Beispiel #1
0
        public string Login(string portalId, string userId, string password)
        {
            UserLoginStatus loginStatus = new UserLoginStatus();
            UserInfo        user        = UserController.ValidateUser(Convert.ToInt32(portalId), userId, password,
                                                                      "", "", "0.0.0.0", ref loginStatus);

            if (user == null)
            {
                throw new Exception("Access Request Denied. Invalid UserId and Password");
            }
            Guid tokenId = Guid.NewGuid();
            BBStoreSecurityToken token = new BBStoreSecurityToken()
            {
                UserId   = user.UserID,
                PortalId = Convert.ToInt32(portalId),
                UserName = user.Username
            };

            DataCache.SetCache("BBStoreSecurityToken_" + tokenId.ToString(), token, new TimeSpan(0, 5, 0));
            return(tokenId.ToString());
        }
Beispiel #2
0
        public object BeforeCall(string operationName, object[] inputs)
        {
            // token will always be the last parameter
            int    index   = inputs.Length - 1;
            string TokenId = inputs[index].ToString();

            // first make sure token exists
            BBStoreSecurityToken token = (BBStoreSecurityToken)DataCache.GetCache("BBStoreSecurityToken_" + TokenId);

            if (token == null)
            {
                throw new Exception("Security Token Expired. Please request a new Token");
            }

            // if token exists, check user roles
            UserInfo user = UserController.GetUserById(token.PortalId, token.UserId);

            if (!user.IsInRole(Role))
            {
                throw new Exception("Access Denied. Role Membership Requirements not met.");
            }
            return(null);
        }