protected virtual bool ValidateLocalCredentials(string username, string password, SignInMessage message,
out TAccount account)
{
var tenant = string.IsNullOrWhiteSpace(message.Tenant)
? userAccountService.Configuration.DefaultTenant
: message.Tenant;
return(userAccountService.Authenticate(tenant, username, password, out account));
}
/// <summary>
/// Authenticates user with given username and password
/// </summary>
/// <param name="loginDto">user login details</param>
/// <returns>ID of the authenticated user</returns>
public Guid AuthenticateUser(UserLoginDTO loginDto)
{
DAL.Entities.UserAccount account;
var result = coreService.Authenticate(loginDto.UserName, loginDto.Password, out account);
if (!result)
{
Debug.WriteLine($"Failed to authenticate user: {loginDto.UserName}");
return(Guid.Empty);
}
return(account.ID);
}
public ActionResult LogIn(LogInModel model)
{
if (ModelState.IsValid)
{
BrockAllen.MembershipReboot.UserAccount account;
if (_userAccountService.Authenticate(model.TenantName, model.Username, model.Password, out account))
{
_authService.SignIn(account);
if (account.RequiresTwoFactorAuthCodeToSignIn())
{
return(RedirectToAction("TwoFactorAuthCodeLogin"));
}
if (account.RequiresTwoFactorCertificateToSignIn())
{
return(RedirectToAction("CertificateLogin"));
}
if (_userAccountService.IsPasswordExpired(account))
{
return(RedirectToAction("Index", "ChangePassword"));
}
try
{
//Retrieve Web APi token
_oauth2AuthenticationSettings.Username = model.Username;
_oauth2AuthenticationSettings.TenantName = model.TenantName;
_oauth2AuthenticationSettings.Password = model.Password;
RetrieveWebApiTokenAndCreateCookie(_oauth2AuthenticationSettings);
}
catch (Exception ex)
{
_authService.SignOut();
ModelState.AddModelError("", ex.Message);
return(View(model));
}
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("", "Invalid Username or Password");
}
}
return(View(model));
}
public HttpResponseMessage Post([FromBody] AuthRequest request)
{
var token = _userAccountService.Authenticate(request.Username, request.Password);
if (token == Guid.Empty)
{
return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, Constants.ErrorMessages.AuthError));
}
var response = new AuthResponse
{
Username = request.Username,
Token = token
};
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
public virtual Task <AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message)
{
TAccount account;
if (userAccountService.Authenticate(username, password, out account))
{
var subject = account.ID.ToString("D");
var name = GetDisplayNameForAccount(account.ID);
//if (account.RequiresTwoFactorAuthCodeToSignIn())
//{
// return new AuthenticateResult("/core/account/twofactor", subject, name);
//}
//if (account.RequiresTwoFactorCertificateToSignIn())
//{
// return new AuthenticateResult("/core/account/certificate", subject, name);
//}
//if (account.RequiresPasswordReset || userAccountService.IsPasswordExpired(account))
//{
// return new AuthenticateResult("/core/account/changepassword", subject, name);
//}
var p = IdentityServerPrincipal.Create(subject, name);
return(Task.FromResult(new AuthenticateResult(p)));
}
if (account != null)
{
if (!account.IsLoginAllowed)
{
return(Task.FromResult(new AuthenticateResult("Account is not allowed to login")));
}
if (account.IsAccountClosed)
{
return(Task.FromResult(new AuthenticateResult("Account is closed")));
}
}
return(Task.FromResult <AuthenticateResult>(null));
}
public void CreateAccount_SettingsRequiresVerification_CannotLogin()
{
securitySettings.RequireAccountVerification = true;
securitySettings.AllowLoginAfterAccountCreation = true;
subject.CreateAccount("test", "pass", "*****@*****.**");
Assert.IsFalse(subject.Authenticate("test", "pass"));
}
public bool ValidateUser(string userName, string password)
{
return(userSvc.Authenticate(userName, password));
}
protected override bool ValidatePassword(string uid, string pwd)
{
return(userAccountService.Authenticate(uid, pwd));
}
