/// <summary>
/// verificará que el usuario esté habilitado para resetear o desbloquear un UW y que no registre un ausentismo para ese día.
/// </summary>
/// <param name="userName"></param>
/// <param name="domainId"></param>
public static EmpleadoReseteoBE VirifyUser(string userName, int domainId)
{
EmpleadoReseteoBE item = null;
var connectionString = Common.GetCnn(Common.CnnStringNameMeucci).ConnectionString;
using (SqlConnection cnn = new SqlConnection(connectionString))
using (SqlCommand cmd = new SqlCommand("dbo.usp_ReseteoWebVerificarUsuario", cnn)
{
CommandType = System.Data.CommandType.StoredProcedure
})
{
cnn.Open();
/// FACTURA_NRO
cmd.Parameters.AddWithValue("@UW", userName);
cmd.Parameters.AddWithValue("@dom_id", domainId);
using (IDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
item = new EmpleadoReseteoBE();
item.Legajo = Convert.ToInt32(reader["Legajo"]);
item.CAIS = Convert.ToBoolean(reader["CAIS"]);
item.Cuenta = reader["Cuenta"].ToString();
item.Cargo = reader["Cargo"].ToString();
item.Emp_id = Convert.ToInt32(reader["Legajo"]);
item.DomainId = domainId;
item.WindowsUser = userName;
}
}
return(item);
}
}
public static string GenerateTokenJwt(EmpleadoReseteoBE empleado)
{
// appsetting for Token JWT
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
// audiencia quien genera el tocken
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
//identifica quien consume y uusa el tocken : El cliente
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
//hora de caducidad a partir de la cual el JWT NO DEBE ser aceptado para su procesamiento.
var expireTime = ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
// create a claimsIdentity
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, empleado.WindowsUser) });
claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, empleado.WindowsUser));
claimsIdentity.AddClaim(new Claim("Emp_id", empleado.Emp_id.ToString()));
claimsIdentity.AddClaim(new Claim("Legajo", empleado.Legajo.ToString()));
claimsIdentity.AddClaim(new Claim("dom_id", empleado.DomainId.ToString()));
claimsIdentity.AddClaim(new Claim("cuenta", empleado.Cuenta));
claimsIdentity.AddClaim(new Claim("cargo", empleado.Cargo));
claimsIdentity.AddClaim(new Claim("CAIS", empleado.CAIS.ToString()));
claimsIdentity.AddClaim(new Claim("isRessetUser", empleado.isRessetUser.ToString()));
// create token to the user
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: signingCredentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
return(jwtTokenString);
}
public static string GenerateTokenMeucci(EmpleadoReseteoBE emmpleadoBE)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(apiAppSettings.serverSettings.apiConfig.api_secretKey);
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, emmpleadoBE.WindowsUser) });
if (emmpleadoBE != null)
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, emmpleadoBE.WindowsUser));
claimsIdentity.AddClaim(new Claim("Emp_id", emmpleadoBE.Emp_id.ToString()));
claimsIdentity.AddClaim(new Claim("Legajo", emmpleadoBE.Legajo.ToString()));
claimsIdentity.AddClaim(new Claim("dom_id", emmpleadoBE.DomainId.ToString()));
claimsIdentity.AddClaim(new Claim("cuenta", emmpleadoBE.Cuenta));
claimsIdentity.AddClaim(new Claim("cargo", emmpleadoBE.Cargo));
claimsIdentity.AddClaim(new Claim("CAIS", emmpleadoBE.CAIS.ToString()));
}
var tokenDescriptor = new SecurityTokenDescriptor
{
Audience = apiAppSettings.serverSettings.apiConfig.api_audienceToken,
Subject = claimsIdentity,
Expires = DateTime.UtcNow.AddMinutes(Convert.ToInt32(apiAppSettings.serverSettings.apiConfig.api_expireTime)),
Issuer = apiAppSettings.serverSettings.apiConfig.api_issuerToken,
NotBefore = DateTime.UtcNow,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var secToken = tokenHandler.CreateToken(tokenDescriptor);
var jwtTokenString = tokenHandler.WriteToken(secToken);
return(jwtTokenString);
}
public HttpResponseMessage Authenticate(LoginRequest login)
{
if (login == null)
{
return(apiHelper.fromEx(new HttpResponseException(HttpStatusCode.BadRequest)));
}
if (string.IsNullOrEmpty(login.username))
{
return(apiHelper.fromEx(new HttpResponseException(HttpStatusCode.BadRequest)));
}
try
{
var domName = ActiveDirectoryService.Get_correct_DomainName(login.domain);
///Virifica contra domino
var res = ActiveDirectoryService.User_Logon(login.username, login.password, domName);
//var resp = apiHelper.fromObject<LoogonUserResult>(res);
if (res.LogResult == "LOGIN_USER_OR_PASSWORD_INCORRECT")
// if (res.Autenticated == false)
{
//return Unauthorized();
return(apiHelper.fromErrorString("El usuario y/o contraseña es incorrecto ", HttpStatusCode.Unauthorized));
}
if (res.LogResult == "LOGIN_USER_DOESNT_EXIST")
{
return(apiHelper.fromErrorString("El usuario no existe en el dominio " + login.domain, HttpStatusCode.Unauthorized));
}
//si la verificacion contra dominio es OK
//busco info del dmonio
int dom_id = MeucciDAC.GetDimainId(login.domain);
var emmpleadoBE = MeucciDAC.VirifyUser(login.username, dom_id);
//Emp_Id, legajo correspondiente al usuario reseteador, si devuelve NULL mostrar el mensaje “Usuario no registrado en Meucci” y cerrar aplicación.
//o Cue_Id, cuenta correspondiente al usuario reseteador, si devuelve NULL y el campo CAIS es 0, mostrar el mensaje “Usuario no habilitado”
if (emmpleadoBE == null)
{
emmpleadoBE = new EmpleadoReseteoBE();
emmpleadoBE.Emp_id = -1;
emmpleadoBE.WindowsUser = login.username;
emmpleadoBE.Legajo = -1;
emmpleadoBE.Legajo = -1;
emmpleadoBE.CAIS = false;
emmpleadoBE.isRessetUser = false;
emmpleadoBE.Cuenta = "";
emmpleadoBE.Cargo = "";
//return apiHelper.fromErrorString("Usuario no registrado en Meucci", HttpStatusCode.Unauthorized);
}
if (string.IsNullOrEmpty(emmpleadoBE.Cuenta) && emmpleadoBE.CAIS == false)
{
emmpleadoBE.isRessetUser = false;
//return apiHelper.fromErrorString("Usuario no habilitado ", HttpStatusCode.Unauthorized);
}
else
{
emmpleadoBE.isRessetUser = true;
}
emmpleadoBE.Dominio = login.domain;
var token = TokenGenerator.GenerateTokenJwt(emmpleadoBE);
//return Ok(token);
return(apiHelper.fromObject <string>(token));
}
catch (Exception ex)
{
return(apiHelper.fromEx(ex));
//return new System.Web.Http.Results.ExceptionResult(ex,this);
}
}
