public HttpResponseMessage Register1(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
        {
            dynamic             eo  = new ExpandoObject();
            HttpResponseMessage hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("Client Handshake is Not Authorized"));
            var e = new CCHEncrypt();

            if (ValidateConsumer.IsValidConsumer(hsId))
            {
                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User was Not Found"));

                if (RegDateOfBirth.IsMatch(hsRequest.DateOfBirth))
                {
                    using (var gefae = new GetEnrollmentsForAllEmployers()) {
                        hsRequest.LastFourSsn = hsRequest.LastFourSsn.Trim().Length > 4
                            ? hsRequest.LastFourSsn.Substring(hsRequest.LastFourSsn.Length - 4, 4)
                            : hsRequest.LastFourSsn;

                        gefae.LastName = hsRequest.LastName;
                        gefae.LastFour = hsRequest.LastFourSsn;
                        //DateTime birthDate = DateTime.Parse(hsRequest.DateOfBirth);
                        //gefae.DateOfBirth = string.Format("{0}-{1}-{2}", birthDate.Year, birthDate.Month, birthDate.Day);
                        gefae.DateOfBirth = hsRequest.DateOfBirth;
                        gefae.GetFrontEndData();

                        if (gefae.Tables.Count > 0 &&
                            gefae.Tables[0].Rows.Count > 0)
                        {
                            DataRow dr         = gefae.Tables[0].Rows[0];
                            int     cchid      = dr.GetData <int>("CCHID");
                            int     employerId = dr.GetData <int>("employerid");
                            string  connString = dr.GetData("connectionstring");

                            //UserAccess Check dstrickland 7/8/2015
                            using (var cpaa = new CheckPersonApplicationAccess(cchid, connString)) {
                                if (!cpaa.HasAccess)
                                {
                                    return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                       new Exception(cpaa.ErrorMessage)));
                                }
                            }

                            e.UserKey   = Request.EncryptionKey();
                            e.SecretKey = Properties.Settings.Default.SecretKey;
                            e.Add("CCHID", cchid.ToString(CultureInfo.InvariantCulture));
                            e.Add("EmployerID", employerId.ToString(CultureInfo.InvariantCulture));
                            e.Add("UserID", hsId);

                            ((IDictionary <string, object>)eo)["AuthHash"] = e.ToString();
                            hrm = Request.CreateResponse(HttpStatusCode.OK, (eo as ExpandoObject));

                            //LogUserLoginHistory(null, cchid, connString);
                        }
                    }
                }
            }
            return(hrm);
        }
        public HttpResponseMessage GetMemberAuthorization(int employerId, int cchId, String hsId)
        {
            dynamic             eo  = new ExpandoObject();
            HttpResponseMessage hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                  new Exception("Client Handshake is Not Authorized"));
            var e = new CCHEncrypt();

            if (ValidateConsumer.IsValidConsumer(hsId))
            {
                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                  new Exception("Member with CCH ID was Not Found"));

                using (GetEmployerConnString gecs = new GetEmployerConnString(employerId)) {
                    //UserAccess Check dstrickland 7/8/2015
                    using (var cpaa = new CheckPersonApplicationAccess(cchId, gecs.ConnString)) {
                        if (!cpaa.HasAccess)
                        {
                            return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                               new Exception(cpaa.ErrorMessage)));
                        }
                    }

                    using (GetKeyEmployeeInfoByCchId gkeibc = new GetKeyEmployeeInfoByCchId()) {
                        gkeibc.CchId = cchId;
                        gkeibc.GetData(gecs.ConnString);

                        if (gkeibc.Tables.Count > 0 && gkeibc.Tables[0].Rows.Count > 0)
                        {
                            e.UserKey   = Request.EncryptionKey();
                            e.SecretKey = Properties.Settings.Default.SecretKey;
                            e.Add("CCHID", cchId.ToString());
                            e.Add("EmployerID", employerId.ToString());
                            e.Add("UserID", hsId);

