public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
if (credentials == null || String.IsNullOrEmpty(credentials.AccountName) || String.IsNullOrEmpty(credentials.AccountPassword))
{
throw new MdoException("Invalid RDW credenetials");
}
_creds = credentials;
// see if provider was specified in datasource - use default from proxy code if not
WebRequest cookieRequest = WebRequest.Create(String.IsNullOrEmpty(Cxn.DataSource.Provider) ? new Uri(new MDWSRPCs().Url) : new Uri(Cxn.DataSource.Provider));
cookieRequest.Method = "POST";
cookieRequest.ContentType = "application/x-www-form-urlencoded";
string postBody = "CacheUserName="******"&CachePassword="******"&CacheLogin=Login";
cookieRequest.ContentLength = postBody.Length;
Stream requestStream = cookieRequest.GetRequestStream();
requestStream.Write(System.Text.Encoding.ASCII.GetBytes(postBody), 0, postBody.Length);
requestStream.Close();
WebResponse cookieResponse = cookieRequest.GetResponse();
// expect the response URI to contain the session token for subsequent requests - throw an error if the strings are the same
if (String.Equals(cookieResponse.ResponseUri.ToString(), _cxn.DataSource.Provider))
{
throw new MdoException("Authentication failed. Response URI did not contain session token");
}
_cxn.DataSource.Provider = cookieResponse.ResponseUri.ToString(); // set the provider to the URL containing the cookie
_creds.AuthenticationToken = cookieResponse.ResponseUri.ToString();
this.isAuthorized = true;
return("OK");
}
// This does an administrative visit in order to get the true user's data
internal User getVisitorData(string userSitecode, string DUZ, string appPwd)
{
Site site = mySession.SiteTable.getSite(userSitecode);
AbstractCredentials credentials = getAdministrativeCredentials(site);
credentials.AuthenticationToken = userSitecode + '_' + credentials.LocalUid;
credentials.SecurityPhrase = appPwd;
string context = MdwsConstants.MDWS_CONTEXT;
if (mySession.DefaultVisitMethod == MdwsConstants.NON_BSE_CREDENTIALS)
{
context = MdwsConstants.CPRS_CONTEXT;
}
// Here we do NOT set mySession.PrimaryPermission. This context is being set
// solely for the Admin user to get the true user's credentials. mySession.PrimaryPermission
// is for the true user.
AbstractPermission permission = new MenuOption(context);
permission.IsPrimary = true;
User u = doTheVisit(userSitecode, credentials, permission);
UserApi userApi = new UserApi();
User trueUser = userApi.getUser(myCxn, DUZ);
myCxn.disconnect();
return(trueUser);
}
public override User authenticateAndAuthorize(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource = null)
{
if ("prod".Equals(Mode))
{
AbstractConnection vistaConnection = initializeVistaConnection();
gov.va.medora.mdo.dao.vista.VistaAccount vistaAccount = new vista.VistaAccount(vistaConnection);
vistaAccount.AuthenticationMethod = this.AuthenticationMethod;
vistaConnection.Account = vistaAccount;
User user = vistaAccount.authenticateAndAuthorize(credentials, permission, vistaConnection.DataSource);
this.isAuthenticated = vistaAccount.IsAuthenticated;
this.isAuthorized = vistaAccount.IsAuthorized;
return(user);
}
else
{
this.isAuthenticated = true;
this.isAuthorized = true;
User user = new User();
user.setName("dev");
return(user);
}
}
public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource)
{
object result = base.authorizedConnect(credentials, permission, validationDataSource);
//_eventArgs.ConnectionEventType = ConnectionPoolEventArgs.ConnectionChangeEventType.ConnectionAvailable;
//OnChanged(_eventArgs);
return result;
}
internal string buildAddRecordStatement(AbstractCredentials creds, string encryptionKey)
{
string phoneNum = "No phone";
if (!String.IsNullOrEmpty(creds.SubjectPhone))
{
phoneNum = creds.SubjectPhone;
}
string result = "INSERT INTO " + _tableName +
" (SessionID,SSN,Name,DUZ,SiteId,SiteName,Phone) VALUES (";
