Example #1
0
    /// <summary>
    /// check if customer alresdy exists in Personify
    /// </summary>
    /// <param name="userName">userName</param>
    /// <param name="password">password</param>
    /// <param name="firstName">firstName</param>
    /// <param name="lastName">lastName</param>
    /// <returns>the customer token</returns>
    private string PersonifyRegistered(string userName, string password, string firstName, string lastName)
    {
        var customerToken = String.Empty;

        try
        {
            var customer = ssoClient.SSOCustomerGetByUsername(PersonifyVendorName, PersonifyVendorPassword, userName);
            if (!customer.UserExists)
            {
                var newPersonifyCustomer = ssoClient.SSOCustomerRegister(PersonifyVendorName, PersonifyVendorPassword, userName, password, userName, firstName, lastName, true);

                if (newPersonifyCustomer.Result == false)
                {
                    //TODO: Need to check all of these errors.
                    lblError.Text    = newPersonifyCustomer.Errors.FirstOrDefault();
                    lblError.Visible = true;
                    return(String.Empty);
                }

                customerToken = newPersonifyCustomer.NewCustomerToken;

                //creating customer presonify info
                if (!CreateCustomerInf(userName, firstName, lastName))
                {
                    customerToken = String.Empty;
                    //error disable customer account
                    ssoClient.SSOEnableDisableCustomerAccount(PersonifyVendorName, PersonifyVendorPassword, userName, true);
                }
            }
            else if (customer.UserExists && customer.DisableAccountFlag)// if customer account is disabled
            {
                //enable customer account
                ssoClient.SSOEnableDisableCustomerAccount(PersonifyVendorName, PersonifyVendorPassword, userName, false);
                //creating customer presonify info
                if (!CreateCustomerInf(userName, firstName, lastName))
                {
                    customerToken = String.Empty;
                    //error disable customer account
                    ssoClient.SSOEnableDisableCustomerAccount(PersonifyVendorName, PersonifyVendorPassword, userName, true);
                }
            }
            else
            {
                customerToken    = String.Empty;
                lblError.Visible = true;
                lblError.Text    = GetString("UserInfo.EmailAlreadyExist");
            }
        }
        catch (DataServiceClientException dscex)
        {
            var messages = dscex.ParseMessages();

            var errorMessage = messages.ValidationIssues.ValidationMessage.Aggregate(new StringBuilder(), (x, y) => x.AppendLine(y.Message)).ToString();

            customerToken    = String.Empty;
            lblError.Visible = true;
            lblError.Text    = errorMessage;
            EventLogProvider.LogException(dscex.Source, dscex.Message, dscex);
        }
        catch (Exception ex)
        {
            customerToken    = String.Empty;
            lblError.Visible = true;
            lblError.Text    = RegistrationErrorMessage;
            EventLogProvider.LogException(ex.Source, ex.Message, ex);
        }

        return(customerToken);
    }
    /// <summary>
    /// Logic to handle SSO sign in/out and user reauthorization
    /// </summary>
    protected void Page_Load(object sender, EventArgs e)
    {
        // Did user log out?
        CheckForLogout();

        // Do we need to reauthorize user?
        ReAuthorizeCheck();

        Session[PersonifySessionKey] = null;

        // Check for empty session values
        if (Session[UserNameSessionKey] == null || (string)Session[PasswordSessionKey] == null)
        {
            ReAuthorizeFail();
        }

        var username = (string)Session[UserNameSessionKey];
        var password = (string)Session[PasswordSessionKey];

        // Logic to handle retry
        if (Session[RetryCountSessionKey] == null)
        {
            Session[RetryCountSessionKey] = 0;
        }
        else if ((int)Session[RetryCountSessionKey] == 5)
        {
            Session[RetryCountSessionKey] = null;
            EventLogProvider.LogException("SSOHandler", "Retry", new Exception("Cannot resolve username and password with autologin.  Exceeded retry limit."), SiteContext.CurrentSiteID);
            URLHelper.Redirect(_loginErrorUrl);
        }
        else
        {
            var current = (int)Session[RetryCountSessionKey] + 1;

            Session[RetryCountSessionKey] = current;
        }

        // Get customer from Personify
        var ssoCustomer = ssoClient.SSOCustomerGetByUsername(_personifySsoVendorName, _personifySsoVendorPassword, username);

        // Check if Customer exists in Personify
        if (ssoCustomer == null)
        {
            EventLogProvider.LogException("SSOHandler", "LookupCustomer", new Exception("ssoCustomer does not exist for given username."), SiteContext.CurrentSiteID);
            URLHelper.Redirect(_loginErrorUrl);
            //throw new Exception("ssoCustomer does not exist for given username.");
        }

        // Get Token from Personify Request
        var customerToken  = Request.QueryString["ct"];
        var decryptedToken = String.Empty;

        var rememberMe = Session[RememberMeSessionKey] != null ? (bool)Session[RememberMeSessionKey] : false;

        // If decrypted token is not empty and valid, then proceed to log in
        if (!string.IsNullOrEmpty(customerToken) && isValidToken(decryptedToken = DecryptCustomerToken(customerToken)))
        {
            Session[PersonifySessionKey] = decryptedToken;

            // Verify Kentico User
            VerifyKenticoUser(decryptedToken, username);

            // Log in to Kentico
            AuthenticationHelper.AuthenticateUser(username, rememberMe);

            // Set SSO Token cookie
            var ssoToken = new HttpCookie(SSOTokenCookie, decryptedToken);
            ssoToken.Expires = DateTime.Now.AddDays(90);
            Response.Cookies.Add(ssoToken);

            SessionHelper.Remove("VendorToken");

            RedirectToDesiredURL();
        }
        else
        {
            //we don't have a valid token, initiate Retry
            String returnURL = HttpContext.Current.Request.Url.AbsoluteUri;

            if (!String.IsNullOrEmpty(HttpContext.Current.Request.Url.Query))
            {
                returnURL = returnURL.Replace(HttpContext.Current.Request.Url.Query, "");
            }

            var encryptedVendorToken = RijndaelAlgorithm.GetVendorToken(returnURL, _personifySsoVendorPassword, _personifySsoVendorBlock, username, password, rememberMe);
            SessionHelper.SetValue("VendorToken", encryptedVendorToken);
            var url = string.Format("{0}?vi={1}&vt={2}", _personifyAutoLoginUrl, _personifyVendorID, encryptedVendorToken);
            Response.Redirect(url);
        }
    }