/// <summary> /// Valida o usuário no provedor de identidade /// </summary> /// <param name="userName">Nome de usuário</param> /// <param name="password">Senha</param> /// <param name="parameters">Demais informações necessárias</param> /// <returns></returns> public virtual IValidateUserResult ValidateUser(string userName, string password, SecurityParameter[] parameters) { IValidateUserResult result = new ValidateUserResult(); var currentUser = GetUser(userName, false) as Security.Authentication.IAutheticableUser; if ((currentUser == null) || (String.IsNullOrEmpty(currentUser.UserKey))) { return(new ValidateUserResult() { Status = AuthenticationStatus.InvalidUserNameOrPassword, Message = Resources.Invalid_UsernameOrPassword, User = null }); } var identityProvider = Microsoft.Practices.ServiceLocation.ServiceLocator.Current.GetInstance <IIdentityProviderManager>().GetProviderById(currentUser.IdentityProviderId); if (identityProvider == null) { return(new ValidateUserResult() { Status = AuthenticationStatus.UnknownError, Message = string.Format(Resources.Error_IdentityProviderNotFound, userName), User = null }); } if (currentUser != null) { var captcha = Microsoft.Practices.ServiceLocation.ServiceLocator.Current.GetInstance <ICaptcha>(); if (!currentUser.IgnoreCaptcha) { if ((InvalidLogin.ContainsKey(userName)) && (InvalidLogin[userName] >= 3)) { string captchaStr = GetParameterValue(parameters, "CaptchaString") ?? String.Empty; string guidStr = GetParameterValue(parameters, "CaptchaGuid") ?? String.Empty; if ((!String.IsNullOrEmpty(captchaStr)) && (!String.IsNullOrEmpty(guidStr))) { Guid guid = new Guid(guidStr); if (!captcha.IsCorrect(guid, captchaStr)) { result.Status = AuthenticationStatus.InvalidCaptcha; result.Message = Resources.Invalid_Captcha; result.Captcha = CreateCaptcha(parameters, captcha); return(result); } } else { result.Status = AuthenticationStatus.CaptchaRequired; result.Message = Resources.Captcha_Necessary; result.Captcha = CreateCaptcha(parameters, captcha); return(result); } } } var identityProviderExists = false; lock (_providers) identityProviderExists = _providers.ContainsKey(identityProvider.FullName); if (!identityProviderExists) { if (identityProvider.Type == null) { return new ValidateUserResult() { Status = AuthenticationStatus.ErrorInValidate, Message = ResourceMessageFormatter.Create(() => Properties.Resources.Error_IdentityProviderTypeUndefined).Format() } } ; try { var authenticateInstance = Activator.CreateInstance(identityProvider.Type) as IAuthenticate; lock (_providers) { if (!_providers.ContainsKey(identityProvider.FullName)) { _providers.Add(identityProvider.FullName, authenticateInstance); authenticateInstance = null; } } if (authenticateInstance != null && authenticateInstance is IDisposable) { ((IDisposable)authenticateInstance).Dispose(); } } catch (Exception ex) { return(new ValidateUserResult() { Status = AuthenticationStatus.ErrorInValidate, Message = ex.Message }); } } IAuthenticate provider = null; lock (_providers) provider = _providers[identityProvider.FullName]; result = provider.ValidateUser(userName, password, parameters); if (result.Status == AuthenticationStatus.Success) { if (InvalidLogin.ContainsKey(userName)) { InvalidLogin.Remove(userName); } if ((result.ExpireDate.HasValue) && (result.ExpireDate.Value > DateTime.Today) && (identityProvider.WarningDays > 0) && (System.DateTime.Today.AddDays(identityProvider.WarningDays) >= result.ExpireDate)) { result.Message = String.Format(Resources.Warning_Password, result.ExpireDate.Value.Subtract(ServerData.GetDate()).Days); result.Status = AuthenticationStatus.PasswordWarning; } Security.ITokenProvider tokenFramework = Microsoft.Practices.ServiceLocation.ServiceLocator.Current.GetInstance <ITokenProvider>(); string oldToken = tokenFramework.GetToken(Convert.ToInt32(currentUser.UserKey)); if (!String.IsNullOrEmpty(oldToken)) { if ((GetParameterValue(parameters, "ForceToken") ?? "False").ToUpper().Equals("TRUE")) { tokenFramework.Close(oldToken); } else { result.Status = AuthenticationStatus.DuplicateToken; result.Message = Resources.Error_TokenDuplicate; return(result); } } do { result.Token = tokenFramework.Create(256); }while (tokenFramework.Check(result.Token).Success); result.User = currentUser; tokenFramework.CloseUserTokens(Convert.ToInt32(result.User.UserKey)); if (!tokenFramework.Insert(result.Token, Convert.ToInt32(result.User.UserKey))) { result.Status = AuthenticationStatus.ErrorTokenControl; result.Message = Resources.Error_TokenCreate; result.User = null; } } else if (result.Status == AuthenticationStatus.InvalidUserNameOrPassword) { if (!currentUser.IgnoreCaptcha) { if (!InvalidLogin.ContainsKey(userName)) { InvalidLogin.Add(userName, 1); } else { InvalidLogin[userName]++; } if (InvalidLogin[userName] >= 3) { result.Captcha = CreateCaptcha(parameters, captcha); } } } } else { result.Status = AuthenticationStatus.InvalidUserNameOrPassword; result.Message = Resources.Invalid_UsernameOrPassword; result.User = null; } return(result); }