Namespace Azos.Security
Classes
AccessLevel
A level of access granted to user for certain permission, i.e. if (level.Denied).....
AdHocPermission
Represents a permission check instance which is a-typical and is based on string arguments
AuthorizationException
Thrown by Azos security to indicate the authorization problems, such as permission access denial
BlankCredentials
Represents credentials that are absent. This is a singleton class
ConfigSecurityManager
Provides security manager implementation that authenticates and authorizes users from configuration
Credentials
User credentials base class. A credentials may be as simple as user+password, access card codes, door key, Twitter account token etc...
DefaultPasswordManager
Provides default implementation for password management functionality based on injectable algorithms and default password strength calculation
EnumUtils
GDIDCredentials
Represents credentials based on Global Distributed ID
HashedPassword
Represents abstraction of a hashed password, the concrete password algorithm provide implementation (i.e. bytebuffer, dictionary, string)
IDPasswordCredentials
Represents simple ID/password textual credentials. Note: The password is stored as plain text
MD5PasswordHashingAlgorithm
NOPSecurityManager
Provides security manager implementation that does nothing and always returns fake user instance
PasswordHashingAlgorithm
Represents an abstraction of password algorithm that performs hashing and verification of passwords supplied as SecureBuffer
PasswordHashingAlgorithm<TOptions>
PasswordRepresentation
Provides password representation content, i.e. an image with drawn password which is understandable by humans
Permission
Represents a general permission abstraction - where permission type represents the path/name of the permission in User's rights and .ctor takes specific parameters to check while authorizing user. Permission-derived class represents a certain permission type, whereas its instance is a check for particular desired level. To authorize certain actions, one creates an instance of Permission-derived class passing in its .ctor required access levels, then calls a Check() method that returns true if action is authorized.
This scheme provides a great deal of flexibility, i.e. for very complex security cases developers may inherit leaf-level permissions from intermediate ones that have logic tied to session-level variables, this way user's access may vary by permission/session state, i.e. a user may have "Patient.Master" level 4 access in database "A", while having access denied to the same named permission in database "B". User's database, or system instance is a flag in user-session context
Rights
User rights contains data about access levels to permissions in the system. Use Configuration internally to keep the data organized in hierarchical navigable structure. Configuration also allows to cross-link permission levels using vars and make acess level dependent on settings on a particular machine using environmental vars
SecureBuffer
This class is used for storing passwords and other security-sensitive tokens. Stores a verbatim byte buffer which is formed by Push(byte). Once buffer is formed, it gets sealed via Seal() to obtain its content. The Dispose()/Forget() methods invalidate the secure data in-place, leaving no copies in memory.
SecurityException
Base exception thrown by the Azos Security framework
SocialNetTokenCredentials
Represents credentials supplied from/to Social Net site (i.e. Facebook, Twitter etc.)
TypedPermission
A general ancestor for all typed permissions - the ones declared in code
User
Provides base user functionality. Particular security manager implementations may return users derived from this class
Structs
AuthenticationToken
Represents security provider-internal ID that SecurityManager assigns into User object on authentication. These tokens can be used in place of Credentials to re-authenticate users or to re-query user rights (e.g. upon re/authorization). External parties should never be supplied with this struct as it is system backend internal token used inside the system
MD5PasswordHashingOptions
UserIdentityDescriptor
Represents information about user identity
Interfaces
IIdentityDescriptor
Marker interface denoting entities that represent information about users depending on the particular security system implementation
IPasswordHashingOptions
Marker interface for options used in password hashing functionality
IPasswordManager
Denotes an entity that manages passwords such as: computes and verified hash tokens and provides password strength verification
IPasswordManagerImplementation
ISecurityException
Marker interface for security exceptions
ISecurityManager
Represents an entity that performs user authentication based on passed credentials and other security-related global tasks
ISecurityManagerImplementation
Represents an implementation of an entity that performs user authentication based on passed credentials and other security-related global tasks
IStringRepresentableCredentials
Denotes credentials that can be represented as a string that can be used for example in Authorization header
Enums
IdentityType
Denotes types of identities: Users, Groups etc.
PasswordFamily
Denotes kinds of passwords i.e.: text that user types on login, short PIN, geometrical curve that users need to trace with their finger, select areas of picture
PasswordRepresentationType
Flags denote types of password representation: Text/Image/Audio
PasswordStrengthLevel
Defines password strength levels: Minimum, Normal, Maximum etc.
SecurityLogAction
Denotes security actions
SecurityLogMask
Defines what actions should be logged by the system
UserStatus
User status enumeration - super-permission levels
Delegates
GetSessionFunc
Invoked by permission checker to get session instance