public InitiateSessionResponse InitiateSession(InitiateSessionRequest request) { bool ok = Membership.ValidateUser(request.UserName, request.Password); if (ok) { Guid tokenId = Guid.NewGuid(); var token = new SessionToken(tokenId.ToString(), Platform.Time + ServerPlatform.WebSessionTimeout); string[] authority = Roles.GetRolesForUser(request.UserName); string displayName = request.UserName; #if STANDALONE var list = new List <string>(); list.AddRange(authority); list.Add(Enterprise.Authentication.AuthorityTokens.Study.ViewImages); list.Add("Viewer/Visible"); list.Add("Viewer/Clinical"); authority = list.ToArray(); #endif var rsp = new InitiateSessionResponse(token, authority, new Guid[0], displayName, string.Empty); SessionTokenManager.Instance.AddSession(token); return(rsp); } throw new FaultException <UserAccessDeniedException>(new UserAccessDeniedException()); }
public InitiateSessionResponse InitiateSession(InitiateSessionRequest request) { Platform.CheckForNullReference(request, "request"); Platform.CheckMemberIsSet(request.UserName, "UserName"); Platform.CheckMemberIsSet(request.Application, "Application"); Platform.CheckMemberIsSet(request.HostName, "HostName"); Platform.CheckMemberIsSet(request.Password, "Password"); return(InitiateSessionHelper( request.UserName, request.Application, request.HostName, request.GetAuthorizations, user => user.InitiateSession(request.Application, request.HostName, request.Password, GetSessionTimeout()))); }
public InitiateSessionResponse InitiateSession(InitiateSessionRequest request) { Platform.CheckForNullReference(request, "request"); Platform.CheckMemberIsSet(request.UserName, "UserName"); Platform.CheckMemberIsSet(request.Application, "Application"); Platform.CheckMemberIsSet(request.HostName, "HostName"); Platform.CheckMemberIsSet(request.Password, "Password"); // check host name against white-list if (!CheckWhiteList(this.Settings.HostNameWhiteList, request.HostName)) { throw new UserAccessDeniedException(); } // check application name against white-list if (!CheckWhiteList(this.Settings.ApplicationWhiteList, request.Application)) { throw new UserAccessDeniedException(); } // find user var user = GetUser(request.UserName); if (user == null) { throw new UserAccessDeniedException(); } // clean-up any expired sessions CleanExpiredSessions(user); // initiate new session var session = user.InitiateSession(request.Application, request.HostName, request.Password, GetSessionTimeout()); // get authority tokens if requested var authorizations = request.GetAuthorizations ? PersistenceContext.GetBroker <IAuthorityTokenBroker>().FindTokensByUserName(request.UserName) : new string[0]; // Get DataAccess authority groups if requested var groups = request.GetAuthorizations ? PersistenceContext.GetBroker <IAuthorityGroupBroker>().FindDataGroupsByUserName(request.UserName) : new Guid[0]; return(new InitiateSessionResponse(session.GetToken(), authorizations, groups, user.DisplayName, user.EmailAddress)); }
private static LoginResult DoLogin(string userName, string password) { try { Platform.Log(LogLevel.Debug, "Attempting login..."); var result = LoginResult.None; Platform.GetService( delegate(IAuthenticationService service) { var request = new InitiateSessionRequest(userName, ProductInformation.Component, Dns.GetHostName(), password) { GetAuthorizations = true }; var response = service.InitiateSession(request); if (response.SessionToken == null) { throw new Exception("Invalid session token returned from authentication service."); } // if the call succeeded, set a default principal object on this thread, containing // the set of authority tokens for this user Thread.CurrentPrincipal = DefaultPrincipal.CreatePrincipal( new GenericIdentity(userName), response.SessionToken, response.AuthorityTokens); result = new LoginResult(userName, response.SessionToken); }); Platform.Log(LogLevel.Debug, "Login attempt was successful."); return(result); } catch (FaultException <UserAccessDeniedException> e) { Platform.Log(LogLevel.Debug, e.Detail, "Login attempt failed."); throw e.Detail; } catch (FaultException <PasswordExpiredException> e) { Platform.Log(LogLevel.Debug, e.Detail, "Login attempt failed."); throw e.Detail; } }
public InitiateSessionResponse InitiateSession(InitiateSessionRequest request) { bool ok = Membership.ValidateUser(request.UserName, request.Password); if (ok) { Guid tokenId = Guid.NewGuid(); var token = new SessionToken(tokenId.ToString(), Platform.Time + ServerPlatform.WebSessionTimeout); string[] authority = Roles.GetRolesForUser(request.UserName); string displayName = request.UserName; var rsp = new InitiateSessionResponse(token, authority, new Guid[0], displayName, string.Empty); SessionTokenManager.Instance.AddSession(token); return(rsp); } throw new FaultException <UserAccessDeniedException>(new UserAccessDeniedException()); }
public SessionInfo Login(string userName, string password, string appName) { if (string.IsNullOrEmpty(userName)) { throw new ArgumentException(SR.UserIDIsEmpty); } if (string.IsNullOrEmpty(password)) { throw new ArgumentException(SR.PasswordIsEmpty); } Platform.CheckForEmptyString(password, "password"); Platform.CheckForEmptyString(appName, "appName"); SessionInfo session = null; Platform.GetService( delegate(IAuthenticationService service) { try { var request = new InitiateSessionRequest(userName, appName, Dns.GetHostName(), password) { GetAuthorizations = true }; InitiateSessionResponse response = service.InitiateSession(request); if (response != null) { var credentials = new LoginCredentials { UserName = userName, DisplayName = response.DisplayName, SessionToken = response.SessionToken, Authorities = response.AuthorityTokens, DataAccessAuthorityGroups = response.DataGroupOids, EmailAddress = response.EmailAddress }; var user = new CustomPrincipal(new CustomIdentity(userName, response.DisplayName), credentials); Thread.CurrentPrincipal = user; session = new SessionInfo(user); session.User.WarningMessages = response.WarningMessages; // Note: need to insert into the cache before calling SessionInfo.Validate() SessionCache.Instance.AddSession(response.SessionToken.Id, session); session.Validate(); Platform.Log(LogLevel.Info, "{0} has successfully logged in.", userName); } } catch (FaultException <PasswordExpiredException> ex) { throw ex.Detail; } catch (FaultException <UserAccessDeniedException> ex) { throw ex.Detail; } catch (FaultException <RequestValidationException> ex) { throw ex.Detail; } } ); return(session); }