private static UserValidationResult GetUserViaSessionToken(bool requirePin) { var sessionToken = HttpContext.Current.Request.Headers["SessionToken"]; if (string.IsNullOrEmpty(sessionToken)) { //DbUtil.LogActivity("GetUserViaSession==null"); return(null); } var result = ApiSessionModel.DetermineApiSessionStatus(Guid.Parse(sessionToken), requirePin, HttpContext.Current.Request.Headers["PIN"].ToInt2()); //DbUtil.LogActivity("GetUserViaSession==" + result.Status.ToString()); switch (result.Status) { case ApiSessionStatus.SessionTokenNotFound: return(UserValidationResult.Invalid(UserValidationStatus.SessionTokenNotFound)); case ApiSessionStatus.SessionTokenExpired: return(UserValidationResult.Invalid(UserValidationStatus.SessionTokenExpired, user: result.User)); case ApiSessionStatus.PinExpired: return(UserValidationResult.Invalid(UserValidationStatus.PinExpired, user: result.User)); case ApiSessionStatus.PinInvalid: return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid)); } return(ValidateUserBeforeLogin(result.User.Username, HttpContext.Current.Request.Url.OriginalString, result.User, userExists: true)); }
public static UserValidationResult ResetSessionExpiration(string sessionToken) { if (string.IsNullOrEmpty(sessionToken)) { return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null)); } //throw new ArgumentNullException("sessionToken"); var userStatus = AuthenticateMobile(requirePin: true); if (userStatus.Status == UserValidationStatus.Success || userStatus.Status == UserValidationStatus.PinExpired || userStatus.Status == UserValidationStatus.SessionTokenExpired) { var result = ApiSessionModel.ResetSessionExpiration(userStatus.User, HttpContext.Current.Request.Headers["PIN"].ToInt2()); if (!result) { return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid)); } userStatus.Status = UserValidationStatus.Success; } return(userStatus); }
/// <summary> /// When user is not authenticated look for magic key in the header and log user in. /// </summary> /// <param name="filterContext"></param> public void OnAuthorization(AuthorizationFilterContext filterContext) { // See if the AllowAnonymous attribute has been used for the action and skip over. if (IsAllowAnonymous(filterContext.Filters) == false) { IdentityService identityService = BLL.Startup.IdentityService; // see if the user is already authenticated. if (filterContext.HttpContext.User.Identity.IsAuthenticated == true) { if (identityService.IsInRoles(filterContext.HttpContext.User, this.Roles) == false) { // The already logged in user is not allowed to access this page. filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden); } } else { // Check for the header token. string token = filterContext.HttpContext.Request.Headers[ApiAuthorizationController.HeaderTokenName].ToString(); if (token.IsNullOrEmpty() == false) { ApiLoginRepository loginRepo = (ApiLoginRepository)DAL.Startup.ApiLoginRepository; loginRepo.ClearExpiredLogins(ApiAuthorizationController.TimeoutHours); ApiSessionModel model = loginRepo.Fetch(token); if (model != null) { Microsoft.AspNetCore.Identity.SignInResult signInResult = (identityService.LoginAsync(new ApiLoginModel() { Email = model.Email, Password = model.Password }, mustBeInRole: "Api")).Result; if (signInResult.Succeeded == false) { filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden); } signInResult = null; } else { filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden); } model = null; loginRepo = null; } else { filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden); } } identityService = null; } }
public override string ResetPassword(string username, string answer) { username = Util.GetUserName(username); if (!EnablePasswordReset) { throw new NotSupportedException("Password reset is not enabled."); } var db = GetDb(); var user = db.Users.SingleOrDefault(u => u.Username == username); if (user == null) { throw new MembershipPasswordException("The supplied user name is not found."); } if (answer == null && RequiresQuestionAndAnswer) { UpdateFailureCount(db, user, "passwordAnswer"); throw new ProviderException("Password answer required for password reset."); } var newPassword = Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters); var args = new ValidatePasswordEventArgs(username, newPassword, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } else { throw new MembershipPasswordException("Reset password canceled due to password validation failure."); } } if (user.IsLockedOut) { throw new MembershipPasswordException("The supplied user is locked out."); } if (RequiresQuestionAndAnswer && !CheckPassword(answer, user.PasswordAnswer)) { UpdateFailureCount(db, user, "passwordAnswer"); throw new MembershipPasswordException("Incorrect password answer."); } user.Password = EncodePassword(newPassword); user.LastPasswordChangedDate = Util.Now; ApiSessionModel.DeleteSession(db, user); db.SubmitChanges(); return(newPassword); }
public static UserValidationResult AuthenticateMobile(string role = null, bool checkOrgLeadersOnly = false, bool requirePin = false) { var userStatus = GetUserViaCredentials() ?? GetUserViaSessionToken(requirePin); if (userStatus == null) { return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null)); } //throw new Exception("Could not authenticate user, Authorization or SessionToken headers likely missing."); if (!userStatus.IsValid) { return(userStatus); } var user = userStatus.User; var roleProvider = CMSRoleProvider.provider; if (role == null) { role = "Access"; } if (roleProvider.RoleExists(role)) { if (!roleProvider.IsUserInRole(user.Username, role)) { userStatus.Status = UserValidationStatus.UserNotInRole; return(userStatus); } } UserName2 = user.Username; SetUserInfo(user.Username, HttpContext.Current.Session, deleteSpecialTags: false); //DbUtil.LogActivity("iphone auth " + user.Username); if (checkOrgLeadersOnly && !Util2.OrgLeadersOnlyChecked) { DbUtil.LogActivity("iphone leadersonly check " + user.Username); if (!Util2.OrgLeadersOnly && roleProvider.IsUserInRole(user.Username, "OrgLeadersOnly")) { Util2.OrgLeadersOnly = true; DbUtil.Db.SetOrgLeadersOnly(); DbUtil.LogActivity("SetOrgLeadersOnly"); } Util2.OrgLeadersOnlyChecked = true; } ApiSessionModel.SaveApiSession(userStatus.User, requirePin, HttpContext.Current.Request.Headers["PIN"].ToInt2()); return(userStatus); }
