public AuthListOutputList GetAuthList(AuthList model)
{
var query = "";
var list = new AuthListOutputList();
try
{
var os = new OSRepository();
var osId = os.GetOSbyId(model.OsId);
query += "SELECT Distinct";
query += " a.nid_autorizacion, ";
query += " CNRO_AUTORIZACION, ";
query += " DFEC_AUTORIZACION, ";
query += " NNRO_PRE, ";
query += " CNOM_AFILIADO, ";
query += " NNRO_AFILIADO, ";
query += " (select LISTAGG(ccodprest, ',') WITHIN GROUP(ORDER BY ccodprest ) from autorizaciones_detalle AD1 where AD1.nid_autorizacion = ad.nid_autorizacion) AS Prestacion,";
query += " (select count(*) from autorizaciones_detalle AD1 where AD1.nid_autorizacion = ad.nid_autorizacion) as NCantidad, ";
query += " A.ESTADO_AUTORIZACION, ";
query += " NVL(A.CCOD_ANULACION, '') as CCOD_ANULACION, ";
query += " NVL(PRESENTACIONID, '') as PRESENTACIONID, ";
query += " NVL(A.MODOTIPO,'M') as MODOTIPO ";
query += " FROM AUTORIZACIONES A ";
query += " inner join autorizaciones_detalle AD on a.nid_autorizacion = ad.nid_autorizacion ";
query += " inner join prestador P on A.IDPRE = P.IDPRE ";
query += " WHERE A.IDPRE = " + model.PrestadorId + " AND A.NCODOSOC = " + osId + " AND DFEC_AUTORIZACION >= TO_DATE('" + model.Desde + "', 'DD/MM/YYYY') AND DFEC_AUTORIZACION <= TO_DATE('" + model.Hasta + "', 'DD/MM/YYYY HH24:MI') ";
query += " Order by DFEC_AUTORIZACION DESC, a.nid_autorizacion Desc ";
var c = new Connection();
var dt = c.Query(query);
foreach (DataRow dr in dt.Rows)
{
var strFech = dr.ItemArray[2].ToString();
var index = strFech.IndexOf(' ');
var banda = dr.ItemArray[11].ToString().Trim() == "B" ? " (B)" : "";
var auth = new AuthListOutput
{
Id = Convert.ToInt32(dr.ItemArray[0]),
AuthNr = (dr.ItemArray[9].ToString().Trim() != "" ? dr.ItemArray[9].ToString() : dr.ItemArray[1].ToString()) + banda, // dr.ItemArray[9]. = Cod Anulacion; dr.ItemArray[1]= Cod Autorizacion
Fecha = (index > 0 ? strFech.Substring(0, index).Trim() : strFech.Trim()),
Matricula = dr.ItemArray[3].ToString(),
Afiliado = dr.ItemArray[4].ToString(),
AfiNr = dr.ItemArray[5].ToString(),
Prestacion = dr.ItemArray[6].ToString(),
Cant = dr.ItemArray[7].ToString(),
Estado = dr.ItemArray[8].ToString(),
Presentado = dr.ItemArray[8].ToString().Trim() != ""
};
list.List.Add(auth);
}
}
catch (Exception ex)
{
list.SetError(GetType().Name, GetMethod.ErrorLine(ex), ex.Message, ex.InnerException?.ToString() ?? "", model, query);
}
return(list);
}
public bool Check(string uri,string authorization,ref string authName)
{
//�F���X�g
var authList = new AuthList((Dat)_conf.Get("authList"));
//�F���X�g�Ƀq�b�g���Ă��邩�ǂ����̊m�F
var oneAuth = authList.Search(uri);
if (oneAuth == null)
return true;//�F���X�g�Ƀq�b�g�Ȃ�
//���M����Ă����F�؏��i���[�U�{�p�X���[�h�j�̎擾
var user = "";
var pass = "";
if (!CheckHeader(authorization, ref user, ref pass))
goto err;
//�F���X�g�iAuthList�j�ɓ��Y���[�U�̒�`�����݂��邩�ǂ���
if (!oneAuth.Seartch(user)) {
var find = false;//�O���[�v���X�g���烆�[�U�������ł��邩�ǂ���
