Content Studio Web Content Management System
SystemObject
SystemMarshalByRefObject
ContentStudioCSBase
ContentStudio.SecuritySecurityBase
ContentStudio.SecurityAccessControl
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)
Top
Top
Top
The following sample shows how to check if the calling user has permission to create and write new documents in the current category.
The following code shows how to set permissions to a Content Studio object (error handling is omitted in this example).
Note
Observe how the well-known group Everyone is created in the sample. Never rely on the name of any well-known principal; those names are localized and differ between different language versions of the operating system.
Taking the ownership of an object can be done by directly manipulating the security descriptor and the ownersid field as the
following code snippet shows.
Note
You can only take ownership, never give it away to someone else. Also in order to take ownership you must have SetOwnerShip permission or be a member in a group that has the GlobalGroupAdmin rights defined.
[This is preliminary documentation and is subject to change.]
This class handles the access control tasks in Content Studio.
There are methods to get and set security for objects and methods for making access checks.
Inheritance Hierarchy
SystemMarshalByRefObject
ContentStudioCSBase
ContentStudio.SecuritySecurityBase
ContentStudio.SecurityAccessControl
Namespace: ContentStudio.Security
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)
Syntax
The AccessControl type exposes the following members.
Constructors
Name | Description | |
---|---|---|
AccessControl | Initializes a new instance of the AccessControl class |
Properties
Name | Description | |
---|---|---|
ForceLDAPLevel |
Retrieves the ForceLDAPLevel debug setting
(Inherited from SecurityBase.) | |
UseNetBiosDomainBinding |
Gets a value that indicates whether the NetBiosDomain name should be included when binding the user SID to Active Directory.
(Inherited from SecurityBase.) |
Methods
Name | Description | |
---|---|---|
ConvertCSSecurableObjects |
Converts a Content Studio CSSecurableObjects enumeration to its short name.
| |
ConvertObjectShortString |
Converts a Content Studio securable object short string to the CSSecurableObjects enumeration.
| |
CreateObjRef | (Inherited from MarshalByRefObject.) | |
EffectivePermissions |
Returns the effective permissions a user has on a certain Content Studio securable object.
| |
Equals | (Inherited from Object.) | |
Finalize | (Inherited from Object.) | |
GetHashCode | (Inherited from Object.) | |
GetLifetimeService | (Inherited from MarshalByRefObject.) | |
GetObjectSecurity(ConnectionId, SessionId, Int32, CSSecurableObjects) |
Returns a Content Studio securable object security descriptor in the Content Studio XML format.
| |
GetObjectSecurity(ConnectionId, SessionId, Int32, CSSecurableObjects, String) |
Returns a Content Studio securable object security descriptor in the Content Studio XML format.
| |
GetObjectSecurity(ConnectionId, SessionId, String, Int32, String) |
Returns a Content Studio securable object security descriptor in the Content Studio XML format.
| |
GetOwnerCandidates(ConnectionId, SessionId, Int32, CSSecurableObjects) |
Gets the trustees that can take ownership over a securable Content Studio object.
Call this method to get a list of trustees that can act as owner of an object before attempting to take ownership of that object.
The method calculates the possible owners of an object with respect to the calling user.
| |
GetOwnerCandidates(ConnectionId, SessionId, String, Int32, String) |
Gets the trustees that can take ownership over a securable Content Studio object.
Call this method to get a list of trustees that can act as owner of an object before attempting to take ownership of that object.
The method calculates the possible owners of an object with respect to the calling user.
| |
GetSecurityDescriptorSchema |
Returns the schema that is used to validate a Content Studio security descriptor
| |
GetSecurityDescriptorSchemaStream |
Returns a stream that contains the xml schema used to validate a Content Studio security descriptor
| |
GetType | (Inherited from Object.) | |
InitializeLifetimeService | (Inherited from MarshalByRefObject.) | |
MemberwiseClone | (Inherited from Object.) | |
MemberwiseClone(Boolean) | (Inherited from MarshalByRefObject.) | |
ObjectAccessCheck(ConnectionId, SessionId, CSObjectPermissions, CSSecurableObjects, Int32) |
Checks if a user has a certain permission on a Content Studio object.
| |
ObjectAccessCheck(ConnectionId, SessionId, String, Int32, String) |
Checks if a user has a certain permission on a Content Studio object.
| |
ObjectAccessCheck(ConnectionId, SessionId, CSObjectPermissions, Int32, CSSecurableObjects, Int32) |
Checks if a user has a certain permission on a Content Studio object.
| |
ObjectAccessCheck(ConnectionId, SessionId, CSObjectPermissions, CSSecurableObjects, Int32, Int32, String) |
Checks if a user has a certain permission on a Content Studio object.