                            ((IDictionary <string, object>)eo)["AuthHash"] = e.ToString();
                            hrm = Request.CreateResponse(HttpStatusCode.OK, (eo as ExpandoObject));

                            //InsertAuditTrail(cchId, hsId,
                            //    "Animation CCHID Login", Request.RequestUri.Host, gecs.ConnString);

                            string userName = gkeibc.Tables[0].Rows[0].GetData("Email");
                            //LogUserLoginHistory(userName, cchId, gecs.ConnString);
                        }
                    }
                }
            }
            return(hrm);
        }
        public HttpResponseMessage PasswordReset1(UserAuthenticationRequest request)
        {
            var     e    = new CCHEncrypt();
            dynamic data = new ExpandoObject();

            using (GetEmployerConnString gecs = new GetEmployerConnString(Request.EmployerID())) {
                using (GetUserContentPreference gucp = new GetUserContentPreference()) {
                    gucp.CCHID = Request.CCHID();
                    gucp.GetData(gecs.ConnString);

                    data.ContactPhoneNumber = gucp.ContactPhoneNumber;
                }

                using (GetEmployeeByCchIdForCallCenter gebcfcc = new GetEmployeeByCchIdForCallCenter()) {
                    gebcfcc.CchId = Request.CCHID();
                    gebcfcc.GetData(gecs.ConnString);

                    if (request.UserName == gebcfcc.Email &&
                        request.LastFourSsn == gebcfcc.MemberSsn)
                    {
                        data.Success = true;

                        e.UserKey   = Request.EncryptionKey();
                        e.SecretKey = Properties.Settings.Default.SecretKey;
                        e.Add("EmployerID", Request.EmployerID().ToString());
                        e.Add("UserID", Request.UserID());
                        e.Add("UserName", request.UserName);
                        e.Add("CCHID", Request.CCHID().ToString());

                        string authHash = e.ToString();
                        //data.AuthHash = authHash;
                    }
                    else
                    {
                        data.Fail         = true;
                        data.ErrorMessage = "Email or SSN does Not Match";
                    }
                }
            }
            HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);

            return(hrm);
        }
        public HttpResponseMessage PostHash(String hsID, [FromBody] HandshakeRequest hsRequest)
        {
            Handshake  h = new Handshake();
            Boolean    providerActive = false, providerIsPartner = false;
            int        employerID = 0;
            string     cnxString  = "";
            CCHEncrypt e          = new CCHEncrypt();

            using (ValidateMobilePartner vmp = new ValidateMobilePartner(hsID, hsRequest.OrganizationID))
            {
                vmp.ForEachProvider(delegate(Boolean valid, Boolean isPartner, int empId, string cnx, string un)
                {
                    providerActive    = valid;
                    providerIsPartner = isPartner;
                    employerID        = empId;
                    cnxString         = cnx;
                    Request.UserName(un);
                    MembershipUser mu = Membership.GetUser(un, true);
                    Request.UserID(mu.ProviderUserKey.ToString());
                });
            }

            if (providerActive && providerIsPartner)
            {
                e.UserKey   = Request.EncryptionKey();
                e.SecretKey = Properties.Settings.Default.SecretKey;
                e.Add("UserID", Request.UserID());

                e.Add("EmployerID", employerID.ToString());
                using (GetPartnerEmployeeInfoByName gpeibn = new GetPartnerEmployeeInfoByName())
                {
                    gpeibn.FirstName           = hsRequest.FirstName;
                    gpeibn.LastName            = hsRequest.LastName;
                    gpeibn.DOB                 = hsRequest.DOB;
                    gpeibn.SubscriberMedicalID = hsRequest.MedicalID;
                    //gpeibn.RelationshipCode = hsRequest.RelationshipCode;

                    gpeibn.GetData(cnxString);

                    if (gpeibn.Tables.Count == 0 ||
                        gpeibn.Tables[0].Rows.Count == 0 ||
                        gpeibn.Tables[0].Rows[0][0].ToString() == string.Empty)
                    {
                        return(Request.CreateErrorResponse(HttpStatusCode.NoContent, new Exception("User Not Found")));
                    }