if (_encrypt)
{
result += "'" + escapeString(SSTCryptographer.Encrypt(creds.AuthenticationToken, encryptionKey)) + "'," +
"'" + escapeString(SSTCryptographer.Encrypt(creds.FederatedUid, encryptionKey)) + "'," +
"'" + escapeString(SSTCryptographer.Encrypt(creds.SubjectName, encryptionKey)) + "'," +
"'" + escapeString(SSTCryptographer.Encrypt(creds.LocalUid, encryptionKey)) + "'," +
"'" + escapeString(SSTCryptographer.Encrypt(creds.AuthenticationSource.SiteId.Id, encryptionKey)) + "'," +
"'" + escapeString(SSTCryptographer.Encrypt(creds.AuthenticationSource.SiteId.Name, encryptionKey)) + "'," +
"'" + escapeString(SSTCryptographer.Encrypt(phoneNum, encryptionKey));
}
else
{
result += "'" + escapeString(creds.AuthenticationToken) + "'," +
"'" + escapeString(creds.FederatedUid) + "'," +
"'" + escapeString(creds.SubjectName) + "'," +
"'" + escapeString(creds.LocalUid) + "'," +
"'" + escapeString(creds.AuthenticationSource.SiteId.Id) + "'," +
"'" + escapeString(creds.AuthenticationSource.SiteId.Name) + "'," +
"'" + escapeString(phoneNum);
}
result += "');";
return(result);
}
internal void doTheAuthorize(AbstractCredentials credentials, AbstractPermission permission)
{
//// if we are requesting CPRS context with a visit and user does not have it - add it to their account
if (permission.Name == VistaConstants.CPRS_CONTEXT &&
!Cxn.Account.Permissions.ContainsKey(VistaConstants.CPRS_CONTEXT) &&
!Cxn.Account.AuthenticationMethod.Equals(VistaConstants.LOGIN_CREDENTIALS))
{
addContextInVista(Cxn.Uid, permission);
}
else
{
setContext(permission);
}
if (String.IsNullOrEmpty(Cxn.Uid))
{
if (String.IsNullOrEmpty(credentials.FederatedUid))
{
throw new MdoException("Missing federated UID, cannot get local UID");
}
VistaUserDao dao = new VistaUserDao(Cxn);
Cxn.Uid = dao.getUserIdBySsn(credentials.FederatedUid);
if (String.IsNullOrEmpty(Cxn.Uid))
{
throw new MdoException("Unable to get local UID for federated ID " + credentials.FederatedUid);
}
}
if (!credentials.Complete)
{
VistaUserDao dao = new VistaUserDao(Cxn);
dao.addVisitorInfo(credentials);
}
}
public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
if (!(credentials is LdapCredentials))
{
throw new MdoException("Invalid credentials - not LDAP credentials");
}
LdapCredentials ldapCreds = (LdapCredentials)credentials;
DirectoryEntry entry = new DirectoryEntry(Cxn.DataSource.Provider, ldapCreds.AccountName, ldapCreds.AccountPassword);
entry.AuthenticationType = AuthenticationTypes.Secure;
DirectorySearcher search = new DirectorySearcher();
search.SearchRoot = entry;
search.Filter = "(&(objectClass=user)(SAMAccountName=" + ldapCreds.AccountName + "))";
//SearchResultCollection result = (SearchResultCollection)this.Cxn.query("(&(objectClass=user)(SAMAccountName=" + credentials.AccountName + "))");
SearchResultCollection result = search.FindAll();
if (result.Count != 1)
{
throw new MdoException("Invalid credentials");
}
return(result[0].GetDirectoryEntry().Guid.ToString());
}
public TaggedTextArray visitDoD(string pwd)
{
Site site = mySession.SiteTable.getSite(MdwsConstants.DOD_SITE);
AbstractCredentials credentials = getAdministrativeCredentials(site);
credentials.SecurityPhrase = mySession.MdwsConfiguration.AllConfigs[ConfigFileConstants.PRIMARY_CONFIG_SECTION][MdwsConfigConstants.SERVICE_ACCOUNT_PASSWORD];
string context = MdwsConstants.MDWS_CONTEXT;
if (mySession.DefaultVisitMethod == MdwsConstants.NON_BSE_CREDENTIALS)
{
context = MdwsConstants.CPRS_CONTEXT;
}
AbstractPermission permission = new MenuOption(context);
permission.IsPrimary = true;
TaggedTextArray result = new TaggedTextArray();
try
{
User u = doTheVisit(site.Id, credentials, permission);
result.results = new TaggedText[] { new TaggedText(site.Id, u.Uid) };
addMyCxn2CxnSet();
mySession.Credentials = credentials;
mySession.PrimaryPermission = permission;
}
catch (Exception e)
