this manager is called from Server.App.Core More...

Inheritance diagram for Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager:

Public Member Functions
bool	SetPassword (string AUserID, string APassword)
	Set the password More...

bool	LockSysadmin ()
	Lock the SYSADMIN user More...

bool	AddUser (string AUserID, string APassword="")
	Adds a new user. More...

bool	PerformUserAuthentication (string AUserID, string APassword, string AClientComputerName, string AClientIPAddress, out Boolean ASystemEnabled, TDBTransaction ATransaction)
	Authenticate a user. More...

void	SimulatePasswordAuthenticationForNonExistingUser ()
	Call this Method when a log-in is attempted for a non-existing user (!) so that the time that is spent on 'authenticating' them is as long as is spent on authenticating existing users. This is done so that an attacker that tries to perform user authentication with 'username guessing' cannot easily tell that the user doesn't exist by checking the time in which the server returns an error (this is an attack vector called 'timing attack')! More...

Detailed Description

this manager is called from Server.App.Core

Member Function Documentation

◆ AddUser()

bool Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.AddUser	(	string	AUserID,
		string	APassword = `""`
	)

inline

Adds a new user.

Gets called from TServerManager.AddUser() Method, which in turn gets utilised by the PetraMultiStart.exe application for the creation of test users for that application.

Implements Ict.Common.Remoting.Server.IUserManager.

◆ LockSysadmin()

bool Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.LockSysadmin ( )

inline

Lock the SYSADMIN user

Gets called from TServerManager.LockSysadmin() Method, which is used to lock the SYSADMIN user while the instance is not assigned to a customer yet.

Implements Ict.Common.Remoting.Server.IUserManager.

◆ PerformUserAuthentication()

bool Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.PerformUserAuthentication	(	string	AUserID,
		string	APassword,
		string	AClientComputerName,
		string	AClientIPAddress,
		out Boolean	ASystemEnabled,
		TDBTransaction	ATransaction
	)

inline

Authenticate a user.

Parameters

AUserID	User ID.
APassword	Password.
AClientComputerName	Name of the Client Computer that the authentication request came from.
AClientIPAddress	IP Address of the Client Computer that the authentication request came from.
ASystemEnabled	True if the system is enabled, otherwise false.
ATransaction	Instantiated DB Transaction.

Implements Ict.Common.Remoting.Server.IUserManager.

◆ SetPassword()

bool Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.SetPassword	(	string	AUserID,
		string	APassword
	)

inline

Set the password

Gets called from TServerManager.SetPassword() Method, which is used to set the initial password for SYSADMIN.

Implements Ict.Common.Remoting.Server.IUserManager.

◆ SimulatePasswordAuthenticationForNonExistingUser()

void Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.SimulatePasswordAuthenticationForNonExistingUser ( )

inline

Call this Method when a log-in is attempted for a non-existing user (!) so that the time that is spent on 'authenticating' them is as long as is spent on authenticating existing users. This is done so that an attacker that tries to perform user authentication with 'username guessing' cannot easily tell that the user doesn't exist by checking the time in which the server returns an error (this is an attack vector called 'timing attack')!

Implements Ict.Common.Remoting.Server.IUserManager.

The documentation for this class was generated from the following file:

csharp/ICT/Petra/Server/lib/MSysMan/UserManager.cs

Public Member Functions

Detailed Description

Member Function Documentation

◆ AddUser()

◆ LockSysadmin()

◆ PerformUserAuthentication()

◆ SetPassword()

◆ SimulatePasswordAuthenticationForNonExistingUser()