Modify ContainerUser to use strong passwords from membership provider…

…. Also ensure warden user has full control on their specific dir, not just child objects.

src/IronFoundry.Warden/Containers/Container.cs

@@ -21,7 +21,15 @@ public class Container
         private ContainerPort port;
         private ContainerState state;
 
-        public Container(string handle, ContainerState containerState)
+        public static Container Restore(string handle, ContainerState containerState)
+        {
+            return new Container(handle, containerState);
+        }
+
+        /// <summary>
+        /// Used for restore.
+        /// </summary>
+        private Container(string handle, ContainerState containerState)
         {
             if (handle.IsNullOrWhiteSpace())
             {

src/IronFoundry.Warden/Containers/ContainerDirectory.cs

@@ -57,7 +57,7 @@ private static DirectoryInfo CreateContainerDirectory(ContainerHandle handle, Co
 
             var inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
             var accessRule = new FileSystemAccessRule(user, FileSystemRights.FullControl, inheritanceFlags,
-                PropagationFlags.InheritOnly, AccessControlType.Allow);
+                PropagationFlags.None, AccessControlType.Allow);
 
             DirectoryInfo containerBaseInfo = dirInfo.Item1;
             DirectorySecurity security = containerBaseInfo.GetAccessControl();

src/IronFoundry.Warden/Containers/ContainerManager.cs

@@ -53,7 +53,7 @@ public void RestoreContainers(string containerRoot)
                             var handle = Path.GetFileName(dirPath);
                             try
                             {
-                                var container = new Container(handle, ContainerState.Active);
+                                var container = Container.Restore(handle, ContainerState.Active);
                                 containers.TryAdd(container.Handle, container);
                             }
                             catch (Exception ex)

src/IronFoundry.Warden/Containers/ContainerUser.cs

@@ -13,10 +13,11 @@ public class ContainerUser : IEquatable<ContainerUser>
 
         private readonly string uniqueId;
         private readonly string userName;
+        private readonly string password;
 
         public NetworkCredential GetCredential()
         {
-            return new NetworkCredential(userName, uniqueId);
+            return new NetworkCredential(userName, password);
         }
 
         public ContainerUser(string uniqueId, bool shouldCreate = false)
@@ -36,10 +37,18 @@ public ContainerUser(string uniqueId, bool shouldCreate = false)
                 throw new ArgumentException("uniqueId must be 8 or more word characters.");
             }
 
+            /*
+             * TODO: this means that we can't retrieve a user's password if restoring a container.
+             * This should be OK when we move to the "separate process for container" model since the separate
+             * process will be installed as a service and the password will only need to be known at install
+             * time.
+             */
+            this.password = System.Web.Security.Membership.GeneratePassword(16, 8);
+
             var principalManager = new LocalPrincipalManager();
             if (shouldCreate)
             {
-                principalManager.CreateUser(this.userName, this.uniqueId);
+                principalManager.CreateUser(this.userName, this.password);
             }
             else
             {

src/IronFoundry.Warden/IronFoundry.Warden.csproj

@@ -178,6 +178,7 @@
     <Reference Include="System.configuration" />
     <Reference Include="System.DirectoryServices" />
     <Reference Include="System.DirectoryServices.AccountManagement" />
+    <Reference Include="System.Web" />
     <Reference Include="System.XML" />
   </ItemGroup>
   <ItemGroup>