public bool DelData(Int32 ScreenId, bool bDeferError, LoginUsr LUser, UsrImpr LImpr, UsrCurr LCurr, DataSet ds, string dbConnectionString, string dbPassword, CurrPrj CPrj, CurrSrc CSrc, bool noTrans = false, int commandTimeOut = 1800)
{
using (Access3.AdminAccess dac = new Access3.AdminAccess(commandTimeOut))
{
return(dac.DelData(ScreenId, bDeferError, LUser, LImpr, LCurr, ds, dbConnectionString, dbPassword, CPrj, CSrc, noTrans));
}
}
public string CreateEncryptedLoginToken(LoginUsr usr, int defCompanyId, int defProjectId, byte defSystemId, UsrCurr curr, UsrImpr impr, string resources, string secret)
{
RintagiLoginToken loginToken = new RintagiLoginToken()
{
UsrId = usr.UsrId,
LoginName = usr.LoginName,
UsrName = usr.UsrName,
UsrEmail = usr.UsrEmail,
UsrGroup = impr.UsrGroups,
RowAuthority = impr.RowAuthoritys,
SystemId = curr.SystemId,
CompanyId = curr.CompanyId,
ProjectId = curr.ProjectId,
DefSystemId = defSystemId,
DefCompanyId = defCompanyId,
DefProjectId = defProjectId,
DbId = curr.DbId,
Resources = resources,
};
string json = Newtonsoft.Json.JsonConvert.SerializeObject(loginToken);
SHA256CryptoServiceProvider hashsha256 = new SHA256CryptoServiceProvider();
string hash = BitConverter.ToString(hashsha256.ComputeHash(UTF8Encoding.UTF8.GetBytes(json))).Replace("-", "");
string encrypted = RO.Common3.Utils.ROEncryptString(hash.Left(32) + json, secret);
return(encrypted);
}
public bool UpdAdmRptWiz95(LoginUsr LUser, UsrCurr LCurr, DataSet ds, string dbConnectionString, string dbPassword)
{
using (Access3.WebAccess dac = new Access3.WebAccess())
{
return(dac.UpdAdmRptWiz95(LUser, LCurr, ds, dbConnectionString, dbPassword));
}
}
public bool UpdUsrPassword(Credential cr, LoginUsr LUser, bool RemoveLink)
{
using (LoginAccessBase dac = GetLoginAccess())
{
return(dac.UpdUsrPassword(cr, LUser, RemoveLink));
}
}
public string CreateLoginJWT(LoginUsr usr, int defCompanyId, int defProjectId, byte defSystemId, UsrCurr curr, UsrImpr impr, string resources, int validSeconds, string guidHandle)
{
Func <byte[], string> base64UrlEncode = (c) => Convert.ToBase64String(c).TrimEnd(new char[] { '=' }).Replace('_', '/').Replace('-', '+');
var utc0 = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
var issueTime = DateTime.Now.ToUniversalTime();
var iat = (int)issueTime.Subtract(utc0).TotalSeconds;
var exp = (int)issueTime.AddSeconds(validSeconds).Subtract(utc0).TotalSeconds; // Expiration time is up to 1 hour, but lets play on safe side
var encryptionKey = GetSessionEncryptionKey(iat.ToString(), usr.UsrId.ToString());
var signingKey = GetSessionSigningKey(iat.ToString(), usr.UsrId.ToString());
RintagiLoginJWT token = new RintagiLoginJWT()
{
iat = iat,
exp = exp,
nbf = iat,
loginToken = CreateEncryptedLoginToken(usr, defCompanyId, defProjectId, defSystemId, curr, impr, resources, encryptionKey),
loginId = usr.UsrId.ToString(),
