feat: LdapOptions erstellt anstelle statischer (fest codierter) Konfigurationswerte, LdapOptions und Abhängigkeitsinjektionen dafür hinzugefügt
This commit is contained in:
Developer 02
parent
d434a5964b
commit
eedc726440
@ -12,8 +12,11 @@ namespace DAL.Repositories
|
|||||||
{
|
{
|
||||||
public class EmployeeToWebAppRepository : BaseRepository<EmployeeToWebApp>
|
public class EmployeeToWebAppRepository : BaseRepository<EmployeeToWebApp>
|
||||||
{
|
{
|
||||||
public EmployeeToWebAppRepository(WebApiContext context) : base(context)
|
private readonly LdapManager _ldapManager;
|
||||||
|
|
||||||
|
public EmployeeToWebAppRepository(WebApiContext context, LdapManager ldapManager) : base(context)
|
||||||
{
|
{
|
||||||
|
_ldapManager = ldapManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<bool> DeleteEmloyeeToWebAppAsync(int webAppId)
|
public async Task<bool> DeleteEmloyeeToWebAppAsync(int webAppId)
|
||||||
@ -75,24 +78,24 @@ namespace DAL.Repositories
|
|||||||
if (department != default && !string.IsNullOrEmpty(department.AdGroupDepartmentName))
|
if (department != default && !string.IsNullOrEmpty(department.AdGroupDepartmentName))
|
||||||
{
|
{
|
||||||
groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}";
|
groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}";
|
||||||
if (LdapManager.IsWindreamSuffixGroup(groupSuffix))
|
if (_ldapManager.IsWindreamSuffixGroup(groupSuffix))
|
||||||
{
|
{
|
||||||
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
||||||
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (webappRole != default)
|
if (webappRole != default)
|
||||||
{
|
{
|
||||||
groupSuffix = $"{webapp.AdWebAppName}_{webappRole.WebAppRoleName}";
|
groupSuffix = $"{webapp.AdWebAppName}_{webappRole.WebAppRoleName}";
|
||||||
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
||||||
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
||||||
|
|
||||||
if (LdapManager.IsWindreamAdminGroup(groupSuffix))
|
if (_ldapManager.IsWindreamAdminGroup(groupSuffix))
|
||||||
{
|
{
|
||||||
groupSuffix = $"{webapp.AdWebAppName}_User";
|
groupSuffix = $"{webapp.AdWebAppName}_User";
|
||||||
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
||||||
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,8 +12,11 @@ namespace DAL.Repositories
|
|||||||
{
|
{
|
||||||
public class WebAppToDepartmentRepository : BaseRepository<WebAppToDepartment>
|
public class WebAppToDepartmentRepository : BaseRepository<WebAppToDepartment>
|
||||||
{
|
{
|
||||||
public WebAppToDepartmentRepository(WebApiContext context) : base(context)
|
private readonly LdapManager _ldapManager;
|
||||||
|
|
||||||
|
public WebAppToDepartmentRepository(WebApiContext context, LdapManager ldapManager) : base(context)
|
||||||
{
|
{
|
||||||
|
_ldapManager = ldapManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<List<WebAppToDepartment>> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true)
|
public async Task<List<WebAppToDepartment>> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true)
|
||||||
@ -59,11 +62,11 @@ namespace DAL.Repositories
|
|||||||
var isAdding = action == "adding";
|
var isAdding = action == "adding";
|
||||||
|
|
||||||
var groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}";
|
var groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}";
|
||||||
if (!LdapManager.IsWindreamSuffixGroup(groupSuffix)) return true;
|
if (!_ldapManager.IsWindreamSuffixGroup(groupSuffix)) return true;
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
||||||
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
||||||
}
|
}
|
||||||
catch (Exception ex)
|
catch (Exception ex)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -12,8 +12,11 @@ namespace DAL.Repositories
|
|||||||
{
|
{
|
||||||
public class WebAppToWebAppAdditionalRoleRepository : BaseRepository<WebAppToWebAppAdditionalRole>
|
public class WebAppToWebAppAdditionalRoleRepository : BaseRepository<WebAppToWebAppAdditionalRole>
|
||||||
{
|
{
|
||||||
public WebAppToWebAppAdditionalRoleRepository(WebApiContext context) : base(context)
|
private readonly LdapManager _ldapManager;
|
||||||
