internal static string LoginAnonymousImp()
{
SetupImp();
Securable s = new Securable(typeof(ApplicationExceptionSecureService).FullName);
if (!s.AllowAnonymousAccess)
return null;
if (System.Web.HttpContext.Current != null)
{
IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);
ipr = AddIPImp(s);
// ipr.SessionsCreated = ipr.SessionsCreated + 1;
// ipr.Update();
// IPSessionRegistration
CheckIPImp(s, ipr);
}
ModelSession ms = new ModelSession(GenerateSessionTokenImp());
ms.User = new ModelUser("Everyone");
ms.TimeIssued = DateTime.Now;
ms.TimeIssuedFor = s.TimeSessionIsIssued;
ms.Create();
return ms.SessionToken;
}
internal static void CreateSessionImp(ref ModelSession ms, string userName, string password)
{
if (userName.ToLowerInvariant() == "everyone")
throw new InvalidOperationException("Wrong API call for anonymous access.");
Securable s = new Securable(typeof(ApplicationExceptionSecureService).FullName);
ModelUser mu = new ModelUser(userName);
if (!mu.Exists)
{
if (System.Web.HttpContext.Current != null)
{
IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);
RegisterIPFailureImp(s, ipr);
}
throw new UnauthorizedAccessException("Access Denied");
}
if (!Platform.Runtime.Security.Hash.VerifyHash(password, "SHA512", mu.PasswordHash))
{
if (System.Web.HttpContext.Current != null)
{
IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);
RegisterIPFailureImp(s, ipr);
}
throw new UnauthorizedAccessException("Access Denied");
}
if (!mu.Enabled && !ApplicationExceptionSecureService.CheckUserRightsImp(userName, "CannotBeDisabled"))
{
if (System.Web.HttpContext.Current != null)
{
IPRegistered ipr = new IPRegistered(System.Web.HttpContext.Current.Request.UserHostAddress);
RegisterIPFailureImp(s, ipr);
}
throw new UnauthorizedAccessException("Access Denied"); // LoginDisabledException
}
ms.User = mu;
ms.TimeIssued = DateTime.Now;
ms.TimeIssuedFor = s.TimeSessionIsIssued;
ms.Create();
}
