The TUserManager class provides access to the security-related information of Users of a Petra DB. More...

Static Public Member Functions
static IUserAuthentication	LoadAuthAssembly (string AUserAuthenticationMethod)
	load the plugin assembly for authentication More...

static bool	PerformUserAuthentication (String AUserID, String APassword, string AClientComputerName, string AClientIPAddress, out Boolean ASystemEnabled, TDBTransaction ATransaction)
	Authenticate a user. More...

static void	SimulatePasswordAuthenticationForNonExistingUser ()
	Call this Method when a log-in is attempted for a non-existing user (!) so that the time that is spent on 'authenticating' them is as long as is spent on authenticating existing users. This is done so that an attacker that tries to perform user authentication with 'username guessing' cannot easily tell that the user doesn't exist by checking the time in which the server returns an error (this is an attack vector called 'timing attack')! More...

static string	CreateHashOfPassword (string APassword, string ASalt, int APasswordSchemeVersion)
	create hash of password and the salt. replacement for FormsAuthentication.HashPasswordForStoringInConfigFile which is part of System.Web.dll and not available in the client profile of .net v4.0 More...

static bool	ReloadUserInfo ()
	Causes an immediately reload of the UserInfo that is stored in the session More...

static void	SignalReloadCachedUserInfo (String AUserID)
	Queues a ClientTask for reloading of the UserInfo for all connected Clients with a certain UserID. More...

Detailed Description

The TUserManager class provides access to the security-related information of Users of a Petra DB.

Calls methods that have the same name in the Ict.Petra.Server.App.Core.Security.UserManager Namespace to perform its functionality!

This is required in two places, because it is needed before the appdomain is loaded and therefore cannot be in MSysMan; and it is needed here to make it available to the client via MSysMan remotely

Member Function Documentation

◆ CreateHashOfPassword()

static string Ict.Petra.Server.MSysMan.Security.UserManager.WebConnectors.TUserManagerWebConnector.CreateHashOfPassword	(	string	APassword,
		string	ASalt,
		int	APasswordSchemeVersion
	)

inlinestatic

create hash of password and the salt. replacement for FormsAuthentication.HashPasswordForStoringInConfigFile which is part of System.Web.dll and not available in the client profile of .net v4.0

Parameters

APassword	Password (plain-text).
ASalt	Salt for 'salting' the password hash. MUST be obtained from the same Password Helper Class version that gets called in this Method - the Class gets chosen in this Method by evaluating APasswordSchemeVersion

.

Parameters

APasswordSchemeVersion Version of the Password Hashing Scheme.

Returns: Password Hash of APassword according to APasswordSchemeVersion and the passed-in ASalt .

◆ LoadAuthAssembly()

static IUserAuthentication Ict.Petra.Server.MSysMan.Security.UserManager.WebConnectors.TUserManagerWebConnector.LoadAuthAssembly ( string AUserAuthenticationMethod )

inlinestatic

load the plugin assembly for authentication

◆ PerformUserAuthentication()

static bool Ict.Petra.Server.MSysMan.Security.UserManager.WebConnectors.TUserManagerWebConnector.PerformUserAuthentication	(	String	AUserID,
		String	APassword,
		string	AClientComputerName,
		string	AClientIPAddress,
		out Boolean	ASystemEnabled,
		TDBTransaction	ATransaction
	)

inlinestatic

Authenticate a user.

Parameters

AUserID	User ID.
APassword	Password.
AClientComputerName	Name of the Client Computer that the authentication request came from.
AClientIPAddress	IP Address of the Client Computer that the authentication request came from.
ASystemEnabled	True if the system is enabled, otherwise false.
ATransaction	Instantiated DB Transaction.

◆ ReloadUserInfo()

static bool Ict.Petra.Server.MSysMan.Security.UserManager.WebConnectors.TUserManagerWebConnector.ReloadUserInfo ( )

inlinestatic

Causes an immediately reload of the UserInfo that is stored in the session

◆ SignalReloadCachedUserInfo()

static void Ict.Petra.Server.MSysMan.Security.UserManager.WebConnectors.TUserManagerWebConnector.SignalReloadCachedUserInfo ( String AUserID )

inlinestatic

Queues a ClientTask for reloading of the UserInfo for all connected Clients with a certain UserID.

Parameters

AUserID UserID for which the ClientTask should be queued

◆ SimulatePasswordAuthenticationForNonExistingUser()

static void Ict.Petra.Server.MSysMan.Security.UserManager.WebConnectors.TUserManagerWebConnector.SimulatePasswordAuthenticationForNonExistingUser ( )

inlinestatic

Call this Method when a log-in is attempted for a non-existing user (!) so that the time that is spent on 'authenticating' them is as long as is spent on authenticating existing users. This is done so that an attacker that tries to perform user authentication with 'username guessing' cannot easily tell that the user doesn't exist by checking the time in which the server returns an error (this is an attack vector called 'timing attack')!

The documentation for this class was generated from the following file:

csharp/ICT/Petra/Server/lib/MSysMan/UserManager.cs

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ CreateHashOfPassword()

◆ LoadAuthAssembly()

◆ PerformUserAuthentication()

◆ ReloadUserInfo()

◆ SignalReloadCachedUserInfo()

◆ SimulatePasswordAuthenticationForNonExistingUser()