public Mercury.Server.Security.AuthenticationResponse Authenticate(String securityAuthorityName, String accountType, String accountName, String password, String newPassword, String environment)
{
Mercury.Server.Security.AuthenticationResponse authenticationResponse = new AuthenticationResponse();
Mercury.Server.Public.Interfaces.Security.Credentials credentials = new Public.Interfaces.Security.Credentials("", "", "", accountName, password, newPassword);
Mercury.Server.Security.SecurityAuthority securityAuthority = application.SecurityAuthorityGet(securityAuthorityName);
Mercury.Server.Security.Providers.ActiveDirectory.Provider activeDirectoryProvider;
Mercury.Server.Session session = null;
if (securityAuthority == null)
{
authenticationResponse.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.SecurityAuthorityError;
authenticationResponse.AuthenticationException = new Exception("Unable to retreive Security Authority information from the database.", application.LastException);
return(authenticationResponse);
}
SetProviderCredentials(accountType, securityAuthority, credentials);
activeDirectoryProvider = new Providers.ActiveDirectory.Provider(credentials);
authenticationResponse.IsAuthenticated = activeDirectoryProvider.Authenticate();
if (authenticationResponse.IsAuthenticated)
{
session = CreateSession(securityAuthority, authenticationResponse, credentials, environment);
}
SetAuthenticationError(authenticationResponse, credentials);
return(authenticationResponse);
}
public Mercury.Server.Security.AuthenticationResponse Authenticate(String environment)
{
AuthenticationResponse authenticationResponse = new AuthenticationResponse();
Mercury.Server.Public.Interfaces.Security.Credentials credentials = new Public.Interfaces.Security.Credentials();
Mercury.Server.Security.SecurityAuthority securityAuthority;
Mercury.Server.Session session = null;
try {
if (((System.Threading.Thread.CurrentPrincipal.Identity.AuthenticationType == "NTLM") ||
(System.Threading.Thread.CurrentPrincipal.Identity.AuthenticationType == "Kerberos") ||
(System.Threading.Thread.CurrentPrincipal.Identity.AuthenticationType == "Negotiate")
) &&
(System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated) &&
(!String.IsNullOrEmpty(System.Threading.Thread.CurrentPrincipal.Identity.Name)))
{
#region Retreive Credentials from Thread.CurrentPrincipal
credentials.Domain = System.Threading.Thread.CurrentPrincipal.Identity.Name.Split('\\')[0];
credentials.UserName = System.Threading.Thread.CurrentPrincipal.Identity.Name.Split('\\')[1];
application.TraceWriteLineInfo(application.TraceSwitchSecurity, "\r\n[Mercury.Server.Security.Authenticate] Credentials: " + credentials.Domain + "\\" + credentials.UserName);
#endregion
#region Retreive Security Authority for Domain and Authenticate
// validate that the domain is a trusted security authority
securityAuthority = application.SecurityAuthorityGet(credentials.Domain);
if (securityAuthority != null)
{
if (securityAuthority.SecurityAuthorityType == Enumerations.SecurityAuthorityType.WindowsIntegrated)
{
#region Authenticate
SetProviderCredentials(String.Empty, securityAuthority, credentials);
Mercury.Server.Security.Providers.WindowsIntegrated.Provider windowsProvider = new Providers.WindowsIntegrated.Provider();
authenticationResponse.IsAuthenticated = windowsProvider.Authenticate(credentials);
if (authenticationResponse.IsAuthenticated)
{
session = CreateSession(securityAuthority, authenticationResponse, credentials, environment);
}
SetAuthenticationError(authenticationResponse, credentials);
#endregion
}
else
{
#region SECURITY AUTHORITY TYPE NOT WINDOWS INTEGRATED
authenticationResponse.IsAuthenticated = false;
credentials.AuthenticationError = Public.Interfaces.Security.Enumerations.AuthenticationError.SecurityAuthorityError;
SetAuthenticationError(authenticationResponse, credentials);
authenticationResponse.AuthenticationException = new ApplicationException("[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Type is not Windows Integrated.");
application.TraceWriteLineWarning(application.TraceSwitchSecurity, "\r\n[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Type is not Windows Integrated.");
#endregion
}
}
else
{
#region SECURITY AUTHORITY NOT FOUND
authenticationResponse.IsAuthenticated = false;
credentials.AuthenticationError = Public.Interfaces.Security.Enumerations.AuthenticationError.SecurityAuthorityError;
SetAuthenticationError(authenticationResponse, credentials);
authenticationResponse.AuthenticationException = new ApplicationException("[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Not Found.");
application.TraceWriteLineWarning(application.TraceSwitchSecurity, "\r\n[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Not Found.");
#endregion
}
#endregion
}
else
{
credentials.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.InvalidUserOrPassword;
SetAuthenticationError(authenticationResponse, credentials);
}
}
catch (Exception domainAccountException) {
authenticationResponse.IsAuthenticated = false;
credentials.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.InvalidUserOrPassword;
SetAuthenticationError(authenticationResponse, credentials);