                    //UserAccess Check dstrickland 7/8/2015
                    using (var cpaa = new CheckPersonApplicationAccess(gpeibn.CCHID, cnxString))
                    {
                        if (!cpaa.HasAccess)
                        {
                            return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                               new Exception(cpaa.ErrorMessage)));
                        }
                    }

                    e.Add("CCHID", gpeibn.CCHID.ToString());
                    gpeibn.ForEach <Handshake.EmployeeInfoData>(
                        delegate(Handshake.EmployeeInfoData eid)
                    {
                        h.EmployeeInfo = eid;
                    }
                        );

                    //CreateLoginAudit(Request.UserName(), Request.RequestUri.Host.ToString(), gpeibn.CCHID, cnxString);
                    using (InsertUserLoginHistory iulh = new InsertUserLoginHistory())
                    {
                        iulh.UserName         = Request.UserName();
                        iulh.CCHID            = gpeibn.CCHID;
                        iulh.Domain           = Request.RequestUri.Host;
                        iulh.CchApplicationId = 2;  // 1 is for Transparency App; 2 is for HR App
                        iulh.PostData(cnxString);
                    }
                }

                h.AuthHash = e.ToString();
                return(this.Request.CreateResponse <Handshake>(HttpStatusCode.OK, h));
            }
            else
            {
                return(this.Request.CreateResponse(HttpStatusCode.Unauthorized));
            }
        }
Example #5
0
        public HttpResponseMessage GetHash(String hsID)
        {
            HandshakeMobile h = new HandshakeMobile();
            Boolean         providerActive = false;
            CCHEncrypt      e = new CCHEncrypt();

            using (ValidateMobileProvider vmp = new ValidateMobileProvider(hsID))
                vmp.ForEachProvider(delegate(Boolean valid) { if (valid)
                                                              {
                                                                  providerActive = true;
                                                              }
                                    });

            if (providerActive)
            {
                e.UserKey   = Request.EncryptionKey();
                e.SecretKey = Properties.Settings.Default.SecretKey;
                e.Add("UserID", Request.UserID());

                using (GetKeyUserInfo gkui = new GetKeyUserInfo(Request.UserName()))
                {
                    e.Add("EmployerID", gkui.EmployerID);
                    h.EmployerName = gkui.EmployerName;
                    using (GetKeyEmployeeInfo gkei = new GetKeyEmployeeInfo())
                    {
                        //UserAccess Check dstrickland 7/8/2015
                        using (var cpaa = new CheckPersonApplicationAccess(gkei.CCHID, gkui.CnxString))
                        {
                            if (!cpaa.HasAccess)
                            {
                                return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                   new Exception(cpaa.ErrorMessage)));
                            }
                        }

                        gkei.Email = Request.UserName();
                        gkei.GetData(gkui.CnxString);
                        e.Add("CCHID", gkei.CCHID.ToString());
                        gkei.ForEach <HandshakeMobile.EmployeeInfoData>(
                            delegate(HandshakeMobile.EmployeeInfoData eid)
                        {
                            h.EmployeeInfo = eid;
                        }
                            );
                    }
                }

                using (GetEmployerConnString gecs = new GetEmployerConnString(Convert.ToInt32(e["EmployerID"])))
                {
                    using (InsertUserLoginHistory iulh = new InsertUserLoginHistory())
                    {
                        iulh.UserName         = Request.UserName();
                        iulh.Domain           = Request.RequestUri.Host;
                        iulh.CchApplicationId = 2;  // 1 is for Transparency App; 2 is for HR App
                        iulh.PostData(gecs.ConnString);
                    }
                }

                h.AuthHash = e.ToString();
                return(this.Request.CreateResponse <HandshakeMobile>(HttpStatusCode.OK, h));
            }
            else
            {
                return(this.Request.CreateResponse(HttpStatusCode.NoContent));
            }
        }
Example #6
0
        public HttpResponseMessage GetAuthMemberData(String hsId, [FromBody] AuthMemberDataRequest hsRequest)
        {
            HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.Unauthorized);
            var e = new CCHEncrypt();

