Namespace NFX.Security

Classes

AccessLevel

A level of access granted to user for certain permission, i.e. if (level.Denied).....

AdHocPermission

Represents a permission check instance which is a-typical and is based on string arguments

AuthorizationException

Thrown by NFX security to indicate the authorization problems, such as permission access denial

BlankCredentials

Represents credentials that are absent. This is a singleton class

ConfigSecurityManager

Provides security manager implementation that authenticates and authorizes users from configuration

Credentials

User credentials base class. A credentials may be as simple as user+password, access card codes, door key, Twitter account token etc...

DefaultPasswordManager

Provides default implementation for password managment functionality based on injectable algorithms and default password strength calculation

EnumUtils

GDIDCredentials

Represents credentials based on Global Distributed ID

HashedPassword

Represents abstraction of a hashed password, the concreate password algorithm provide implementation (i.e. bytebuffer, dictionary, string)

IDPasswordCredentials

Represents simple ID/password textual credentials. Note: The password is stored as plain text

MD5PasswordHashingAlgorithm

NOPSecurityManager

Provides security manager implementation that does nothing and always returns fake user instance

PasswordHashingAlgorithm

Represents an abstraction of password algorithm that performs hashing and verification of passwords supplied as SecureBuffer

PasswordHashingAlgorithm<TOptions>

PasswordRepresentation

Provides password representation content, i.e. an image with drawn password which is understandable by humans

Permission

Represents a general permission abstraction - where permission type represents the path/name of the permission in User's rights and .ctor takes specific parameters to check while authorizing user. Permission-derived class represents a certain permission type, whereas its instance is a check for particular desired level. To authorize certain actions, one creates an instance of Permission-derived class passing in its .ctor required access levels, then calls a Check() method that returns true if action is authorized.

This scheme provides a great deal of flexibility, i.e. for very complex security cases developers may inherit leaf-level permissions from intermediate ones that have logic tied to session-level variables, this way user's access may vary by permission/session state, i.e. a user may have "Patient.Master" level 4 access in database "A", while having acess denied to the same named permission in database "B". User's database, or system instance is a flag in user-session context

Rights

User rights contains data about access levels to permissions in the system. Use Configuration internally to keep the data organized in hierarchical navigable structure. Configuration also allows to cross-link permission levels using vars and make acess level dependent on settings on a particular machine using environmental vars

SecureBuffer

This class is used for storing passwords and other security-sensitive tokens. Stores a verbatim byte buffer which is formed by Push(byte). Once buffer is formed, it gets sealed via Seal() to obtain its content. The Dispose()/Forget() methods invalidate the secure data in-place, leaving no copies in memory.

SecurityException

Base exception thrown by the NFX Security framework

SocialNetTokenCredentials

Represents credentials supplied from/to Social Net site (i.e. Facebook, Twitter etc.)

TypedPermission

A general ancestor for all typed permissions - the ones declared in code

User

Provides base user functionality. Particular security manager implementations may return users derived from this class

Structs

AuthenticationToken

Represents security provider-internal ID that SecurityManager assigns into User object on authentication. These tokens can be used in place of Credentials to re-authenticate users or to requery user rights. External parties should never be supplied with this struct as it is backend-internal

MD5PasswordHashingOptions

UserIdentityDescriptor

Represents information about user identity

Interfaces

IIdentityDescriptor

Marker interface denoting entities that represents information about users depending on the particular security system implementation

IPasswordHashingOptions

IPasswordManager

Denotes an entity that manages passwords such as: computes and verified hash tokens and provides password strength verification

IPasswordManagerImplementation

ISecurityException

Marker interface for security exceptions

ISecurityManager

Represents an entity that performs user authentication based on passed credentials and other security-related global tasks

ISecurityManagerImplementation

Represents an implementation of an entity that performs user authentication based on passed credentials and other security-related global tasks

IStringRepresentableCredentials

Denotes credentials that can be represented as a string that can be used for example in Authorization header

Enums

IdentityType

Denotes types of identities: Users, Groups etc.

PasswordFamily

Denoutes kinds of passwords i.e.: text that user types on login, short PIN, geometrical curve that users need to trace with their finger, select areas of picture

PasswordRepresentationType

Flags denote types of password representation: Text/Image/Audio

PasswordStrengthLevel

Defines password stregth levels: Minimum, Normal, Maximum etc.

SecurityLogAction

Denotes security actions

SecurityLogMask

Defines what actions should be logged by the system

UserStatus

User status enumeration - super-permission levels

Delegates

GetSessionFunc

Invoked by permission checker to get session