public IHttpActionResult Token(LoginViewModel login)
{
if (!ModelState.IsValid)
{
return(this.BadRequestError(ModelState));
}
ClaimsIdentity identity;
if (!_loginProvider.ValidateCredentials(login.UserName, login.Password, out identity))
{
//Log.Debug("Leaving Token(): Incorrect user or password");
return(BadRequest("Incorrect user or password"));
}
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
return(Ok(new LoginAccessViewModel
{
UserName = login.UserName,
AccessToken = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket)
}));
}
public async Task <IHttpActionResult> Login(UTRGVCredentials login)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
ClaimsIdentity identity;
string cn;
bool authorized = false;
if (!_loginProvider.ValidateCredentials(login.email, login.password, out cn, out authorized))
{
return(BadRequest("Incorrect user or password"));
}
if (!authorized)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You're not authorized")));
}
//set the identity values
identity = new ClaimsIdentity(Startup.OAuthOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, cn));
var dbUser = await db.Users.Where(u => u.Cn == cn).FirstOrDefaultAsync();
if (dbUser != null)
{
identity.AddClaim(new Claim(ClaimTypes.Role, dbUser.Role.Name));
}
else
{
identity.AddClaim(new Claim(ClaimTypes.Role, "Faculty"));
}
var duration = int.Parse(_sessionDuration);
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(duration));
return(Ok(Startup.OAuthOptions.AccessTokenFormat.Protect(ticket)));
}
public IActionResult Token([FromBody] ARBDashboard.Models.User user)
{
ClaimsIdentity identity;
if (!_loginProvider.ValidateCredentials(ref user, out identity))
{
return(BadRequest("Incorrect UserName or Password"));
}
Reviewer reviewer = _requestService.GetReviewer(user.Email);
Region region = _requestService.GetAllRegions().Where(x => x.RegionName == user.Region).FirstOrDefault();
// String authString = "Administrator:Welcome@321";
String authString = user.UserName + ":" + user.Password;
var authStringBytes = System.Text.Encoding.UTF8.GetBytes(authString);
String authBaseString = System.Convert.ToBase64String(authStringBytes);
//identity.AddClaim(new Claim("Ticket", authBaseString));
//var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
//var currentUtc = new SystemClock().UtcNow;
//ticket.Properties.IssuedUtc = currentUtc;
//ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(45));
return(Ok(new
{
Name = user.Name,
FirsName = user.FirstName,
LastName = user.LastName,
Region = user.Region,
RegionID = region != null ? region.RegionId.ToString() : "",
Role = (reviewer == null ? "Requester" : (reviewer.Role == "Both" ? "DM" : reviewer.Role)),
IsDMalsoAReviewer = ((reviewer != null && reviewer.Role == "Both") ? true : false),
Email = user.Email.ToLower(),
// AccessToken = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket)
}));
}