handle = guidHandle
};
string payLoad = Newtonsoft.Json.JsonConvert.SerializeObject(token);
string header = "{\"typ\":\"JWT\",\"alg\":\"HS256\"}";
HMACSHA256 hmac = new HMACSHA256(System.Text.UTF8Encoding.UTF8.GetBytes(signingKey));
string content = base64UrlEncode(System.Text.UTF8Encoding.UTF8.GetBytes(header)) + "." + base64UrlEncode(System.Text.UTF8Encoding.UTF8.GetBytes(payLoad));
byte[] hash = hmac.ComputeHash(System.Text.UTF8Encoding.UTF8.GetBytes(content));
return(content + "." + base64UrlEncode(hash));
}
public bool DelData(Int32 ScreenId, bool bDeferError, LoginUsr LUser, UsrImpr LImpr, UsrCurr LCurr, DataSet ds, string dbConnectionString, string dbPassword, CurrPrj CPrj, CurrSrc CSrc)
{
using (Access3.AdminAccess dac = new Access3.AdminAccess())
{
return(dac.DelData(ScreenId, bDeferError, LUser, LImpr, LCurr, ds, dbConnectionString, dbPassword, CPrj, CSrc));
}
}
public bool UpdUsrPassword(Credential cr, LoginUsr LUser, bool RemoveLink)
{
using (Access3.LoginAccess dac = new Access3.LoginAccess())
{
return(dac.UpdUsrPassword(cr, LUser, RemoveLink));
}
}
public bool DelAdmRptWiz95(LoginUsr LUser, UsrCurr LCurr, DataSet ds, string dbConnectionString, string dbPassword)
{
using (WebAccessBase dac = GetWebAccess())
{
return(dac.DelAdmRptWiz95(LUser, LCurr, ds, dbConnectionString, dbPassword));
}
}
protected void Page_Load(object sender, EventArgs e)
{
LoginUsr = new LoginUsr(Context);
LoginUsr.chkLogin();
if (Context.Request.QueryString["f"] != null)
{
lbSubTitle.Text = mnuDA.GenPageTitle(Context.Request.QueryString["f"].ToString());
}
}
public LoginUsr GetLoginSecure(Credential cr)
{
if (da == null)
{
throw new System.ObjectDisposedException(GetType().FullName);
}
OleDbCommand cmd = new OleDbCommand("GetLoginSecure", new OleDbConnection(GetDesConnStr()));
cmd.CommandType = CommandType.StoredProcedure;
if (Config.DoubleByteDb)
{
cmd.Parameters.Add("@LoginName", OleDbType.VarWChar).Value = cr.LoginName;
}
else
{
cmd.Parameters.Add("@LoginName", OleDbType.VarChar).Value = cr.LoginName;
}
cmd.Parameters.Add("@UsrPassword", OleDbType.VarBinary).Value = cr.Password;
cmd.Parameters.Add("@Provider", OleDbType.VarChar).Value = cr.Provider;
cmd.Parameters.Add("@SelectedLoginName", OleDbType.VarChar).Value = cr.SelectedLoginName;
da.SelectCommand = cmd;
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count <= 0)
{
return(null);
}
else
{
DataRow dr = dt.Rows[0];
LoginUsr usr = new LoginUsr(dr[14].ToString()
, Int32.Parse(dr[0].ToString())
, dr[1].ToString()
, dr[2].ToString()
, dr[3].ToString()
, dr[4].ToString()
, Int16.Parse(dr[5].ToString())
, dr[6].ToString()
, byte.Parse(dr[7].ToString())
, Int16.Parse(dr[8].ToString())
, Int32.Parse(dr[9].ToString())
, Int16.Parse(dr[10].ToString())
, Int16.Parse(dr[11].ToString())
, dr[12].ToString() == "Y" ? true : false
, dr[13] as DateTime?