public async Task <ActionResult> Login([FromBody] ApiLoginModel model) { Repository.ClearExpiredLogins(TimeoutHours); if (ModelState.IsValid == true) { Microsoft.AspNetCore.Identity.SignInResult signInResult = await this.IdentityService.LoginAsync(model, mustBeInRole : "Api"); if (signInResult != null) { if (signInResult.Succeeded == true) { ApiSessionModel apiSessionModel = Repository.FetchByLogin(model); if (apiSessionModel != null) { apiSessionModel.SessionStarted = DateTime.Now; } else { // store username, password and email for later in in memory repo apiSessionModel = new ApiSessionModel() { Email = model.Email, Password = model.Password, Token = Guid.NewGuid().ToString().Replace("-", string.Empty), SessionStarted = DateTime.Now }; Repository.Create(apiSessionModel); } Repository.Save(); // return magic key Response.Headers.Add(new KeyValuePair <string, StringValues>(HeaderTokenName, apiSessionModel.Token)); return(Ok()); } else { return(new StatusCodeResult(403)); // forbidden } } else { return(new StatusCodeResult(403)); // forbidden } } else { return(new StatusCodeResult(403)); // forbidden } }
public async Task <ActionResult> Logout() { string apiToken = Request.Headers["ApiToken"]; // Delete magic key ApiSessionModel model = Repository.Fetch(apiToken); if (model != null) { Repository.Delete(model); Repository.Save(); } await this.IdentityService.LogoutAsync(); return(Ok()); }
public static UserValidationResult AuthenticateMobile2(CMSDataContext cmsdb, CMSImageDataContext cmsidb, bool checkOrgLeadersOnly = false, bool requirePin = false) { var userStatus = GetUserViaCredentials() ?? GetUserViaSessionToken(cmsdb, requirePin); if (userStatus == null) { //DbUtil.LogActivity("userStatus==null"); return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null)); //throw new Exception("Could not authenticate user, Authorization or SessionToken headers likely missing."); } if (!userStatus.IsValid) { return(userStatus); } var user = userStatus.User; var roleProvider = CMSRoleProvider.provider; UserName2 = user.Username; SetUserInfo(cmsdb, cmsidb, user.Username, deleteSpecialTags: false); if (checkOrgLeadersOnly && !Util2.OrgLeadersOnlyChecked) { if (!Util2.OrgLeadersOnly && roleProvider.IsUserInRole(user.Username, "OrgLeadersOnly")) { Util2.OrgLeadersOnly = true; cmsdb.SetOrgLeadersOnly(); CmsData.DbUtil.LogActivity("SetOrgLeadersOnly"); } Util2.OrgLeadersOnlyChecked = true; } CMSMembershipProvider.provider.SetAuthCookie(user.Username, false); ApiSessionModel.SaveApiSession(cmsdb, userStatus.User, requirePin, HttpContextFactory.Current.Request.Headers["PIN"].ToInt2()); return(userStatus); }
public static UserValidationResult ResetSessionExpiration(CMSDataContext cmsdb, CMSImageDataContext cmsidb, string sessionToken) { if (string.IsNullOrEmpty(sessionToken)) { return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null)); } var userStatus = AuthenticateMobile(cmsdb, cmsidb, requirePin: true); if (userStatus.Status == UserValidationStatus.Success || userStatus.Status == UserValidationStatus.PinExpired || userStatus.Status == UserValidationStatus.SessionTokenExpired) { var result = ApiSessionModel.ResetSessionExpiration(cmsdb, userStatus.User, HttpContextFactory.Current.Request.Headers["PIN"].ToInt2()); if (!result) { return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid)); } userStatus.Status = UserValidationStatus.Success; } return(userStatus); }
public override bool ChangePassword(string username, string oldPwd, string newPwd) { username = Util.GetUserName(username); if (!ValidateUser(username, oldPwd)) { return(false); } var args = new ValidatePasswordEventArgs(username, newPwd, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } else { throw new MembershipPasswordException("Change password canceled due to new password validation failure."); } } if (!AdminOverride) { if (newPwd.Length < MinRequiredPasswordLength) { throw new ArgumentException("Password must contain at least {0} chars".Fmt(MinRequiredPasswordLength)); } if (MembershipService.RequireSpecialCharacter) { if (newPwd.All(char.IsLetterOrDigit)) { throw new ArgumentException("Password needs at least 1 non-alphanumeric chars"); } } if (MembershipService.RequireOneNumber) { if (!newPwd.Any(char.IsDigit)) { throw new ArgumentException("Password needs at least 1 number"); } } if (MembershipService.RequireOneUpper) { if (!newPwd.Any(char.IsUpper)) { throw new ArgumentException("Password needs at least 1 uppercase letter"); } } } var db = GetDb(); var user = db.Users.Single(u => u.Username == username); user.Password = EncodePassword(newPwd); user.MustChangePassword = false; user.LastPasswordChangedDate = Util.Now; ApiSessionModel.DeleteSession(db, user); db.SubmitChanges(); return(true); }
public static void ExpireSessionToken(string sessionToken) { ApiSessionModel.ExpireSession(Guid.Parse(sessionToken)); }
public static void ExpireSessionToken(CMSDataContext db, string sessionToken) { ApiSessionModel.ExpireSession(db, Guid.Parse(sessionToken)); }