{
result.fault = new FaultTO(e.Message);
}
return(result);
}
internal string login(AbstractCredentials credentials)
{
if (String.IsNullOrEmpty(credentials.AccountName))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Access Code");
}
if (String.IsNullOrEmpty(credentials.AccountPassword))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Verify Code");
}
VistaQuery vq = new VistaQuery("XUS SIGNON SETUP");
string rtn = (string)Cxn.query(vq);
if (rtn == null)
{
throw new UnexpectedDataException("Unable to setup authentication");
}
vq = new VistaQuery("XUS AV CODE");
// This is here so we can test with MockConnection
if (Cxn.GetType().Name != "MockConnection")
{
vq.addEncryptedParameter(vq.LITERAL, credentials.AccountName + ';' + credentials.AccountPassword);
}
else
{
vq.addParameter(vq.LITERAL, credentials.AccountName + ';' + credentials.AccountPassword);
}
rtn = (string)Cxn.query(vq);
//TODO - need to catch renew verify id error
string[] flds = StringUtils.split(rtn, StringUtils.CRLF);
if (flds[0] == "0")
{
throw new UnauthorizedAccessException(flds[3]);
}
AccountId = flds[0];
// Set the connection's UID
Cxn.Uid = AccountId;
// Save the credentials
credentials.LocalUid = AccountId;
credentials.AuthenticationSource = Cxn.DataSource;
credentials.AuthenticationToken = Cxn.DataSource.SiteId.Id + '_' + AccountId;
IsAuthenticated = true;
Cxn.IsRemote = false;
// Set the greeting if there is one
if (flds.Length > 7)
{
return(flds[7]);
}
return("OK");
}
public BseVista2WebVisit(VistaAccount acct, AbstractCredentials creds, DataSource validatorDataSource)
: base(acct, creds)
{
if (validatorDataSource != null)
{
_validatorDataSource = validatorDataSource;
}
}
public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource)
{
object result = base.authorizedConnect(credentials, permission, validationDataSource);
//_eventArgs.ConnectionEventType = ConnectionPoolEventArgs.ConnectionChangeEventType.ConnectionAvailable;
//OnChanged(_eventArgs);
return(result);
}
public override User authenticateAndAuthorize(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource = null)
{
string msg = authenticate(credentials, validationDataSource);
User u = authorize(credentials, permission);
u.Greeting = msg;
return(u);
}
public override User authorize(AbstractCredentials credentials, AbstractPermission permission)
{
if (_authenticate)
{
return(base.authorize(credentials, permission));
}
isAuthorized = isAuthenticated = true;
return(new User());
}
public override User authenticateAndAuthorize(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource)
{
if (_authenticate)
{
return(base.authenticateAndAuthorize(credentials, permission, validationDataSource));
}
isAuthorized = isAuthenticated = true;
return(new User());
}
public string login(AbstractCredentials credentials)
{
if (_authenticate)
{
return(base.login(credentials));
}
isAuthorized = isAuthenticated = true;
return("OK");
}
internal User toUser(AbstractCredentials credentials)
{
User u = new User();
u.Uid = Cxn.Uid;
u.Name = new PersonName(credentials.SubjectName);
u.SSN = new SocSecNum(credentials.FederatedUid);
u.LogonSiteId = Cxn.DataSource.SiteId;
return(u);
}
public override User authorize(AbstractCredentials credentials, AbstractPermission permission)
{
if (permission == null)
{
throw new ArgumentNullException("permission");
}
checkAuthorizeReadiness();
checkPermissionString(permission.Name);
doTheAuthorize(credentials, permission);
return(toUser(credentials));
}
public override User authorize(AbstractCredentials credentials, AbstractPermission permission)
{
if (_creds == null)
{
throw new MdoException("Invalid RDW credenetials. Must authenticate first");
}
return(new User()
{
UserName = _creds.AccountName, Pwd = _creds.AccountPassword
});
}
// Needs to return object so it can be either User or Exception on multi-site connections.
