public ManagerLoginResponse ManagerLogin(ManagerLoginRequest request)
{
Log.Information("LCManagerPartner ManagerLogin {Login}", request.Login);
var result = new ServerManagerLogin();
var returnValue = result.ProcessRequest(cnn, request);
return(returnValue);
}
/// <summary>
/// Manager performs login, attempting to gain a new session.
/// </summary>
/// <param name="loginInfo">Login information</param>
/// <param name="ipAddress">IP Address of request</param>
public async Task <ManagerLoginResponse> Login(ManagerLoginRequest loginInfo, string ipAddress)
{
// Pull manager information from database.
var manager = await _database.GetManagerByUsername(loginInfo.Username);
// Default to a failed login attempt.
bool canLogIn = false;
if (manager.IsPasswordReset && loginInfo.Password == manager.Password)
{
// If the manager should reset their password and they have provided the correct cleartext password,
// allow them to login -- assuming that the next phase will require them to reset their password.
canLogIn = true;
}
else if (_password.IsPasswordMatch(loginInfo.Password, manager.Salt, manager.Password))
{
// If the manager password + salt combination matches the stored password allow them to login
canLogIn = true;
}
// If the login failed, throw an exception.
if (!canLogIn)
{
throw new BadLoginException();
}
// Create a new session.
var newSession = new SessionDocument
{
Id = ObjectId.GenerateNewId().ToString(),
// Generate a new sessionID.
SessionId = await _session.GenerateSessionId(),
ManagerId = manager.Id,
IPAddress = ipAddress,
CreatedAt = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds(),
// If the manager needs to reset their password, limit the access to "RESET" status.
AccessLevel = manager.IsPasswordReset ? "RESET" : "FULL",
IsActive = true
};
// Save new session. Note: _session.GenerateSessionId() handles retrying sessionID collisions.
await _database.SaveSession(newSession);
// Return manager login response information.
return(new ManagerLoginResponse
{
SessionId = newSession.SessionId,
AccessLevel = newSession.AccessLevel
});
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
//return base.GrantResourceOwnerCredentials(context);
string connectionString = ConfigurationManager.ConnectionStrings["SqlConnection"].ConnectionString;
SqlConnection cnn = new SqlConnection(connectionString);
ManagerLoginRequest request = new ManagerLoginRequest
{
Phone = Convert.ToInt64(context.UserName),
Password = context.Password
};
var result = new ServerManagerLogin();
var authentificationResult = result.ProcessRequest(cnn, request);
if (authentificationResult.ErrorCode == 0)
{
identity.AddClaim(new Claim(ClaimTypes.Role, authentificationResult.RoleName));
//identity.AddClaim(new Claim("username", context.UserName));
identity.AddClaim(new Claim(ClaimTypes.MobilePhone, context.UserName));
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "Provided username and password is incorrect");
return;
}
//if (context.UserName == "admin" && context.Password == "admin")
//{
// identity.AddClaim(new Claim(ClaimTypes.Role, "admin"));
// identity.AddClaim(new Claim("username", "admin"));
// identity.AddClaim(new Claim(ClaimTypes.Name, "Alexander Smirnov"));
// context.Validated(identity);
//}
//else if(context.UserName == "user" && context.Password == "user")
//{
// identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
// identity.AddClaim(new Claim("username", "user"));
// identity.AddClaim(new Claim(ClaimTypes.Name, "Vasya Pupkin"));
// context.Validated(identity);
//}
//else
//{
// context.SetError("invalid_grant", "Provided username and password is incorrect");
// return;
//}
}
public ManagerLoginResponse ManagerLogin(ManagerLoginRequest model)
{
SqlCommand sqlCommand = new SqlCommand();
sqlCommand = connection.CreateCommand("[dbo].[ManagerLogin]", CommandType.StoredProcedure);
sqlCommand.Parameters.AddWithValue("@UserName", model.UserName);
sqlCommand.Parameters.AddWithValue("@Password", model.Password);
SqlDataReader sqlDr = sqlCommand.ExecuteReader();
var result = new ManagerLoginResponse();
while (sqlDr.Read())
{
result.Id = (int)sqlDr["Id"];
result.TypeId = (int)sqlDr["TypeId"];
}
sqlCommand.Dispose();
return(result);
}
public ActionResult ManagerLogin(ManagerLoginRequest model)
{
var result = database.ManagerLogin(model);
return(Json(result));
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
//return base.GrantResourceOwnerCredentials(context);
string connectionString = ConfigurationManager.ConnectionStrings["SqlConnection"].ConnectionString;
SqlConnection cnn = new SqlConnection(connectionString);
ManagerLoginRequest request = new ManagerLoginRequest
{
Login = context.UserName,
Password = context.Password
};
var result = new ServerManagerLogin();
var authentificationResult = result.ProcessRequest(cnn, request);
if (authentificationResult.ErrorCode == 0)
{
foreach (var c in authentificationResult.Roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, c));
}
//identity.AddClaim(new Claim("username", context.UserName));
identity.AddClaim(new Claim("user", context.UserName));
if (authentificationResult.Operator > 0)
{
identity.AddClaim(new Claim("oper", authentificationResult.Operator.ToString()));
}
if (authentificationResult.Partner > 0)
{
identity.AddClaim(new Claim("partner", authentificationResult.Partner.ToString()));
}
if (authentificationResult.Pos > 0)
{
identity.AddClaim(new Claim("pos", authentificationResult.Pos.ToString()));
}
if (!string.IsNullOrEmpty(authentificationResult.PosCode))
{
identity.AddClaim(new Claim("poscode", authentificationResult.PosCode));
}
if (authentificationResult.DefaultPartner > 0)
{
identity.AddClaim(new Claim("defaultpartner", authentificationResult.DefaultPartner.ToString()));
}
if (authentificationResult.DefaultPos > 0)
{
identity.AddClaim(new Claim("defaultpos", authentificationResult.DefaultPos.ToString()));
}
if (!string.IsNullOrEmpty(authentificationResult.DefaultPosCode))
{
identity.AddClaim(new Claim("defaultposcode", authentificationResult.DefaultPosCode));
}
identity.AddClaim(new Claim("permissioncode", authentificationResult.PermissionCode));
context.Validated(identity);
}
else
{
//Пишем текст ошибки
context.SetError("invalid_grant", "Provided username and password is incorrect");
//Добавляем в заголовок наш флаг (константу), он будет проверен посредником CustomAuthenticationMiddleware
context.Response.Headers.Add(ServerGlobalVariables.OwinStatusFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() });
}
}