            if (ValidateConsumer.IsValidConsumer(hsId))
            {
                hrm = Request.CreateErrorResponse(HttpStatusCode.NoContent, new Exception("User Not Found"));

                using (var gefae = new GetEnrollmentsForAllEmployers())
                {
                    gefae.LastName    = hsRequest.LastName;
                    gefae.LastFour    = hsRequest.LastFourSsn;
                    gefae.DateOfBirth = hsRequest.DateOfBirth;
                    gefae.GetFrontEndData();

                    if (gefae.Tables.Count > 0 &&
                        gefae.Tables[0].Rows.Count > 0)
                    {
                        DataRow dr         = gefae.Tables[0].Rows[0];
                        int     cchid      = dr.GetData <int>("CCHID");
                        string  cnxString  = dr.GetData("ConnectionString");
                        int     employerId = dr.GetData <int>("employerid");

                        //UserAccess Check dstrickland 7/7/2015
                        using (var cpaa = new CheckPersonApplicationAccess(cchid, cnxString))
                        {
                            if (!cpaa.HasAccess)
                            {
                                return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                   new Exception(cpaa.ErrorMessage)));
                            }
                        }

                        e.UserKey   = Request.EncryptionKey();
                        e.SecretKey = Properties.Settings.Default.SecretKey;
                        e.Add("CCHID", cchid.ToString(CultureInfo.InvariantCulture));
                        e.Add("EmployerID", employerId.ToString(CultureInfo.InvariantCulture));

                        string authHash = e.ToString();

                        if (employerId > 0)
                        {
                            CreateLoginAudit(hsId,
                                             Request.RequestUri.Host.ToString(CultureInfo.InvariantCulture),
                                             cchid, cnxString);

                            hrm = Request.CreateErrorResponse(HttpStatusCode.NoContent, new Exception("Video Data Not Found"));

                            using (var gvcmi = new GetVideoCampaignMemberIdByCchId())
                            {
                                gvcmi.CampaignId = hsRequest.CampaignId;
                                gvcmi.CchId      = cchid;
                                gvcmi.GetData(cnxString);

                                if (!gvcmi.HasThrownError && !string.IsNullOrEmpty(gvcmi.VideoCampaignMemberId))
                                {
                                    using (var gvcmd = new GetVideoCampaignMemberDataById())
                                    {
                                        gvcmd.VideoCampaignMemberId = gvcmi.VideoCampaignMemberId;
                                        gvcmd.GetData(cnxString);

                                        if (!gvcmd.HasThrownError)
                                        {
                                            string videoMemberData = gvcmd.VideoMemberData;

                                            string resultset =
                                                string.Format("\"AuthHash\":\"{0}\",\"MemberData\":{1}",
                                                              authHash, videoMemberData);
                                            resultset = string.Concat("{", resultset, "}");

                                            hrm = new HttpResponseMessage(HttpStatusCode.OK)
                                            {
                                                RequestMessage = Request,
                                                Content        = new StringContent(resultset),
                                                StatusCode     = HttpStatusCode.OK
                                            };
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return(hrm);
        }
Example #7
0
        protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Forbidden);
            TaskCompletionSource <HttpResponseMessage> tcs = new TaskCompletionSource <HttpResponseMessage>();

            tcs.SetResult(response);

            String AuthString = "";

            if (request.Headers.Contains("AuthHash"))
            {
                AuthString = request.Headers.GetValues("AuthHash").ToArray()[0].ToString();
            }
            else
            {
                NameValueCollection nvc = request.RequestUri.ParseQueryString();
                if (nvc.AllKeys.Length == 0)
                {
                    return(tcs.Task);
                }
                if (!nvc.AllKeys.Contains("z"))
                {
                    return(tcs.Task);
                }
                AuthString = nvc.GetValues("z")[0].ToString();
            }

            if (String.IsNullOrWhiteSpace(AuthString))
            {
                return(tcs.Task);
            }