public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource)
{
try
{
connect();
return(Account.authenticateAndAuthorize(credentials, permission, validationDataSource));
}
catch (Exception ex)
{
return(ex);
}
}
public static bool isValidCredentials(string authenticationMethod, AbstractCredentials credentials, AbstractPermission permission)
{
if (credentials == null)
{
return(false);
}
if (authenticationMethod == MdwsConstants.LOGIN_CREDENTIALS)
{
if (String.IsNullOrEmpty(credentials.AccountName) ||
String.IsNullOrEmpty(credentials.AccountPassword))
{
return(false);
}
}
else if (authenticationMethod == MdwsConstants.NON_BSE_CREDENTIALS)
{
if (String.IsNullOrEmpty(credentials.LocalUid) ||
String.IsNullOrEmpty(credentials.FederatedUid) ||
String.IsNullOrEmpty(credentials.SubjectName) ||
credentials.AuthenticationSource == null ||
credentials.AuthenticationSource.SiteId == null ||
String.IsNullOrEmpty(credentials.AuthenticationSource.SiteId.Id) ||
String.IsNullOrEmpty(credentials.AuthenticationSource.SiteId.Name) ||
String.IsNullOrEmpty(credentials.AuthenticationToken))
{
return(false);
}
}
else if (authenticationMethod == MdwsConstants.BSE_CREDENTIALS_V2WEB)
{
if (String.IsNullOrEmpty(credentials.LocalUid) ||
String.IsNullOrEmpty(credentials.FederatedUid) ||
String.IsNullOrEmpty(credentials.SubjectName) ||
credentials.AuthenticationSource == null ||
credentials.AuthenticationSource.SiteId == null ||
String.IsNullOrEmpty(credentials.AuthenticationSource.SiteId.Id) ||
String.IsNullOrEmpty(credentials.AuthenticationSource.SiteId.Name) ||
String.IsNullOrEmpty(credentials.AuthenticationToken) ||
String.IsNullOrEmpty(credentials.SecurityPhrase))
{
return(false);
}
}
else
{
throw new ArgumentException("Invalid credential type");
}
if (permission == null || String.IsNullOrEmpty(permission.Name))
{
return(false);
}
return(true);
}
public UserTO login(string accountUsername, string accountPwd, string permissionString = null)
{
// TODO - FIX!!! This is very ugly - here so that SOAP and REST services can both be stateful or stateless
if (!Convert.ToBoolean(_mySession.MdwsConfiguration.AllConfigs[MdwsConfigConstants.CONNECTION_POOL_CONFIG_SECTION][MdwsConfigConstants.CONNECTION_POOLING]))
{
return(new gov.va.medora.mdws.AccountLib(_mySession).login(accountUsername, accountPwd, permissionString));
}
UserTO result = new UserTO();
AbstractConnection c = null;
try
{
MdwsUtils.checkNullArgs(MdwsUtils.getArgsDictionary(
System.Reflection.MethodInfo.GetCurrentMethod().GetParameters(), new List <object>()
{
_mySession.ConnectionSet.BaseSiteId, accountUsername, accountPwd, permissionString
}));
c = _mySession.ConnectionSet.BaseConnection;
AbstractCredentials credentials = AbstractCredentials.getCredentialsForCxn(c);
credentials.AccountName = accountUsername;
credentials.AccountPassword = accountPwd;
c.Account.AuthenticationMethod = MdwsConstants.LOGIN_CREDENTIALS;
if (String.IsNullOrEmpty(permissionString))
{
permissionString = MdwsConstants.CPRS_CONTEXT;
}
_mySession.PrimaryPermission = new MenuOption(permissionString);
_mySession.User = c.Account.authenticateAndAuthorize(credentials, _mySession.PrimaryPermission);
_mySession.Credentials = credentials;
// REST
_mySession.setAuthorized(_mySession.ConnectionSet.BaseSiteId); // TODO - revisit, need to mark connections as authorized but more-so need to cache the symbol table
// END REST
result = new UserTO(_mySession.User);
}
catch (Exception e)
{
result.fault = new FaultTO(e);
}
finally
{
// REST
//RestSessionMgr.getInstance().returnConnections(_mySession);
// END REST
}
return(result);
}
public static AbstractConnection authorizedConnect(string theUser, bool isBse)
{
string securityPhrase = (isBse ? "" : "NON-BSE");
MockApp theApp = getTheApp(securityPhrase);
DataSource src = VistaSetups.getSrc(theApp.SiteTable, theApp.LoginSitecode);
AbstractDaoFactory f = AbstractDaoFactory.getDaoFactory(AbstractDaoFactory.getConstant(src.Protocol));
AbstractConnection cxn = f.getConnection(src);
AbstractCredentials credentials = getVisitCredentials(theApp);
AbstractPermission permission = new MenuOption(theApp.User.PermissionString);
theApp.User = (User)cxn.authorizedConnect(credentials, permission, null);
return(cxn);
}
/// <summary>
/// Log onto a data source.
/// </summary>
/// <remarks>
/// Combines authentication and authorization into a single function.
/// It will create a new set of session credentials and a primary permission.
