private static string GetAuthUrl(int tenantId)
{
var tenantResource = new TenantResource();
var tenant = tenantResource.GetTenant(tenantId);
return HttpHelper.GetUrl(tenant.Domain);
}
//[HttpPost]
//[ConfigurationAuthFilter]
public async Task<ActionResult> Index(int? tenantId)
{
if (tenantId.HasValue)
{
var tenantResource = new TenantResource();
var tenant = await tenantResource.GetTenantAsync(tenantId.Value);
}
string cookieToken;
string formToken;
AntiForgery.GetTokens(null, out cookieToken, out formToken);
ViewBag.cookieToken = cookieToken;
ViewBag.formToken = formToken;
return View();
}
public async Task<Site> GetSite(IApiContext apiContext)
{
if (apiContext.SiteId.GetValueOrDefault(0) == 0)
throw new Exception("Site ID is missing in api context");
var tenant = apiContext.Tenant;
if (tenant == null)
{
var tenantResource = new TenantResource();
tenant = await tenantResource.GetTenantAsync(apiContext.TenantId);
}
var site = tenant.Sites.SingleOrDefault(x => x.Id == apiContext.SiteId);
if (site == null)
throw new Exception("Site " + apiContext.SiteId + " not found for tenant " + tenant.Name);
return site;
}
private void cbTenant_changed(object sender, EventArgs e)
{
try
{
cbSite.DataSource = null;
var scope = (Scope) cbTenant.SelectedItem;
var tenantResource = new TenantResource();
_tenant = tenantResource.GetTenant(scope.Id);
var sites = _tenant.Sites;
cbSite.DataSource = sites;
cbSite.DisplayMember = "Name";
panelAPI.Show();
}
catch (Exception exc)
{
LogError(exc);
}
}
private static Site GetSite(int tenantId, int siteId)
{
var tenantResource = new TenantResource();
var tenant = tenantResource.GetTenant(tenantId);
var site = tenant.Sites.SingleOrDefault(x => x.Id.Equals(siteId));
if (site == null) throw new Exception(string.Format("{0} not found for tenant {1}", siteId, tenantId));
return site;
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
if (!ConfigurationAuth.IsRequestValid(filterContext.HttpContext.Request))
throw new SecurityException("Unauthorized");
var request = filterContext.RequestContext.HttpContext.Request;
var apiContext = new ApiContext(request.Headers); //try to load from headers
if (apiContext.TenantId == 0)
{
//try to load from body
apiContext = new ApiContext(request.Form);
}
if (apiContext.TenantId == 0) //if not found load from query string
{
var tenantId = request.QueryString.Get("tenantId");
if (String.IsNullOrEmpty(tenantId))
{
filterContext.HttpContext.Response.StatusCode = 401;
filterContext.HttpContext.Response.End();
}
apiContext = new ApiContext(int.Parse(tenantId));
}
var requestUri = filterContext.HttpContext.Request.Path.Split('/');
string path ="/"+ requestUri[1] + "/" + apiContext.TenantId.ToString();
filterContext.HttpContext.Response.Cookies.Add(GetCookie("subNavLink", (String.IsNullOrEmpty(apiContext.UserId) ? "0" : "1"), path));
try
{
var tenantResource = new TenantResource();
var tenant = Task.Factory.StartNew(() => tenantResource.GetTenantAsync(apiContext.TenantId).Result, TaskCreationOptions.LongRunning).Result;
}
catch (ApiException exc)
{
_logger.Error(exc);
filterContext.HttpContext.Response.StatusCode = 401;
filterContext.HttpContext.Response.End();
}
string cookieToken;
string formToken;
AntiForgery.GetTokens(null, out cookieToken, out formToken);
filterContext.HttpContext.Response.Cookies.Add(GetCookie("formToken", HttpUtility.UrlEncode(formToken),path));
filterContext.HttpContext.Response.Cookies.Add(GetCookie("cookieToken", HttpUtility.UrlEncode(cookieToken),path));
filterContext.HttpContext.Response.Cookies.Add(GetCookie("tenantId", apiContext.TenantId.ToString(),path));
if (!string.IsNullOrEmpty(apiContext.UserId))
filterContext.HttpContext.Response.Cookies.Add(GetCookie(Headers.USERID, apiContext.UserId,path));
else
filterContext.HttpContext.Response.Cookies.Remove(Headers.USERID);
var hashString = string.Concat(apiContext.TenantId.ToString(), cookieToken, formToken);
if (!string.IsNullOrEmpty(apiContext.UserId))
{
_logger.Info("Adding userid to hash :" + apiContext.UserId);
hashString = string.Concat(hashString, apiContext.UserId);
}
var hash = SHA256Generator.GetHash(string.Empty, hashString);
_logger.Info("Computed Hash : " + hash);
filterContext.HttpContext.Response.Cookies.Add(GetCookie("hash", HttpUtility.UrlEncode(hash),path));
}
private static bool Validate(IApiContext apiContext, string formToken, string cookieToken, bool isSubNavLink)
{
try
{
AntiForgery.Validate(cookieToken, formToken);
}
catch (Exception)
{
return false;
}
//Validate tenant access
if (apiContext.TenantId < 0) return false;
if (String.IsNullOrEmpty(apiContext.HMACSha256))
throw new UnauthorizedAccessException();
var stringToHash = String.Concat(apiContext.TenantId.ToString(), cookieToken, formToken);
if (!String.IsNullOrEmpty(apiContext.UserId) && isSubNavLink)
{
_logger.Info("Userid:" + apiContext.UserId);
stringToHash = String.Concat(stringToHash, apiContext.UserId);
}
var computedHash = Security.SHA256Generator.GetHash(string.Empty, stringToHash );
if (apiContext.HMACSha256 != computedHash)
{
_logger.Info("Header hash : " + HttpUtility.UrlDecode(apiContext.HMACSha256));
_logger.Info("Computed hash : " + computedHash);
return false;
}
try
{
var tenantResource = new TenantResource();
var tennat = Task.Factory.StartNew(() => tenantResource.GetTenantAsync(apiContext.TenantId).Result, TaskCreationOptions.LongRunning).Result;
}
catch (ApiException ae)
{
return false;
}
return true;
}