//�F���X�g�Œ��ڃ��[�U����������Ȃ������ꍇ�A�O���[�v���X�g���������
//�O���[�v���X�g
var groupList = new GroupList((Dat)_conf.Get("groupList"));
foreach (OneGroup o in groupList){
if (!oneAuth.Seartch(o.Group))
continue;
if (!o.Seartch(user))
continue;
find = true;//�ꉞ���[�U�Ƃ��ĔF�߂��Ă���
break;
}
if (!find) {
_logger.Set(LogKind.Secure,null,6, string.Format("user:{0} pass:{1}", user, pass));//�F�G���[�i�F���X�g�ɒ�`����Ă��Ȃ����[�U����̃A�N�Z�X�ł��j";
goto err;
}
}
//�p�X���[�h�̊m�F
var userList = new UserList((Dat)_conf.Get("userList"));
var oneUser = userList.Search(user);
if (oneUser == null) {
//���[�U���X�g�ɏ���݂��Ȃ�
_logger.Set(LogKind.Secure,null,7,string.Format("user:{0} pass:{1}", user, pass));//�F�G���[�i���[�U���X�g�ɓ��Y���[�U�̏����܂���j";
} else {
if (oneUser.Pass == pass) {//�p�X���[�h��v
_logger.Set(LogKind.Detail,null, 8,string.Format("Authrization success user:{0} pass:{1}", user, pass));//�F�ؐ���
return true;
}
//�p�X���[�h�s��v
_logger.Set(LogKind.Secure,null,9,string.Format("user:{0} pass:{1}", user, pass));//�F�G���[�i�p�X���[�h���Ⴂ�܂��j";
}
err:
authName = oneAuth.AuthName;
return false;//�F�G���[����
}
///<summary>Processes an authentication query.</summary>
///<param name="Query">The query to process.</param>
private void ProcessQuery(byte [] Query)
{
try {
string User = Encoding.ASCII.GetString(Query, 2, Query[1]);
string Pass = Encoding.ASCII.GetString(Query, Query[1] + 3, Query[Query[1] + 2]);
byte [] ToSend;
if (AuthList == null || AuthList.IsItemPresent(User, Pass))
{
ToSend = new byte[] { 5, 0 };
Connection.BeginSend(ToSend, 0, ToSend.Length, SocketFlags.None, new AsyncCallback(this.OnOkSent), Connection);
}
else
{
ToSend = new Byte[] { 5, 1 };
Connection.BeginSend(ToSend, 0, ToSend.Length, SocketFlags.None, new AsyncCallback(this.OnUhohSent), Connection);
}
} catch {
Callback(false);
}
}
///<summary>Processes an authentication query.</summary>
///<param name="Query">The query to process.</param>
private async void ProcessQuery(byte[] Query)
{
try
{
string User = Encoding.ASCII.GetString(Query, 2, Query[1]);
string Pass = Encoding.ASCII.GetString(Query, Query[1] + 3, Query[Query[1] + 2]);
byte[] ToSend;
if (AuthList == null || AuthList.IsItemPresent(User, Pass))
{
ToSend = new byte[] { 5, 0 };
await Connection.SendAsync(ToSend, this.OnOkSent);
}
else
{
ToSend = new Byte[] { 5, 1 };
await Connection.SendAsync(ToSend, this.OnUhohSent);
}
}
catch (Exception ex)
{
Console.WriteLine("[WARN] " + ex.Message + "\r\n" + ex.StackTrace);
Callback(this.Connection, false);
}
}
public void RemoveUser(string username)
{
AuthList.RemoveItem(username);
}
public void AddUser(string username, string password)
{
AuthList.AddItem(username, password);
}
public bool Check(string uri, string authorization, ref string authName)
{
//�F���X�g
var authList = new AuthList((Dat)_conf.Get("authList"));
//�F���X�g�Ƀq�b�g���Ă��邩�ǂ����̊m�F
var oneAuth = authList.Search(uri);
if (oneAuth == null)
{
return(true);//�F���X�g�Ƀq�b�g�Ȃ�
}
//���M����Ă����F�؏��i���[�U�{�p�X���[�h�j�̎擾
