public ValidateTokenResponse Validate(ValidateTokenRequest request, string securityToken) { try { ValidateTokenResponse response = null; ObjectId tokenObjectId; if (request != null) { if (ObjectId.TryParse(request.Token, out tokenObjectId)) { MEAPISession session = _objectContext.APISessions.Collection.FindOneByIdAs <MEAPISession>(tokenObjectId); if (session != null) { if (session.SecurityToken.ToUpper().Equals(securityToken.ToUpper()) && session.ContractNumber.ToUpper().Equals(request.ContractNumber.ToUpper()) && session.Product.ToUpper().Equals(request.Context.ToUpper())) { session.SessionTimeOut = DateTime.UtcNow.AddMinutes(session.SessionLengthInMinutes); response = new ValidateTokenResponse { SessionLengthInMinutes = session.SessionLengthInMinutes, SessionTimeOut = session.SessionTimeOut, TokenId = session.Id.ToString(), SQLUserId = session.SQLUserId, UserId = session.UserId.ToString(), UserName = session.UserName }; _objectContext.APISessions.Collection.Save(session); } else { throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Invalid Security Authorization Request"); } return(response); } else { throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Security Token does not exist"); } } else { throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Security Token is not in correct format."); } } else { throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Request is invalid"); } } catch (Exception) { throw; } }
public AuthenticateResponse LoginUser(AuthenticateResponse existingReponse, string securityToken, string apiKey, string productName) { try { AuthenticateResponse response = new AuthenticateResponse(); //need to do a lookup against the APIKey collection to see if apiKey/Product combination exists MEAPIKey key = (from k in _objectContext.APIKeys where k.ApiKey == apiKey && k.Product == productName && k.IsActive == true select k).FirstOrDefault(); if (key != null) { string contractNumber = existingReponse.Contracts[0].Number; ObjectId UserId = GetUserId(contractNumber, productName, existingReponse.SQLUserID); if (UserId != ObjectId.Empty) { MEAPISession session = new MEAPISession { SecurityToken = securityToken, APIKey = apiKey, Product = productName, SessionLengthInMinutes = existingReponse.SessionTimeout, SessionTimeOut = DateTime.UtcNow.AddMinutes(existingReponse.SessionTimeout), UserName = existingReponse.UserName, UserId = UserId, ContractNumber = contractNumber, SQLUserId = existingReponse.SQLUserID, Version = 1.0 }; _objectContext.APISessions.Collection.Insert(session); response = existingReponse; response.UserId = UserId.ToString(); response.APIToken = session.Id.ToString(); } else { throw new UnauthorizedAccessException("Login Failed! User does not have a valid contact card"); } } else { throw new UnauthorizedAccessException("Login Failed! Unknown Username/Password"); } return(response); } catch (Exception) { throw; } }
public UserAuthenticateResponse LoginUser(string userName, string password, string securityToken, string apiKey, string productName, string contractNumber) { try { UserAuthenticateResponse response = new UserAuthenticateResponse(); MEAPISession session = null; //need to do a lookup against the APIKey collection to see if apiKey/Product combination exists MEAPIUser user = (from k in _objectContext.APIUsers where k.UserName == userName && k.ApiKey == apiKey && k.Product == productName.ToUpper() && k.IsActive == true select k).FirstOrDefault(); if (user != null) { //validate password string dbPwd = HashText(password, user.Salt, new SHA1CryptoServiceProvider()); if (dbPwd.Equals(user.Password)) { session = new MEAPISession { SecurityToken = securityToken, APIKey = apiKey, Product = productName, SessionLengthInMinutes = user.SessionLengthInMinutes, SessionTimeOut = DateTime.UtcNow.AddMinutes(user.SessionLengthInMinutes), UserName = user.UserName, Version = 1.0, UserId = user.Id, ContractNumber = (string.IsNullOrEmpty(contractNumber) ? user.DefaultContract : contractNumber) }; _objectContext.APISessions.Collection.Insert(session); } else { throw new UnauthorizedAccessException("Login Failed! Password is incorrect"); } List <ContractInfo> cts = new List <ContractInfo>(); cts.Add(new ContractInfo { Number = session.ContractNumber }); response = new UserAuthenticateResponse { APIToken = session.Id.ToString(), Contracts = cts, Name = user.UserName, SessionTimeout = user.SessionLengthInMinutes, UserName = user.UserName }; } else { throw new UnauthorizedAccessException("Login Failed! Incorrect login details like username, apikey or product."); } return(response); } catch (Exception) { throw; } }