/// <summary>
/// Gets the cookie from the request and passes it on to the WcfUserSessionSecurity class to use
/// </summary>
/// <param name="request">The request message</param>
/// <param name="channel">The channel being used</param>
/// <param name="instanceContext">The instance context to use</param>
/// <returns>Null as there is nothing to return</returns>
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
// Retrieve Cookie from Request and set user in current session
/*HttpRequestMessageProperty prop = (HttpRequestMessageProperty)OperationContext.Current.IncomingMessageProperties[HttpRequestMessageProperty.Name];
* if (prop != null && prop.Headers[HttpRequestHeader.Cookie] != null)
* {
* CookieContainer cookieContainer = new CookieContainer();
* cookieContainer.SetCookies(new Uri(WcfUserSessionBehaviour.CookieDomain), prop.Headers[HttpRequestHeader.Cookie]);
*
* if (cookieContainer.GetCookies(new Uri(WcfUserSessionBehaviour.CookieDomain))[WcfUserSessionBehaviour.CookieName] != null)
* WcfUserSessionSecurity.VerifySecurityString(cookieContainer.GetCookies(new Uri(WcfUserSessionBehaviour.CookieDomain))[WcfUserSessionBehaviour.CookieName].Value);
* }*/
if (request.Headers.FindHeader(WcfUserSessionBehaviour.HeaderName, WcfUserSessionBehaviour.HeaderNamespace) > -1)
{
var header = request.Headers.GetHeader <RequestHeader>(WcfUserSessionBehaviour.HeaderName, WcfUserSessionBehaviour.HeaderNamespace);
if (header != null)
{
OperationContext context = OperationContext.Current;
MessageProperties prop = context.IncomingMessageProperties;
RemoteEndpointMessageProperty endpoint =
prop[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
header.ClientIp = endpoint.Address;
WcfUserSessionSecurity.VerifySession(header); // header.SessionId);
}
}
else
{
}
return(null);
}
/// <summary>
/// Logs the user in
/// If Two factor authentication is required the authentication code for that is automatically send to the user
/// </summary>
/// <param name="userName">The username of the user</param>
/// <param name="password">The password of the user</param>
/// <returns>An operation indicating success with the Data variable indicating if Two factor authentication is required (true) or not (false)</returns>
public OperationResultAsBool Login(string userName, string password)
{
Logger.Audit(new Audit(Model.Security.Actions.LOGIN_STARTED, AuditEventType.READ, typeof(User), "UserName", userName));
LoginResult result = WcfUserSessionSecurity.Login(userName, password);
if (result == LoginResult.Success)
{
User u = this.handler.UserManager.FindByName(userName);
if (u.TwoFactorEnabled && u.TwoFactorAuthenticationProvider != null && this.handler.UserManager.TwoFactorProviders.ContainsKey(u.TwoFactorAuthenticationProvider))
{
string token = this.handler.UserManager.GenerateTwoFactorToken(u.Id, u.TwoFactorAuthenticationProvider);
this.handler.UserManager.NotifyTwoFactorToken(u.Id, u.TwoFactorAuthenticationProvider, token);
return(new OperationResultAsBool(null, true));
}
else
{
Logger.Audit(new Audit(Model.Security.Actions.LOGIN_COMPLETED, AuditEventType.READ, typeof(User), "UserName", userName));
}
}
else
{
Logger.Audit(new Audit(Model.Security.Actions.LOGIN_COMPLETED, AuditEventType.READ, typeof(User), "UserName", userName, false));
}
PCHIError err = null;
if (result == LoginResult.Failed)
{
err = this.handler.MessageManager.GetError(ErrorCodes.LOGIN_FAILED);
}
if (result == LoginResult.UserIsLockedOut)
{
err = this.handler.MessageManager.GetError(ErrorCodes.USER_IS_LOCKEDOUT);
}
if (result == LoginResult.RegistrationNotCompleted)
{
err = this.handler.MessageManager.GetError(ErrorCodes.REGISTRATION_NOT_COMPLETED);
}
return(new OperationResultAsBool(err, false));
}
