public override void OnActionExecuting(HttpActionContext context)
{
using (IUnitOfWork unitOfWork = new UnitOfWork())
{
IRepository <User> repository = new Repository <User>(unitOfWork);
IUserService userService = new UserService(repository);
IAuthService authService = new AuthService(repository);
bool skipAuthorization = context.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() ||
context.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any();
if (skipAuthorization)
{
return;
}
if (context.Request.Headers.Authorization == null)
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Authorization key required" });
return;
}
string apiKey = context.Request.Headers.Authorization.ToString();
User user = userService.FindBy(x => x.ApiKey == apiKey).FirstOrDefault();
DateTime now = DateUtil.GetDateTimeNow();
if (user == null || (user.ExpiraApiKey.HasValue && user.ExpiraApiKey.Value < now))
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Invalid authorization token" });
return;
}
LanguageMngr.SetLanguage(user.Language);
UserApiAuthenticated.SetUserAuthenticated(context, user);
}
}
public override void OnActionExecuting(HttpActionContext context)
{
using (IUnitOfWork unitOfWork = new UnitOfWork())
{
IRepository <User> repository = new Repository <User>(unitOfWork);
IUserService userService = new UserService(repository);
IAuthService authService = new AuthService(repository);
bool skipAuthorization = context.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() ||
context.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any();
if (skipAuthorization)
{
return;
}
if (context.Request.Headers.Authorization == null)
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Authorization key required" });
return;
}
string apiKey = context.Request.Headers.Authorization.ToString();
User user = userService.FindBy(x => x.ApiKey == apiKey).FirstOrDefault();
DateTime now = DateUtil.GetDateTimeNow();
if (user == null || (user.ExpiraApiKey.HasValue && user.ExpiraApiKey.Value < now))
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Invalid authorization token" });
return;
}
string actionName = context.ActionDescriptor.ActionName;
string controllerName = context.ActionDescriptor.ControllerDescriptor.ControllerName;
IEnumerable <Permission> permissions = authService.GetPermissions(user.Id,
actionName, controllerName,
Constants.PERMISSIONS_TYPE_ENUM.API.GetEnumValue <string>());
if (!permissions.Any())
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden, new { message = "User has no permissions for this action" });
return;
}
LanguageMngr.SetLanguage(user.Language);
UserApiAuthenticated.SetUserAuthenticated(context, user);
//Validacion de tokens generados
/*
* if (!tokenEngine.ValidateToken(apiKey, out clienteId))
* {
* context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { mensaje = "invalid authorization token" });
* return;
* }
* context.Request.Properties.Add(new KeyValuePair<string, object>("clienteId", clienteId));*/
//context.Request.Properties.Add(new KeyValuePair<string, object>("clientEmail", clientEmail));
}
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
bool IsMultiLanguage = Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["Lang.MultiLanguage"]);
var _default = System.Configuration.ConfigurationManager.AppSettings["Lang.Default"];
var language = _default == null ? ViewConstants.ESPANOL : (_default.Trim().ToUpper().Equals(ViewConstants.INGLES.ToUpper()) ? ViewConstants.INGLES : ViewConstants.ESPANOL);
LanguageMngr.SetLanguage(language);
LanguageMngr.IsMultiLanguage = IsMultiLanguage;
}
protected override IAsyncResult BeginExecuteCore(AsyncCallback callback, object state)
{
string lang = null;
HttpCookie langCookie = Request.Cookies["culture"];
if (langCookie != null)
{
lang = langCookie.Value;
}
else
{
var userLanguage = Request.UserLanguages;
var userLang = userLanguage != null ? userLanguage[0] : "";
lang = string.IsNullOrEmpty(userLang) ? LanguageMngr.GetDefaultLanguage() : userLang;
}
LanguageMngr.SetLanguage(lang);
return(base.BeginExecuteCore(callback, state));
}
public ActionResult Login(AuthViewModel model)
{
if (ModelState.IsValid)
{
var user = _authService.Authenticate(model.Email, SecurityUtil.EncryptPassword(model.Password));
if (user != null)
{
if (!user.Status)
{
ViewBag.Error = Resources.ErrorMessages.UserInactive;
return(View(model));
}
user.LastLoginAt = DateTime.Now;
_userService.Update(user);
//Permissions by role
List <Permission> permissionsUser = user.Role.Permissions.Select(p => new Permission
{
Action = p.Action,
Controller = p.Controller,
Module = p.Module
}).ToList();
//IF SUPPORT, SET ALL PERMISSIONS
if (user.Role.Code == Constants.ROLE_IT_SUPPORT)
{
permissionsUser = _permissionService.GetAll().Select(p => new Permission
{
Action = p.Action,
Controller = p.Controller,
Module = p.Module
}).ToList();
}
AuthUser authUser = new AuthUser
{
Id = user.Id,
FirstName = user.FirstName,
LastName = user.LastName,
Email = user.Email,
Language = user.Language,
Uuid = user.Uuid,
PasswordExpiration = user.PasswordExpiration,
Role = new Role
{
Code = user.Role.Code,
Name = user.Role.Name
},
Permissions = permissionsUser
};
//Set user in sesion
Authenticator.StoreAuthenticatedUser(authUser);
//Set Language
LanguageMngr.SetDefaultLanguage();
if (!string.IsNullOrEmpty(authUser.Language))
{
LanguageMngr.SetLanguage(authUser.Language);
}
if (user.PasswordExpiration.HasValue)
{
DateTime passwordExpiration = user.PasswordExpiration.Value;
DateTime todayDate = DateUtil.GetDateTimeNow();
if (user.PasswordExpiration.Value.Date < todayDate.Date)
{
return(RedirectToAction("ChangePassword", "Auth"));
}
string daysBeforeExpireToNotifyConfig = ConfigurationManager.AppSettings["DaysBeforeExpireToNotify"];
int daysBeforeExpireToNotify = 0;
if (Int32.TryParse(daysBeforeExpireToNotifyConfig, out daysBeforeExpireToNotify))
{
int daysLeft = ((TimeSpan)(passwordExpiration.Date - todayDate.Date)).Days + 1;
if (daysLeft <= daysBeforeExpireToNotify)
{
string message = String.Format(ViewLabels.PASSWORD_EXPIRATION_MESSAGE, daysLeft);
AddViewMessage(TypeMessageView.WARNING, message);
}
}
}
if (!string.IsNullOrEmpty(Request.Form["ReturnUrl"]))
{
return(Redirect(Request.Form["ReturnUrl"]));
}
return(RedirectToAction("Index", "Home"));
}
else
{
AddViewMessage(TypeMessageView.ERROR, ErrorMessages.UserNotExistsOrPasswordInvalid);
}
}
return(View(model));
}
public ActionResult ChangeLanguage(string lang)
{
LanguageMngr.SetLanguage(lang);
return(RedirectToAction("Index", "Home"));
}