authenticationResponse.AuthenticationException = new ApplicationException("[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "] " + authenticationResponse.AuthenticationException.Message, domainAccountException);
application.TraceWriteLineError(application.TraceSwitchSecurity, "[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "] " + authenticationResponse.AuthenticationException.Message);
application.TraceWriteLineError(application.TraceSwitchSecurity, "[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "] " + domainAccountException.Message);
}
return(authenticationResponse);
}
protected Mercury.Server.Session CreateSession(Mercury.Server.Security.SecurityAuthority securityAuthority,
Mercury.Server.Security.AuthenticationResponse authenticationResponse,
Mercury.Server.Public.Interfaces.Security.Credentials credentials, String environmentName)
{
Mercury.Server.Session session = null;
Mercury.Server.Environment.Environment environment = null;
Boolean connectionSuccess = false;
if (!authenticationResponse.IsAuthenticated)
{
return(null);
}
if (environmentName != String.Empty)
{
environment = application.EnvironmentGet(environmentName);
Mercury.Server.Data.SqlDatabase environmentDatabase = null;
if (environment != null)
{
environmentDatabase = new Mercury.Server.Data.SqlDatabase(environment.SqlConfiguration);
connectionSuccess = environmentDatabase.Connect();
}
if (!connectionSuccess)
{
if (environmentDatabase != null)
{
application.SetLastException(environmentDatabase.LastException);
}
authenticationResponse.IsAuthenticated = false;
authenticationResponse.Environments = EnvironmentsAvailable(credentials);
credentials.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.MustSelectEnvironment;
credentials.AuthenticationException = new Exception("Unable to connect to requested environment.");
return(null);
}
}
// empty environment or environment selection not allowed for user
if ((environmentName == String.Empty) || (!((";" + EnvironmentsAvailable(credentials) + ";").Contains(";" + environmentName + ";"))) || (environment == null))
{
authenticationResponse.IsAuthenticated = false;
authenticationResponse.Environments = EnvironmentsAvailable(credentials);
credentials.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.MustSelectEnvironment;
}
else
{
credentials.Environment = environmentName;
authenticationResponse.IsAuthenticated = true;
authenticationResponse.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.NoError;
session = application.CreateSession(credentials);
authenticationResponse.Token = session.Token;
authenticationResponse.SecurityAuthorityId = session.SecurityAuthorityId;
authenticationResponse.SecurityAuthorityName = session.SecurityAuthorityName;
authenticationResponse.SecurityAuthorityType = session.SecurityAuthorityType;
authenticationResponse.EnvironmentId = environment.Id;
authenticationResponse.EnvironmentName = environment.Name;
authenticationResponse.ConfidentialityStatement = environment.ConfidentialityStatement;
authenticationResponse.UserAccountId = session.UserAccountId;
authenticationResponse.UserAccountName = session.UserAccountName;
authenticationResponse.UserDisplayName = session.UserDisplayName;
authenticationResponse.GroupMembership = session.GroupMembership;
authenticationResponse.RoleMembership = session.RoleMembership;
authenticationResponse.EnterprisePermissionSet = session.EnterprisePermissionSet;
authenticationResponse.EnvironmentPermissionSet = session.EnvironmentPermissionSet;
authenticationResponse.WorkQueuePermissions = session.WorkQueuePermissions;
authenticationResponse.WorkTeamMembership = session.WorkTeamMembership;
}
return(session);
}
public Mercury.Server.Application GetApplication(String token)
{
Mercury.Server.Application application = null;
Mercury.Server.Session session = null;
String sessionCacheKey = "Mercury.Server.Session." + token;
String applicationCacheKey = "Mercury.Server.Application." + token;
Boolean localCacheSuccessful = false;
lastException = null;
try {
if (IsCacheValid)
{
if (cache[sessionCacheKey] != null)
{
// LEVEL 1 CACHE FROM LOCAL SERVER
session = (Mercury.Server.Session)cache.Get(sessionCacheKey);
// Expiration Time from the Cache is maintained by a Sliding Time
application = (Mercury.Server.Application)cache.Get(applicationCacheKey);
application.ApplicationUpdated += new EventHandler(Application_OnUpdate);
// application = new Mercury.Server.Application (session);
localCacheSuccessful = true;
}
}
if (!localCacheSuccessful)
{
// LEVEL 2 CACHE FROM DATABASE, FIRST CACHING IS ALWAYS LEVEL 2 FIRST
application = new Mercury.Server.Application(token);
if (application != null)
{
// CACHE TO LEVEL 1
CacheObject(sessionCacheKey, application.Session, new TimeSpan(0, 20, 0));
CacheObject(applicationCacheKey, application, new TimeSpan(0, 20, 0));
application.ApplicationUpdated += new EventHandler(Application_OnUpdate);
}
}
if (application != null)
{
// UPDATE SESSION AUDIT LAST ACTIVITY TIME WHEN UPDATE INTERVAL HAS PASSED
if (DateTime.Now.Subtract(application.Session.LastActivityDate).TotalSeconds >= (application.SessionLastActivityUpdateMinutes * 60))
{
application.SessionUpdateLastActivity();
}
}
}
catch (Exception cacheException) {
lastException = cacheException;
application = null;
}
if (application != null)
{
application.SetLastException(null);
}
return(application);
}