| |
SetObjectSecurity(ConnectionId, SessionId, AccessControlSecurityInfoClass, String) |
Sets security information for an object
| |
SetObjectSecurity(ConnectionId, SessionId, String, AccessControlSecurityInfoClass, String, Int32, String) |
Sets security information for an object. For manipulating Content Studio security descriptors see the CSSecurityDescriptorCSSecurityDescriptor class.
| |
ToString | (Inherited from Object.) |
Examples
try { AccessControl acc = new AccessControl(); if(acc.ObjectAccessCheck(CS_ConnectionId, CS_UserSessionId, CSObjectPermissions.Create | CSObjectPermissions.Write, CSSecurableObjects.DocumentCategory, CS_InsertedCategoryId)) Response.Write("You have access!"); else Response.Write("Sorry, no access for you!"); } catch (Exception ex) { Response.Write(Server.HtmlEncode(ex.GetType().ToString() + ": " + ex.Message)); }
Note
Observe how the well-known group Everyone is created in the sample. Never rely on the name of any well-known principal; those names are localized and differ between different language versions of the operating system.
using System; using System.Xml; using System.Text; using System.Security.Principal; using System.Security.AccessControl; using ContentStudio; using ContentStudio.Security; using Content.Studio.AccessControlEdit; public class TheClass { public void Main() { const int CONNECTION_ID = 1; //Create a new session. SessionManager sman = new SessionManager(); int SessionID = sman.OpenSession(CONNECTION_ID); ContentStudio.Security.AccessControl acc = new AccessControl(); //Get the security descriptor on document id 2558. string sd = acc.GetObjectSecurity(CONNECTION_ID, SessionID, 2558, CSSecurableObjects.DocumentItem); /* Use the new ContentStudio.Security.AccessControlEdit.CSSecurityDescriptor object. This object is not executed over remoting. */ CSSecurityDescriptor secDesc = new CSSecurityDescriptor(sd); /* Add two new permission entries with the AddAccess method on the DiscretionaryAccessControlList of the CSSecurityDescriptor object. Let's use Everyone - read, and CONTENTSTUDIO\Editors - modify. */ SecurityIdentifier SID = new SecurityIdentifier(WellKnownSidType.WorldSid, null); secDesc.DiscretionaryAccessControlList.AddAccess(SID, AccessControlType.Allow, CSObjectPermissions.Read , AceFlags.None); const CSObjectPermissions MODIFY = CSObjectPermissions.Write | CSObjectPermissions.Create | CSObjectPermissions.Read | CSObjectPermissions.SendForRevision; /* A SecurityIdentifier can also be created if you have the user name in the format Domain\Username or the UPN-format (e.g. Editors@contentstudio.com). */ NTAccount acc = new NTAccount("CONTENTSTUDIO\\Editors"); //Translate to a SecurityIdentifier SID = (SecurityIdentifier)acc.Translate(typeof(SecurityIdentifier)); secDesc.DiscretionaryAccessControlList.AddAccess(SID, AccessControlType.Allow, MODIFY, AceFlags.None); //Get the the security descriptor in the Xml format. StringBuilder sbu = new StringBuilder(); XmlWriter XWriter = XmlWriter.Create(sbu); secDesc.WriteXml(XWriter); XWriter.Flush(); sd = sbu.ToString(); //Save the security back to the object that provided it. acc.SetObjectSecurity(CONNECTION_ID, SessionID, AccessControl.SecurityInfoClass.DACL, sd); } }
Note
You can only take ownership, never give it away to someone else. Also in order to take ownership you must have SetOwnerShip permission or be a member in a group that has the GlobalGroupAdmin rights defined.
try { const int CS_STARTPAGE = 1003; AccessControl acc = new AccessControl(); XmlDocument dom = new XmlDocument(); dom.LoadXml(acc.GetObjectSecurity(CS_ConnectionId, CS_UserSessionId, CS_STARTPAGE, CSSecurableObjects.DocumentItem)); //Get the sid of the calling user SecurityIdentifier sid = WindowsIdentity.GetCurrent().User; //Change the owner by manipulating the security descriptor xml directly! dom.DocumentElement.SelectSingleNode("ownersid").InnerText = sid.Value; //save the security descriptor back to the object indicating that we like to set the owner information acc.SetObjectSecurity(CS_ConnectionId, CS_UserSessionId, AccessControl.SecurityInfoClass.Owner, dom.OuterXml); Response.Write("The owner has been changed"); } catch (Exception ex) { Response.Write(Server.HtmlEncode(ex.Message)); }
See Also