/// These credentials can then be used for subsequent visits.
/// Login requires a previous connection.
/// </remarks>
/// <param name="accountId">Access code</param>
/// <param name="accountPwd">Verify code</param>
/// <param name="permissionString">If blank defaults to CPRS context</param>
/// <returns>UserTO</returns>
public UserTO login(string accountId, string accountPwd, string permissionString)
{
UserTO result = new UserTO();
if (!mySession.HasBaseConnection)
{
result.fault = new FaultTO("There is no connection to log onto");
}
else if (accountId == "")
{
result.fault = new FaultTO("Missing account ID");
}
else if (accountPwd == "")
{
result.fault = new FaultTO("Missing account password");
}
if (result.fault != null)
{
return(result);
}
try
{
AbstractConnection c = mySession.ConnectionSet.BaseConnection;
AbstractCredentials credentials = AbstractCredentials.getCredentialsForCxn(c);
credentials.AccountName = accountId;
credentials.AccountPassword = accountPwd;
c.Account.AuthenticationMethod = MdwsConstants.LOGIN_CREDENTIALS;
if (String.IsNullOrEmpty(permissionString))
{
permissionString = MdwsConstants.CPRS_CONTEXT;
}
mySession.PrimaryPermission = new MenuOption(permissionString);
mySession.User = c.Account.authenticateAndAuthorize(credentials, mySession.PrimaryPermission);
mySession.Credentials = credentials;
result = new UserTO(mySession.User);
}
catch (Exception e)
{
result.fault = new FaultTO(e.Message);
}
return(result);
}
public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
if (Cxn == null || !Cxn.IsConnected)
{
throw new ConnectionException("Must have connection");
}
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
else
{
throw new ArgumentException("Invalid credentials");
}
}
public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
if (Cxn == null || !Cxn.IsConnected)
{
throw new ConnectionException("Must have connection");
}
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
else
{
throw new ArgumentException("Invalid credentials");
}
}
internal void validateCredentials(AbstractCredentials credentials)
{
if (Cxn == null || !Cxn.IsConnected)
{
throw new MdoException(MdoExceptionCode.USAGE_NO_CONNECTION, "Must have connection");
}
if (String.IsNullOrEmpty(credentials.AccountName))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Access Code");
}
if (String.IsNullOrEmpty(credentials.AccountPassword))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Verify Code");
}
}
internal void initializePool()
{
logging.Log.LOG("Initializing connection pools...");
if (ConnectionPools.getInstance().PoolSource != null)
{
logging.Log.LOG("Connection pools already initialized");
return; // already set up the pools!
}
SiteTable sites = new SiteTable(ConfigurationManager.AppSettings[config.AppConfigSettingsConstants.VhaSitesFilePath]);
IList <AbstractPoolSource> sources = new List <AbstractPoolSource>();
ConnectionPoolsSource poolsSource = new ConnectionPoolsSource();
poolsSource.CxnSources = new Dictionary <string, ConnectionPoolSource>();
VistaDao trash = new VistaDao();
AbstractCredentials creds = getDownstreamCredentialsFromConfig(getDownstreamUserFromConfig());
foreach (DataSource source in sites.Sources)
{
if (!String.Equals(source.Protocol, "VISTA", StringComparison.CurrentCultureIgnoreCase))
{
continue;
}
ConnectionPoolSource newSource = new ConnectionPoolSource()
{
Timeout = TimeSpan.Parse(ConfigurationManager.AppSettings["PoolConnectionTimeout"]),
WaitTime = TimeSpan.Parse(ConfigurationManager.AppSettings["PoolWaitTimeout"]),
MaxPoolSize = Convert.ToInt32(ConfigurationManager.AppSettings["PoolMaxSize"]),
MinPoolSize = Convert.ToInt32(ConfigurationManager.AppSettings["PoolMinSize"]),
PoolExpansionSize = Convert.ToInt32(ConfigurationManager.AppSettings["PoolExpansionSize"]),
CxnSource = source,
Credentials = creds,
Permission = new MenuOption(ConfigurationManager.AppSettings["PoolUserPermission"])
};
Int32 recycleCount = 0;
if (!String.IsNullOrEmpty(ConfigurationManager.AppSettings["PoolRecycleCount"]) && Int32.TryParse(ConfigurationManager.AppSettings["PoolRecycleCount"], out recycleCount))
{
newSource.RecycleCount = recycleCount;
}
newSource.CxnSource.Protocol = "PVISTA";
poolsSource.CxnSources.Add(source.SiteId.Id, newSource);
}
ConnectionPools pools = (ConnectionPools)AbstractResourcePoolFactory.getResourcePool(poolsSource);
logging.Log.LOG("Successfully completed connection pools initialization");
}
// This is the core visit method the others are using. The permission must have been set before
// getting here.
