/// <summary> /// Creates a User Auth Token /// </summary> public string CreateUserAuthToken(string emailAddress) { var userId = this.Repository.GetSet <User>() .Where(x => x.EmailAddress == emailAddress) .Select(x => x.UserId) .Cast <int?>() .FirstOrDefault(); if (userId == null) { return(null); } // Random Characters (3 Guids with no dashes) // TODO: User true Random generator here var token = string.Concat(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()).Replace("-", ""); var userAuthToken = new UserAuthToken { UserId = userId.Value, AuthToken = token, ExpiryDate = DateTime.Now.AddHours(8) }; this.Repository.Add(userAuthToken); return(token); }
static public Membership.UserAuthenticateResults Login(string Email, string Password, bool GenerateRememberMeCookie) { Int64 UserId; Membership.UserAuthenticateResults results = Membership.AuthenticateUser(Email, Password, out UserId); if (results != Membership.UserAuthenticateResults.Success) { return(results); } UserAuthToken token = AuthTokens.GenerateAuthTokenForUserId(UserId, GenerateRememberMeCookie ? AuthTokenTimeSpan : 0); if (token == null) { return(Membership.UserAuthenticateResults.LoginError); } if (GenerateRememberMeCookie) { HttpCookie cookie = new HttpCookie(@"auth-token", TeaEncryptor.Encrypt(token.Secret.ToString(@"N") + @":" + token.Key, RememberMeCookieEncryptionKey)); cookie.Expires = token.Expiry; HttpContext.Current.Response.Cookies.Add(cookie); } HttpContext.Current.Session[@"Authenticated"] = true; HttpContext.Current.Session[@"AuthTokenId"] = token.UserAuthTokenId; HttpContext.Current.Session[@"UserId"] = UserId; HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New <UserProfile>().Select(UserProfile.Columns.DefaultLangCode).Where(UserProfile.Columns.UserId, UserId).ExecuteScalar() as string; return(results); }
/// <summary> /// Retrieve the user name from the given auth token. /// </summary> /// <remarks> /// Extract the User's Name from a valid auth token. If the auth token has expired or /// can't be decrypted for some reason, then NULL is returned. /// </remarks> /// <param name="auth">The authentication token to exract the user name from.</param> public static string GetUserNameFromAuthToken(string auth) { // If this has expired, this operation will return NULL. UserAuthToken CurrentToken = null; try { CurrentToken = UserAuthToken.FromAuthTokenKey(auth); } catch (Exception ex) { ex.Log(); } return((CurrentToken != null) ? CurrentToken.UserName : null); }
public ActionResult Index() { if (User.Identity.IsAuthenticated) { User userID = new User(); userID = db.Users.FirstOrDefault(u => u.Username == User.Identity.Name); UserAuthToken uat = new UserAuthToken(); uat = db.UserAuthTokens.First(u => u.UserID == userID.UserID); ViewBag.uat = uat.AuthToken; } return(View()); }
public static UserAuthToken LoginByAuthToken(string auth, TimeSpan ttl) { // If this has expired, this operation will return NULL. UserAuthToken CurrentToken = null; try { CurrentToken = UserAuthToken.FromAuthTokenKey(auth); } catch (Exception ex) { ex.Log(); } if (CurrentToken != null) { return(LoginUsingAD(CurrentToken.UserName, CurrentToken.Password, ttl)); } return(null); }
/// <summary> /// Envía la solicitud al servicio Aspen. /// </summary> /// <param name="request">Información de la solicitud.</param> /// <param name="apiVersion">Número de versión del API para incluir en la cabecera.</param> /// <exception cref="AspenException">Se presentó un error al procesar la solicitud. La excepción contiene los detalles del error.</exception> private void Execute(IRestRequest request, string apiVersion = null) { UserAuthToken userAuthToken = (UserAuthToken)this.AuthToken; ServiceLocator.Instance.HeadersManager.AddApiKeyHeader(request, this.AppIdentity.ApiKey); ServiceLocator.Instance.HeadersManager.AddSignedPayloadHeader( request, this.JwtEncoder, this.AppIdentity.ApiSecret, userAuthToken.Token, userAuthToken.Username); ServiceLocator.Instance.HeadersManager.AddApiVersionHeader(request, apiVersion); base.Execute(request); }