            CCHEncrypt c = new CCHEncrypt(
                AuthString,
                request.EncryptionKey(),
                Properties.Settings.Default.SecretKey
                );

            if (!c.Keys.Contains <String>("CCHID"))
            {
                return(tcs.Task);
            }
            request.CCHID(Convert.ToInt32(c["CCHID"].ToString()));

            if (!c.Keys.Contains <String>("UserID"))
            {
                return(tcs.Task);
            }
            request.UserID(c["UserID"].ToString());

            if (!c.Keys.Contains <String>("EmployerID"))
            {
                return(tcs.Task);
            }
            request.EmployerID(Convert.ToInt32(c["EmployerID"].ToString()));

            if (c.Keys.Contains <String>("UserName"))
            {
                request.UserName(c["UserName"].ToString());
            }

            if (c.Keys.Contains <String>("ConnectionString"))
            {
                request.ConnectionString(c["ConnectionString"].ToString());
            }

            return(base.SendAsync(request, cancellationToken));
        }
Example #8
0
        private bool ProcessAuthHash(HttpActionContext context)
        {
            var request  = context.Request;
            var authHash = string.Empty;

            if (request.Headers.Contains("AuthHash"))
            {
                authHash = request.Headers.GetValues("AuthHash").ToArray()[0].ToString();
            }
            else
            {
                var nvc = request.RequestUri.ParseQueryString();
                if (nvc.AllKeys.Length == 0)
                {
                    context.Response = context.Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                           "Authorization required.");
                    return(false);
                }
                if (!nvc.AllKeys.Contains("z"))
                {
                    context.Response = context.Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                           "Authorization required.");
                    return(false);
                }
                authHash = nvc.GetValues("z")[0].ToString();
            }

            if (string.IsNullOrWhiteSpace(authHash))
            {
                context.Response = context.Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                       "Authorization required.");
                return(false);
            }

            var c = new CCHEncrypt(
                authHash,
                request.EncryptionKey(),
                Properties.Settings.Default.SecretKey
                );

            if (c.Keys.Contains <String>("CCHID"))
            {
                request.CCHID(Convert.ToInt32(c["CCHID"].ToString()));
            }

            if (c.Keys.Contains <String>("UserID"))
            {
                request.UserID(c["UserID"].ToString());
            }

            if (c.Keys.Contains <String>("EmployerID"))
            {
                request.EmployerID(Convert.ToInt32(c["EmployerID"].ToString()));
            }

            if (c.Keys.Contains <String>("UserName"))
            {
                request.UserName(c["UserName"].ToString());
            }

            return(true);
        }
        public HttpResponseMessage Register2(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
        {
            dynamic             eo  = new ExpandoObject();
            HttpResponseMessage hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                  new Exception("Client Handshake is Not Authorized"));
            var e = new CCHEncrypt();

            if (ValidateConsumer.IsValidConsumer(hsId))
            {
                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User was Not Found"));

                using (GetEmployerConnString gecs = new GetEmployerConnString(Request.EmployerID())) {
                    const string employeeQuery =
                        "SELECT CONVERT(varchar(10), DateOfBirth, 111) AS DateOfBirthText, * FROM Enrollments WHERE CCHID = @CchId";
                    using (var employeeDb = new DataBase(employeeQuery, true)) {
                        employeeDb.AddParameter("CchId", Request.CCHID());
                        employeeDb.GetData(gecs.ConnString);

                        if (employeeDb.Tables.Count > 0 && employeeDb.Tables[0].Rows.Count > 0)
                        {
                            hsRequest.FirstName   = employeeDb.Tables[0].Rows[0].GetData("FirstName");
                            hsRequest.LastName    = employeeDb.Tables[0].Rows[0].GetData("LastName");
                            hsRequest.LastName    = hsRequest.LastName.Replace("_", " ");
                            hsRequest.DateOfBirth = employeeDb.Tables[0].Rows[0].GetData("DateOfBirthText");
                            hsRequest.LastFourSsn = employeeDb.Tables[0].Rows[0].GetData("MemberSsn");
                            hsRequest.MedicalId   = employeeDb.Tables[0].Rows[0].GetData("MemberMedicalId");

