예제 #1
0
        /// <summary>
        /// Validates the users login and password sent in, and returns the users information if valid.
        /// </summary>
        /// <param name="Assemblyname">Assembly name of the calling assembly</param>
        /// <param name="Appid">Application id to verify originator.</param>
        /// <param name="Username">Username to validate.</param>
        /// <param name="Password">Password to validate.</param>
        /// <returns>User information</returns>
        public Common ValidateLogin(string Assemblyname, string Appid, string Username, string Password)
        {
            lock (Authenticated)
            {
                Authenticated.Clear();
            }

            using (CommonTableAdapters.sp_GetApplicationByTokenTableAdapter tokenAdapter = new CommonTableAdapters.sp_GetApplicationByTokenTableAdapter())
                using (Common.sp_GetApplicationByTokenDataTable dtApps = new Common.sp_GetApplicationByTokenDataTable())
                {
                    tokenAdapter.Fill(dtApps, new Guid(StringCipher.Decrypt(Appid)), StringCipher.Decrypt(Assemblyname));

                    if (dtApps != null && dtApps.Rows.Count <= 0)
                    {
                        //Could not find matching GUID for application in the apps table.
                        //This could possibly be an intruder posing as an app.
                        throw new FaultException("Application token validation failed.");
                    }
                }

            using (CommonTableAdapters.sp_GetLoginTableAdapter ta = new CommonTableAdapters.sp_GetLoginTableAdapter())
                using (Common d = new Common())
                {
                    try
                    {
                        //check the login against plain text in the database but the password is encrypted in the database so only decrypt one layer
                        //username is encrypted on the outer layer using the rotating key, and the inner with the fixed key.
                        //password is encrypted on the outer layer using the rotating key.  The inner layer is never unencrypted.
                        ta.Fill(d.sp_GetLogin, StringCipher.Decrypt(StringCipher.Decrypt(Username), true), StringCipher.Decrypt(Password));

                        if (d.sp_GetLogin != null && d.sp_GetLogin.Count == 1)
                        {
                            //login accepted start session
                            Guid newSessionId = Guid.NewGuid();

                            lock (Authenticated)
                            {
                                Authenticated.Add(newSessionId);
                            }

                            //update user entry with the latest session id
                            using (CommonTableAdapters.QueriesTableAdapter queries = new CommonTableAdapters.QueriesTableAdapter())
                            {
                                queries.sp_UpdateUserSession(d.sp_GetLogin.First().user_id, newSessionId);
                            }

                            d.sp_GetLogin.First().sessionid = newSessionId;

                            return(d);
                        }
                        else
                        {
                            //no user by that name exists
                            throw new FaultException("Login failed.");
                        }
                    }
                    catch (Exception ex)
                    {
                        if (ex is FaultException)
                        {
                            throw;
                        }
                        else
                        {
                            throw new FaultException("Unexpected error: " + ex.Message);
                        }
                    }
                }
        }
예제 #2
0
        /// <summary>
        /// Validates the users login and password sent in, and returns the users information if valid.
        /// </summary>
        /// <param name="Assemblyname">Assembly name of the calling assembly</param>
        /// <param name="Appid">Application id to verify originator.</param>
        /// <param name="Username">Username to validate.</param>
        /// <param name="Password">Password to validate.</param>
        /// <returns>User information</returns>
        public Common ValidateLogin(string Assemblyname, string Appid, string Username, string Password)
        {
            lock (Authenticated)
            {
                Authenticated.Clear();
            }

            using (CommonTableAdapters.sp_GetApplicationByTokenTableAdapter tokenAdapter = new CommonTableAdapters.sp_GetApplicationByTokenTableAdapter())
            using (Common.sp_GetApplicationByTokenDataTable dtApps = new Common.sp_GetApplicationByTokenDataTable())
            {
                tokenAdapter.Fill(dtApps, new Guid(StringCipher.Decrypt(Appid)), StringCipher.Decrypt(Assemblyname));

                if (dtApps != null && dtApps.Rows.Count <= 0)
                {
                    //Could not find matching GUID for application in the apps table.  
                    //This could possibly be an intruder posing as an app.
                    throw new FaultException("Application token validation failed.");
                }
            }

            using (CommonTableAdapters.sp_GetLoginTableAdapter ta = new CommonTableAdapters.sp_GetLoginTableAdapter())
            using (Common d = new Common())
            {
                try
                {
                    //check the login against plain text in the database but the password is encrypted in the database so only decrypt one layer
                    //username is encrypted on the outer layer using the rotating key, and the inner with the fixed key.
                    //password is encrypted on the outer layer using the rotating key.  The inner layer is never unencrypted.
                    ta.Fill(d.sp_GetLogin, StringCipher.Decrypt(StringCipher.Decrypt(Username), true), StringCipher.Decrypt(Password));
                    
                    if (d.sp_GetLogin != null && d.sp_GetLogin.Count == 1)
                    {
                        //login accepted start session
                        Guid newSessionId = Guid.NewGuid();
                        
                        lock (Authenticated)
                        {
                            Authenticated.Add(newSessionId);
                        }
                        
                        //update user entry with the latest session id
                        using (CommonTableAdapters.QueriesTableAdapter queries = new CommonTableAdapters.QueriesTableAdapter())
                        {
                            queries.sp_UpdateUserSession(d.sp_GetLogin.First().user_id, newSessionId);
                        }

                        d.sp_GetLogin.First().sessionid = newSessionId;

                        return d;
                    }
                    else
                    {
                        //no user by that name exists
                        throw new FaultException("Login failed.");
                    }
                }
                catch (Exception ex)
                {
                    if (ex is FaultException)
                        throw;
                    else
                        throw new FaultException("Unexpected error: " + ex.Message);
                }
            }
        }