public AuthenticationResponse Login(string username, string password)
        {
            string message = String.Empty;

            try
            {
                string encryptedUsername = EncryptionManager.EncryptString(username,
                                                                           Veneka.Indigo.Common.Utilities.StaticFields.USE_HASHING_FOR_ENCRYPTION,
                                                                           Veneka.Indigo.Common.Utilities.StaticFields.EXTERNAL_SECURITY_KEY);
                string encryptedpwd = EncryptionManager.EncryptString(password,
                                                                      Veneka.Indigo.Common.Utilities.StaticFields.USE_HASHING_FOR_ENCRYPTION,
                                                                      Veneka.Indigo.Common.Utilities.StaticFields.EXTERNAL_SECURITY_KEY);

                string workstation = EncryptionManager.EncryptString("APILoginAttempt" + DateTime.Now.ToString(),
                                                                     Veneka.Indigo.Common.Utilities.StaticFields.USE_HASHING_FOR_ENCRYPTION,
                                                                     Veneka.Indigo.Common.Utilities.StaticFields.EXTERNAL_SECURITY_KEY);
                var responseObj = _userManContoller.LogIn(encryptedUsername, encryptedpwd, workstation);
                if (responseObj.ResponseType == ResponseType.SUCCESSFUL)
                {
                    string SessionKey = EncryptionManager.DecryptString(responseObj.Value.encryptedSessionKey,
                                                                        Veneka.Indigo.Common.Utilities.StaticFields.USE_HASHING_FOR_ENCRYPTION,
                                                                        Veneka.Indigo.Common.Utilities.StaticFields.EXTERNAL_SECURITY_KEY);
                    string UserId = EncryptionManager.DecryptString(responseObj.Value.encryptedUserId,
                                                                    Veneka.Indigo.Common.Utilities.StaticFields.USE_HASHING_FOR_ENCRYPTION,
                                                                    Veneka.Indigo.Common.Utilities.StaticFields.EXTERNAL_SECURITY_KEY);
                    var token = BackOfficeAPIController.CreateToken(Guid.NewGuid(), SessionKey, int.Parse(UserId), bll.Action.PrintCard);


                    return(new AuthenticationResponse()
                    {
                        ResponseCode = "00", ResponseMessage = "SUCCESSFUL", AuthToken = token
                    });
                }
            }
            catch (Exception ex)
            {
                message = ex.Message;
                _log.Error(ex);
            }

            return(new AuthenticationResponse()
            {
                ResponseCode = "01", ResponseMessage = "failed", AuthToken = null
            });
        }
Beispiel #2
0
        /// <summary>
        /// Validate that the session key is not empy and that their is a valid current session.
        /// Log's warning if there is an issue.
        /// </summary>
        /// <param name="sessionKey"></param>
        /// <returns></returns>
        public SessionObject isValidSession(string encryptedSessionKey, bool isLogin)
        {
            try
            {
                if (String.IsNullOrWhiteSpace(encryptedSessionKey))
                {
                    throw new ArgumentException("Session key is null or empty.");
                }

                //string sessionKey = UtilityClass.DecryptSting(encryptedSessionKey);

                string sessionKey = EncryptionManager.DecryptString(encryptedSessionKey,
                                                                    StaticFields.USE_HASHING_FOR_ENCRYPTION,
                                                                    StaticFields.EXTERNAL_SECURITY_KEY);

                //log.Debug(m => m("Validating session key: " + sessionKey));

                if (!String.IsNullOrWhiteSpace(sessionKey))
                {
                    //If this is a valid login attempt return a "valid" session object.
                    if (sessionKey.StartsWith("IndigoLoginAttempt") && isLogin)
                    {
                        return(new SessionObject("login", 0, "login", "login", 0, false));
                    }

                    SessionObject sesionObj;
                    if (_sessions.TryGetValue(sessionKey, out sesionObj))
                    {
                        _sessions[sessionKey].LastAccess = DateTime.Now;
                        return(sesionObj);
                    }
                }

                log.Warn("Attempted access with invalid session key.");
                log.Debug(m => m("Invalid session key used: " + sessionKey));
            }
            catch (Exception ex)
            {
                log.Error(ex);
            }

            return(null);
        }