private SessionInfo GetSession()
{
var auth = AuthorizationRequestFilterAttribute.GetAuthorization(Request);
return(_sessionManager.Sessions.First(i => string.Equals(i.DeviceId, auth.DeviceId) &&
string.Equals(i.Client, auth.Client) &&
string.Equals(i.ApplicationVersion, auth.Version)));
}
private async Task <AuthenticationResult> AuthenticateUser(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
var auth = AuthorizationRequestFilterAttribute.GetAuthorization(Request);
// Login in the old way if the header is missing
if (string.IsNullOrEmpty(auth.Client) ||
string.IsNullOrEmpty(auth.Device) ||
string.IsNullOrEmpty(auth.DeviceId) ||
string.IsNullOrEmpty(auth.Version))
{
var success = await _userManager.AuthenticateUser(user, request.Password).ConfigureAwait(false);
if (!success)
{
// Unauthorized
throw new UnauthorizedAccessException("Invalid user or password entered.");
}
return(new AuthenticationResult
{
User = _dtoService.GetUserDto(user)
});
}
var session = await _sessionMananger.AuthenticateNewSession(user, request.Password, auth.Client, auth.Version,
auth.DeviceId, auth.Device, Request.RemoteIp).ConfigureAwait(false);
var result = new AuthenticationResult
{
User = _dtoService.GetUserDto(user),
SessionInfo = _sessionMananger.GetSessionInfoDto(session)
};
return(result);
}
