public override bool ValidateUser(string username, string password)
{
using (_log.NewTrace())
{
//WcfClientUtils.VerifyParameter("username",username); //validate user should not throw an error,simply return false
//WcfClientUtils.VerifyParameter("password", password);
try
{
UserVerifyRequest request = new UserVerifyRequest();
request.ServiceSessionToken = WcfClientUtils.SessionToken;;
request.ChallengePrompt = username;
request.ChallengeAnswer = password;
UserVerifyReply response = _membershipService.CredentialVerify(request);
if (response.Context.IsAuthenticated == true)
{
_userSecurityToken = response.Context.IdentityToken;
return(true);
}
_log.Warning("User '{0}' is not validated with status '{1}'. {2}",
username, response.Status, response.Messages.ToString());
_userSecurityToken = null;
return(false);
}
catch (Exception ex)
{
throw WcfUtils.Extract(ex);
}
}
}
public IActionResult VerifyNewUser([FromBody] UserVerifyRequest verifyRequest)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
UserVerifyResponse response = _usersControllerUtilities.VerifyNewUser(verifyRequest);
return(Ok(response));
}
private bool CheckForUserVerificationErrors(
UserVerifyRequest verifyRequest,
User userToVerify,
UserVerifyResponse response,
out UserVerifyResponse actionResult)
{
// default the result value.
actionResult = null;
if (userToVerify.Verified)
{
response.ErrorCode = (int)UserResponseCode.AlreadyVerifiedUser;
response.FailReason = "Cannot Verify as User already verified";
{
actionResult = response;
return(true);
}
}
if (userToVerify.VerificationByTime > DateTime.Now)
{
response.ErrorCode = (int)UserResponseCode.VerificationCodeTimedOut;
response.FailReason = "Cannot Verify as code has timed out";
{
actionResult = response;
return(true);
}
}
if (userToVerify.VerificationCode.ToString() != verifyRequest.ConfirmationCode.Trim())
{
response.ErrorCode = (int)UserResponseCode.IncorrectConfirmationCode;
response.FailReason = "Cannot Verify as code is incorrect";
{
actionResult = response;
return(true);
}
}
return(false);
}
public UserVerifyReply CredentialVerify(UserVerifyRequest request)
{
UserVerifyReply response = new UserVerifyReply(request);
try
{
// if (verifySessionToken(request.ServiceSessionToken, response) == false) return response;
response.IsAuthenticated = _membership.ValidateUser(request.ChallengePrompt, request.ChallengeAnswer);
if (response.IsAuthenticated == false)
{
response.Status = ActionStatus.Error;
response.Messages.Add(ActionStatus.Forbidden, string.Format("Unable to validate credentials for '{0}'", request.ChallengePrompt));
response.Context.IdentityToken = null;
response.RequestorData = request.RequestorData;
response.ServiceSessionToken = request.ServiceSessionToken;
response.Context.Name = null;
return(response);
}
}
catch (Exception ex)
{
throw ex.NewFault();
}
//catch (Exception ex)
//{
// response.Status = ActionStatus.Error;
// response.Messages.Add(MessageSeverity.Error, 0, Utils.Expand(ex));
// return response;
//}
//response.Context.Roles.AddRange(asp.Roles.GetRolesForUser(request.ChallengePrompt));
response.ServiceSessionToken = request.ServiceSessionToken; //register new session
response.Status = ActionStatus.OK;
response.RequestorData = request.RequestorData;
return(response);
}
/// <summary>
/// Verifies a new user login.
/// </summary>
/// <param name="verifyRequest">The new user login to try to verify.</param>
/// <returns>The action result.</returns>
public UserVerifyResponse VerifyNewUser(UserVerifyRequest verifyRequest)
{
UserVerifyResponse response = new UserVerifyResponse
{
ErrorCode = (int)UserResponseCode.Success,
FailReason = "",
UserId = ""
};
User userToVerify =
_userDatabase.LoadedItems.FirstOrDefault(x => x.Id.ToString() == verifyRequest.UserId);
if (userToVerify == null)
{
response.ErrorCode = (int)UserResponseCode.UnknownItem;
response.FailReason = "Cannot Verify this unknown user";
return(response);
}
UserVerifyResponse actionResult;
if (CheckForUserVerificationErrors(verifyRequest, userToVerify, response, out actionResult))
{
// Return the verification error.
return(actionResult);
}
// If here a valid user so set the flag and update.
userToVerify.Verified = true;
_userDatabase.UpdateDatabaseItem(userToVerify);
// Send the successful fully populated response.
response.Name = userToVerify.Name;
response.Description = userToVerify.Description;
response.Email = userToVerify.Email;
return(response);
}
