public UserAuthenticateResponse Get(UserAuthenticateRequest request) { UserAuthenticateResponse response = new UserAuthenticateResponse(); try { //build the token from the user authentication request remote machine for additional security //this will then be passed in from calling domains via the header for validation string securityToken = BuildSecurityToken(); request.UserName = Request.Headers["UserName"]; request.Password = Request.Headers["Password"]; request.APIKey = Request.Headers["APIKey"]; request.Context = Request.Headers["Context"]; // validate user against apiuser datastore response = SecurityManager.ValidateCredentials(request.UserName, request.Password, securityToken, request.APIKey, request.Context, request.ContractNumber); return(response); } catch (Exception ex) { //TODO: Log this to the SQL database via ASE CommonFormatter.FormatExceptionResponse(response, base.Response, ex); return(response); } }
public UserControllerTests() { _userService = new Mock <IUserService>(); _userListResponse = new List <UserListResponse>(); _userAuthenticateResponse = new UserAuthenticateResponse(); _userAuthenticateRequest = new Mock <UserAuthenticateRequest>(); _sut = new UsersController(_userService.Object); }
public static UserAuthenticateResponse ValidateCredentials(string userName, string password, string securityToken, string apiKey, string productName, string contractNumber) { try { ISecurityRepository <UserAuthenticateResponse> securityRepo = SecurityRepositoryFactory <UserAuthenticateResponse> .GetSecurityRepository(productName); UserAuthenticateResponse response = securityRepo.LoginUser(userName, password, securityToken, apiKey, productName, contractNumber); return(response); } catch (Exception) { throw; } }
private async Task ResetToken() { HttpClient httpClient = new HttpClient(); string accessToken = _httpContextAccessor.HttpContext.User.GetClaimValue(ConstantString.AccessToken); httpClient.DefaultRequestHeaders.Add(ConstantString.AccessToken, accessToken); httpClient.DefaultRequestHeaders.Add(Headers.ClientID, Common.ClientID); httpClient.DefaultRequestHeaders.Add(Headers.SecreteToken, Common.ClientSecretKey); string refreshToken = _httpContextAccessor.HttpContext.User.GetClaimValue(ConstantString.RefreshToken); httpClient.DefaultRequestHeaders.Add(ConstantString.RefreshToken, refreshToken); string url = APIURL.IdentityBaseUri + IdentityAPI.Account.RefreshAccessToken; httpClient.BaseAddress = new Uri(url); var objToken = new { UserName = _httpContextAccessor.HttpContext.User.Identity.Name }; HttpContent content = CreateHttpContent <object>(objToken); HttpResponseMessage response = await httpClient.PostAsync(url, content); UserAuthenticateResponse userAuth = JsonConvert.DeserializeObject <UserAuthenticateResponse>(response.Content.ReadAsStringAsync().Result); if (userAuth.IsAuthenticate) { ApplicationUser user = new ApplicationUser() { AccessToken = userAuth.AccessToken, UsersRoles = userAuth.UsersRoles, RefreshToken = userAuth.RefreshToken, UserID = userAuth.UserID, UserName = _httpContextAccessor.HttpContext.User.Identity.Name, Email = _httpContextAccessor.HttpContext.User.Identity.Name, EmailConfirmed = true, PhoneNumberConfirmed = false, //PasswordHash = model.Password, //PhoneNumber = "111-222-3344", SecurityStamp = Guid.NewGuid().ToString() //THIS IS WHAT I NEEDED }; //updating the current claim for continuous process _httpContextAccessor.HttpContext.User.AddUpdateClaim(ConstantString.AccessToken, userAuth.AccessToken); //updating the current claim for refreshUser await _signInManager.RefreshSignInAsync(user); } }