public static string GetUserName(string auth) { // If this has expired, this operation will return "". UserAuthToken CurrentToken = null; try { CurrentToken = UserAuthToken.FromAuthTokenKey(auth); } catch (Exception ex) { ex.Log(); } if (CurrentToken != null) { // Else we're going to use Windows Domain Auth. return(CurrentToken.UserName); } return(""); }
public void PostFromPlugin(string url, string authtoken, string comment) { if (url.Length > 0) { Bookmark bookmark = new Bookmark(); bookmark.URL = url; UserAuthToken uat = new UserAuthToken(); uat = db.UserAuthTokens.FirstOrDefault(u => u.AuthToken == authtoken); bookmark.UserID = uat.UserID; bookmark.Comment = comment; db.Bookmarks.Add(bookmark); db.SaveChanges(); } }
public void NotFoundValidTokenWhenUserSignedRequestThrows() { IDelegatedApp client = this.GetDelegatedClient(); UserAuthToken authToken = client.AuthToken as UserAuthToken; Assert.That(authToken, Is.Not.Null); IAppIdentity appIdentity = DelegatedAppIdentity.Master; IUserIdentity userIdentity = RecognizedUserIdentity.Master; TestContext.CurrentContext.DatabaseHelper().RemoveUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15847")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("No hay un token de autenticación vigente", exception.Message); }
/// <summary> /// Envía la solicitud al servicio Aspen. /// </summary> /// <typeparam name="TResponse">Tipo al que se convierte la respuesta del servicio Aspen.</typeparam> /// <param name="request">Información de la solicitud.</param> /// <param name="apiVersion">Número de versión del API para incluir en la cabecera.</param> /// <returns>Instancia de <typeparamref name="TResponse"/> con la información de respuesta del servicio Aspen.</returns> /// <exception cref="AspenException">Se presentó un error al procesar la solicitud. La excepción contiene los detalles del error.</exception> private TResponse Execute <TResponse>(IRestRequest request, string apiVersion = null) where TResponse : class, new() { UserAuthToken userAuthToken = (UserAuthToken)this.AuthToken; ServiceLocator.Instance.HeadersManager.AddApiKeyHeader(request, this.AppIdentity.ApiKey); ServiceLocator.Instance.HeadersManager.AddSignedPayloadHeader( request, this.JwtEncoder, this.AppIdentity.ApiSecret, userAuthToken.Token, userAuthToken.Username); ServiceLocator.Instance.HeadersManager.AddApiVersionHeader(request, apiVersion); IRestResponse response = base.Execute(request); return(response.StatusCode == HttpStatusCode.NoContent ? default : JsonConvert.DeserializeObject <TResponse>(response.Content)); }
static public bool ValidateAuthToken(string Secret, string Key, out Int64 UserId, out Int64 AuthTokenId) { try { Query qry = new Query(UserAuthToken.TableSchema).Where(UserAuthToken.Columns.Secret, Secret).AND(UserAuthToken.Columns.Key, Key); UserAuthTokenCollection coll = UserAuthTokenCollection.FetchByQuery(qry); if (coll.Count == 1) { UserAuthToken token = coll[0]; if (token.Expiry < DateTime.UtcNow || token.Key != EncodeKey(token.UserId, AuthTokenKeySalt_UserId)) { UserAuthToken.Delete(token.UserAuthTokenId); UserId = 0; AuthTokenId = 0; return(false); } else { UserId = token.UserId; AuthTokenId = token.UserAuthTokenId; DateTime newExpiry = DateTime.UtcNow.AddHours(AuthTokenLifeSpan_UserId); if (newExpiry > token.Expiry) { token.Expiry = newExpiry; } token.Save(); return(true); } } else { UserId = 0; AuthTokenId = 0; return(false); } } catch { UserId = 0; AuthTokenId = 0; return(false); } }
