public UserAuthenticateResponse Get(UserAuthenticateRequest request)
{
UserAuthenticateResponse response = new UserAuthenticateResponse();
try
{
//build the token from the user authentication request remote machine for additional security
//this will then be passed in from calling domains via the header for validation
string securityToken = BuildSecurityToken();
request.UserName = Request.Headers["UserName"];
request.Password = Request.Headers["Password"];
request.APIKey = Request.Headers["APIKey"];
request.Context = Request.Headers["Context"];
// validate user against apiuser datastore
response = SecurityManager.ValidateCredentials(request.UserName, request.Password, securityToken, request.APIKey, request.Context, request.ContractNumber);
return(response);
}
catch (Exception ex)
{
//TODO: Log this to the SQL database via ASE
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
return(response);
}
}
public UserControllerTests()
{
_userService = new Mock <IUserService>();
_userListResponse = new List <UserListResponse>();
_userAuthenticateResponse = new UserAuthenticateResponse();
_userAuthenticateRequest = new Mock <UserAuthenticateRequest>();
_sut = new UsersController(_userService.Object);
}
public static UserAuthenticateResponse ValidateCredentials(string userName, string password, string securityToken, string apiKey, string productName, string contractNumber)
{
try
{
ISecurityRepository <UserAuthenticateResponse> securityRepo = SecurityRepositoryFactory <UserAuthenticateResponse> .GetSecurityRepository(productName);
UserAuthenticateResponse response = securityRepo.LoginUser(userName, password, securityToken, apiKey, productName, contractNumber);
return(response);
}
catch (Exception)
{
throw;
}
}
private async Task ResetToken()
{
HttpClient httpClient = new HttpClient();
string accessToken = _httpContextAccessor.HttpContext.User.GetClaimValue(ConstantString.AccessToken);
httpClient.DefaultRequestHeaders.Add(ConstantString.AccessToken, accessToken);
httpClient.DefaultRequestHeaders.Add(Headers.ClientID, Common.ClientID);
httpClient.DefaultRequestHeaders.Add(Headers.SecreteToken, Common.ClientSecretKey);
string refreshToken = _httpContextAccessor.HttpContext.User.GetClaimValue(ConstantString.RefreshToken);
httpClient.DefaultRequestHeaders.Add(ConstantString.RefreshToken, refreshToken);
string url = APIURL.IdentityBaseUri + IdentityAPI.Account.RefreshAccessToken;
httpClient.BaseAddress = new Uri(url);
var objToken = new
{
UserName = _httpContextAccessor.HttpContext.User.Identity.Name
};
HttpContent content = CreateHttpContent <object>(objToken);
HttpResponseMessage response = await httpClient.PostAsync(url, content);
UserAuthenticateResponse userAuth = JsonConvert.DeserializeObject <UserAuthenticateResponse>(response.Content.ReadAsStringAsync().Result);
if (userAuth.IsAuthenticate)
{
ApplicationUser user = new ApplicationUser()
{
AccessToken = userAuth.AccessToken,
UsersRoles = userAuth.UsersRoles,
RefreshToken = userAuth.RefreshToken,
UserID = userAuth.UserID,
UserName = _httpContextAccessor.HttpContext.User.Identity.Name,
Email = _httpContextAccessor.HttpContext.User.Identity.Name,
EmailConfirmed = true,
PhoneNumberConfirmed = false,
//PasswordHash = model.Password,
//PhoneNumber = "111-222-3344",
SecurityStamp = Guid.NewGuid().ToString() //THIS IS WHAT I NEEDED
};
//updating the current claim for continuous process
_httpContextAccessor.HttpContext.User.AddUpdateClaim(ConstantString.AccessToken, userAuth.AccessToken);
//updating the current claim for refreshUser
await _signInManager.RefreshSignInAsync(user);
}
}
public async Task <IActionResult> ExternalLoginSuccess(string param)
{
string returnurl = TempData["ReturnURL"] as string;
string loginError = "/login" + CultureURL + "?ReturnUrl=" + returnurl;
var objparam = new
{
arg = param,
};
//provide login token by contender identity server. need to authenticate this token from c-identity server.