                            string fullName       = string.Format("{0} {1}", hsRequest.FirstName, hsRequest.LastName);
                            string mobilePhone    = hsRequest.MobilePhone;
                            string alternatePhone = hsRequest.Phone;

                            eo.UserName       = hsRequest.UserName;
                            eo.DisplayName    = fullName;
                            eo.MobilePhone    = mobilePhone;
                            eo.AlternatePhone = alternatePhone;

                            using (GetUserContentPreference gucp = new GetUserContentPreference()) {
                                gucp.CCHID = Request.CCHID();
                                gucp.GetData(gecs.ConnString);

                                eo.SmsInd           = gucp.SmsInd;
                                eo.EmailInd         = gucp.EmailInd;
                                eo.OsBasedAlertInd  = gucp.OsBasedAlertInd;
                                eo.LocaleCode       = gucp.LocaleCode;
                                eo.PreferredContact = gucp.ContactPhoneNumber;
                            }

                            MembershipCreateStatus status;
                            if (CreateNewMemberAccount(email: hsRequest.UserName, firstName: hsRequest.FirstName,
                                                       lastName: hsRequest.LastName, phone: hsRequest.Phone,
                                                       secretQuestionId: hsRequest.SecretQuestionId, secretAnswer: hsRequest.SecretAnswer,
                                                       password: hsRequest.Password, mobilePhone: hsRequest.MobilePhone,
                                                       cchid: Request.CCHID(), employerId: Request.EmployerID(),
                                                       cnxString: gecs.ConnString, status: out status))
                            {
                                var membershipUser = Membership.GetUser(hsRequest.UserName);
                                if (membershipUser != null)
                                {
                                    if (membershipUser.ProviderUserKey != null)
                                    {
                                        eo.Question = membershipUser.PasswordQuestion;

                                        string aspUserId = membershipUser.ProviderUserKey.ToString();
                                        e.UserKey   = Request.EncryptionKey();
                                        e.SecretKey = Properties.Settings.Default.SecretKey;
                                        e.Add("UserID", aspUserId);
                                        e.Add("CCHID", Request.CCHID().ToString());
                                        e.Add("EmployerID", Request.EmployerID().ToString());
                                        e.Add("UserName", hsRequest.UserName);

                                        //((IDictionary<string, object>) eo)["AuthHash"] = e.ToString();
                                        //hrm = Request.CreateResponse(HttpStatusCode.OK, (eo as ExpandoObject));
                                        eo.AuthHash = e.ToString();
                                        hrm         = Request.CreateResponse(HttpStatusCode.OK, (object)eo);

                                        //InsertAuditTrail(Request.CCHID(), aspUserId,
                                        //    "Animation Register", Request.RequestUri.Host, gecs.ConnString);
                                        LogUserLoginHistory(hsRequest.UserName, Request.CCHID(), gecs.ConnString);
                                    }
                                }
                            }
                            else
                            {
                                switch (status)
                                {
                                case MembershipCreateStatus.DuplicateUserName:
                                    hrm = Request.CreateErrorResponse(HttpStatusCode.Conflict,
                                                                      new Exception("Member Account already exists"));
                                    break;

                                default:
                                    hrm = Request.CreateErrorResponse(HttpStatusCode.InternalServerError,
                                                                      new Exception("Error in creating new Member Account"));
                                    break;
                                }
                            }
                        }
                    }
                }
            }
            return(hrm);
        }
        public HttpResponseMessage PasswordReset0(UserAuthenticationRequest request)
        {
            var     e    = new CCHEncrypt();
            dynamic data = new ExpandoObject();

            using (GetUserProfileByEmail gupbe = new GetUserProfileByEmail()) {
                gupbe.Email = request.UserName;
                gupbe.GetFrontEndData();

                int employerId = Convert.ToInt32(gupbe.EmployerId);

                using (GetEmployerConnString gecs = new GetEmployerConnString(employerId)) {
                    using (GetKeyEmployeeInfo gkei = new GetKeyEmployeeInfo()) {
                        gkei.Email = request.UserName;
                        gkei.GetData(gecs.ConnString);

