public GetItemResponse<SessionObject> GetSessionObject(SessionRequest request)
{
var response = new GetItemResponse<SessionObject>();
LogonLog logonLog = new LogonLog();
logonLog.ID = SequentialGuid.NewDbGuid();
logonLog.ApplicationID = request.ApplicationID;
logonLog.HostIPAddress = request.HostIPAddress;
logonLog.FailureCode = AuthenticationResult.Undefined;
logonLog.LoginUsername = request.Username.Truncate(50);
try
{
SessionObject sessionObj = null;
//look for session in cache, if exists return it.
sessionObj = SessionObjectCache.Instance.GetSession(request.SessionID);
if (sessionObj != null)
{
//we must clone otherwise wcf may mess up the channel
return new GetItemResponse<SessionObject>(sessionObj.Clone());
}
if (sessionObj == null)
{
if (request.SessionID != Guid.Empty)
{
_Log.InfoFormat("Session {0} not in cache", request.SessionID);
//log the session expiry - this must be a seperate log with a sepereate id see IM-4806
LogonLog expiryLog = new LogonLog();
expiryLog.ID = SequentialGuid.NewDbGuid();
expiryLog.ApplicationID = request.ApplicationID;
expiryLog.HostIPAddress = request.HostIPAddress;
expiryLog.FailureCode = AuthenticationResult.Undefined;
expiryLog.LoginUsername = request.Username.Truncate(50);
expiryLog.Logon = LogonType.SessionExpired;
expiryLog.SessionObjectID = request.SessionID;
expiryLog.SecurityEntityID = request.SecurityEntityID;
//companyid and userid are unknown
SaveLogonLog(new SaveRequest<LogonLog>(expiryLog));
}
SecurityEntity entity;
bool impersonation = false;
if (request.SecurityEntityID != Guid.Empty)
{
var seResponse = GetSecurityEntity(new IDRequest(request.SecurityEntityID));
ErrorHandler.Check(seResponse);
entity = seResponse.Item;
impersonation = true;
logonLog.Logon = LogonType.Impersonation;
if (entity != null)
{
logonLog.FailureCode = AuthenticationResult.Success;
logonLog.LoginUsername = entity.LoginUsername;
}
else
{
logonLog.FailureCode = AuthenticationResult.Undefined;
logonLog.LoginUsername = "******";
}
}
else
{
logonLog.FailureCode = Authenticate(request.Username, request.Password, request.Mode, request.EntityType, out entity);
logonLog.Logon = LogonType.UserLogon;
}
string msg = string.Format("SecurityEntity: {0} for `{1}` -> {2}/{3}", entity, request.Username, logonLog.Logon, logonLog.FailureCode);
_Log.Info(msg);
response.StatusMessage = msg;
if (entity == null)
{
response.Status = false;
logonLog.FailureCode = AuthenticationResult.SecurityEntityNotFound;
logonLog.Success = false;
logonLog.SessionObjectID = Guid.Empty;
logonLog.SecurityEntityID = Guid.Empty;
}
else
{
logonLog.CompanyID = entity.CompanyID;
logonLog.SecurityEntityID = entity.ID;
logonLog.UserID = entity.UserID;
if (logonLog.FailureCode == AuthenticationResult.Success)
{
var permissionList = GetSecurityPermissionList(request.ApplicationID, entity)
.ConvertAll<Guid>(permission => permission.SecurityObjectID);
// Check if this it is the Imarda Admin Console trying to log in thru the provioning service
// in that case Flags == 2, and the IAC login security object must be linked to the security entity of the user
if (request.Mode == LoginMode.IAC && !permissionList.Contains(AuthToken.ImardaAdminServiceLogin))
{
msg = string.Format("IAC login {0} failed, IAC permission for {1} not found", request.Username, entity);
_Log.Info(msg);
response.Status = false;
response.StatusMessage = msg;
logonLog.FailureCode = AuthenticationResult.IACPermissionNotFound;
logonLog.Success = false;
logonLog.SessionObjectID = Guid.Empty;
SaveLogonLog(new SaveRequest<LogonLog>(logonLog));
return response;
}
sessionObj = new SessionObject
{
ApplicationID = request.ApplicationID,
SessionID = Guid.NewGuid(),
CRMID = entity.CRMId,
SecurityEntityID = entity.ID,
CompanyID = entity.CompanyID,
Username = entity.LoginUsername,
Password = entity.LoginPassword,
PermissionsList = permissionList,
Impersonation = impersonation,
TimeZoneKey = entity.TimeZone,
EntityName = entity.EntityName,
EntityType = entity.EntityType,
EnableTimeZoneSelect = entity.EnableTimeZoneSelect,
};
logonLog.Success = true;
logonLog.SessionObjectID = sessionObj.SessionID;
SessionObjectCache.Instance.StoreSession(sessionObj);
_Log.InfoFormat("Store new session: {0}", sessionObj);
}
}
SaveLogonLog(new SaveRequest<LogonLog>(logonLog));
}
return new GetItemResponse<SessionObject>(sessionObj) {ErrorCode = logonLog.FailureCode.ToString()}; // StatusMessage = response.StatusMessage};
}
catch (Exception ex)
{
return ErrorHandler.Handle<GetItemResponse<SessionObject>>(ex);
}
}
public BusinessMessageResponse Logout(SessionRequest request)
{
try
{
var session = SessionObjectCache.Instance.GetSession(request.SessionID);
if (session == null)
{
return new BusinessMessageResponse();
}
var resp = new BusinessMessageResponse();
var service2 = ImardaProxyManager.Instance.IImardaConfigurationProxy;
ChannelInvoker.Invoke(delegate(out IClientChannel channel2)
{
channel2 = service2 as IClientChannel;
var request2 = new ConfigListRequest(null, session.CompanyID, session.CRMID);
resp = service2.RemoveFromCache(request2);
});
SessionObjectCache.Instance.DeleteSession(request.SessionID);
//save logonlog
if (resp.Status)
{
var service3 = ImardaProxyManager.Instance.IImardaSecurityProxy;
ChannelInvoker.Invoke(delegate(out IClientChannel channel3)
{
channel3 = service3 as IClientChannel;
LogonLog logonLog = new LogonLog();
logonLog.ID = SequentialGuid.NewDbGuid();
logonLog.ApplicationID = request.ApplicationID;
logonLog.HostIPAddress = request.HostIPAddress;
logonLog.CompanyID = session.CompanyID;
logonLog.SecurityEntityID = session.SecurityEntityID;
logonLog.SessionObjectID = session.SessionID;
logonLog.LoginUsername = session.Username;
logonLog.UserID = session.CRMID;
logonLog.Logon = (request.Username == null) ? LogonType.UserLogoff : LogonType.AutoLogoff;
var request3 = new SaveRequest<LogonLog>(logonLog);
resp = service3.SaveLogonLog(request3);
});
}
return resp;
}
catch (Exception ex)
{
return ErrorHandler.Handle(ex);
}
}