internal User doTheVisit(string sitecode, AbstractCredentials credentials, AbstractPermission permission)
{
Site site = mySession.SiteTable.getSite(sitecode);
DataSource src = site.getDataSourceByModality("HIS");
if (src == null)
{
throw new Exception("No HIS data source at site " + sitecode);
}
AbstractDaoFactory factory = AbstractDaoFactory.getDaoFactory(AbstractDaoFactory.getConstant(src.Protocol));
myCxn = factory.getConnection(src);
myCxn.Account.AuthenticationMethod = mySession.DefaultVisitMethod;
if (!MdwsUtils.isValidCredentials(myCxn.Account.AuthenticationMethod, credentials, permission))
{
throw new Exception("Invalid credentials");
}
object result = null;
if (myCxn.Account.AuthenticationMethod == VistaConstants.BSE_CREDENTIALS_V2WEB)
{
result = myCxn.authorizedConnect(credentials, permission,
new DataSource()
{
ConnectionString = mySession.MdwsConfiguration.BseValidatorConnectionString
});
}
else
{
result = myCxn.authorizedConnect(credentials, permission, null);
}
if (result.GetType().Name.EndsWith("Exception"))
{
throw (Exception)result;
}
else
{
return((User)result);
}
}
public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
if (Cxn == null || !Cxn.IsConnected)
{
throw new MdoException(MdoExceptionCode.USAGE_NO_CONNECTION, "Must have connection");
}
if (credentials == null)
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing credentials");
}
if (string.IsNullOrEmpty(AuthenticationMethod))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Account AuthenticationMethod");
}
if (AuthenticationMethod == VistaConstants.LOGIN_CREDENTIALS)
{
return login(credentials);
}
// Temporarily disabled - will do only V2WEB for now
//else if (AuthenticationMethod == VistaConstants.BSE_CREDENTIALS_V2V)
//{
// VisitTemplate visitTemplate = new BseVista2VistaVisit(this, credentials);
// return visitTemplate.visit();
//}
else if (AuthenticationMethod == VistaConstants.BSE_CREDENTIALS_V2WEB)
{
VisitTemplate visitTemplate = new BseVista2WebVisit(this, credentials, validationDataSource);
return visitTemplate.visit();
}
else if (AuthenticationMethod == VistaConstants.NON_BSE_CREDENTIALS)
{
VisitTemplate visitTemplate = new NonBseVisit(this, credentials);
return visitTemplate.visit();
}
else
{
throw new ArgumentException("Invalid credentials");
}
}
public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
if (Cxn == null || !Cxn.IsConnected)
{
throw new MdoException(MdoExceptionCode.USAGE_NO_CONNECTION, "Must have connection");
}
if (credentials == null)
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing credentials");
}
if (string.IsNullOrEmpty(AuthenticationMethod))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Account AuthenticationMethod");
}
if (AuthenticationMethod == VistaConstants.LOGIN_CREDENTIALS)
{
return(login(credentials));
}
// Temporarily disabled - will do only V2WEB for now
//else if (AuthenticationMethod == VistaConstants.BSE_CREDENTIALS_V2V)
//{
// VisitTemplate visitTemplate = new BseVista2VistaVisit(this, credentials);
// return visitTemplate.visit();
//}
else if (AuthenticationMethod == VistaConstants.BSE_CREDENTIALS_V2WEB)
{
VisitTemplate visitTemplate = new BseVista2WebVisit(this, credentials, validationDataSource);
return(visitTemplate.visit());
}
else if (AuthenticationMethod == VistaConstants.NON_BSE_CREDENTIALS)
{
VisitTemplate visitTemplate = new NonBseVisit(this, credentials);
return(visitTemplate.visit());
}
else
{
throw new ArgumentException("Invalid credentials");
}
}
public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
if (_authenticate)
{
return(base.authenticate(credentials, validationDataSource));
}
isAuthorized = isAuthenticated = true;
return("OK");
//if (Cxn == null || !Cxn.IsConnected)
//{
// throw new ConnectionException("Must have connection");
//}
//if (credentials == null)
//{
// throw new ArgumentNullException("credentials");
//}
//else
//{
// throw new ArgumentException("Invalid credentials");
//}
}
public override User authorize(AbstractCredentials credentials, AbstractPermission permission)
