/// <summary> /// Crea nuevo SessionToken y lo registra en la base de datos, si ya existía anteriormente actualiza su fecha de expiración. /// </summary> /// <param name="user">EL User al que corresponde el token</param> /// <param name="deviceIdentifier">Identificador del dispositivo que esta utilizando el usuario</param> /// <param name="expireHours">La cantidad de horas hasta que expira el token. Si es null no expirará.</param> /// <returns>El token creado</returns> public static SessionTokenDTO Create(LoginUserDTO user, string tokenKey, int?expireHours) { SessionTokenDTO sessionTokenDto = new SessionTokenDTO { /* Para mayor seguridad, se repite el totenKey dos veces al armar el token */ Token = AesEncryption.GetInstance().Encrypt(user.UserName + tokenKey + tokenKey), IdUser = user.UserName }; /* Genera el token en la BDD */ //sessionTokenDto = Create(sessionTokenDto); return(sessionTokenDto); }
public static bool ValidRequestByUserAndToken(string tokenString, string userString) { SessionTokenDTO sessionTokenTry = Create(new LoginUserDTO() { UserName = userString }, WebConfigurationManager.AppSettings["DomainName"] + WebConfigurationManager.AppSettings["TokenKey"], null); if (sessionTokenTry != null) { return(String.Equals("Basic " + sessionTokenTry.Token, tokenString)); } return(false); }
public LoginResponseDTO LogIn(LoginUserDTO user) { LdapAuthentication ldapAuth = new LdapAuthentication(WebConfigurationManager.AppSettings["PFUserName"]); int loginAttemptCode = default(int); try { loginAttemptCode = ldapAuth.IsAuthenticated(WebConfigurationManager.AppSettings["DomainName"], user.UserName, user.Password); if (loginAttemptCode == 1) { /* El usuario existe, se genera un token y se devuelven sus permisos . * Para mayor seguridad, el TokenKey se une con el DomainName. * Recordar que estos valores provienen desde el web.config. */ SessionTokenDTO sessionTokenDTO = SessionTokenService.Create(user, WebConfigurationManager.AppSettings["DomainName"] + WebConfigurationManager.AppSettings["TokenKey"], null); //TODO BUSCAR LOS PERMISOS DESDE LA BASE List <string> userPermissions = GetUserPermissionListByUsername(user.UserName); int tokenExpirationMinutes = Int32.Parse(WebConfigurationManager.AppSettings["TokenExpiryMinutes"]); return(new LoginResponseDTO(true, string.Empty, string.Empty, HttpStatusCode.OK, FailedLoginEnum.LoggedWithoutError.GetHashCode(), sessionTokenDTO.Token, user.UserName, userPermissions, tokenExpirationMinutes)); } return(new LoginResponseDTO(false, "Could not log into the server", string.Empty, HttpStatusCode.Forbidden, loginAttemptCode, null, null, null, 0)); } catch (Exception e) { switch (e.HResult) { case -2147023570: return(new LoginResponseDTO(false, "Could not log into the server", e.Message, HttpStatusCode.Forbidden, FailedLoginEnum.InvalidCredentials.GetHashCode(), null, null, null, 0)); default: break; } return(new LoginResponseDTO(false, "Could not log into the server", e.Message, HttpStatusCode.Forbidden, loginAttemptCode, null, null, null, 0)); } }