Interface ISecurityManager
Represents an entity that performs user authentication based on passed credentials and other security-related global tasks
Inherited Members
Namespace: Azos.Security
Assembly: Azos.dll
Syntax
public interface ISecurityManager : IApplicationComponent
Properties
PasswordManager
References an entity that manages passwords such as: computes and verifies hash tokens and provides password strength verification
Declaration
IPasswordManager PasswordManager { get; }
Property Value
Type | Description |
---|---|
IPasswordManager |
Methods
Authenticate(AuthenticationToken)
Authenticates user by checking the supplied token against the authentication store that this manager represents. If token is invalid then UserKind.Invalid is returned. This method may populate user access rights completely or partially - depending on store implementation. If rights are computed on authentication than Authorize() just checks existing in-memory structure, otherwise Authorize() may re-fetch permissions from store on every call or cache them for the specified interval in memory
Declaration
User Authenticate(AuthenticationToken token)
Parameters
Type | Name | Description |
---|---|---|
AuthenticationToken | token | User authentication token |
Returns
Type | Description |
---|---|
User | User object. Check User.Status for UserStatus.Invalid flag to see if authentication succeeded |
Authenticate(Credentials)
Authenticates user by checking the supplied credentials against the authentication store that this manager represents. If credential are invalid then UserKind.Invalid is returned. This method may populate user access rights completely or partially - depending on store implementation. If rights are computed on authentication than Authorize() just checks existing in-memory structure, otherwise Authorize() may re-fetch permissions from store on every call or cache them for the specified interval in memory
Declaration
User Authenticate(Credentials credentials)
Parameters
Type | Name | Description |
---|---|---|
Credentials | credentials | User credentials. Particular manager implementation may elect to support multiple credential types, i.e. IdPassword, Twitter, Facebook, OAuth, LegacySystemA/B/C etc. |
Returns
Type | Description |
---|---|
User | User object. Check User.Status for UserStatus.Invalid flag to see if authentication succeeded |
Authenticate(User)
Authenticates user by checking the supplied user's token against the authentication store that this manager represents. This method is called by the framework after User object was deserialized and it's Rights need to be re-fetched. If token is invalid then UserStatus.Invalid is set. This method may populate user access rights completely or partially - depending on store implementation. If rights are computed on authentication than Authorize() just checks existing in-memory structure, otherwise Authorize() may re-fetch permissions from store on every call or cache them for the specified interval in memory
Declaration
void Authenticate(User user)
Parameters
Type | Name | Description |
---|---|---|
User | user | User object which is checked and updated |
Authorize(User, Permission)
Authorizes user by finding appropriate access level to permission by supplied path. Depending on particular implementation, rights may be fully or partially cached in memory. Note: this authorization call returns AccessLevel object that may contain a complex data structure. The final assertion of user's ability to perform a certain action is encapsulated in Permission.Check() method. Call Permission.AuthorizeAndGuardAction(MemberInfo, ISession) to guard classes and methods from unauthorized access
Declaration
AccessLevel Authorize(User user, Permission permission)
Parameters
Type | Name | Description |
---|---|---|
User | user | A user to perform authorization for |
Permission | permission | An instance of permission to get |
Returns
Type | Description |
---|---|
AccessLevel | AccessLevel granted to specified permission |
GetUserLogArchiveDimensions(IIdentityDescriptor)
Extracts values for archive dimensions to store the log message for the specified user descriptor. Depending on the system descriptor represents an entity that describes user (e.g. User, UserInfo, etc.). The method only fills the fields specific to user identity
Declaration
IConfigSectionNode GetUserLogArchiveDimensions(IIdentityDescriptor identity)
Parameters
Type | Name | Description |
---|---|---|
IIdentityDescriptor | identity |
Returns
Type | Description |
---|---|
IConfigSectionNode |
LogSecurityMessage(SecurityLogAction, Message, IIdentityDescriptor)
Logs security-related message via security channel
Declaration
void LogSecurityMessage(SecurityLogAction action, Message msg, IIdentityDescriptor identity = null)
Parameters
Type | Name | Description |
---|---|---|
SecurityLogAction | action | Action that was performed |
Message | msg | A message to log |
IIdentityDescriptor | identity | If msg.ArchiveDim is not set, sets to GetUserLogArchiveDimensions(user | currentCallContext) |