{
if (!(credentials is LdapCredentials))
{
throw new MdoException("Invalid credentials - not LDAP credentials");
}
// cxn.query only returns a SearchResultCollection so need to manually impersonate here
LdapCredentials ldapCreds = (LdapCredentials)credentials;
PrincipalContext principal = new PrincipalContext(ContextType.Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(principal, ((LdapCredentials)credentials).AccountName);
if (user != null)
{
GroupPrincipal group = GroupPrincipal.FindByIdentity(new PrincipalContext(ContextType.Domain), IdentityType.DistinguishedName, permission.Name);
if (group == null)
{
throw new MdoException("Unable to locate that group in Active Directory");
}
if (user.IsMemberOf(group))
{
User u = new User();
u.PrimaryPermission = new LdapGroup()
{
IsPrimary = true, Name = permission.Name, PermissionId = group.Guid.ToString()
};
u.Domain = base.Cxn.DataSource.Provider;
u.UserName = user.SamAccountName;
return(u);
}
}
// if we reached this point, authorization was unsuccessful - throw error
throw new MdoException("User is not a member of that group");
}
//internal SqlConnection openCxn()
//{
// //string cxnString = "server=" + _server +
// // ";uid=" + _uid + ";pwd=" + _pwd + ";database=" + _dbName;
// SqlConnection cxn = new SqlConnection(_connectionString);
// cxn.Open();
// return cxn;
//}
public void addRecord(AbstractCredentials creds, string encryptionKey)
{
string sql = buildAddRecordStatement(creds, encryptionKey);
_cxn.connect();
SqlCommand myCmd = new SqlCommand(sql, ((UserValidationConnection)_cxn).SqlConnection);
int rows = -1;
try
{
rows = myCmd.ExecuteNonQuery();
}
catch (SqlException e)
{
if (e.Number != 2627) // duplicate key exception code. i.e. primary key violations are ok
{
throw;
}
}
finally
{
_cxn.disconnect();
}
}
string login(AbstractCredentials credentials)
{
throw new NotImplementedException("Login not yet implemented for MockAccount");
}
public override User authenticateAndAuthorize(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource)
{
throw new NotImplementedException();
}
public override User authorize(AbstractCredentials credentials, AbstractPermission permission)
{
throw new NotImplementedException();
}
// TBD - once we get some service accounts, should we verify them somehow?
public override string authenticate(AbstractCredentials credentials, DataSource validationDataSource = null)
{
this.isAuthorized = true;
this.isAuthenticated = true;
return "OK";
}
public void addVisitorInfo(AbstractCredentials credentials)
{
string DUZ = credentials.LocalUid;
string arg = "$P($G(^VA(200," + DUZ + ",0)),\"^\",1)"; //NAME
arg += "_\"^\"_" + "$P($G(^VA(200," + DUZ + ",1)),\"^\",9)";
arg += "_\"^\"_" + "$P($G(^VA(200," + DUZ + ",.13)),\"^\",2)"; //OFFICE PHONE
string response = "";
try
{
response = VistaUtils.getVariableValue(cxn, arg);
}
catch (Exception e)
{
if (e.Message.Contains("M ERROR"))
{
throw new ArgumentException("No such DUZ");
}
else
{
throw e;
}
}
if (response == "")
{
return;
}
string[] flds = StringUtils.split(response, StringUtils.CARET);
credentials.FederatedUid = flds[1];
credentials.SubjectName = flds[0];
credentials.SubjectPhone = flds[2];
credentials.AuthenticationSource.SiteId.Id = cxn.DataSource.SiteId.Id;
credentials.AuthenticationSource.SiteId.Name = cxn.DataSource.SiteId.Name;
}
internal User toUser(AbstractCredentials credentials)
{
User u = new User();
u.Uid = Cxn.Uid;
u.Name = new PersonName(credentials.SubjectName);
u.SSN = new SocSecNum(credentials.FederatedUid);
u.LogonSiteId = Cxn.DataSource.SiteId;
return u;
}
public override User authenticateAndAuthorize(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource = null)
{
this.isAuthorized = true;
this.isAuthenticated = true;
return new User();
}
public override User authorize(AbstractCredentials credentials, AbstractPermission permission)
{
this.isAuthorized = true;
this.isAuthenticated = true;
return new User();
}
//// Needs to return object so it can be either User or Exception on multi-site connections.
