and methods from unauthorized access
Declaration
AccessLevel Authorize(User user, Permission permission)Parameters
| Type | Name | Description |
|---|---|---|
| User | user | A user to perform authorization for |
| Permission | permission | An instance of permission to get |
Returns
| Type | Description |
|---|---|
| AccessLevel | AccessLevel granted to specified permission |
GetUserLogArchiveDimensions(IIdentityDescriptor)
Extracts values for archive dimensions to store the log message for the specified user descriptor. Depending on the system descriptor represents an entity that describes user (e.g. User, UserInfo, etc.). The method only fills the fields specific to user identity
Declaration
IConfigSectionNode GetUserLogArchiveDimensions(IIdentityDescriptor identity)Parameters
| Type | Name | Description |
|---|---|---|
| IIdentityDescriptor | identity |
Returns
| Type | Description |
|---|---|
| IConfigSectionNode |
LogSecurityMessage(SecurityLogAction, Message, IIdentityDescriptor)
Logs security-related message
Declaration
void LogSecurityMessage(SecurityLogAction action, Message msg, IIdentityDescriptor identity = null)Parameters
| Type | Name | Description |
|---|---|---|
| SecurityLogAction | action | Action that was performed |
| Message | msg | A message to log |
| IIdentityDescriptor | identity | If msg.ArchiveDim is not set, sets to GetUserLogArchiveDimensions(user | currentCallContext) |