/// <summary> /// Authenticates the specified device identifier. /// </summary> /// <param name="deviceId">The device identifier.</param> /// <param name="deviceSecret">The device secret.</param> /// <returns>Returns the authenticated device principal.</returns> public IPrincipal Authenticate(string deviceId, string deviceSecret) { using (var dataContext = this.configuration.Provider.GetWriteConnection()) { try { dataContext.Open(); var hashService = ApplicationContext.Current.GetService <IPasswordHashingService>(); var client = dataContext.FirstOrDefault <DbSecurityDevice>("auth_dev", deviceId, hashService.EncodePassword(deviceSecret)); if (client == null) { throw new SecurityException("Invalid device credentials"); } IPrincipal devicePrincipal = new DevicePrincipal(new DeviceIdentity(client.Key, client.PublicId, true)); new PolicyPermission(System.Security.Permissions.PermissionState.None, PermissionPolicyIdentifiers.Login, devicePrincipal).Demand(); return(devicePrincipal); } catch (Exception e) { this.traceSource.TraceEvent(TraceEventType.Error, e.HResult, "Error authenticating {0} : {1}", deviceId, e); throw new AuthenticationException("Error authenticating application", e); } } }
/// <summary> /// Authenticates the specified device identifier. /// </summary> /// <param name="deviceId">The device identifier.</param> /// <param name="deviceSecret">The device secret.</param> /// <returns>Returns the authenticated device principal.</returns> public IPrincipal Authenticate(string deviceId, string deviceSecret, AuthenticationMethod authMethod = AuthenticationMethod.Any) { if (!authMethod.HasFlag(AuthenticationMethod.Local)) { throw new InvalidOperationException("ADO.NET provider only supports local authentication"); } using (var dataContext = this.m_configuration.Provider.GetWriteConnection()) { try { dataContext.Open(); var hashService = ApplicationServiceContext.Current.GetService <IPasswordHashingService>(); // TODO - Allow configuation of max login attempts var client = dataContext.ExecuteProcedure <DbSecurityDevice>("auth_dev", deviceId, hashService.ComputeHash(deviceSecret), 5); if (client == null) { throw new SecurityException("Invalid device credentials"); } else if (client.Key == Guid.Empty) { throw new AuthenticationException(client.PublicId); } IPrincipal devicePrincipal = new DevicePrincipal(new DeviceIdentity(client.Key, client.PublicId, true)); this.m_policyService.Demand(PermissionPolicyIdentifiers.LoginAsService, devicePrincipal); return(devicePrincipal); } catch (Exception e) { this.m_tracer.TraceEvent(EventLevel.Error, "Error authenticating {0} : {1}", deviceId, e); throw new AuthenticationException("Error authenticating application", e); } } }