|
|
||||||
|
public WebAppToWebAppAdditionalRoleRepository(WebApiContext context, LdapManager ldapManager) : base(context)
|
||||||
{
|
{
|
||||||
|
_ldapManager = ldapManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<List<WebAppToWebAppAdditionalRole>> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true)
|
public async Task<List<WebAppToWebAppAdditionalRole>> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true)
|
||||||
@ -60,8 +63,8 @@ namespace DAL.Repositories
|
|||||||
var groupSuffix = $"{webapp.AdWebAppName}_{webappRole.AdWebAppAdditionalRoleName}";
|
var groupSuffix = $"{webapp.AdWebAppName}_{webappRole.AdWebAppAdditionalRoleName}";
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
|
||||||
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
|
||||||
}
|
}
|
||||||
catch (Exception ex)
|
catch (Exception ex)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -12,8 +12,9 @@ namespace HRD.LDAPService
|
|||||||
{
|
{
|
||||||
services
|
services
|
||||||
.AddSingleton<LdapAuthenticationService>()
|
.AddSingleton<LdapAuthenticationService>()
|
||||||
.AddSingleton<JwtManager>();
|
.AddSingleton<JwtManager>()
|
||||||
|
.AddSingleton<LdapManager>();
|
||||||
|
|
||||||
return services;
|
return services;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,22 +0,0 @@
|
|||||||
namespace HRD.LDAPService
|
|
||||||
{
|
|
||||||
public static class LdapGlobals
|
|
||||||
{
|
|
||||||
private static bool _isLive;
|
|
||||||
public static bool LDAP_WebAppGroup_Is_Live { get => _isLive; set => _isLive = value; }
|
|
||||||
|
|
||||||
public const string LDAP_WINDREAM = "Windream_";
|
|
||||||
|
|
||||||
public const string LDAP_DOMAIN = "dhr.local";
|
|
||||||
|
|
||||||
public const string LDAP_PATH_EDM = "OU=DMS,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local";
|
|
||||||
public const string LDAP_PATH_WEBAPPS = "OU=Web-Apps,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local";
|
|
||||||
|
|
||||||
public const string LDAP_EDMUser_Prefix = "GG_EDMUser_Group";
|
|
||||||
public const string LDAP_EDMAdmin_Prefix = "GG_EDMAdmin_Group";
|
|
||||||
|
|
||||||
public const string LDAP_EDM_Prefix = "GG_EDM";
|
|
||||||
public const string LDAP_WebAppp_Prefix = "GG_WebApp";
|
|
||||||
public const string LDAP_Prefix_Test = "__Test";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -1,19 +1,28 @@
|
|||||||
using System;
|
using HRD.LDAPService.Ldap;
|
||||||
|
using Microsoft.Extensions.Options;
|
||||||
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.DirectoryServices.AccountManagement;
|
using System.DirectoryServices.AccountManagement;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
|
||||||
namespace HRD.LDAPService
|
namespace HRD.LDAPService
|
||||||
{
|
{
|
||||||
public static class LdapManager
|
public class LdapManager
|
||||||
{
|
{
|
||||||
public static bool AD_AddUserloginToGroup(string userLogin, string group4User)
|
private readonly LdapOptions _ldapOptions;
|
||||||
|
|
||||||
|
public LdapManager(IOptions<LdapOptions> ldapOptions)
|
||||||
|
{
|
||||||
|
_ldapOptions = ldapOptions.Value;
|
||||||
|
}
|
||||||
|
|
||||||
|
public bool AD_AddUserloginToGroup(string userLogin, string group4User)
|
||||||
{
|
{
|
||||||
string groupName = GetFullGroupName(group4User);
|
string groupName = GetFullGroupName(group4User);
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN))
|
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN))
|
||||||
{
|
{
|
||||||
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userLogin);
|
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userLogin);
|
||||||
if (userPrincipal == default)
|
if (userPrincipal == default)
|
||||||
@ -59,13 +68,13 @@ namespace HRD.LDAPService
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool CheckAndCreateAdGroup(string adGroupName)
|
public bool CheckAndCreateAdGroup(string adGroupName)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
// set up domain context and binding to the OU=Web-Apps
|
// set up domain context and binding to the OU=Web-Apps
|
||||||
var adPath = AD_GroupPath(adGroupName);
|
var adPath = AD_GroupPath(adGroupName);
