/// <summary>
/// Authenticates the specified device identifier.
/// </summary>
/// <param name="deviceId">The device identifier.</param>
/// <param name="deviceSecret">The device secret.</param>
/// <returns>Returns the authenticated device principal.</returns>
public IPrincipal Authenticate(string deviceId, string deviceSecret)
{
using (var dataContext = this.configuration.Provider.GetWriteConnection())
{
try
{
dataContext.Open();
var hashService = ApplicationContext.Current.GetService <IPasswordHashingService>();
var client = dataContext.FirstOrDefault <DbSecurityDevice>("auth_dev", deviceId, hashService.EncodePassword(deviceSecret));
if (client == null)
{
throw new SecurityException("Invalid device credentials");
}
IPrincipal devicePrincipal = new DevicePrincipal(new DeviceIdentity(client.Key, client.PublicId, true));
new PolicyPermission(System.Security.Permissions.PermissionState.None, PermissionPolicyIdentifiers.Login, devicePrincipal).Demand();
return(devicePrincipal);
}
catch (Exception e)
{
this.traceSource.TraceEvent(TraceEventType.Error, e.HResult, "Error authenticating {0} : {1}", deviceId, e);
throw new AuthenticationException("Error authenticating application", e);
}
}
}
/// <summary>
/// Authenticates the specified device identifier.
/// </summary>
/// <param name="deviceId">The device identifier.</param>
/// <param name="deviceSecret">The device secret.</param>
/// <returns>Returns the authenticated device principal.</returns>
public IPrincipal Authenticate(string deviceId, string deviceSecret, AuthenticationMethod authMethod = AuthenticationMethod.Any)
{
if (!authMethod.HasFlag(AuthenticationMethod.Local))
{
throw new InvalidOperationException("ADO.NET provider only supports local authentication");
}
using (var dataContext = this.m_configuration.Provider.GetWriteConnection())
{
try
{
dataContext.Open();
var hashService = ApplicationServiceContext.Current.GetService <IPasswordHashingService>();
// TODO - Allow configuation of max login attempts
var client = dataContext.ExecuteProcedure <DbSecurityDevice>("auth_dev", deviceId, hashService.ComputeHash(deviceSecret), 5);
if (client == null)
{
throw new SecurityException("Invalid device credentials");
}
else if (client.Key == Guid.Empty)
{
throw new AuthenticationException(client.PublicId);
}
IPrincipal devicePrincipal = new DevicePrincipal(new DeviceIdentity(client.Key, client.PublicId, true));
this.m_policyService.Demand(PermissionPolicyIdentifiers.LoginAsService, devicePrincipal);
return(devicePrincipal);
}
catch (Exception e)
{
this.m_tracer.TraceEvent(EventLevel.Error, "Error authenticating {0} : {1}", deviceId, e);
throw new AuthenticationException("Error authenticating application", e);
}
}
}
