/// <summary> /// Confirms whether the user authentication can complete successfully. /// </summary> /// <param name="request">The request.</param> /// <returns>The response.</returns> private Response ConfirmUserAuthentication(ConfirmUserAuthenticationServiceRequest request) { DeviceConfiguration deviceConfiguration = request.RequestContext.GetDeviceConfiguration(); if (!this.IsServiceEnabled(deviceConfiguration)) { throw new UserAuthenticationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthenticationMethodDisabled, "Authentication service is disabled."); } if (this.IsPasswordRequired(deviceConfiguration)) { if (string.IsNullOrWhiteSpace(request.Password)) { throw new UserAuthenticationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_PasswordRequired); } // call auth service for password check UserLogOnServiceRequest passwordAuthenticationRequest = new UserLogOnServiceRequest( request.UserId, request.Password, request.Credential, PasswordGrantType, request.ExtraAuthenticationParameters); request.RequestContext.Execute <Response>(passwordAuthenticationRequest); } return(new NullResponse()); }
/// <summary> /// Authenticates and authorizes the user. /// </summary> /// <param name="request">UserAuthenticationRequest request object.</param> /// <param name="device">The device.</param> /// <returns>Employee object.</returns> internal static Employee AuthenticateAndAuthorizeUser(UserAuthenticationRequest request, Device device) { // Authenticate Employee employee; string staffId; // in extended authentication cases, this value might be empty RequestContext executionContext = request.RequestContext; if (device != null && request.RequestContext.GetPrincipal().IsChannelAgnostic) { executionContext = CreateRequestContext(string.Empty, device, request.RequestContext.Runtime); } UserLogOnServiceRequest authenticateServiceRequest = new UserLogOnServiceRequest( request.StaffId, request.Password, request.Credential, request.GrantType, request.AdditionalAuthenticationData); UserLogOnServiceResponse response = executionContext.Execute <UserLogOnServiceResponse>(authenticateServiceRequest); staffId = response.StaffId; // Authorize only if this was for elevate user if (request.RetailOperation != RetailOperation.None) { var authorizeStaffRequest = new StaffAuthorizationServiceRequest( request.RequestContext.GetPrincipal().UserId, request.RetailOperation); bool currentUserAlreadyAuthorizedForOperation = true; try { executionContext.Execute <StaffAuthorizationServiceResponse>(authorizeStaffRequest); } catch (UserAuthorizationException authorizationException) { if (string.Equals(authorizationException.ErrorResourceId, SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthorizationFailed.ToString(), StringComparison.Ordinal)) { currentUserAlreadyAuthorizedForOperation = false; } } if (currentUserAlreadyAuthorizedForOperation) { RetailLogger.Log.CrtWorkflowUserAuthenticationUserAlreadyHasAccessToTheTargetedOperation(request.RequestContext.GetPrincipal().UserId, request.RetailOperation.ToString()); throw new UserAuthorizationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthorizationFailed, "The current user is already authorized to perform the targeted operation."); } authorizeStaffRequest = new StaffAuthorizationServiceRequest( staffId, request.RetailOperation); StaffAuthorizationServiceResponse authorizationResponse = executionContext.Execute <StaffAuthorizationServiceResponse>(authorizeStaffRequest); employee = authorizationResponse.Employee; } else { // The employee has already been authenticated above. employee = new Employee() { StaffId = staffId }; // if we created a new context, then we need to update it here with the staff id executionContext = CreateRequestContext(staffId, device, request.RequestContext.Runtime); // This is needed for offline scenarios/logon because as opposed to online/RS in CRT there is no user look up when the identity is presented on API calls. GetEmployeePermissionsDataRequest permissionsDataRequest = new GetEmployeePermissionsDataRequest(staffId, new ColumnSet()); employee.Permissions = executionContext.Execute <SingleEntityDataServiceResponse <EmployeePermissions> >(permissionsDataRequest).Entity; } LogAuthenticationRequest(executionContext, employee.StaffId, AuthenticationStatus.Success, AuthenticationOperation.CreateToken); return(employee); }