public override void OnActionExecuting(HttpActionContext actionContext)
{
// Check if the class or method has AllowAnonymousAttribute defined.
Boolean allowAnonymous = actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Count > 0 ||
actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Count > 0;
if (!allowAnonymous)
{
try
{
CurrentSessionHandler session = new CurrentSessionHandler(HttpContext.Current.Session);
if (session.IsAuthenticated)
{
if (session.IsTokenExpired)
{
SetUnauthorizedRedirect(actionContext, Constants.UNAUTHORIZED_EXPIRED_TOKEN);
}
else if (!session.HasRoles(RequiredRoles))
{
SetUnauthorizedRedirect(actionContext, Constants.UNAUTHORIZED_REQUIRED_ROLES);
}
}
else
{
SetUnauthorizedRedirect(actionContext, Constants.UNAUTHORIZED_UNAUTHENTICATED);
}
}
catch (Exception ex)
{
SetInternalServerError(actionContext);
actionContext.Response.Headers.Add("Error", ex.Message);
if (ex.InnerException != null)
{
actionContext.Response.Headers.Add("ErrorInner", ex.InnerException.Message);
}
}
}
}
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
// Check if the class or method has AllowAnonymousAttribute defined.
Boolean allowAnonymous = actionContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), false).Length > 0 ||
actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), false).Length > 0;
if (!allowAnonymous)
{
try
{
Boolean userAuthorized = false;
CurrentSessionHandler session = new CurrentSessionHandler(HttpContext.Current.Session);
if (session.IsAuthenticated && !session.IsTokenExpired)
{
userAuthorized = session.HasRoles(RequiredRoles);
}
if (!userAuthorized)
{
SetUnauthorized(actionContext);
}
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
if (ex.InnerException != null)
{
Debug.WriteLine(ex.InnerException.Message);
}
SetUnauthorized(actionContext);
}
}
base.OnActionExecuting(actionContext);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
Boolean allowAnonymous = actionContext.ActionDescriptor.GetCustomAttributes <System.Web.Http.AllowAnonymousAttribute>().Count > 0 ||
actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <System.Web.Http.AllowAnonymousAttribute>().Count > 0;
if (!allowAnonymous)
{
CurrentSessionHandler session = new CurrentSessionHandler(HttpContext.Current.Session);
try
{
LoginArgs loginArgs;
String authToken = null;
// Get request body object
using (StreamReader sr = new StreamReader(actionContext.Request.Content.ReadAsStreamAsync().Result))
{
sr.BaseStream.Position = 0;
String srStr = sr.ReadToEnd();
_logger.LogInfo(srStr);
loginArgs = JsonConvert.DeserializeObject <LoginArgs>(srStr);
if (!String.IsNullOrWhiteSpace(loginArgs?.Token))
{
_logger.LogInfo("Logging in Kinetic Console user with token...");
authToken = loginArgs.Token;
}
}
// ReSharper disable once ConstantConditionalAccessQualifier
if ((String.IsNullOrWhiteSpace(loginArgs?.Username) || String.IsNullOrWhiteSpace(loginArgs.Password)) && String.IsNullOrWhiteSpace(loginArgs?.Token))
{
SetUnauthorized(actionContext, session);
}
else
{
if (authToken == null)
{
LoginArguments loginArguments = new LoginArguments();
loginArguments.Username = loginArgs.Username;
loginArguments.Password = loginArgs.Password;
authToken = AccountRepo.RetrieveAuthToken(loginArguments);
}
LoginData loginData = AccountRepo.GetLoginData(authToken);
_logger.LogInfo($"LoginData retrieved: {JsonConvert.SerializeObject(loginData)}");
String[] userRoles = AccountRepo.GetKcUserPermissions(loginData.UserId).ToArray();
_logger.LogInfo($"User Roles retrieved: {JsonConvert.SerializeObject(userRoles)}");
Boolean userAuthorized = false;
if (!String.IsNullOrWhiteSpace(authToken))
{
session.LMRoles = userRoles;
userAuthorized = session.HasRoles(RequiredRoles);
if (!userAuthorized)
{
_logger.LogWarning($"User does not have required roles.\r\n\tRequired Roles: {JsonConvert.SerializeObject(RequiredRoles)}");
}
}
else
{
_logger.LogWarning("User has invalid auth token");
}
if (userAuthorized)
{
// Give IIS a few seconds to create the session ID if it hasn't already been created
CookieHeaderValue sessionId = null;
Int32 tryCt = 0;
while (tryCt < 10)
{
sessionId = actionContext.Request.Headers.GetCookies("ASP.NET_SessionId").FirstOrDefault();
if (sessionId != null)
{
break;
}
Thread.Sleep(500);
tryCt++;
}
if (sessionId == null)
{
_logger.LogWarning("Unable to find ASP.NET SessionId");
SetUnauthorized(actionContext, session);
}
else
{
User user = AccountRepo.GetKcUser(loginData.UserId);
LMUser lmUser = new LMUser();
lmUser.AuthToken = authToken;
lmUser.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(loginData.ExpirationSeconds);
lmUser.IsAuthenticated = true;
lmUser.UserName = loginData.UserId;
lmUser.Roles = userRoles;
lmUser.SessionId = sessionId["ASP.NET_SessionId"].Value;
lmUser.DomainId = user.DomainId;
lmUser.DomainName = Caching.GetDomainName(user.DomainId);
session.AuthToken = authToken;
session.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(loginData.ExpirationSeconds);
session.IsAuthenticated = true;
session.Username = loginData.UserId;
session.DomainId = user.DomainId;
// Remove DomainUser if exists so Signal-R connection ID for this user is reset.
DomainUsersHandler.RemoveDomainUser(lmUser.UserName);
// Add new DomainUser
DomainUsersHandler.AddDomainUser(user.DomainId, lmUser);
_logger.LogInfo($"User '{lmUser.UserName}' successfully logged in");
_logger.LogInfo($"User Info: {JsonConvert.SerializeObject(lmUser)}");
base.OnAuthorization(actionContext);
}
}
else
{
SetUnauthorized(actionContext, session);
_logger.LogWarning($"User does not have required permissions. Required roles: {JsonConvert.SerializeObject(RequiredRoles)}");
}
}
}
catch (Exception ex)
{
SetUnauthorized(actionContext, session);
actionContext.Response.Headers.Add("Error", ex.Message);
_logger.LogError(ex, "Error authenticating user");
if (ex.InnerException != null)
{
actionContext.Response.Headers.Add("ErrorInner", ex.InnerException.Message);
_logger.LogError(ex.InnerException, "Error authenticating user (Inner Exception)");
}
}
}
}