public void TokenProvidedExpiredWhenUserSignedRequestThrows() { IDelegatedApp client = this.GetDelegatedClient(); UserAuthToken authToken = client.AuthToken as UserAuthToken; Assert.That(authToken, Is.Not.Null); Assert.That(authToken.DeviceId, Is.Not.Empty); Assert.That(authToken.Expired, Is.False); IAppIdentity appIdentity = DelegatedAppIdentity.Master; IUserIdentity userIdentity = RecognizedUserIdentity.Master; TestContext.CurrentContext.DatabaseHelper().EnsureExpireUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId); AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes()); Assert.That(exception.EventId, Is.EqualTo("15848")); Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); StringAssert.IsMatch("El token de autenticación proporcionado ya venció", exception.Message); }
static public bool IsAuthenticated() { if (HttpContext.Current.Session[@"Authenticated"] != null && (bool)HttpContext.Current.Session[@"Authenticated"]) { return(!(IsLockOrDelete())); } else { HttpCookie cookie = HttpContext.Current.Request.Cookies[@"auth-token"]; if (cookie != null) { string[] auth = TeaEncryptor.Decrypt(cookie.Value, RememberMeCookieEncryptionKey).Split(':'); if (auth.Length == 2) { Int64 UserId; Int64 AuthTokenId; if (AuthTokens.ValidateAuthToken(auth[0], auth[1], out UserId, out AuthTokenId)) { Membership.UserAuthenticateResults results = Membership.UserLoggedInAction(UserId); if (results == Membership.UserAuthenticateResults.Success) { HttpContext.Current.Session[@"Authenticated"] = true; HttpContext.Current.Session[@"AuthTokenId"] = AuthTokenId; HttpContext.Current.Session[@"UserId"] = UserId; HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New <UserProfile>().Select(UserProfile.Columns.DefaultLangCode).Where(UserProfile.Columns.UserId, UserId).ExecuteScalar() as string; return(true); } else { UserAuthToken.Delete(AuthTokenId); HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @"")); } } else { HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @"")); } } } } return(false); }
public static UserAuthToken CheckAuthToken(string auth) { const string LOG_TITLE = "CheckAuthToken"; UserAuthToken TR = null; try { TR = UserAuthToken.FromAuthTokenKey(auth); } catch (Exception ex) { ex.Log(LogSeverity.Warning); } if (TR != null) { // Else we're going to use Windows Domain Auth. if (LoginUsingAD(TR.UserName, TR.Password, TimeSpan.Zero) != null) { var AI = EXSLogger.CreateAdditionalItemList("UserName", TR.UserName); AI["ExpDateUTC"] = TR.ExpiresUTC.ToString(); EXSLogger.Log("Auth Token Valid", LOG_TITLE, LogSeverity.Verbose, AI); return(TR); } } EXSLogger.Log("Auth Token is invalid", LOG_TITLE, LogSeverity.Warning); return(null); }
static public UserAuthToken GenerateAuthTokenForUserId(Int64 UserId, int LifeTimeInHours) { int tries = 3; UserAuthToken token = new UserAuthToken(); token.UserId = UserId; token.CreatedOn = DateTime.UtcNow; token.Expiry = token.CreatedOn.AddHours(LifeTimeInHours > 0 ? LifeTimeInHours : AuthTokenLifeSpan_UserId); token.Key = EncodeKey(UserId, AuthTokenKeySalt_UserId); while (tries > 0) { try { token.Secret = Guid.NewGuid(); token.Save(); return(token); } catch (System.Data.Common.DbException) { tries--; } } return(null); }
