protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { if (!Request.Headers.ContainsKey(nameof(SecurityConstants.xUsername)) && !Request.Headers.ContainsKey(nameof(SecurityConstants.xPassword))) { return(AuthenticateResult.Fail("Missing Authorization Header")); } bool authResult = false; string username = string.Empty; string password = string.Empty; try { username = Request.Headers[nameof(SecurityConstants.xUsername)].ToString(); password = Request.Headers[nameof(SecurityConstants.xPassword)].ToString(); authResult = _userService.AuthenticateUser(username, password); } catch (Exception ex) { return(AuthenticateResult.Fail("Invalid Authorization Header")); } if (!authResult) { return(AuthenticateResult.Fail("Failed to validate the username and password")); } var claims = new[] { new Claim(ClaimTypes.Role, "Admin"), new Claim(ClaimTypes.Name, username), }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); //Generate and pass a new authentication ticket for processing }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { /* * var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); * * ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); * * if (user == null) * { * context.SetError("invalid_grant", "The user name or password is incorrect."); * return; * } * * */ PrivateEncryption privateEncrytion = new PrivateEncryption(ConfigHelper.GetPasswordCryptoSecretKey()); string strUserName = context.UserName; string strPassword = context.Password; if (context.Scope[0].ToLower() == "autologin") { string decryptedPODetails = privateEncrytion.Decrypt(context.Password.Replace("~", "/").Replace("`", "=")); string[] strAuthDetails = decryptedPODetails.Split(new string[] { "POKeyValue" }, StringSplitOptions.None); string strLoginUserName = strAuthDetails[0].ToString(); string strKeyValue = strAuthDetails[1].ToString(); string decryptTimeStamp = strKeyValue; bool expired = Math.Abs((DateTime.UtcNow - new DateTime(Convert.ToInt64(decryptTimeStamp))).TotalMinutes) < intTokenValidTime; if (!expired) { context.SetError("invalid_grant", "Token expired. Please try again."); return; } strUserName = strPassword = strAuthDetails[0].ToString(); } int? userId = null; int? districtId = null; bool isFirstTimeLogin = false; //string password = context.Password.Substring(0, Math.Min(context.Password.Length, 12)); string encyptedPassword = context.Scope[0].ToLower() == "supportlogin" ? strPassword : privateEncrytion.Encrypt(strPassword); byte? isValid = UserSecurity.AuthenticateUser(strUserName, encyptedPassword, ref userId, ref districtId); if (userId == 0) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } DataTable dtsocialShare = null; SharingModel SocialShare = new SharingModel(); if (districtId != null) { dtsocialShare = UserSecurity.GetsocialShare(districtId.Value); foreach (DataRow drShare in dtsocialShare.Rows) { SocialShare.FaceBookSharing = drShare.Field <bool>("Facebook Share"); SocialShare.InstagramSharing = drShare.Field <bool>("Instagram Share"); SocialShare.TwitterSharing = drShare.Field <bool>("Twitter Share"); } } UserProfile ud = UserSecurity.RetrieveUserDetail(userId); District isd = District.GetDistrict(districtId); if (ud.LastLoginDate == Convert.ToDateTime("1/1/1900 12:00:00 AM") || ud.LastLoginDate == DateTime.MinValue || ud.LastLoginDate == null) { isFirstTimeLogin = true; } else { isFirstTimeLogin = false; } switch (isValid) { case 0: //User successfully logged in /* * if (UrlHelper.CanUserLoginToRequestedURL(districtId)) * { * Security.Login(userId); * PageHelper.TransferUserToDefaultPage(); * } * else * { * PrivateEncryption encryption = new PrivateEncryption(ConfigHelper.GetPasswordCryptoSecretKey()); * PageHelper.TransferToPage(UrlHelper.GetOperationUrl("LOGIN", districtId) + "?cd=" + Server.UrlEncode(encryption.Encrypt(string.Format(DateTime.Now + "|" + userNameTextBox.Text + "|" + encryption.Encrypt(userPasswordTextBox.Text.Trim()))))); + } */ UserSecurity.UpdateLastLoginDate(userId, DateTime.Now); //Cannot use Activity Logging because it relys on Session. //ActivityLogging.AddActivity(ActivityKey.Login); //ActivityLogging.UpdateActivity(true, ""); break; case 1: //User does not exist context.SetError("invalid_grant", MessagesList.ERR_LOGIN_NOTREGISTER); return; case 2: //Password failed context.SetError("invalid_grant", MessagesList.ERR_LOGIN_PASSWORDFAILED); return; case 3: //Failed login attempts exceeded string error = string.Format(MessagesList.ERR_LOGIN_PASSWORDFAILEDATTEMPTSMORE, Setting.GetSettingValue(SettingMasterKey.AllowableFailedLoginAttempts, districtId), Setting.GetSettingValue(SettingMasterKey.AllowableReLoginDurationAfterexceedingTheAllowableFailedLoginAttempts, districtId)); context.SetError("invalid_grant", error); return; case 4: //User disabled context.SetError("invalid_grant", MessagesList.ERR_LOGIN_PASSWORDDISABLED); return; case 5: //User registered but not activated context.SetError("invalid_grant", MessagesList.ERR_LOGIN_REGISTERNOTACTIVATED); return; } double?studentBalance = null; studentBalance = Student.GetStudentBalance((int)userId); //if (!ud.IsParent) //{ // context.SetError("invalid_grant", "Only parents are allowed to login"); // return; //} ClaimsIdentity oAuthIdentity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = new ClaimsIdentity(OAuthDefaults.AuthenticationType); if (ud.AccessId == 3 || ud.AccessId == 4) { oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); } else { oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "User")); } Claim claim = new Claim("UserId", userId.ToString()); oAuthIdentity.AddClaim(claim); cookiesIdentity.AddClaim(claim); if (districtId == null) { districtId = 0; } claim = new Claim("DistrictId", districtId.ToString()); oAuthIdentity.AddClaim(claim); cookiesIdentity.AddClaim(claim); if (isd != null) { claim = new Claim("DistrictName", isd.DistrictName); oAuthIdentity.AddClaim(claim); cookiesIdentity.AddClaim(claim); } claim = new Claim("UserName", strUserName); oAuthIdentity.AddClaim(claim); cookiesIdentity.AddClaim(claim); claim = new Claim("AccessLevel", ud.AccessId.ToString()); oAuthIdentity.AddClaim(claim); cookiesIdentity.AddClaim(claim); string cd = privateEncrytion.Encrypt(DateTime.Now.ToString() + "|" + strUserName + "|" + encyptedPassword); string redirectURL = Setting.GetDefaultValue(22); string APPEB = Setting.GetSettingValue(SettingMasterKey.EligibilityBenefitsForAPP, districtId.Value); string WEBAB = Setting.GetSettingValue(SettingMasterKey.EligibilityBenefitsForWEB, districtId.Value); string showPic = Setting.GetSettingValue(SettingMasterKey.ShowPicturesFromPrimeroEdge, districtId.Value); long TimeStamp = DateTime.UtcNow.Ticks; //Upon login, display a message to confirm email address for users that have not logged in recently i.e 90Days. double LoginDiffDays = 0; bool LoginDiffrence = false; if (context.Scope[0].ToLower() != "autologin") { if (ud.LastLoginDate.Value.ToShortDateString() == "1/1/1900") { LoginDiffrence = false; } else { LoginDiffDays = (DateTime.Now - ud.LastLoginDate.Value).TotalDays; } if (LoginDiffDays >= 90) { LoginDiffrence = true; } } string encyptedTimeStamp = privateEncrytion.Encrypt(TimeStamp.ToString()); AuthenticationProperties properties = CreateProperties(strUserName); properties.Dictionary.Add("FirstName", ud.ContactInformation.FirstName); properties.Dictionary.Add("DistrictName", isd == null ? "" : isd.DistrictName); properties.Dictionary.Add("Status", isd == null ? "" : isd.Status.ToString()); properties.Dictionary.Add("AccessLevel", ud.AccessId.ToString()); properties.Dictionary.Add("RedirectURL", redirectURL); properties.Dictionary.Add("StudentBalance", studentBalance.ToString()); properties.Dictionary.Add("FaceBookSharing", SocialShare.FaceBookSharing.ToString()); properties.Dictionary.Add("InstagramSharing", SocialShare.InstagramSharing.ToString()); properties.Dictionary.Add("TwitterSharing", SocialShare.TwitterSharing.ToString()); properties.Dictionary.Add("ISDId", districtId.ToString()); properties.Dictionary.Add("APPEB", APPEB); properties.Dictionary.Add("WEBEB", WEBAB); properties.Dictionary.Add("OnlineAppsToken", encyptedTimeStamp); properties.Dictionary.Add("UserId", userId.ToString()); properties.Dictionary.Add("LoginDiffrence", LoginDiffrence.ToString()); properties.Dictionary.Add("Email", ud.ContactInformation.Email); properties.Dictionary.Add("Verified", ud.Verified?.ToString()); properties.Dictionary.Add("ShowPicture", showPic); properties.Dictionary.Add("IsFirstTimeLogin", Convert.ToString(isFirstTimeLogin)); properties.Dictionary.Add("UserIP", Helper.GetIP()); properties.Dictionary.Add("UserTypeId", Convert.ToString(ud.UserTypeId)); if (districtId != 0) { properties.Dictionary.Add("OnlineAppURL", Helper.GetOnlineAppUrl(districtId.Value)); } //properties.Dictionary.Add("SocialShare", (new JavaScriptSerializer().Serialize(SocialShare)).Replace("\"", "")); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }