/// <summary>
/// Sets the context to the specified tenant.
/// This context is not compatible with the legacy resource model.
/// </summary>
/// <param name="tenantName">The tenant name.</param>
/// <remarks></remarks>
public static void SetTenantAdministratorContext(string tenantName)
{
RequestContext.SetSystemAdministratorContext();
var tenant = TenantHelper.Find(tenantName);
RequestContext.SetTenantAdministratorContext(tenant.Id);
}
/// <summary>
/// Enables the tenant.
/// </summary>
/// <param name="tenantName">The name of the tenant.</param>
public static void EnableTenant(string tenantName)
{
using (new GlobalAdministratorContext())
{
var tenant = TenantHelper.Find(tenantName);
if (tenant == null)
{
throw new Exception("Tenant " + tenantName + " not found.");
}
var tenantWrite = tenant.AsWritable <ETenant>();
tenantWrite.IsTenantDisabled = false;
tenantWrite.Save();
}
}
/// <summary>
/// Gets the tenant id.
/// </summary>
/// <param name="tenantName">Name of the tenant.</param>
/// <returns></returns>
/// <exception cref="EntityNotFoundException">Unable to locate Tenant with name ' + tenantName + '.</exception>
private static long GetTenantId(string tenantName)
{
using (new AdministratorContext( ))
{
/////
// Get the tenant with the specified name
/////
Tenant tenant = TenantHelper.Find(tenantName);
if (tenant == null)
{
throw new EntityNotFoundException("Unable to locate Tenant with name '" + tenantName + "'.");
}
return(tenant.Id);
}
}
/// <summary>
/// Given the name of a tenant, create a context block for that tenant
/// </summary>
public static IDisposable GetTenantContext(string tenantName)
{
Tenant tenant;
if (string.IsNullOrEmpty(tenantName))
{
throw new InvalidTenantException();
}
using (new GlobalAdministratorContext())
{
tenant = TenantHelper.Find(tenantName);
if (tenant == null)
{
throw new InvalidTenantException(tenantName);
}
}
return(new TenantAdministratorContext(tenant.Id));
}
/// <summary>
/// Create an admin context block for the tenant, to use in determining the user account.
/// </summary>
private IDisposable GetTenantContext(string tenantName)
{
Tenant tenant;
if (string.IsNullOrEmpty(tenantName))
{
return(null);
}
using (new GlobalAdministratorContext( ))
{
tenant = TenantHelper.Find(tenantName);
if (tenant == null)
{
return(null);
}
}
return(new TenantAdministratorContext(tenant.Id));
}
/// <summary>
/// Checks the credentials for the specified user account.
/// </summary>
/// <param name="username">A string containing the username associated with the user account. This cannot be null or empty.</param>
/// <param name="password">A string containing the password associated with the user account. This cannot be null.</param>
/// <param name="tenantName">Name of the tenant. This cannot be null or empty.</param>
/// <param name="updateAccount">A Boolean value that controls whether or not user account information associated with the request is updated.</param>
/// <param name="skipPasswordExpiryCheck">A Boolean that controls whether to perform the password expiry check.</param>
/// <returns>An object representing the identity of the user account</returns>
/// <exception cref="ArgumentException">
/// The given account details are incorrect.
/// </exception>
/// <exception cref="TenantDisabledException">
/// The tenant is disabled, meaning no user in that tenant can authenticate.
