// POST: api/Authentication public IHttpActionResult Post(Authentication AuthData) { if (AuthData == null || !AuthData.IsComplete()) { return(BadRequest("Authentication data required but not provided")); } DataAccessSoapClient ws = new DataAccessSoapClient(); string token = ws.Login(AuthData.username, AuthData.password, new DataAccessWS.UserRole[2] { DataAccessWS.UserRole.BUYER, DataAccessWS.UserRole.SELLER }); if (string.IsNullOrEmpty(token)) { return(StatusCode(HttpStatusCode.Unauthorized)); } IdentityWSSoapClient idWS = new IdentityWSSoapClient(); IdentityData idData = idWS.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); User user = ws.FindUserByUsername(idData.Username); return(Ok(new AuthToken { Token = token, Username = idData.Username, Role = idData.Role.ToString(), Id = user.Id })); }
private bool CheckUserBuyer(string AuthToken) { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData Data = ws.GetIdentity(new Security { BinarySecurityToken = AuthToken }); if (Data == null || Data.Role != UserRole.BUYER) { return(false); } return(true); }
private bool ValidateClientIdentity(string token, long userId) { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); DataAccessSoapClient dataWS = new DataAccessSoapClient(); User target = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, userId); return(identity != null && target != null && identity.Username.Equals(target.Username) && identity.Role.ToString().Equals(target.Role.ToString())); }
private IHttpActionResult ValidateUserCanBeDeleted(string authToken) { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = authToken }); DataAccessSoapClient dataWS = new DataAccessSoapClient(); OrderData[] orders = dataWS.FindOrdersByUsername(new DataAccessWS.Security { BinarySecurityToken = authToken }, identity.Username); if (orders != null && orders.Length > 0) { return(BadRequest("User cannot be removed since he/she has registered orders")); } return(null); }
private async Task <bool> listOrders(Message message) { string[] parts = message.Text.Split(new char[0]); if (parts.Length != 2) { await BotClient.SendTextMessageAsync(message.Chat.Id, "Listorders command format: /listorders authToken"); return(false); } else { string authToken = parts[1]; IdentityWSSoapClient iWS = new IdentityWSSoapClient(); IdentityData identity = null; try { identity = iWS.GetIdentity(new identityWS.Security { BinarySecurityToken = authToken }); } catch (Exception ex) { await BotClient.SendTextMessageAsync(message.Chat.Id, "An error occurred " + ex.Message); return(false); } if (identity != null) { DataAccessSoapClient ws = new DataAccessSoapClient(); OrderData[] orders = ws.FindOrdersByUsername(new DataAccessWS.Security { BinarySecurityToken = authToken }, identity.Username); string response = ""; foreach (var o in orders) { response += "{" + o.OrderNumber + "} " + o.DateCreated.ToShortDateString() + " [" + o.State.ToString() + "]\n"; } await BotClient.SendTextMessageAsync(message.Chat.Id, response); return(true); } return(false); } }
private IHttpActionResult ValidateToken(string token) { if (string.IsNullOrEmpty(token)) { return(Unauthorized()); } try { IdentityWSSoapClient ws = new IdentityWSSoapClient(); ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); } catch (FaultException ex) { return(BadRequest("Invalid security token")); } return(null); }
private IHttpActionResult ValidateClientIsSeller(string token) { try { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); if (identity != null && identity.Role != IdentityWS.UserRole.SELLER) { return(Unauthorized()); } } catch (FaultException ex) { return(BadRequest("Invalid security token")); } return(null); }
private IHttpActionResult ValidateSeller(string token, string username) { try { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); if (identity == null) { return(Unauthorized()); } if (!identity.Username.Equals(username)) { return(Unauthorized()); } } catch (FaultException ex) { return(BadRequest("Invalid security token")); } return(null); }
private IHttpActionResult ValidateOwnerProduct(string token, long productId) { try { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); if (identity == null) { return(Unauthorized()); } DataAccessSoapClient dataWS = new DataAccessSoapClient(); var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product target = dataWS.FindProduct(new DataAccessWS.Security { BinarySecurityToken = token }, productId); if (target == null) { return(NotFound()); } User owner = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, target.seller_id); if (!owner.Username.Equals(identity.Username)) { return(Unauthorized()); } } catch (FaultException ex) { return(BadRequest("Invalid security token")); } return(null); }