public async Task <IActionResult> ExternalLoginSuccess(string param) { string returnurl = TempData["ReturnURL"] as string; string loginError = "/login" + CultureURL + "?ReturnUrl=" + returnurl; var objparam = new { arg = param, }; //provide login token by contender identity server. need to authenticate this token from c-identity server. string url = APIURL.IdentityBaseUri + IdentityAPI.Account.AuthenticateExternalLogin; UserAuthenticateResponse userAuth = await _apiClient.PostAsync <UserAuthenticateResponse>(objparam, APIURL.IdentityBaseUri + IdentityAPI.Account.AuthenticateExternalLogin, true, false); if (userAuth == null) { ActionMessage("Identity server not working", MessageType.Warning); } else if (userAuth.IsAuthenticate) { if (string.IsNullOrEmpty(returnurl)) { RoleManager _role = new RoleManager(); returnurl = await _role.GetRoleRedirectURL(userAuth.UsersRoles, GetSiteID); if (returnurl == null) { returnurl = "/dashboard/dashboard/index" + CultureURL; } else { returnurl = returnurl + CultureURL; } } await AuthenticateUser(userAuth, returnurl); return(Redirect(returnurl)); } else { ActionMessage(userAuth.Message, MessageType.Error); } return(Redirect(loginError)); }
private async Task AuthenticateUser(UserAuthenticateResponse userAuth, string redirectURI) { // JObject objRes = userAuth.Result as JObject; //UserBasicInfo resUser = objRes.ToObject<UserBasicInfo>(); //ApplicationUser user = new ApplicationUser() //{ // AccessToken = userAuth.AccessToken, // UsersRoles = userAuth.UsersRoles, // RefreshToken = userAuth.RefreshToken, // UserID = userAuth.UserID, // UserName = resUser.UserName, // Email = resUser.Email, // EmailConfirmed = resUser.EmailConfirmed, // PhoneNumberConfirmed = resUser.PhoneNumberConfirmed, // PasswordHash = resUser.PasswordHash, // PhoneNumber = resUser.PhoneNumber, // SecurityStamp = resUser.SecurityStamp, //THIS IS WHAT I NEEDED //}; ApplicationUser user = new ApplicationUser() { AccessToken = userAuth.AccessToken, UsersRoles = userAuth.UsersRoles, RefreshToken = userAuth.RefreshToken, UserID = userAuth.UserID, UserName = "******", Email = "*****@*****.**", EmailConfirmed = true, PhoneNumberConfirmed = false, PasswordHash = "6mWE8GCUiuVtO5Tvx4zgGEG5WnwBsA/9I+nLFa+7cnObIDtKCGshc9UxrjU4DyBo6pWCe5XZTyyizbtkPiI8nw==", PhoneNumber = string.Empty, SecurityStamp = "1fc9f86395b74d0ba81761096da0f844", }; var authenticationProperties = new AuthenticationProperties() { RedirectUri = redirectURI, ExpiresUtc = DateTime.UtcNow.AddMinutes(20), IsPersistent = true, AllowRefresh = true }; await _signInManager.SignInAsync(user, authenticationProperties); }
public async Task <UserAuthenticateResponse> Authenticate(UserAuthenticateRequest userAuthenticateRequest) { var secretKey = _configuration["AppSettings:Secret"].ToString(); //TODO:Add Hash operations var user = await _repository.Get(x => x.UserName == userAuthenticateRequest.UserName && x.Password == userAuthenticateRequest.Password); if (user == null) { return(new UserAuthenticateResponse { Message = "User Not Found", Success = false }); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(secretKey); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.Id.ToString()) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var response = new UserAuthenticateResponse { UserName = user.UserName, Token = tokenHandler.WriteToken(token) }; return(_mapper.Map <UserAuthenticateResponse>(response)); }