                        if (gkei.Tables.Count > 0 && gkei.Tables[0].Rows.Count > 0)
                        {
                            int cchId = gkei.Tables[0].Rows[0].GetData <int>("CCHID");

                            using (GetUserContentPreference gucp = new GetUserContentPreference()) {
                                gucp.CCHID = cchId;
                                gucp.GetData(gecs.ConnString);

                                data.ContactPhoneNumber = gucp.ContactPhoneNumber;
                            }

                            using (GetEmployeeByCchIdForCallCenter gebcfcc = new GetEmployeeByCchIdForCallCenter()) {
                                gebcfcc.CchId = cchId;
                                gebcfcc.GetData(gecs.ConnString);

                                if (request.UserName.ToLower() == gebcfcc.Email.ToLower() &&
                                    request.FullSsn.Trim() == gebcfcc.MemberFullSsn)
                                {
                                    var membershipUser = Membership.GetUser(request.UserName);
                                    if (membershipUser != null)
                                    {
                                        if (membershipUser.ProviderUserKey != null)
                                        {
                                            e.UserKey   = Request.EncryptionKey();
                                            e.SecretKey = Properties.Settings.Default.SecretKey;
                                            e.Add("UserName", request.UserName);
                                            e.Add("CCHID", gkei.CCHID.ToString());
                                            e.Add("EmployerID", employerId.ToString());

                                            string aspUserId = membershipUser.ProviderUserKey.ToString();
                                            e.Add("UserID", aspUserId);
                                            data.AuthHash = e.ToString();

                                            data.Question = membershipUser.PasswordQuestion;
                                            data.Success  = true;
                                        }
                                        else
                                        {
                                            data.Fail         = true;
                                            data.ErrorMessage = "Provider User Key does Not Exist";
                                        }
                                    }
                                    else
                                    {
                                        data.Fail         = true;
                                        data.ErrorMessage = "Member Account does Not Exist";
                                    }
                                }
                                else
                                {
                                    data.Fail         = true;
                                    data.ErrorMessage = "Email or SSN does Not Match";
                                }
                            }
                        }
                        else
                        {
                            data.Fail         = true;
                            data.ErrorMessage = "Key Employee Info is Missing";
                        }
                    }
                }
            }
            HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);

            return(hrm);
        }
        public HttpResponseMessage Login(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
        {
            var     hrm  = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("Client Handshake is Not Authorized"));
            var     e    = new CCHEncrypt();
            dynamic data = new ExpandoObject();

            if (!ValidateConsumer.IsValidConsumer(hsId))
            {
                LogUtil.Log(string.Format("Login failed. Inavlid Handshake Id {0}", hsId), LogLevel.Info);
                return(hrm);
            }

            hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User Name and Password Do Not Match"));

            if (!Membership.ValidateUser(hsRequest.UserName, hsRequest.Password))
            {
                // This can also happen if the account is locked.  Check to see if it is locked
                // and return an appropriate error message.
                if (IsUserLocked(hsRequest.UserName))
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  Account is locked.",
                                              hsRequest.UserName), LogLevel.Info);
                    hrm = Request.CreateErrorResponse(HttpStatusCode.Forbidden, new Exception("Account locked"));
                }
                else
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  Credentials failed membership validation.",
                                              hsRequest.UserName), LogLevel.Info);
                }
                return(hrm);
            }

            using (var employerDb = new DataBase(EMPLOYER_QUERY, true)) {
                employerDb.AddParameter("Email", hsRequest.UserName);
                employerDb.GetFrontEndData();

