public static UserInfo GetUserByUsernamePassword(string username, string password, string ip)
{
// place log record
TaskManager.StartTask("USER", "GET_BY_USERNAME_PASSWORD", username);
TaskManager.WriteParameter("IP", ip);
try
{
// try to get user from database
UserInfoInternal user = GetUserInternally(username);
// check if the user exists
if (user == null)
{
TaskManager.WriteWarning("Account not found");
return(null);
}
// compare user passwords
if ((CryptoUtils.SHA1(user.Password) == password) || (user.Password == password))
{
return(new UserInfo(user));
}
return(null);
}
catch (Exception ex)
{
throw TaskManager.WriteError(ex);
}
finally
{
TaskManager.CompleteTask();
}
}
public override void SecureMessage(SoapEnvelope envelope, WSE.Security security)
{
// get server password from database
string password = parentAssertion.Password;
if (password == null)
{
return;
}
// hash password
password = CryptoUtils.SHA1(password);
// create username token
UsernameToken userToken = new UsernameToken(parentAssertion.ServerId.ToString(), password,
PasswordOption.SendNone);
if (parentAssertion.signRequest || parentAssertion.encryptRequest)
{
// Add the token to the SOAP header.
security.Tokens.Add(userToken);
}
if (parentAssertion.signRequest)
{
// Sign the SOAP message by using the UsernameToken.
MessageSignature sig = new MessageSignature(userToken);
security.Elements.Add(sig);
}
if (parentAssertion.encryptRequest)
{
// we don't return any custom SOAP headers
// so, just encrypt a message Body
EncryptedData data = new EncryptedData(userToken);
// encrypt custom headers
for (int index = 0; index < envelope.Header.ChildNodes.Count; index++)
{
XmlElement child = envelope.Header.ChildNodes[index] as XmlElement;
// find all SecureSoapHeader headers marked with a special attribute
if (child != null && child.NamespaceURI == "http://com/SolidCP/server/")
{
// create ID attribute for referencing purposes
string id = Guid.NewGuid().ToString();
child.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", id);
// Create an encryption reference for the custom SOAP header.
data.AddReference(new EncryptionReference("#" + id));
}
}
security.Elements.Add(data);
}
}
public static UserInfo GetUserByUsernamePassword(string username, string password, string ip)
{
// place log record
// TaskManager create backgroundtasklogs in db and them immediately remove and move them into auditlog (if it is a short task).
// The TaskManager is great for long tasks, but for short tasks that are called every second (from SOAP calls, for example) it puts a huge load on the DB.
//TaskManager.StartTask("USER", "GET_BY_USERNAME_PASSWORD", username);
//TaskManager.WriteParameter("IP", ip);
try
{
// try to get user from database
UserInfoInternal user = GetUserInternally(username);
// check if the user exists
if (user == null)
{
//TaskManager.WriteWarning("Account not found");
AuditLog.AddAuditLogWarningRecord("USER", "GET_BY_USERNAME_PASSWORD", username, new string[] { "IP: " + ip, "Account not found" });
return(null);
}
// compare user passwords
if ((CryptoUtils.SHA1(user.Password) == password) || (user.Password == password))
{
AuditLog.AddAuditLogInfoRecord("USER", "GET_BY_USERNAME_PASSWORD", username, new string[] { "IP: " + ip });
return(new UserInfo(user));
}
return(null);
}
catch (Exception ex)
{
AuditLog.AddAuditLogErrorRecord("USER", "GET_BY_USERNAME_PASSWORD", username,
new string[] {
"IP: " + ip,
"Message: " + ex.Message,
"StackTrace: " + ex.StackTrace
});
//throw TaskManager.WriteError(ex);
throw ex;
}
//finally
//{
// TaskManager.CompleteTask();
//}
}
public static int AuthenticateUser(string username, string password, string ip)
{
// start task
TaskManager.StartTask("USER", "AUTHENTICATE", username);
TaskManager.WriteParameter("IP", ip);
try
{
int result = 0;
// try to get user from database
UserInfoInternal user = GetUserInternally(username);
// check if the user exists
if (user == null)
{
TaskManager.WriteWarning("Wrong username");
return(BusinessErrorCodes.ERROR_USER_WRONG_USERNAME);
}
// check if the user is disabled
if (user.LoginStatus == UserLoginStatus.Disabled)
{
TaskManager.WriteWarning("User disabled");
return(BusinessErrorCodes.ERROR_USER_ACCOUNT_DISABLED);
}
// check if the user is locked out
if (user.LoginStatus == UserLoginStatus.LockedOut)
{
TaskManager.WriteWarning("User locked out");
return(BusinessErrorCodes.ERROR_USER_ACCOUNT_LOCKEDOUT);
}
//Get the password policy
UserSettings userSettings = UserController.GetUserSettings(user.UserId, UserSettings.SolidCP_POLICY);
int lockOut = -1;
if (!string.IsNullOrEmpty(userSettings["PasswordPolicy"]))
{
string passwordPolicy = userSettings["PasswordPolicy"];
try
{
// parse settings
string[] parts = passwordPolicy.Split(';');
lockOut = Convert.ToInt32(parts[7]);
}
catch { /* skip */ }
}
// compare user passwords
if ((CryptoUtils.SHA1(user.Password) == password) || (user.Password == password))
{
switch (user.OneTimePasswordState)
{
case OneTimePasswordStates.Active:
result = BusinessSuccessCodes.SUCCESS_USER_ONETIMEPASSWORD;
OneTimePasswordHelper.FireSuccessAuth(user);
break;
case OneTimePasswordStates.Expired:
if (lockOut >= 0)
{
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
}
TaskManager.WriteWarning("Expired one time password");
return(BusinessErrorCodes.ERROR_USER_EXPIRED_ONETIMEPASSWORD);
break;
}
}
else
{
if (lockOut >= 0)
{
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
}
TaskManager.WriteWarning("Wrong password");
return(BusinessErrorCodes.ERROR_USER_WRONG_PASSWORD);
}
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, true);
// check status
if (user.Status == UserStatus.Cancelled)
{
TaskManager.WriteWarning("Account cancelled");
return(BusinessErrorCodes.ERROR_USER_ACCOUNT_CANCELLED);
}
if (user.Status == UserStatus.Pending)
{
TaskManager.WriteWarning("Account pending");
return(BusinessErrorCodes.ERROR_USER_ACCOUNT_PENDING);
}
return(result);
}
catch (Exception ex)
{
throw TaskManager.WriteError(ex);
}
finally
{
TaskManager.CompleteTask();
}
}
