/// <summary>
/// Confirms whether the user authentication can complete successfully.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>The response.</returns>
private Response ConfirmUserAuthentication(ConfirmUserAuthenticationServiceRequest request)
{
DeviceConfiguration deviceConfiguration = request.RequestContext.GetDeviceConfiguration();
if (!this.IsServiceEnabled(deviceConfiguration))
{
throw new UserAuthenticationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthenticationMethodDisabled, "Authentication service is disabled.");
}
if (this.IsPasswordRequired(deviceConfiguration))
{
if (string.IsNullOrWhiteSpace(request.Password))
{
throw new UserAuthenticationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_PasswordRequired);
}
// call auth service for password check
UserLogOnServiceRequest passwordAuthenticationRequest = new UserLogOnServiceRequest(
request.UserId,
request.Password,
request.Credential,
PasswordGrantType,
request.ExtraAuthenticationParameters);
request.RequestContext.Execute <Response>(passwordAuthenticationRequest);
}
return(new NullResponse());
}
/// <summary>
/// Authenticates and authorizes the user.
/// </summary>
/// <param name="request">UserAuthenticationRequest request object.</param>
/// <param name="device">The device.</param>
/// <returns>Employee object.</returns>
internal static Employee AuthenticateAndAuthorizeUser(UserAuthenticationRequest request, Device device)
{
// Authenticate
Employee employee;
string staffId; // in extended authentication cases, this value might be empty
RequestContext executionContext = request.RequestContext;
if (device != null && request.RequestContext.GetPrincipal().IsChannelAgnostic)
{
executionContext = CreateRequestContext(string.Empty, device, request.RequestContext.Runtime);
}
UserLogOnServiceRequest authenticateServiceRequest = new UserLogOnServiceRequest(
request.StaffId,
request.Password,
request.Credential,
request.GrantType,
request.AdditionalAuthenticationData);
UserLogOnServiceResponse response = executionContext.Execute <UserLogOnServiceResponse>(authenticateServiceRequest);
staffId = response.StaffId;
// Authorize only if this was for elevate user
if (request.RetailOperation != RetailOperation.None)
{
var authorizeStaffRequest = new StaffAuthorizationServiceRequest(
request.RequestContext.GetPrincipal().UserId,
request.RetailOperation);
bool currentUserAlreadyAuthorizedForOperation = true;
try
{
executionContext.Execute <StaffAuthorizationServiceResponse>(authorizeStaffRequest);
}
catch (UserAuthorizationException authorizationException)
{
if (string.Equals(authorizationException.ErrorResourceId, SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthorizationFailed.ToString(), StringComparison.Ordinal))
{
currentUserAlreadyAuthorizedForOperation = false;
}
}
if (currentUserAlreadyAuthorizedForOperation)
{
RetailLogger.Log.CrtWorkflowUserAuthenticationUserAlreadyHasAccessToTheTargetedOperation(request.RequestContext.GetPrincipal().UserId, request.RetailOperation.ToString());
throw new UserAuthorizationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthorizationFailed, "The current user is already authorized to perform the targeted operation.");
}
authorizeStaffRequest = new StaffAuthorizationServiceRequest(
staffId,
request.RetailOperation);
StaffAuthorizationServiceResponse authorizationResponse =
executionContext.Execute <StaffAuthorizationServiceResponse>(authorizeStaffRequest);
employee = authorizationResponse.Employee;
}
else
{
// The employee has already been authenticated above.
employee = new Employee()
{
StaffId = staffId
};
// if we created a new context, then we need to update it here with the staff id
executionContext = CreateRequestContext(staffId, device, request.RequestContext.Runtime);
// This is needed for offline scenarios/logon because as opposed to online/RS in CRT there is no user look up when the identity is presented on API calls.
GetEmployeePermissionsDataRequest permissionsDataRequest = new GetEmployeePermissionsDataRequest(staffId, new ColumnSet());
employee.Permissions = executionContext.Execute <SingleEntityDataServiceResponse <EmployeePermissions> >(permissionsDataRequest).Entity;
}
LogAuthenticationRequest(executionContext, employee.StaffId, AuthenticationStatus.Success, AuthenticationOperation.CreateToken);
return(employee);
}