string url = APIURL.IdentityBaseUri + IdentityAPI.Account.AuthenticateExternalLogin;
UserAuthenticateResponse userAuth = await _apiClient.PostAsync <UserAuthenticateResponse>(objparam, APIURL.IdentityBaseUri + IdentityAPI.Account.AuthenticateExternalLogin, true, false);
if (userAuth == null)
{
ActionMessage("Identity server not working", MessageType.Warning);
}
else if (userAuth.IsAuthenticate)
{
if (string.IsNullOrEmpty(returnurl))
{
RoleManager _role = new RoleManager();
returnurl = await _role.GetRoleRedirectURL(userAuth.UsersRoles, GetSiteID);
if (returnurl == null)
{
returnurl = "/dashboard/dashboard/index" + CultureURL;
}
else
{
returnurl = returnurl + CultureURL;
}
}
await AuthenticateUser(userAuth, returnurl);
return(Redirect(returnurl));
}
else
{
ActionMessage(userAuth.Message, MessageType.Error);
}
return(Redirect(loginError));
}
private async Task AuthenticateUser(UserAuthenticateResponse userAuth, string redirectURI)
{
// JObject objRes = userAuth.Result as JObject;
//UserBasicInfo resUser = objRes.ToObject<UserBasicInfo>();
//ApplicationUser user = new ApplicationUser()
//{
// AccessToken = userAuth.AccessToken,
// UsersRoles = userAuth.UsersRoles,
// RefreshToken = userAuth.RefreshToken,
// UserID = userAuth.UserID,
// UserName = resUser.UserName,
// Email = resUser.Email,
// EmailConfirmed = resUser.EmailConfirmed,
// PhoneNumberConfirmed = resUser.PhoneNumberConfirmed,
// PasswordHash = resUser.PasswordHash,
// PhoneNumber = resUser.PhoneNumber,
// SecurityStamp = resUser.SecurityStamp, //THIS IS WHAT I NEEDED
//};
ApplicationUser user = new ApplicationUser()
{
AccessToken = userAuth.AccessToken,
UsersRoles = userAuth.UsersRoles,
RefreshToken = userAuth.RefreshToken,
UserID = userAuth.UserID,
UserName = "******",
Email = "*****@*****.**",
EmailConfirmed = true,
PhoneNumberConfirmed = false,
PasswordHash = "6mWE8GCUiuVtO5Tvx4zgGEG5WnwBsA/9I+nLFa+7cnObIDtKCGshc9UxrjU4DyBo6pWCe5XZTyyizbtkPiI8nw==",
PhoneNumber = string.Empty,
SecurityStamp = "1fc9f86395b74d0ba81761096da0f844",
};
var authenticationProperties = new AuthenticationProperties()
{
RedirectUri = redirectURI,
ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
IsPersistent = true,
AllowRefresh = true
};
await _signInManager.SignInAsync(user, authenticationProperties);
}
public async Task <UserAuthenticateResponse> Authenticate(UserAuthenticateRequest userAuthenticateRequest)
{
var secretKey = _configuration["AppSettings:Secret"].ToString();
//TODO:Add Hash operations
var user = await _repository.Get(x => x.UserName == userAuthenticateRequest.UserName && x.Password == userAuthenticateRequest.Password);
if (user == null)
{
return(new UserAuthenticateResponse
{
Message = "User Not Found",
Success = false
});
}
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(secretKey);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var response = new UserAuthenticateResponse
{
UserName = user.UserName,