, dr[15].ToString()
, dr[17].ToString() == "Y"
);
return(usr);
}
}
public LoginUsr GetLoginLegacy(string LoginName, string Password)
{
if (da == null)
{
throw new System.ObjectDisposedException(GetType().FullName);
}
OleDbCommand cmd = new OleDbCommand("GetLoginLegacy", new OleDbConnection(GetDesConnStr()));
cmd.CommandType = CommandType.StoredProcedure;
if (Config.DoubleByteDb)
{
cmd.Parameters.Add("@LoginName", OleDbType.VarWChar).Value = LoginName;
cmd.Parameters.Add("@Password", OleDbType.VarWChar).Value = Password;
}
else
{
cmd.Parameters.Add("@LoginName", OleDbType.VarChar).Value = LoginName;
cmd.Parameters.Add("@Password", OleDbType.VarChar).Value = Password;
}
da.SelectCommand = cmd;
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count <= 0)
{
return(null);
}
else
{
DataRow dr = dt.Rows[0];
LoginUsr usr = new LoginUsr(LoginName
, Int32.Parse(dr[0].ToString())
, dr[1].ToString()
, dr[2].ToString()
, dr[3].ToString()
, dr[4].ToString()
, byte.Parse(dr[5].ToString())
, dr[6].ToString()
, byte.Parse(dr[7].ToString())
, Int16.Parse(dr[8].ToString())
, Int16.Parse(dr[9].ToString())
, Int16.Parse(dr[10].ToString())
, Int16.Parse(dr[11].ToString())
, dr[12].ToString() == "Y" ? true : false
, dr[13] as DateTime?
, null
, false
);
return(usr);
}
}
protected void Page_Load(object sender, EventArgs e)
{
LoginUsr = new LoginUsr(Context);
if (LoginUsr.UsrCde != "")
{
Response.Redirect("Default.aspx");
}
if (!IsPostBack)
{ // '頁面首次載入實執行
lbTitle.Text = cfg.getAppSetting("WebName") + "管理登入";
lbSubTitle.Text = "";//"<a href=\"#\">首頁</a> > " + "<a href=\"#\">" + "管理者登入" + "</a>";
}
}
public bool UpdUsrPassword(Credential cr, LoginUsr LUser, bool RemoveLink)
{
if (da == null)
{
throw new System.ObjectDisposedException(GetType().FullName);
}
OleDbConnection cn = new OleDbConnection(GetDesConnStr());
cn.Open();
OleDbCommand cmd = new OleDbCommand("UpdUsrPassword", cn);
cmd.CommandType = CommandType.StoredProcedure;
if (Config.DoubleByteDb)
{
cmd.Parameters.Add("@LoginName", OleDbType.VarWChar).Value = cr.LoginName;
}
else
{
cmd.Parameters.Add("@LoginName", OleDbType.VarChar).Value = cr.LoginName;
}
cmd.Parameters.Add("@UsrPassword", OleDbType.VarBinary).Value = cr.Password;
cmd.Parameters.Add("@CurrUsrId", OleDbType.Integer).Value = LUser != null && (LUser.LoginName ?? "").ToLower() != "anonymous" ? LUser.UsrId : -1;
cmd.Parameters.Add("@RemoveLink", OleDbType.Char).Value = RemoveLink ? "Y" : "N";
int rtn = Convert.ToInt32(cmd.ExecuteScalar());
cmd.Dispose();
cmd = null;
cn.Close();
if (rtn == 0)
{
return(false);
}
else
{
return(true);
}
}
public static string MakeWebAuthnAttestationRequest(Fido2Configuration fido2Config, byte[] challenge, LoginUsr LUser, List <PublicKeyCredentialDescriptor> excludedCredentials)
{
string usrId = LUser.UsrId.ToString();
string usrIdB64 = System.Convert.ToBase64String(usrId.ToUtf8ByteArray());
Fido2User user = new Fido2User
{
DisplayName = LUser.UsrName,
/* must be restricted to no more than than 64 for device like yubikey as it would fail without reason */
//Name = (Guid.NewGuid().ToString() + " " + DateTime.UtcNow.ToString("o")).Left(64),
//Id= Guid.NewGuid().ToString().ToUtf8ByteArray()
Name = LUser.LoginName,
Id = usrIdB64.ToUtf8ByteArray()
};
AuthenticatorSelection authenticatorSelection = new AuthenticatorSelection
{
RequireResidentKey = false,
