public IHttpActionResult SwitchBranch(int branchId) { var tokenExpiration = TimeSpan.FromDays(1); try { string userName = Request.GetOwinContext().Authentication.User.Claims.FirstOrDefault(o => o.Type == "sub").Value; Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(userName); ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); identity.AddClaim(new Claim("sub", userName)); identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString())); identity.AddClaim(new Claim("branchid", branchId.ToString())); identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString())); identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString())); identity.AddClaim(new Claim("role", "user")); var props = new AuthenticationProperties() { IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration), }; var ticket = new AuthenticationTicket(identity, props); var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket); JObject tokenResponse = new JObject( new JProperty("access_token", accessToken), new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString()) ); return(Ok(tokenResponse)); } catch (Exception ex) { } return(Ok()); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); using (AuthRepository _repo = new AuthRepository()) { //_repo.RetrieveHash(); IdentityUser user = await _repo.Login(context.UserName, HttpContext.Current.Server.UrlDecode(context.Password)); if (user == null) { context.SetError("IncorrectLogin"); return; } else if (accountBll.IsAccountDisabled(user.Id)) { context.SetError("AccountDisabled", user.UserName); return; } else if (accountBll.IsNeedToChangePassword(user.Id)) { context.SetError("ChangePassword", user.UserName); return; } } Module.Framework.DTO.UserInfoDTO dtoUserInfo = null; try { dtoUserInfo = bll.GetUserInfo(context.UserName); } catch (Exception ex) { context.SetError("Error", Library.Helper.GetInnerException(ex).Message); return; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString())); identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString())); identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString())); identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString())); identity.AddClaim(new Claim("clientid", dtoUserInfo.UserCientID.HasValue ? dtoUserInfo.UserCientID.ToString() : string.Empty)); identity.AddClaim(new Claim("role", "user")); context.Validated(identity); }
public IHttpActionResult AutoLogin(string identifier) { var tokenExpiration = TimeSpan.FromDays(1); IdentityUser user = null; using (AuthRepository _repo = new AuthRepository()) { //_repo.RetrieveHash(); user = _repo.FinByIdentifier(identifier); } if (user != null) { Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(user.UserName); ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); identity.AddClaim(new Claim("sub", user.UserName)); identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString())); identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString())); identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString())); identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString())); identity.AddClaim(new Claim("role", "user")); var props = new AuthenticationProperties() { IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration), }; var ticket = new AuthenticationTicket(identity, props); var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket); JObject tokenResponse = new JObject( new JProperty("access_token", accessToken), new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString()) ); return(Ok(tokenResponse)); } return(Ok()); }
public IHttpActionResult ChangePassword(Models.PasswordChangeViewModel data) { Library.DTO.Notification notification = new Library.DTO.Notification() { Type = Library.DTO.NotificationType.Success }; // change password using (AuthRepository _repo = new AuthRepository()) { if (data.NewPassword.Length < 7) { throw new Exception("Password length must be at least 7 chars"); } string errMsg = string.Empty; if (!_repo.ChangePassword(data.UserName, data.NewPassword, data.OldPassword, out errMsg)) { notification.Type = Library.DTO.NotificationType.Error; notification.Message = errMsg; return(Ok(new Library.DTO.ReturnData <string>() { Data = string.Empty, Message = notification })); } } // auto login var tokenExpiration = TimeSpan.FromDays(1); IdentityUser user = null; using (AuthRepository _repo = new AuthRepository()) { //_repo.RetrieveHash(); user = _repo.FindByUserNameNormal(data.UserName); } if (user != null) { Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(user.UserName); ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); identity.AddClaim(new Claim("sub", user.UserName)); identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString())); identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString())); identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString())); identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString())); identity.AddClaim(new Claim("role", "user")); var props = new AuthenticationProperties() { IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration), }; var ticket = new AuthenticationTicket(identity, props); var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket); JObject tokenResponse = new JObject( new JProperty("access_token", accessToken), new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString()) ); return(Ok(new Library.DTO.ReturnData <Object>() { Data = tokenResponse, Message = notification })); } // if we get here, something wrong with the process return(InternalServerError()); }