var user = "";
var pass = "";
if (!CheckHeader(authorization, ref user, ref pass))
{
goto err;
}
//�F���X�g�iAuthList�j�ɓ��Y���[�U�̒�`�����݂��邩�ǂ���
if (!oneAuth.Seartch(user))
{
var find = false;//�O���[�v���X�g���烆�[�U�������ł��邩�ǂ���
//�F���X�g�Œ��ڃ��[�U����������Ȃ������ꍇ�A�O���[�v���X�g���������
//�O���[�v���X�g
var groupList = new GroupList((Dat)_conf.Get("groupList"));
foreach (OneGroup o in groupList)
{
if (!oneAuth.Seartch(o.Group))
{
continue;
}
if (!o.Seartch(user))
{
continue;
}
find = true;//�ꉞ���[�U�Ƃ��ĔF�߂��Ă���
break;
}
if (!find)
{
_logger.Set(LogKind.Secure, null, 6, string.Format("user:{0} pass:{1}", user, pass));//�F�G���[�i�F���X�g�ɒ�`����Ă��Ȃ����[�U����̃A�N�Z�X�ł��j";
goto err;
}
}
//�p�X���[�h�̊m�F
var userList = new UserList((Dat)_conf.Get("userList"));
var oneUser = userList.Search(user);
if (oneUser == null)
{
//���[�U���X�g�ɏ���݂��Ȃ�
_logger.Set(LogKind.Secure, null, 7, string.Format("user:{0} pass:{1}", user, pass));//�F�G���[�i���[�U���X�g�ɓ��Y���[�U�̏����܂���j";
}
else
{
if (oneUser.Pass == pass) //�p�X���[�h��v
{
_logger.Set(LogKind.Detail, null, 8, string.Format("Authrization success user:{0} pass:{1}", user, pass)); //�F�ؐ���
return(true);
}
//�p�X���[�h�s��v
_logger.Set(LogKind.Secure, null, 9, string.Format("user:{0} pass:{1}", user, pass));//�F�G���[�i�p�X���[�h���Ⴂ�܂��j";
}
err:
authName = oneAuth.AuthName;
return(false);//�F�G���[����
}
public void OnAuthenticateRequest(object source, EventArgs eventArgs)
{
HttpApplication app = (HttpApplication)source;
if (PathOfExtraUsersFile == String.Empty)
{
string extraUsersFile = ConfigurationSettings.AppSettings["Digest.Samples.DigestAuthenticationModule_ExtraUsersFiles"];
PathOfExtraUsersFile = app.Request.MapPath(extraUsersFile);
}
try
{
byte[] bytes = new byte[app.Request.InputStream.Length];
app.Request.InputStream.Read(bytes, 0, bytes.Length);
app.Request.InputStream.Position = 0;
string content = Encoding.ASCII.GetString(bytes);
XmlDocument doc = new XmlDocument();
doc.LoadXml(content);
XmlNamespaceManager manager = new XmlNamespaceManager(doc.NameTable);
manager.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope");
XmlNode node = doc.SelectSingleNode("/s:Envelope/s:Body", manager);
if (node != null && node.ChildNodes.Count > 0)
{
XmlNode requestNode = node.ChildNodes[0];
if (requestNode.NamespaceURI.ToLower() == "http://www.onvif.org/ver10/device/wsdl")
{
if (PRE_AUTH == null)
{
PRE_AUTH = LoadPublicMethods(app);
}
if (AuthList == null)
{
AuthList = LoadLocalPublicMethods(app);
}
if (PRE_AUTH.Contains(requestNode.Name) || AuthList.Contains(requestNode.Name))
{
app.Context.User = new GenericPrincipal(new GenericIdentity("public", "Rassoc.Samples.Digest"), new string[] { "public" });
return;
}
}
}
}
catch (Exception exc)
{
throw exc;
}
string authStr = app.Request.Headers["Authorization"];
if (authStr == null || authStr.Length == 0)
{
// No credentials; anonymous request
return;
}
authStr = authStr.Trim();
if (authStr.IndexOf("Digest", 0) != 0)
{
// Don't understand this header...we'll pass it along and
// assume someone else will handle it
return;
}
authStr = authStr.Substring(7);
ListDictionary reqInfo = new ListDictionary();
string[] elems = authStr.Split(new char[] { ',' });
foreach (string elem in elems)
{
// form key="value"
string[] parts = elem.Split(new char[] { '=' }, 2);
string key = parts[0].Trim(new char[] { ' ', '\"' });
string val = parts[1].Trim(new char[] { ' ', '\"' });
reqInfo.Add(key, val);
}
string username = (string)reqInfo["username"];
string password = "";
string[] roles;
bool bOk = GetPasswordAndRoles(app, username, out password, out roles);
if (!bOk)
{
// Invalid username; deny access
DenyAccess(app);
return;
}
string realm = ConfigurationSettings.AppSettings["Rassoc.Samples.DigestAuthenticationModule_Realm"];
// calculate the Digest hashes
// A1 = unq(username-value) ":" unq(realm-value) ":" passwd
string A1 = String.Format("{0}:{1}:{2}", (string)reqInfo["username"], realm, password);
System.Diagnostics.Debug.WriteLine(string.Format("A1: {0}", A1));
// H(A1) = MD5(A1)
string HA1 = GetMD5HashBinHex(A1);
System.Diagnostics.Debug.WriteLine(string.Format("HA1: {0}", HA1));
// A2 = Method ":" digest-uri-value
string A2 = String.Format("{0}:{1}", app.Request.HttpMethod, (string)reqInfo["uri"]);
System.Diagnostics.Debug.WriteLine(string.Format("A2: {0}", A2));
// H(A2)
string HA2 = GetMD5HashBinHex(A2);
System.Diagnostics.Debug.WriteLine(string.Format("HA2: {0}", HA2));
// KD(secret, data) = H(concat(secret, ":", data))
// if qop == auth:
// request-digest = <"> < KD ( H(A1), unq(nonce-value)
// ":" nc-value
// ":" unq(cnonce-value)
// ":" unq(qop-value)
// ":" H(A2)
// ) <">
// if qop is missing,
// request-digest = <"> < KD ( H(A1), unq(nonce-value) ":" H(A2) ) > <">
string unhashedDigest;
if (reqInfo["qop"] != null)
{
unhashedDigest = String.Format("{0}:{1}:{2}:{3}:{4}:{5}",
HA1,
(string)reqInfo["nonce"],
(string)reqInfo["nc"],
(string)reqInfo["cnonce"],
(string)reqInfo["qop"],
HA2);
}
else
{
unhashedDigest = String.Format("{0}:{1}:{2}",
HA1,
(string)reqInfo["nonce"],
HA2);
}
System.Diagnostics.Debug.WriteLine(string.Format("unhashedDigest: {0}", unhashedDigest));
string hashedDigest = GetMD5HashBinHex(unhashedDigest);
System.Diagnostics.Debug.WriteLine(string.Format("hashedDigest: {0}", hashedDigest));
bool isNonceStale = !IsValidNonce((string)reqInfo["nonce"]);
app.Context.Items["staleNonce"] = isNonceStale;
bool realmPresent = reqInfo.Contains("realm");
if (((string)reqInfo["response"] == hashedDigest) && (!isNonceStale) && (realmPresent))
{
if ((string)reqInfo["nc"] == "00000003")
{
string nextNonce = "";
nextNonce = nextNonce + "nextnonce=\"";
nextNonce = nextNonce + GetCurrentNonce();
nextNonce = nextNonce + "\"";
app.Response.AddHeader("Authentication-Info", nextNonce);
}
app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Rassoc.Samples.Digest"), roles);
}
else
{
// Invalid credentials or stale nonce; deny access
DenyAccess(app);
return;
}
}