UserVerification = UserVerificationRequirement.Discouraged,
// AuthenticatorAttachment = AuthenticatorAttachment.Platform,
};
AttestationConveyancePreference attConveyancePreference = AttestationConveyancePreference.None;
AuthenticationExtensionsClientInputs clientExtensions = new AuthenticationExtensionsClientInputs
{
Extensions = true,
SimpleTransactionAuthorization = string.Format("you are registering to {0}", fido2Config.ServerName),
Location = true,
UserVerificationMethod = true,
BiometricAuthenticatorPerformanceBounds = new AuthenticatorBiometricPerfBounds
{
FAR = float.MaxValue,
FRR = float.MaxValue
}
};
var fido2 = new Fido2(fido2Config);
// must do this for the verification to work
var options = fido2.RequestNewCredential(user, excludedCredentials, authenticatorSelection, attConveyancePreference, clientExtensions);
// the challenge is random byte but we need more info, replace it
options.Challenge = challenge;
var createRequest = Fido2NetLib.CredentialCreateOptions.Create(fido2Config
, challenge, user, authenticatorSelection, attConveyancePreference
, excludedCredentials != null && excludedCredentials.Count > 0 ? excludedCredentials : null
, clientExtensions);
string createRequestJson = options.ToJson();
return(createRequestJson);
}
public LoginUsr GetLoginSecure(Credential cr)
{
if (da == null)
{
throw new System.ObjectDisposedException(GetType().FullName);
}
OleDbCommand cmd = new OleDbCommand("GetLoginSecure", new OleDbConnection(GetDesConnStr()));
cmd.CommandType = CommandType.StoredProcedure;
if (Config.DoubleByteDb)
{
cmd.Parameters.Add("@LoginName", OleDbType.VarWChar).Value = cr.LoginName;
}
else
{
cmd.Parameters.Add("@LoginName", OleDbType.VarChar).Value = cr.LoginName;
}
cmd.Parameters.Add("@UsrPassword", OleDbType.VarBinary).Value = cr.Password;
cmd.Parameters.Add("@Provider", OleDbType.VarChar).Value = cr.Provider;
cmd.Parameters.Add("@SelectedLoginName", OleDbType.VarChar).Value = cr.SelectedLoginName;
da.SelectCommand = cmd;
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count <= 0)
{
return(null);
}
else
{
DataRow dr = dt.Rows[0];
int usrId = Int32.Parse(dr[0].ToString());
int licensedCount = GetLicensedUserCount();
if (licensedCount > 0)
{
OleDbConnection cn = new OleDbConnection(GetDesConnStr());
DataTable dtUsr = new DataTable();
cn.Open();
cmd = new OleDbCommand("SET NOCOUNT ON SELECT TOP " + licensedCount.ToString() + " u.UsrId FROM dbo.Usr u WHERE u.Active = 'Y' ORDER BY u.UsrId ", cn);
cmd.CommandType = CommandType.Text;
cmd.CommandTimeout = 1800;
try
{
da.SelectCommand = cmd;
da.Fill(dtUsr);
}
catch { throw; }
finally { cn.Close(); }
if (dt.AsEnumerable().Where(drUsr => drUsr["UsrId"].ToString() == usrId.ToString()).Count() == 0)
{
throw new Exception(string.Format("Please get more user login licenses(current purchased license {0}) or decactivate some inactive users", licensedCount));
}
}
LoginUsr usr = new LoginUsr(dr[14].ToString()
, Int32.Parse(dr[0].ToString())
, dr[1].ToString()
, dr[2].ToString()
, dr[3].ToString()
, dr[4].ToString()
, Int16.Parse(dr[5].ToString())
, dr[6].ToString()
, byte.Parse(dr[7].ToString())
, Int16.Parse(dr[8].ToString())
, Int32.Parse(dr[9].ToString())
, Int16.Parse(dr[10].ToString())
, Int16.Parse(dr[11].ToString())
, dr[12].ToString() == "Y" ? true : false
, dr[13] as DateTime?