//public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission)
//{
// try
// {
// connect();
// return Account.authenticateAndAuthorize(credentials, permission);
// }
// catch (Exception ex)
// {
// return ex;
// }
//}
// Needs to return object so it can be either User or Exception on multi-site connections.
public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource)
{
try
{
connect();
return Account.authenticateAndAuthorize(credentials, permission, validationDataSource);
}
catch (Exception ex)
{
return ex;
}
}
public override User authorize(AbstractCredentials credentials, AbstractPermission permission)
{
if (permission == null)
{
throw new ArgumentNullException("permission");
}
checkAuthorizeReadiness();
checkPermissionString(permission.Name);
doTheAuthorize(credentials, permission);
return toUser(credentials);
}
public override User authenticateAndAuthorize(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource = null)
{
string msg = authenticate(credentials, validationDataSource);
User u = authorize(credentials, permission);
u.Greeting = msg;
return u;
}
public VisitTemplate(VistaAccount acct, AbstractCredentials credentials)
{
this.acct = acct;
cxn = acct.Cxn;
creds = credentials;
}
public NonBseVisit(VistaAccount acct, AbstractCredentials creds)
: base(acct, creds)
{
}
internal void doTheAuthorize(AbstractCredentials credentials, AbstractPermission permission)
{
//// if we are requesting CPRS context with a visit and user does not have it - add it to their account
if (permission.Name == VistaConstants.CPRS_CONTEXT &&
!Cxn.Account.Permissions.ContainsKey(VistaConstants.CPRS_CONTEXT) &&
!Cxn.Account.AuthenticationMethod.Equals(VistaConstants.LOGIN_CREDENTIALS))
{
addContextInVista(Cxn.Uid, permission);
}
else
{
setContext(permission);
}
if (String.IsNullOrEmpty(Cxn.Uid))
{
if (String.IsNullOrEmpty(credentials.FederatedUid))
{
throw new MdoException("Missing federated UID, cannot get local UID");
}
VistaUserDao dao = new VistaUserDao(Cxn);
Cxn.Uid = dao.getUserIdBySsn(credentials.FederatedUid);
if (String.IsNullOrEmpty(Cxn.Uid))
{
throw new MdoException("Unable to get local UID for federated ID " + credentials.FederatedUid);
}
}
if (!credentials.Complete)
{
VistaUserDao dao = new VistaUserDao(Cxn);
dao.addVisitorInfo(credentials);
}
}
public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource)
{
throw new NotImplementedException();
}
//public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission)
//{
// return null;
//}
public override object authorizedConnect(AbstractCredentials credentials, AbstractPermission permission, DataSource validationDataSource = null)
{
return null;
}
public BseVista2WebVisit(VistaAccount acct, AbstractCredentials creds, DataSource validatorDataSource)
: base(acct, creds)
{
if (validatorDataSource != null)
{
_validatorDataSource = validatorDataSource;
}
}
internal string login(AbstractCredentials credentials)
{
if (String.IsNullOrEmpty(credentials.AccountName))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Access Code");
}
if (String.IsNullOrEmpty(credentials.AccountPassword))
{
throw new MdoException(MdoExceptionCode.ARGUMENT_NULL, "Missing Verify Code");
}
VistaQuery vq = new VistaQuery("XUS SIGNON SETUP");
string rtn = (string)Cxn.query(vq);
if (rtn == null)
{
throw new UnexpectedDataException("Unable to setup authentication");
}
vq = new VistaQuery("XUS AV CODE");
// This is here so we can test with MockConnection
if (Cxn.GetType().Name != "MockConnection")
{
vq.addEncryptedParameter(vq.LITERAL, credentials.AccountName + ';' + credentials.AccountPassword);
}
else
{
vq.addParameter(vq.LITERAL, credentials.AccountName + ';' + credentials.AccountPassword);
}
rtn = (string)Cxn.query(vq);
//TODO - need to catch renew verify id error
string[] flds = StringUtils.split(rtn, StringUtils.CRLF);
if (flds[0] == "0")
{
throw new UnauthorizedAccessException(flds[3]);
}
AccountId = flds[0];
// Set the connection's UID
Cxn.Uid = AccountId;
// Save the credentials
credentials.LocalUid = AccountId;
credentials.AuthenticationSource = Cxn.DataSource;
credentials.AuthenticationToken = Cxn.DataSource.SiteId.Id + '_' + AccountId;
IsAuthenticated = true;
Cxn.IsRemote = false;
// Set the greeting if there is one
if (flds.Length > 7)
{
return flds[7];
}
return "OK";
}