|
||||||
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath))
|
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath))
|
||||||
{
|
{
|
||||||
var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName);
|
var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName);
|
||||||
if (group != null)
|
if (group != null)
|
||||||
@ -88,7 +97,7 @@ namespace HRD.LDAPService
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static List<string> GetAdUserLoginList4AdGroups(List<string> adGroupNames)
|
public List<string> GetAdUserLoginList4AdGroups(List<string> adGroupNames)
|
||||||
{
|
{
|
||||||
if (adGroupNames == null) { return default; }
|
if (adGroupNames == null) { return default; }
|
||||||
List<string> result = new List<string>();
|
List<string> result = new List<string>();
|
||||||
@ -102,14 +111,14 @@ namespace HRD.LDAPService
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static List<string> GetAdUserLoginList4AdGroup(string adGroupName)
|
public List<string> GetAdUserLoginList4AdGroup(string adGroupName)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
List<string> result = new List<string>();
|
List<string> result = new List<string>();
|
||||||
// set up domain context and binding to the OU=Web-Apps
|
// set up domain context and binding to the OU=Web-Apps
|
||||||
var adPath = AD_GroupPath(adGroupName);
|
var adPath = AD_GroupPath(adGroupName);
|
||||||
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath))
|
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath))
|
||||||
{
|
{
|
||||||
var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName);
|
var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName);
|
||||||
if (group == null)
|
if (group == null)
|
||||||
@ -129,7 +138,7 @@ namespace HRD.LDAPService
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool CheckAndCreateAdGroups(List<string> adGroupNames)
|
public bool CheckAndCreateAdGroups(List<string> adGroupNames)
|
||||||
{
|
{
|
||||||
if (adGroupNames == null) { return false; }
|
if (adGroupNames == null) { return false; }
|
||||||
|
|
||||||
@ -144,13 +153,13 @@ namespace HRD.LDAPService
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool CreateAdGroup(string adGroupName)
|
public bool CreateAdGroup(string adGroupName)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
// set up domain context and binding to the OU=TechWriters organizational unit in your company
|
// set up domain context and binding to the OU=TechWriters organizational unit in your company
|
||||||
var adPath = AD_GroupPath(adGroupName);
|
var adPath = AD_GroupPath(adGroupName);
|
||||||
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath))
|
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath))
|
||||||
{
|
{
|
||||||
// create a new group principal, give it a name
|
// create a new group principal, give it a name
|
||||||
using (GroupPrincipal group = new GroupPrincipal(ctx, adGroupName))
|
using (GroupPrincipal group = new GroupPrincipal(ctx, adGroupName))
|
||||||
@ -170,71 +179,71 @@ namespace HRD.LDAPService
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool IsWindreamADGroup(string adGroupName)
|
public bool IsWindreamADGroup(string adGroupName)
|
||||||
{
|
{
|
||||||
return adGroupName.StartsWith(LdapGlobals.LDAP_EDM_Prefix, StringComparison.InvariantCultureIgnoreCase);
|
return adGroupName.StartsWith(_ldapOptions.LDAP_EDM_Prefix, StringComparison.InvariantCultureIgnoreCase);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool IsWindreamSuffixGroup(string suffixGroupName)
|
public bool IsWindreamSuffixGroup(string suffixGroupName)
|
||||||
{
|
{
|
||||||
return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM, StringComparison.InvariantCultureIgnoreCase);
|
return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM, StringComparison.InvariantCultureIgnoreCase);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool IsWindreamAdminGroup(string suffixGroupName)
|
public bool IsWindreamAdminGroup(string suffixGroupName)
|
||||||
{
|
{
|
||||||
return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "Admin", StringComparison.InvariantCultureIgnoreCase);