, dr[15].ToString()
, dr[17].ToString() == "Y"
);
return(usr);
}
}
protected void Page_Load(object sender, EventArgs e)
{
LoginUsr = new LoginUsr(Context);
LoginUsr.LogOut();
}
public void UpdDbDoc(string DocId, string TblName, string DocName, string MimeType, long DocSize, byte[] dc, string dbConnectionString, string dbPassword, LoginUsr lu, string MasterId = null)
{
using (Access3.AdminAccess dac = new Access3.AdminAccess())
{
dac.UpdDbDoc(DocId, TblName, DocName, MimeType, DocSize, dc, dbConnectionString, dbPassword, lu);
}
}
public SerializableDictionary <string, string> GetToken(string client_id, string scope, string grant_type, string code, string code_verifier, string redirect_url, string client_secret, string appPath, string appDomain, Func <string, string> getStoredToken, Func <LoginUsr, UsrCurr, UsrImpr, UsrPref, string, bool, bool> ValidateScope, bool reAuth = false)
{
Dictionary <string, object> scopeContext = Newtonsoft.Json.JsonConvert.DeserializeObject <Dictionary <string, object> >(scope);
byte? systemId = null;
int? companyId = null;
int? projectId = null;
short?cultureId = null;
int access_token_validity = 5 * 60; // 20 minutes
int refresh_token_validity = 60 * 60 * 24 * 14; // 14 days
try { systemId = byte.Parse(scopeContext["SystemId"].ToString()); }
catch { };
try { companyId = int.Parse(scopeContext["CompanyId"].ToString()); }
catch { };
try { projectId = int.Parse(scopeContext["ProjectId"].ToString()); }
catch { };
try { cultureId = short.Parse(scopeContext["ProjectId"].ToString()); }
catch { };
//var context = HttpContext.Current;
//string appPath = context.Request.ApplicationPath;
//string domain = context.Request.Url.GetLeftPart(UriPartial.Authority);
//HttpSessionState Session = HttpContext.Current.Session;
//System.Web.Caching.Cache cache = HttpContext.Current.Cache;
string storedToken;
RintagiLoginJWT loginJWT = new Func <RintagiLoginJWT>(() =>
{
if (grant_type == "authorization_code")
{
storedToken = getStoredToken(code);
try
{
return(GetLoginUsrInfo(storedToken) ?? new RintagiLoginJWT());
}
catch
{
};
}
else if (grant_type == "refresh_token")
{
try
{
return(GetLoginUsrInfo(code) ?? new RintagiLoginJWT());
}
catch { }
}
return(new RintagiLoginJWT());
})();
UsrCurr LCurr;
UsrImpr LImpr;
LoginUsr LUser;
UsrPref LPref;
var utc0 = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
var currTime = DateTime.Now.ToUniversalTime().Subtract(utc0).TotalSeconds;
var nbf = loginJWT.nbf - 20; // margin for multiple server clock skew(max 20s)
var expiredOn = loginJWT.exp + 20; // margin for multiple server clock skew(max 20s)
int remainingSeconds = expiredOn - (int)currTime;
var currentHandle = loginJWT.handle;
bool keepRefreshToken = remainingSeconds > 120 && !reAuth && grant_type == "refresh_token";
try
{
if (currTime > nbf && currTime < expiredOn && ValidateJWTHandle(currentHandle))
{
string signingKey = GetSessionSigningKey(loginJWT.iat.ToString(), loginJWT.loginId.ToString());
string encryptionKey = GetSessionEncryptionKey(loginJWT.iat.ToString(), loginJWT.loginId.ToString());
RintagiLoginToken loginToken = DecryptLoginToken(loginJWT.loginToken, encryptionKey);