//public ActionResult Create([Bind(Include = "UserID,Username,Password,Salt,Email,IsEmailVerified,IsActive")] User user) public ActionResult Create([Bind(Include = "Username,Password,ConfirmPassword, Email")] UserCreateViewModel userVM) { if (db.Users.Any(u => u.Email == userVM.Email)) { ModelState.AddModelError("Email", "Email in use"); } if (db.Users.Any(u => u.Username == userVM.Username)) { ModelState.AddModelError("Username", "Username in use"); } //UserID,Salt,IsEmailVerified,IsActive; if (ModelState.IsValid) { User user = new User(); user.Username = userVM.Username; //user.Password = userVM.Password; user.Email = userVM.Email; //user.Salt = BCryptHelper.GenerateSalt(); string pwdToHash = userVM.Password + "*)&h9"; user.Password = BCryptHelper.HashPassword(pwdToHash, BCryptHelper.GenerateSalt()); //db.Users.Add(user); //db.SaveChanges(); //try //{ // db.SaveChanges(); //} //catch (DbUpdateException e) //{ // //if(e.InnerException.ToString().Contains("Cannot insert duplicate key row in object 'redxadmin.Users' with unique index 'IX_Email'")) // if(db.Users.Any(u => u.Email == userVM.Email)) // { // ModelState.AddModelError("Email", "Email in use"); // } // //if (e.InnerException.ToString().Contains("Cannot insert duplicate key row in object 'redxadmin.Users' with unique index 'IX_Username'")) // if(db.Users.Any(u => u.Username == userVM.Username)) // { // ModelState.AddModelError("Username", "Username in use"); // } // return View(userVM); //} FormsAuthentication.SetAuthCookie(userVM.Username, false); //MailMessage mMsg = new MailMessage("*****@*****.**", user.Email); //mMsg.Subject = "Account created"; //mMsg.Body = "An account with username " + user.Username + " has been created on bookmarky.redx.rocks"; //SmtpClient smtpClient = new SmtpClient(); //smtpClient.Send(mMsg); //smtpClient.Dispose(); db.Users.Add(user); db.SaveChanges(); UserAuthToken uat = new UserAuthToken(); uat.UserID = user.UserID; uat.AuthToken = BCryptHelper.GenerateSalt(); uat.ExpireDate = DateTime.Now; db.UserAuthTokens.Add(uat); db.SaveChanges(); return(RedirectToAction("Index", "Home")); } return(View(userVM)); }
static public string AccessToken(UserAuthToken authToken) { return(AccessToken(authToken.Secret.ToString(), authToken.Key)); }
public void DeletSecuirtyToken(UserAuthToken userSecurityToken) { _userSecuirtyToken.Remove(userSecurityToken); }
public void AddSecuirtyToken(UserAuthToken userSecurityToken) { _userSecuirtyToken.Add(userSecurityToken); }
private static UserAuthToken LoginUsingAD(string userName, string password, TimeSpan ttl) { const string LOG_TITLE = "LoginUsingAD"; string CacheKey = "RTS.Service.Business.AuthController.LoginUsingAD:UserAuthToken:" + userName + ":" + password; var AI = EXSLogger.CreateAdditionalItemList("UserName", userName); //AI["UserName"] = userName; AI["Password"] = string.IsNullOrEmpty(password) ? "" : password.Length < 2 ? "*" : password.Substring(0, 1) + "**********" + password.Substring(password.Length - 1, 1); AI["TimeToLive"] = ttl; // Look in the cache first. The process of going into AD takes forever (sometimes)! var URFromCache = ApplicationCache.CacheManagerGet <UserAuthToken>(CacheKey); if (URFromCache != null) { // If it's in the cache but is expired, then we go through the entire // AD auth process again. Otherwise lets work with this token. if (URFromCache.ExpiresUTC > DateTime.UtcNow) { EXSLogger.Log("RTS.Service.Business.AuthService: Credentials found in my cache and were not expired.", LOG_TITLE, LogSeverity.Verbose, AI); // If they passed us a TimeSpan of Zero, then they're just checking the Auth. // Otherwise they're logging someone in so we need to apply their TimeSpan. if (ttl != TimeSpan.Zero) { URFromCache.ExpiresUTC = DateTime.UtcNow.Add(ttl); URFromCache.GenerateAuthTokenKey(); } return(URFromCache); } // Clear item