|
return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM + "Admin", StringComparison.InvariantCultureIgnoreCase);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool IsWindreamUserGroup(string suffixGroupName)
|
public bool IsWindreamUserGroup(string suffixGroupName)
|
||||||
{
|
{
|
||||||
return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "User", StringComparison.InvariantCultureIgnoreCase);
|
return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM + "User", StringComparison.InvariantCultureIgnoreCase);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static string AD_GroupPath(string adGroupName)
|
public string AD_GroupPath(string adGroupName)
|
||||||
{
|
{
|
||||||
if (IsWindreamADGroup(adGroupName))
|
if (IsWindreamADGroup(adGroupName))
|
||||||
{
|
{
|
||||||
return LdapGlobals.LDAP_PATH_EDM;
|
return _ldapOptions.LDAP_PATH_EDM;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return LdapGlobals.LDAP_PATH_WEBAPPS;
|
return _ldapOptions.LDAP_PATH_WEBAPPS;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static string GetFullGroupName(string groupNameSuffix)
|
public string GetFullGroupName(string groupNameSuffix)
|
||||||
{
|
{
|
||||||
//Mapping Windream_User => GG_EDMUser_Group_Live or GG_EDM__Test_User_Group
|
//Mapping Windream_User => GG_EDMUser_Group_Live or GG_EDM__Test_User_Group
|
||||||
//Mapping Windream_Admin => GG_EDMAdmin_Group or GG_EDM__Test_Admin_Group
|
//Mapping Windream_Admin => GG_EDMAdmin_Group or GG_EDM__Test_Admin_Group
|
||||||
//Mapping Windream_Technik => GG_EDM_Technik or GG_EDM__Test_Technik
|
//Mapping Windream_Technik => GG_EDM_Technik or GG_EDM__Test_Technik
|
||||||
|
|
||||||
var testPrefix = !LdapGlobals.LDAP_WebAppGroup_Is_Live ? LdapGlobals.LDAP_Prefix_Test : "";
|
var testPrefix = !_ldapOptions.LDAP_WebAppGroup_Is_Live ? _ldapOptions.LDAP_Prefix_Test : "";
|
||||||
if (IsWindreamAdminGroup(groupNameSuffix))
|
if (IsWindreamAdminGroup(groupNameSuffix))
|
||||||
{
|
{
|
||||||
return LdapGlobals.LDAP_EDMAdmin_Prefix + testPrefix;
|
return _ldapOptions.LDAP_EDMAdmin_Prefix + testPrefix;
|
||||||
}
|
}
|
||||||
else if (IsWindreamUserGroup(groupNameSuffix))
|
else if (IsWindreamUserGroup(groupNameSuffix))
|
||||||
{
|
{
|
||||||
return LdapGlobals.LDAP_EDMUser_Prefix + testPrefix;
|
return _ldapOptions.LDAP_EDMUser_Prefix + testPrefix;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return (IsWindreamSuffixGroup(groupNameSuffix) ? LdapGlobals.LDAP_EDM_Prefix : LdapGlobals.LDAP_WebAppp_Prefix) + testPrefix + "_" + groupNameSuffix.Replace(LdapGlobals.LDAP_WINDREAM, "");
|
return (IsWindreamSuffixGroup(groupNameSuffix) ? _ldapOptions.LDAP_EDM_Prefix : _ldapOptions.LDAP_WebAppp_Prefix) + testPrefix + "_" + groupNameSuffix.Replace(_ldapOptions.LDAP_WINDREAM, "");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool AD_RemoveUserFromGroup(string userId, string group4User)
|
public bool AD_RemoveUserFromGroup(string userId, string group4User)
|
||||||
{
|
{
|
||||||
string groupName = GetFullGroupName(group4User);
|
string groupName = GetFullGroupName(group4User);
|
||||||
// secure that no windream user or admin can be deleted
|
// secure that no windream user or admin can be deleted
|
||||||
if (groupName.Equals(LdapGlobals.LDAP_EDMUser_Prefix, StringComparison.CurrentCultureIgnoreCase)
|
if (groupName.Equals(_ldapOptions.LDAP_EDMUser_Prefix, StringComparison.CurrentCultureIgnoreCase)
|
||||||
|| groupName.Equals(LdapGlobals.LDAP_EDMAdmin_Prefix, StringComparison.CurrentCultureIgnoreCase))
|
|| groupName.Equals(_ldapOptions.LDAP_EDMAdmin_Prefix, StringComparison.CurrentCultureIgnoreCase))
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
using var principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN);
|
using var principalContext = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN);
|
||||||
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userId);
|
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userId);
|
||||||
if (userPrincipal == default)
|
if (userPrincipal == default)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user