static public Membership.UserAuthenticateResults Login(string Email, string Password, bool GenerateRememberMeCookie) { Int64 SupplierId; Membership.UserAuthenticateResults results = Membership.AuthenticateSupplier(Email, Password, out SupplierId); if (results != Membership.UserAuthenticateResults.Success) { return(results); } AppSupplierAuthToken token = AuthTokens.GenerateAuthTokenForAppSupplierId(SupplierId, GenerateRememberMeCookie ? AuthTokenTimeSpan : 0); if (token == null) { return(Membership.UserAuthenticateResults.LoginError); } if (GenerateRememberMeCookie) { HttpCookie cookie = new HttpCookie(@"auth-token", TeaEncryptor.Encrypt(token.Secret.ToString(@"N") + @":" + token.Key, RememberMeCookieEncryptionKey)); cookie.Expires = token.Expiry; HttpContext.Current.Response.Cookies.Add(cookie); } HttpContext.Current.Session[@"Authenticated"] = true; HttpContext.Current.Session[@"AuthTokenId"] = token.AppSupplierAuthTokenId; HttpContext.Current.Session[@"SupplierId"] = SupplierId; AppSupplier supplier = AppSupplier.FetchByID(SupplierId); HttpContext.Current.Session[@"IsProductSupplier"] = (supplier != null ? supplier.IsProduct : false); //HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New<AppSupplier>().Select(AppSupplier.Columns.LangCode).Where(AppSupplier.Columns.SupplierId, SupplierId).ExecuteScalar() as string; return(results); }
static public bool ValidateAppSupplierAuthToken(string secret, string key, bool slideExpiration, out Int64 AppSupplierId, out Int64 AppSupplierAuthTokenId) { try { List <object> token = new Query(AppSupplierAuthToken.TableSchema) .Select(AppSupplierAuthToken.Columns.AppSupplierAuthTokenId) .AddSelect(AppSupplierAuthToken.Columns.SupplierId) .AddSelect(AppSupplierAuthToken.Columns.Expiry) .Where(AppSupplierAuthToken.Columns.Secret, secret) .AND(AppSupplierAuthToken.Columns.Key, key) .LimitRows(1) .ExecuteOneRowToList(); if (token != null) { DateTime expiry = Convert.ToDateTime(token[2]); if (expiry < DateTime.UtcNow || key != EncodeKey(Convert.ToInt64(token[1]), AuthTokenKeySalt_AppUserId)) { AppSupplierAuthToken.Delete(Convert.ToInt64(token[0])); AppSupplierId = AppSupplierAuthTokenId = 0; return(false); } else { AppSupplierId = Convert.ToInt64(token[1]); AppSupplierAuthTokenId = Convert.ToInt64(token[0]); if (slideExpiration && AuthTokenSlidingExpiration_AppUserId) { DateTime newExpiry = DateTime.UtcNow.AddHours(AuthTokenLifeSpan_AppUserId); if (newExpiry > expiry) { Query.New <AppSupplierAuthToken>() .Update(AppSupplierAuthToken.Columns.Expiry, newExpiry) .Where(AppSupplierAuthToken.Columns.AppSupplierAuthTokenId, AppSupplierAuthTokenId) .Execute(); } } return(true); } } else { AppSupplierId = AppSupplierAuthTokenId = 0; return(false); } } catch { AppSupplierId = AppSupplierAuthTokenId = 0; return(false); } }
static public bool IsAuthenticated() { if (HttpContext.Current.Session[@"Authenticated"] != null && (bool)HttpContext.Current.Session[@"Authenticated"]) { return(true); } else { HttpCookie cookie = HttpContext.Current.Request.Cookies[@"auth-token"]; if (cookie != null) { string[] auth = TeaEncryptor.Decrypt(cookie.Value, RememberMeCookieEncryptionKey).Split(':'); if (auth.Length == 2) { Int64 SupplierId; Int64 AuthTokenId; if (AuthTokens.ValidateAppSupplierAuthToken(auth[0], auth[1], false, out SupplierId, out AuthTokenId))//TODO { Membership.UserAuthenticateResults results = Membership.SupplierLoggedInAction(SupplierId); if (results == Membership.UserAuthenticateResults.Success) { HttpContext.Current.Session[@"Authenticated"] = true; HttpContext.Current.Session[@"AuthTokenId"] = AuthTokenId; HttpContext.Current.Session[@"SupplierId"] = SupplierId; AppSupplier supplier = AppSupplier.FetchByID(SupplierId); HttpContext.Current.Session[@"IsProductSupplier"] = (supplier != null ? supplier.IsProduct : false); //HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New<AppSupplier>().Select(AppSupplier.Columns.LangCode).Where(AppSupplier.Columns.SupplierId, SupplierId).ExecuteScalar() as string; return(true); } else { AppSupplierAuthToken.Delete(AuthTokenId); HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @"")); } } else { HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @"")); } } } } return(false); }