public async Task <IActionResult> Login(LoginViewModel model) { WebBuilderController webBuilderController = new WebBuilderController(); IList <ControllerDetail> controllerDetails = await webBuilderController.GetMethodDetails("login", GetSiteID); MethodInvoke methodInvoke = new MethodInvoke(); //if (controllerDetails?.Count > 0) // methodInvoke.Execute(controllerDetails[0], GetReuseableParams(_memoryCache), new List<ControllerDetail>()); string _loginTryCount = string.Format("loginTryCount{0}", model.UserEmail); await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme); string loginError = "/login" + CultureURL + "?ReturnUrl=" + model.ReturnURL; if (ModelState.IsValid) { int tryCount = 1; string tryCountStr = TempData[_loginTryCount]?.ToString(); if (tryCountStr != null) { tryCount = int.Parse(tryCountStr) + 1; } //process for lockout if (tryCount >= 10) { OperationStatus rs = new OperationStatus() { Message = "Account locked out" }; if (tryCount == 10) { var lockout = new { UserName = model.UserEmail, }; rs = await _apiClient.PostAsync <OperationStatus>(lockout, APIURL.IdentityBaseUri + IdentityAPI.Account.LockOutAccount, true, false); } TempData[_loginTryCount] = tryCount; ActionMessage(rs.Message, MessageType.Error); return(Redirect(loginError)); } if (tryCount >= 3) // process for captcha { SettingHelper settingHelper = new SettingHelper(); Dictionary <string, string> settingValues = settingHelper.GetSettingValuesByKeys(string.Format("{0},{1}", SettingKeys.CaptchaServer, SettingKeys.CaptchaType)); loginError += "&captcha=true&type=" + settingValues[SettingKeys.CaptchaType]; if (tryCount > 3) { _captchaServer = settingValues[SettingKeys.CaptchaServer]; var rs = await ValidateCaptcha(model.cbuildercaptcharesponse, model.CaptchaAnswer); if (!rs.IsSuccess) { ActionMessage(rs.Message, MessageType.Error); return(Redirect(loginError)); } } } var obj = new { username = model.UserEmail, password = model.UserPassword }; //UserAuthenticateResponse userAuth = await _apiClient.PostAsync<UserAuthenticateResponse>(obj, APIURL.IdentityBaseUri + IdentityAPI.Account.PasswordSignInAsync, true, false); UserAuthenticateResponse userAuth = new UserAuthenticateResponse() { IsAuthenticate = true, AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9oYXNoIjoiNTc0M2MxMDMtNTIwOS00ZGU1LTgwODAtYmI5MDQxM2JjNzIwIiwibmFtZWlkIjoiMDJDMTU3RUQtQzg4MS00N0VGLUFENEQtQUQyMDIzQzJFNzA0IiwidW5pcXVlX25hbWUiOiJzdXBlcnVzZXJAY29udGVudGRlci5jb20iLCJncm91cHNpZCI6IjE2MCIsInJvbGUiOiJTdXBlciBBZG1pbiIsIm5iZiI6MTYwMjIzNzI0MSwiZXhwIjoxNjAyMjQwODQxLCJpYXQiOjE2MDIyMzcyNDEsImlzcyI6IkNJZGVudGl0eVNlcnZlciJ9.Kg7GQmeQl5us8RXl66h6nccxMatXMI95H4meIMZ9_-0", RefreshToken = "45dbb014bedf499897b0d0575ded96ac", UsersRoles = "Super Admin", UserID = "02C157ED-C881-47EF-AD4D-AD2023C2E704", Message = "Authenticated Successfully." }; if (userAuth == null) { ActionMessage("Identity server not working", MessageType.Warning); return(Redirect(loginError)); } else if (userAuth.IsAuthenticate) { if (string.IsNullOrEmpty(model.ReturnURL)) { RoleManager _role = new RoleManager(); model.ReturnURL = await _role.GetRoleRedirectURL(userAuth.UsersRoles, GetSiteID); if (model.ReturnURL == null) { model.ReturnURL = "/dashboard/dashboard/index" + CultureURL; } else { model.ReturnURL = model.ReturnURL + CultureURL; } } await AuthenticateUser(userAuth, model.ReturnURL); TempData[_loginTryCount] = 0; if (controllerDetails?.Count > 0) { var reusableParam = GetReuseableParams(_memoryCache); reusableParam.UserName = model.UserEmail; foreach (var item in controllerDetails) { methodInvoke.Execute(item, GetAPIParams(model.UserEmail, userAuth.UsersRoles), new List <ControllerDetail>()); } } return(Redirect(model.ReturnURL)); } else { TempData[_loginTryCount] = tryCount; ActionMessage(userAuth.Message, MessageType.Warning); return(Redirect(loginError)); } } ShowModelStateErorr(); return(Redirect(loginError)); }