                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                  new Exception("User Profile was Not Found"));

                if (employerDb.Tables.Count < 1 || employerDb.Tables[0].Rows.Count < 1)
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  User Profile was not found.",
                                              hsRequest.UserName), LogLevel.Info);
                    return(hrm);
                }

                e.Add("EmployerID", employerDb.Tables[0].Rows[0].GetData("employerId"));

                using (var gkei = new GetKeyEmployeeInfo()) {
                    gkei.Email = hsRequest.UserName;
                    string cnxString = employerDb.Tables[0].Rows[0].GetData("connectionString");

                    gkei.GetData(cnxString);

                    hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                      new Exception("Employee Info on User Name was Not Found"));

                    if (gkei.Tables.Count < 1 || gkei.Tables[0].Rows.Count < 1)
                    {
                        LogUtil.Log(string.Format("Login failed for user {0}.  Employee Info was not found.",
                                                  hsRequest.UserName), LogLevel.Info);
                        return(hrm);
                    }

                    //UserAccess Check dstrickland 7/7/2015
                    using (var cpaa = new CheckPersonApplicationAccess(gkei.CCHID, cnxString)) {
                        if (!cpaa.HasAccess)
                        {
                            LogUtil.Log(string.Format("Login failed for user {0}.  User does not have acces to AppId 2.",
                                                      hsRequest.UserName), LogLevel.Info);
                            return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                               new Exception(cpaa.ErrorMessage)));
                        }
                    }

                    var firstName      = gkei.Tables[0].Rows[0].GetData("FirstName");
                    var lastName       = gkei.Tables[0].Rows[0].GetData("LastName");
                    var fullName       = string.Format("{0} {1}", firstName, lastName);
                    var mobilePhone    = gkei.Tables[0].Rows[0].GetData("MobilePhone");
                    var alternatePhone = gkei.Tables[0].Rows[0].GetData("Phone");

                    using (var gucp = new GetUserContentPreference()) {
                        gucp.CCHID = gkei.CCHID;
                        gucp.GetData(cnxString);

                        data.SmsInd           = gucp.SmsInd;
                        data.EmailInd         = gucp.EmailInd;
                        data.OsBasedAlertInd  = gucp.OsBasedAlertInd;
                        data.LocaleCode       = gucp.LocaleCode;
                        data.PreferredContact = gucp.ContactPhoneNumber;

                        hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
                    }

                    var membershipUser = Membership.GetUser(hsRequest.UserName);
                    if (membershipUser != null && membershipUser.ProviderUserKey != null)
                    {
                        e.UserKey   = Request.EncryptionKey();
                        e.SecretKey = Properties.Settings.Default.SecretKey;
                        e.Add("UserName", hsRequest.UserName);
                        e.Add("CCHID", gkei.CCHID.ToString());

                        string aspUserId = membershipUser.ProviderUserKey.ToString();
                        e.Add("UserID", aspUserId);
                        string authHash = e.ToString();

                        data.AuthHash       = authHash;
                        data.UserName       = hsRequest.UserName;
                        data.DisplayName    = fullName;
                        data.MobilePhone    = mobilePhone;
                        data.AlternatePhone = alternatePhone;
                        data.Question       = membershipUser.PasswordQuestion;

                        hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);

                        LogUserLoginHistory(hsRequest.UserName, gkei.CCHID, cnxString);

                        //Load accumulations for all dependents
                        Task.Run(async() => await LoadEmployeeAndDependentsAccumulationsAsync(
                                     Int32.Parse(employerDb.Tables[0].Rows[0].GetData("employerId")),
                                     Int32.Parse(gkei.CCHID.ToString())));
                    }
                }
            }

            return(hrm);
        }
Example #12
0
 /// <summary>
 /// Accepts a CCHEncrypt object that has the keys already set and encrypts the TaxId field of a data row
 /// </summary>
 /// <param name="dr">The data row containing the Tax Id field to encrypt</param>
 /// <param name="ce">The CCHEncrypt object used to encrypt the string</param>
 /// <returns>String: Encrypted Tax ID</returns>
 public static String EncryptTaxID(this DataRow dr, CCHEncrypt ce)
 {
     ce["TaxID"] = dr.GetData("TaxId");
     return(ce.ToString());
 }