/// <summary> /// Gets the cookie from the request and passes it on to the WcfUserSessionSecurity class to use /// </summary> /// <param name="request">The request message</param> /// <param name="channel">The channel being used</param> /// <param name="instanceContext">The instance context to use</param> /// <returns>Null as there is nothing to return</returns> public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext) { // Retrieve Cookie from Request and set user in current session /*HttpRequestMessageProperty prop = (HttpRequestMessageProperty)OperationContext.Current.IncomingMessageProperties[HttpRequestMessageProperty.Name]; * if (prop != null && prop.Headers[HttpRequestHeader.Cookie] != null) * { * CookieContainer cookieContainer = new CookieContainer(); * cookieContainer.SetCookies(new Uri(WcfUserSessionBehaviour.CookieDomain), prop.Headers[HttpRequestHeader.Cookie]); * * if (cookieContainer.GetCookies(new Uri(WcfUserSessionBehaviour.CookieDomain))[WcfUserSessionBehaviour.CookieName] != null) * WcfUserSessionSecurity.VerifySecurityString(cookieContainer.GetCookies(new Uri(WcfUserSessionBehaviour.CookieDomain))[WcfUserSessionBehaviour.CookieName].Value); * }*/ if (request.Headers.FindHeader(WcfUserSessionBehaviour.HeaderName, WcfUserSessionBehaviour.HeaderNamespace) > -1) { var header = request.Headers.GetHeader <RequestHeader>(WcfUserSessionBehaviour.HeaderName, WcfUserSessionBehaviour.HeaderNamespace); if (header != null) { OperationContext context = OperationContext.Current; MessageProperties prop = context.IncomingMessageProperties; RemoteEndpointMessageProperty endpoint = prop[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty; header.ClientIp = endpoint.Address; WcfUserSessionSecurity.VerifySession(header); // header.SessionId); } } else { } return(null); }
/// <summary> /// Logs the user in /// If Two factor authentication is required the authentication code for that is automatically send to the user /// </summary> /// <param name="userName">The username of the user</param> /// <param name="password">The password of the user</param> /// <returns>An operation indicating success with the Data variable indicating if Two factor authentication is required (true) or not (false)</returns> public OperationResultAsBool Login(string userName, string password) { Logger.Audit(new Audit(Model.Security.Actions.LOGIN_STARTED, AuditEventType.READ, typeof(User), "UserName", userName)); LoginResult result = WcfUserSessionSecurity.Login(userName, password); if (result == LoginResult.Success) { User u = this.handler.UserManager.FindByName(userName); if (u.TwoFactorEnabled && u.TwoFactorAuthenticationProvider != null && this.handler.UserManager.TwoFactorProviders.ContainsKey(u.TwoFactorAuthenticationProvider)) { string token = this.handler.UserManager.GenerateTwoFactorToken(u.Id, u.TwoFactorAuthenticationProvider); this.handler.UserManager.NotifyTwoFactorToken(u.Id, u.TwoFactorAuthenticationProvider, token); return(new OperationResultAsBool(null, true)); } else { Logger.Audit(new Audit(Model.Security.Actions.LOGIN_COMPLETED, AuditEventType.READ, typeof(User), "UserName", userName)); } } else { Logger.Audit(new Audit(Model.Security.Actions.LOGIN_COMPLETED, AuditEventType.READ, typeof(User), "UserName", userName, false)); } PCHIError err = null; if (result == LoginResult.Failed) { err = this.handler.MessageManager.GetError(ErrorCodes.LOGIN_FAILED); } if (result == LoginResult.UserIsLockedOut) { err = this.handler.MessageManager.GetError(ErrorCodes.USER_IS_LOCKEDOUT); } if (result == LoginResult.RegistrationNotCompleted) { err = this.handler.MessageManager.GetError(ErrorCodes.REGISTRATION_NOT_COMPLETED); } return(new OperationResultAsBool(err, false)); }