public UserAuthenticateResponse LoginUser(string userName, string password, string securityToken, string apiKey, string productName, string contractNumber) { try { UserAuthenticateResponse response = new UserAuthenticateResponse(); MEAPISession session = null; //need to do a lookup against the APIKey collection to see if apiKey/Product combination exists MEAPIUser user = (from k in _objectContext.APIUsers where k.UserName == userName && k.ApiKey == apiKey && k.Product == productName.ToUpper() && k.IsActive == true select k).FirstOrDefault(); if (user != null) { //validate password string dbPwd = HashText(password, user.Salt, new SHA1CryptoServiceProvider()); if (dbPwd.Equals(user.Password)) { session = new MEAPISession { SecurityToken = securityToken, APIKey = apiKey, Product = productName, SessionLengthInMinutes = user.SessionLengthInMinutes, SessionTimeOut = DateTime.UtcNow.AddMinutes(user.SessionLengthInMinutes), UserName = user.UserName, Version = 1.0, UserId = user.Id, ContractNumber = (string.IsNullOrEmpty(contractNumber) ? user.DefaultContract : contractNumber) }; _objectContext.APISessions.Collection.Insert(session); } else { throw new UnauthorizedAccessException("Login Failed! Password is incorrect"); } List <ContractInfo> cts = new List <ContractInfo>(); cts.Add(new ContractInfo { Number = session.ContractNumber }); response = new UserAuthenticateResponse { APIToken = session.Id.ToString(), Contracts = cts, Name = user.UserName, SessionTimeout = user.SessionLengthInMinutes, UserName = user.UserName }; } else { throw new UnauthorizedAccessException("Login Failed! Incorrect login details like username, apikey or product."); } return(response); } catch (Exception) { throw; } }
private async Task <T> PostAsyncResult <T>(object jsonContent, string apiPath, Dictionary <string, string> headerParam, bool addClientHeader = false, bool accessToken = false) { var result = string.Empty; HttpResponseMessage response = null; HttpContent content = null; try { ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) => { return(true); }; _httpClient = new HttpClient(); if (addClientHeader) { AddClientIdentity(ref _httpClient); } if (accessToken) { AddAccessToken(ref _httpClient); } AddHeaders(headerParam, ref _httpClient); _httpClient.BaseAddress = new Uri(apiPath); content = CreateHttpContent <object>(jsonContent); response = await _httpClient.PostAsync(apiPath, content); switch (response.StatusCode) { case HttpStatusCode.OK: result = response.Content.ReadAsStringAsync().Result; break; case HttpStatusCode.Unauthorized: UserAuthenticateResponse objResult = JsonConvert.DeserializeObject <UserAuthenticateResponse>(await response.Content.ReadAsStringAsync()); switch (objResult.StatusCode) { case StatusCode.TokenExpired: await ResetToken(); result = await ContinueExecution(jsonContent, apiPath, PostTypes.POST); break; case StatusCode.FieldMissing: break; case StatusCode.NotAllowed: _httpContextAccessor.ShowMessage(Messages.ResourceNotAllowed, MessageType.Error); break; case StatusCode.BadRequest: _httpContextAccessor.ShowMessage(Messages.BadRequest, MessageType.Error); break; case StatusCode.Unauthorized: _httpContextAccessor.ShowMessage(Messages.Unauthorized, MessageType.Error); break; default: break; } break; } } catch (Exception ex) { _httpContextAccessor.ShowMessage(ex.ToString(), MessageType.Error); _httpContextAccessor.ProcessExceptionsToFile(ex); } finally { content?.Dispose(); response?.Dispose(); } return(JsonConvert.DeserializeObject <T>(result)); }