/// </exception>
private static RequestContextData ValidateAccount(string username, string password, string tenantName, bool updateAccount, bool skipPasswordExpiryCheck = false)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("The specified username parameter is invalid.");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
if (String.IsNullOrEmpty(tenantName))
{
throw new ArgumentException("The specified tenant parameter is invalid.");
}
RequestContextData contextData;
// Cache the original request context
RequestContext originalContextData = RequestContext.GetContext( );
try
{
TenantInfo tenantInfo;
UserAccount userAccount;
PasswordPolicy passwordPolicy;
// Set the system administrators context
RequestContext.SetSystemAdministratorContext( );
try
{
if (password.Length > MaxPasswordLength)
{
throw new ArgumentException(
string.Format("Password cannot be longer than {0} characters", MaxPasswordLength),
"password");
}
if (tenantName == SpecialStrings.GlobalTenant)
{
// Create a Dummy Tenant Info
// No need to set the context as we are already the global admin
tenantInfo = new TenantInfo(0)
{
Name = SpecialStrings.GlobalTenant
};
}
else
{
// Get the tenant with the specified name
Tenant tenant = TenantHelper.Find(tenantName);
if (tenant == null)
{
throw new ArgumentException(string.Format("Unknown tenant '{0}'", tenantName), "tenantName");
}
if (tenant.IsTenantDisabled ?? false)
{
throw new TenantDisabledException(tenantName);
}
// Set the tenant administrators context
RequestContext.SetTenantAdministratorContext(tenant.Id);
tenantInfo = new TenantInfo(tenant.Id)
{
Name = tenantName.ToUpperInvariant()
};
}
// Get the user account with the specified name
userAccount = Entity.GetByField <UserAccount>(username, true, new EntityRef("core", "name")).FirstOrDefault( );
if (userAccount == null)
{
throw new ArgumentException(string.Format("Could not find user '{0}' in tenant '{1}'", username, tenantName));
}
// Get the password policy
passwordPolicy = Entity.Get <PasswordPolicy>(new EntityRef("core:passwordPolicyInstance"));
if (passwordPolicy == null)
{
throw new ArgumentException(string.Format("Could not find password policy for tenant '{0}'", tenantName));
}
}
catch (Exception ex)
{
EventLog.Application.WriteWarning("Login failed: " + ex.Message);
// Validate a password here to mitigate timing attacks. An attacker could use this
// to guess which passwords are valid by timing the login. Without this, logins that
// have a invalid user name and tenant will be quicker than those with a valid user name.
CryptoHelper.CreateEncodedSaltedHash("test password");
throw;
}
ValidateAccount(userAccount, passwordPolicy, password, updateAccount, skipPasswordExpiryCheck);
// Set the context data
var identityInfo = new IdentityInfo(userAccount.Id, userAccount.Name);
contextData = new RequestContextData(identityInfo, tenantInfo, CultureHelper.GetUiThreadCulture(CultureType.Specific));
}
finally
{
// Restore the original request context
if ((originalContextData != null) && (originalContextData.IsValid))
{
RequestContext.SetContext(originalContextData);
}
}
return(contextData);
}
/// <summary>
/// Sets the request context.
/// </summary>
private void SetRequestContext( )
{
RequestContext context = RequestContext.GetContext( );
if (context != null && context.IsValid && context.Tenant?.Name != null)
{
if (context.Tenant.Name.Equals(TenantName, StringComparison.OrdinalIgnoreCase))
{
/////
// Context already set.
/////
return;
}
}
RequestContextData contextData;
/////
// See if the request context has been cached.
/////
if (!RequestContextCache.TryGetValue(TenantName, out contextData))
{
if (TenantName.Equals(SpecialStrings.GlobalTenant))
{
var tenantInfo = new TenantInfo(0);
var identityInfo = new IdentityInfo(0, SpecialStrings.SystemAdministratorUser);
contextData = new RequestContextData(identityInfo, tenantInfo, CultureHelper.GetUiThreadCulture(CultureType.Neutral));
}
else
{
/////
// Set system administrators context to retrieve the tenant.
/////
RequestContext.SetSystemAdministratorContext( );
/////
// Retrieve the requested tenant.
/////
Tenant tenant = TenantHelper.Find(TenantName);
RequestContext.SetTenantAdministratorContext(tenant.Id);
UserAccount userAccount = Entity.GetByField <UserAccount>(SpecialStrings.SystemAdministratorUser, false, new EntityRef("core", "name")).FirstOrDefault() ?? Entity.GetByField <UserAccount>(SpecialStrings.TenantAdministratorUser, false, new EntityRef("core", "name")).FirstOrDefault();
if (userAccount == null)
{
throw new EntityNotFoundException("The 'Administrator' account for tenant '" + TenantName + "' could not be found.");
}
/////
// Set the context data
/////
var identityInfo = new IdentityInfo(userAccount.Id, userAccount.Name);
var tenantInfo = new TenantInfo(tenant.Id);
contextData = new RequestContextData(identityInfo, tenantInfo, CultureHelper.GetUiThreadCulture(CultureType.Neutral));
}
RequestContextCache[TenantName] = contextData;
}
RequestContext.SetContext(contextData);
}