Token = tokenHandler.WriteToken(token)
};
return(_mapper.Map <UserAuthenticateResponse>(response));
}
public async Task <IActionResult> Login(LoginViewModel model)
{
WebBuilderController webBuilderController = new WebBuilderController();
IList <ControllerDetail> controllerDetails = await webBuilderController.GetMethodDetails("login", GetSiteID);
MethodInvoke methodInvoke = new MethodInvoke();
//if (controllerDetails?.Count > 0)
// methodInvoke.Execute(controllerDetails[0], GetReuseableParams(_memoryCache), new List<ControllerDetail>());
string _loginTryCount = string.Format("loginTryCount{0}", model.UserEmail);
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
string loginError = "/login" + CultureURL + "?ReturnUrl=" + model.ReturnURL;
if (ModelState.IsValid)
{
int tryCount = 1;
string tryCountStr = TempData[_loginTryCount]?.ToString();
if (tryCountStr != null)
{
tryCount = int.Parse(tryCountStr) + 1;
}
//process for lockout
if (tryCount >= 10)
{
OperationStatus rs = new OperationStatus()
{
Message = "Account locked out"
};
if (tryCount == 10)
{
var lockout = new
{
UserName = model.UserEmail,
};
rs = await _apiClient.PostAsync <OperationStatus>(lockout, APIURL.IdentityBaseUri + IdentityAPI.Account.LockOutAccount, true, false);
}
TempData[_loginTryCount] = tryCount;
ActionMessage(rs.Message, MessageType.Error);
return(Redirect(loginError));
}
if (tryCount >= 3) // process for captcha
{
SettingHelper settingHelper = new SettingHelper();
Dictionary <string, string> settingValues = settingHelper.GetSettingValuesByKeys(string.Format("{0},{1}", SettingKeys.CaptchaServer, SettingKeys.CaptchaType));
loginError += "&captcha=true&type=" + settingValues[SettingKeys.CaptchaType];
if (tryCount > 3)
{
_captchaServer = settingValues[SettingKeys.CaptchaServer];
var rs = await ValidateCaptcha(model.cbuildercaptcharesponse, model.CaptchaAnswer);
if (!rs.IsSuccess)
{
ActionMessage(rs.Message, MessageType.Error);
return(Redirect(loginError));
}
}
}
var obj = new
{
username = model.UserEmail,
password = model.UserPassword
};
//UserAuthenticateResponse userAuth = await _apiClient.PostAsync<UserAuthenticateResponse>(obj, APIURL.IdentityBaseUri + IdentityAPI.Account.PasswordSignInAsync, true, false);
UserAuthenticateResponse userAuth = new UserAuthenticateResponse()
{
IsAuthenticate = true,
AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9oYXNoIjoiNTc0M2MxMDMtNTIwOS00ZGU1LTgwODAtYmI5MDQxM2JjNzIwIiwibmFtZWlkIjoiMDJDMTU3RUQtQzg4MS00N0VGLUFENEQtQUQyMDIzQzJFNzA0IiwidW5pcXVlX25hbWUiOiJzdXBlcnVzZXJAY29udGVudGRlci5jb20iLCJncm91cHNpZCI6IjE2MCIsInJvbGUiOiJTdXBlciBBZG1pbiIsIm5iZiI6MTYwMjIzNzI0MSwiZXhwIjoxNjAyMjQwODQxLCJpYXQiOjE2MDIyMzcyNDEsImlzcyI6IkNJZGVudGl0eVNlcnZlciJ9.Kg7GQmeQl5us8RXl66h6nccxMatXMI95H4meIMZ9_-0",
RefreshToken = "45dbb014bedf499897b0d0575ded96ac",
UsersRoles = "Super Admin",
UserID = "02C157ED-C881-47EF-AD4D-AD2023C2E704",
Message = "Authenticated Successfully."