LCurr = new UsrCurr(companyId ?? loginToken.CompanyId, projectId ?? loginToken.ProjectId, systemId ?? loginToken.SystemId, systemId ?? loginToken.SystemId);
LImpr = null;
LImpr = SetImpersonation(LImpr, loginToken.UsrId, systemId ?? loginToken.SystemId, companyId ?? loginToken.CompanyId, projectId ?? loginToken.ProjectId);
LUser = new LoginUsr();
LUser.UsrId = loginToken.UsrId;
LUser.LoginName = loginToken.LoginName;
LUser.DefCompanyId = loginToken.DefCompanyId;
LUser.DefProjectId = loginToken.DefProjectId;
LUser.DefSystemId = loginToken.DefSystemId;
LUser.UsrName = loginToken.UsrName;
LUser.InternalUsr = "******";
LUser.CultureId = 1;
LUser.HasPic = false;
LPref = (new LoginSystem()).GetUsrPref(LUser.UsrId, LCurr.CompanyId, LCurr.ProjectId, LCurr.SystemId);
string refreshTag = keepRefreshToken ? currentHandle : Guid.NewGuid().ToString().Replace("-", "").ToLower();
string loginTag = Guid.NewGuid().ToString().Replace("-", "").ToLower();
if (ValidateScope(LUser, LCurr, LImpr, LPref, currentHandle, true))
{
string loginTokenJWT = CreateLoginJWT(LUser, loginToken.DefCompanyId, loginToken.DefProjectId, loginToken.DefSystemId, LCurr, LImpr, appPath, access_token_validity, loginTag);
string refreshTokenJWT = CreateLoginJWT(LUser, loginToken.DefCompanyId, loginToken.DefProjectId, loginToken.DefSystemId, LCurr, LImpr, appPath, keepRefreshToken ? remainingSeconds : refresh_token_validity, refreshTag);
string token_scope = string.Format("s{0}c{1}p{2}", LCurr.SystemId, LCurr.CompanyId, LCurr.ProjectId);
var Token = new SerializableDictionary <string, string> {
{ "access_token", loginTokenJWT },
{ "token_type", "Bearer" },
{ "iat", currTime.ToString() },
{ "expires_in", (access_token_validity - 1).ToString() },
{ "scope", token_scope },
{ "resources", appPath },
{ "refresh_token", refreshTokenJWT },
};
return(Token);
}
else
{
return(new SerializableDictionary <string, string>()
{
{ "error", "access_denied" },
{ "message", "cannot issue token" },
});
}
}
}
catch {
}
return(new SerializableDictionary <string, string>()
{
{ "error", "invalid_token" },
{ "message", "cannot issue token" },
});
}
public string AddDbDoc(string MasterId, string TblName, string DocName, string MimeType, long DocSize, byte[] dc, string dbConnectionString, string dbPassword, LoginUsr lu)
{
using (Access3.AdminAccess dac = new Access3.AdminAccess())
{
return(dac.AddDbDoc(MasterId, TblName, DocName, MimeType, DocSize, dc, dbConnectionString, dbPassword, lu));
}
}
public abstract bool UpdAdmRptWiz95(LoginUsr LUser, UsrCurr LCurr, DataSet ds, string dbConnectionString, string dbPassword);
public abstract bool UpdUsrPassword(Credential cr, LoginUsr LUser, bool RemoveLink);
public abstract void UpdDbDoc(string DocId, string TblName, string DocName, string MimeType, long DocSize, byte[] dc, string dbConnectionString, string dbPassword, LoginUsr lu);
public abstract bool UpdData(Int32 ScreenId, bool bDeferError, LoginUsr LUser, UsrImpr LImpr, UsrCurr LCurr, DataSet ds, string dbConnectionString, string dbPassword, CurrPrj CPrj, CurrSrc CSrc, bool noTrans = false);