out of the cache - we're doing to go through the whole // AD process again. //ApplicationCache.CacheManagerSet(CacheKey, null, TimeSpan.Zero); ApplicationCache.CacheManagerRemove(CacheKey); EXSLogger.Log("RTS.Service.Business.AuthService: Credentials found in my cache, but were expired so we will check Active Directory again.", LOG_TITLE, LogSeverity.Verbose, AI); } // Else we have to go through this whole process. var ConString = ConnectionManager.GetRegEntConnectionString(); bool adPassed = false; string joinedName = null; var adSetting = new ADSetting(); string[] username = userName.Split('\\'); if (username.Length > 1) { switch (username[0].ToLower()) { case "expoexchange": adSetting.ADServer = "expoexchange.com"; break; case "exporeg": adSetting.ADServer = "reg.expoexchange.com"; break; case "conferon-inc": adSetting.ADServer = "conferon.local"; break; default: adSetting.ADServer = "reg.expoexchange.com"; break; } adSetting.ADUser = username[1]; using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, adSetting.ADServer)) { adPassed = ctx.ValidateCredentials(adSetting.ADUser, password); if (adPassed) { joinedName = userName; } } } else { // Try all 3? adSetting.ADServer = "conferon.local|reg.expoexchange.com|expoexchange.com"; adSetting.ADUser = userName; using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "conferon.local")) adPassed = ctx.ValidateCredentials(adSetting.ADUser, password); if (adPassed) { joinedName = string.Format("conferon-inc\\{0}", adSetting.ADUser); } else { using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "reg.expoexchange.com")) adPassed = ctx.ValidateCredentials(adSetting.ADUser, password); if (adPassed) { joinedName = string.Format("exporeg\\{0}", adSetting.ADUser); } else { using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "expoexchange.com")) adPassed = ctx.ValidateCredentials(adSetting.ADUser, password); if (adPassed) { joinedName = string.Format("expoexchange\\{0}", adSetting.ADUser); } } } } adSetting.ADPassword = password; adSetting.ADPath = "LDAP://"; if (!adPassed) { EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login failed.", LOG_TITLE, LogSeverity.Verbose, AI); return(null); } var Controller = new BusinessPrincipalController(ConString); // Perform the AD authentication for this username and password. //var UI = Controller.Login(adSetting); var UI = Controller.GetUserIdentity(joinedName); if (UI != null) { // AD authentication works. Now let's check to make sure this user has EXS_CRM // application rights according to the EXS Framework/system. DataTable ToFill = null; new SecurityController().LoadApplicationUsers(out ToFill, CRMConfig.ApplicationCode); if (ToFill.AsEnumerable().OfType <DataRow>().Any(R => R["UserID"] != DBNull.Value && Convert.ToInt32(R["UserID"]) == UI.UserID)) { var TR = new UserAuthToken() { //UserName = adSetting.ADUser, UserName = UI.UserName, Password = adSetting.ADPassword, ExpiresUTC = (ttl == TimeSpan.Zero) ? DateTime.MaxValue : DateTime.UtcNow.Add(ttl) }; CacheKey = "RTS.Service.Business.AuthController.LoginUsingAD:UserAuthToken:" + UI.UserName + ":" + password; TR.GenerateAuthTokenKey(); // Throw it in the cache. ApplicationCache.CacheManagerSet(CacheKey, TR, TimeSpan.FromMinutes(60)); EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login succeeded.", LOG_TITLE, LogSeverity.Verbose, AI); return(TR); } EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login succeeded, but user is not in the EXS CRM group.", LOG_TITLE, LogSeverity.Verbose, AI); } EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login failed.", LOG_TITLE, LogSeverity.Verbose, AI); return(null); }