};
if (userAuth == null)
{
ActionMessage("Identity server not working", MessageType.Warning);
return(Redirect(loginError));
}
else if (userAuth.IsAuthenticate)
{
if (string.IsNullOrEmpty(model.ReturnURL))
{
RoleManager _role = new RoleManager();
model.ReturnURL = await _role.GetRoleRedirectURL(userAuth.UsersRoles, GetSiteID);
if (model.ReturnURL == null)
{
model.ReturnURL = "/dashboard/dashboard/index" + CultureURL;
}
else
{
model.ReturnURL = model.ReturnURL + CultureURL;
}
}
await AuthenticateUser(userAuth, model.ReturnURL);
TempData[_loginTryCount] = 0;
if (controllerDetails?.Count > 0)
{
var reusableParam = GetReuseableParams(_memoryCache);
reusableParam.UserName = model.UserEmail;
foreach (var item in controllerDetails)
{
methodInvoke.Execute(item, GetAPIParams(model.UserEmail, userAuth.UsersRoles), new List <ControllerDetail>());
}
}
return(Redirect(model.ReturnURL));
}
else
{
TempData[_loginTryCount] = tryCount;
ActionMessage(userAuth.Message, MessageType.Warning);
return(Redirect(loginError));
}
}
ShowModelStateErorr();
return(Redirect(loginError));
}
public UserAuthenticateResponse LoginUser(string userName, string password, string securityToken, string apiKey, string productName, string contractNumber)
{
try
{
UserAuthenticateResponse response = new UserAuthenticateResponse();
MEAPISession session = null;
//need to do a lookup against the APIKey collection to see if apiKey/Product combination exists
MEAPIUser user = (from k in _objectContext.APIUsers where k.UserName == userName && k.ApiKey == apiKey && k.Product == productName.ToUpper() && k.IsActive == true select k).FirstOrDefault();
if (user != null)
{
//validate password
string dbPwd = HashText(password, user.Salt, new SHA1CryptoServiceProvider());
if (dbPwd.Equals(user.Password))
{
session = new MEAPISession
{
SecurityToken = securityToken,
APIKey = apiKey,
Product = productName,
SessionLengthInMinutes = user.SessionLengthInMinutes,
SessionTimeOut = DateTime.UtcNow.AddMinutes(user.SessionLengthInMinutes),
UserName = user.UserName,
Version = 1.0,
UserId = user.Id,
ContractNumber = (string.IsNullOrEmpty(contractNumber) ? user.DefaultContract : contractNumber)
};
_objectContext.APISessions.Collection.Insert(session);
}
else
{
throw new UnauthorizedAccessException("Login Failed! Password is incorrect");
}
List <ContractInfo> cts = new List <ContractInfo>();
cts.Add(new ContractInfo {
Number = session.ContractNumber
});
response = new UserAuthenticateResponse
{
APIToken = session.Id.ToString(),
Contracts = cts,
Name = user.UserName,
SessionTimeout = user.SessionLengthInMinutes,
UserName = user.UserName
};
}
else
{
throw new UnauthorizedAccessException("Login Failed! Incorrect login details like username, apikey or product.");
}
return(response);
}
catch (Exception)
{
throw;
}
}
private async Task <T> PostAsyncResult <T>(object jsonContent, string apiPath, Dictionary <string, string> headerParam, bool addClientHeader = false, bool accessToken = false)
{
var result = string.Empty;
HttpResponseMessage response = null;
HttpContent content = null;
try
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) => { return(true); };
_httpClient = new HttpClient();
if (addClientHeader)
{
AddClientIdentity(ref _httpClient);
}
if (accessToken)
{
AddAccessToken(ref _httpClient);
}
AddHeaders(headerParam, ref _httpClient);
_httpClient.BaseAddress = new Uri(apiPath);
content = CreateHttpContent <object>(jsonContent);
response = await _httpClient.PostAsync(apiPath, content);
switch (response.StatusCode)
{
case HttpStatusCode.OK:
result = response.Content.ReadAsStringAsync().Result;
break;
case HttpStatusCode.Unauthorized:
UserAuthenticateResponse objResult = JsonConvert.DeserializeObject <UserAuthenticateResponse>(await response.Content.ReadAsStringAsync());
switch (objResult.StatusCode)
{
case StatusCode.TokenExpired:
await ResetToken();
result = await ContinueExecution(jsonContent, apiPath, PostTypes.POST);
break;
case StatusCode.FieldMissing:
break;
case StatusCode.NotAllowed:
_httpContextAccessor.ShowMessage(Messages.ResourceNotAllowed, MessageType.Error);
break;
case StatusCode.BadRequest:
_httpContextAccessor.ShowMessage(Messages.BadRequest, MessageType.Error);
break;
case StatusCode.Unauthorized:
_httpContextAccessor.ShowMessage(Messages.Unauthorized, MessageType.Error);
break;
default:
break;
}
break;
}
}
catch (Exception ex)
{
_httpContextAccessor.ShowMessage(ex.ToString(), MessageType.Error);
_httpContextAccessor.ProcessExceptionsToFile(ex);
}
finally
{
content?.Dispose();
response?.Dispose();
}
return(JsonConvert.DeserializeObject <T>(result));
}