static public bool ValidateAppSupplierAuthToken(string Secret, string Key, out Int64 AppSupplierId, out Int64 AppSupplierAuthTokenId) { try { Query qry = new Query(AppSupplierAuthToken.TableSchema).Where(AppSupplierAuthToken.Columns.Secret, Secret).AND(AppSupplierAuthToken.Columns.Key, Key); AppSupplierAuthTokenCollection coll = AppSupplierAuthTokenCollection.FetchByQuery(qry); if (coll.Count == 1) { AppSupplierAuthToken token = coll[0]; if (token.Expiry < DateTime.UtcNow || token.Key != EncodeKey(token.SupplierId, AuthTokenKeySalt_AppUserId)) { AppSupplierAuthToken.Delete(token.AppSupplierAuthTokenId); AppSupplierId = AppSupplierAuthTokenId = 0; return(false); } else { AppSupplierId = token.SupplierId; AppSupplierAuthTokenId = token.AppSupplierAuthTokenId; DateTime newExpiry = DateTime.UtcNow.AddHours(AuthTokenLifeSpan_AppUserId); if (newExpiry > token.Expiry) { token.Expiry = newExpiry; } token.Save(); return(true); } } else { AppSupplierId = AppSupplierAuthTokenId = 0; return(false); } } catch { AppSupplierId = AppSupplierAuthTokenId = 0; return(false); } }
static public AppSupplierAuthToken GenerateAuthTokenForAppSupplierId(Int64 AppSupplierId, int LifeTimeInHours) { int tries = 3; AppSupplierAuthToken token = new AppSupplierAuthToken(); token.SupplierId = AppSupplierId; token.CreatedDate = DateTime.UtcNow; token.Expiry = token.CreatedDate.AddHours(AuthTokenLifeSpan_AppUserId); token.Key = EncodeKey(AppSupplierId, AuthTokenKeySalt_AppUserId); while (tries > 0) { try { token.Secret = Guid.NewGuid(); token.Save(); return(token); } catch (System.Data.Common.DbException) { tries--; } } return(null); }
static public string AccessToken(AppSupplierAuthToken authToken) { return(AccessToken(authToken.Secret.ToString(), authToken.Key)); }
public override void Post(HttpRequest Request, HttpResponse Response, params string[] PathParams) { Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetMaxAge(TimeSpan.Zero); JObject inputData = null; try { using (StreamReader reader = new StreamReader(Request.InputStream)) { using (JsonTextReader jsonReader = new JsonTextReader(reader)) { inputData = JObject.Load(jsonReader); } } } catch { RespondBadRequest(Response); } string email = inputData.Value<string>(@"email") ?? ""; string password = inputData.Value<string>(@"password") ?? ""; Response.ContentType = @"application/json"; Int64 SupplierId; AppMembership.AppUserAuthenticateResults res = AppMembership.AuthenticateAppSupplier(email, password, out SupplierId); switch (res) { case AppMembership.AppUserAuthenticateResults.Success: { List<object> SupplierStatus = new List<object>(); AppSupplierAuthToken at = AuthTokens.GenerateAuthTokenForAppSupplierId(SupplierId, 0); try { AppMembership.AppSupplierLoggedInAction(SupplierId, out SupplierStatus); } catch { } using (StreamWriter streamWriter = new StreamWriter(Response.OutputStream)) { using (JsonTextWriter jsonWriter = new JsonTextWriter(streamWriter)) { jsonWriter.WriteStartObject(); jsonWriter.WritePropertyName(@"access_token"); jsonWriter.WriteValue(AuthTokens.AccessToken(at)); jsonWriter.WritePropertyName(@"user_id"); jsonWriter.WriteValue(SupplierId); jsonWriter.WritePropertyName(@"status"); jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[0] : false); jsonWriter.WritePropertyName(@"allow_change_status_join_bids"); jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[1] : false); jsonWriter.WritePropertyName(@"is_auto_join_bid"); jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[2] : false); jsonWriter.WritePropertyName(@"is_service_supplier"); jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[4] : false); jsonWriter.WritePropertyName(@"max_winning_num"); jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[3] : 0); jsonWriter.WriteEndObject(); } } } break; default: case AppMembership.AppUserAuthenticateResults.LoginError: { RespondBadRequest(Response); } break; case AppMembership.AppUserAuthenticateResults.NotVerified: { RespondError(Response, HttpStatusCode.Forbidden, @"not-verified"); } break; case AppMembership.AppUserAuthenticateResults.NoMatch: { RespondError(Response, HttpStatusCode.Forbidden, @"no-match"); } break; case AppMembership.AppUserAuthenticateResults.Locked: { RespondError(Response, HttpStatusCode.Forbidden, @"locked"); } break; } }