public GenericActionResult<string> CreateAuthorizationToken(string userName, string password)
{
var authenticateUserResult = _authenticationManagement.AuthenticateUser(userName, password);
if (!authenticateUserResult.IsSuccess)
return new GenericActionResult<string>() { IsSuccess = false, Result = null, Errors = authenticateUserResult.Errors };
//get all information on person,roles & claims
var user = _userManagement.FindByUserName(userName);
var userAuthorizationInfo = new UserAuthorizationInfo()
{
UserName = authenticateUserResult.Result.UserName,
ExpiryDate = DateTime.Now.AddMinutes(Convert.ToInt32(ConfigurationManager.AppSettings["tokenExpirationInMinutes"])),
UserId = user.Id,
Roles = user.Roles
};
//serialize object for storing in database
var serializedAuthorizationInfo = JsonConvert.SerializeObject(userAuthorizationInfo);
var authToken = _dataAccess.CreateToken(serializedAuthorizationInfo);
var authenticationResult = new GenericActionResult<string>() { Errors = null, IsSuccess = true, Result = authToken };
return authenticationResult;
}
public LogInViewModel()
{
UserAuthorizationInfo = new UserAuthorizationInfo()
{
Password = String.Empty
};
}
public bool DeleteAccount(UserAuthorizationInfo authorizationInfo)
{
User user = Verify(authorizationInfo);
if (user != null)
{
userRepository.Remove(user);
unitOfWork.Save();
LoginnedUser.Clear();
return(true);
}
return(false);
}
private AuthorizationResult VerifyAuthorizationToken(UserAuthorizationInfo authInfo, string AuthorizationRoles)
{
if (authInfo == null)
return new AuthorizationResult { Authorized = false };
if (DateTime.Now > authInfo.ExpiryDate)
return new AuthorizationResult { Authorized = false, Errors = new List<String>() { "Token expired" } };
if (!string.IsNullOrEmpty(AuthorizationRoles) && !authInfo.Roles.Contains(AuthorizationRoles))
return new AuthorizationResult { Authorized = false, Errors = new List<string>() { "User does not have permission to perform this action" } };
return new AuthorizationResult { Authorized = true };
}
public UserPublicInfo LogIn(UserAuthorizationInfo authorizationInfo)
{
User user = Verify(authorizationInfo);
if (user != null)
{
UserPublicInfo publicInfo = mapper.Map <UserPublicInfo>(user);
LoginnedUser.CreateNewOne(user.UserId, publicInfo);
LogInned?.Invoke();
return(publicInfo);
}
else
{
return(null);
}
}
private User Verify(UserAuthorizationInfo authorizationInfo)
{
try
{
User user = userRepository.Get(userRepository.GetAll().ToList().Find(x => x.Login == authorizationInfo.Login).UserId);
if (user.Password == authorizationInfo.Password)
{
return(user);
}
else
{
return(null);
}
}
catch
{
return(null);
}
}
public GenericActionResult <string> CreateAuthorizationToken(string userName, string password)
{
var authenticateUserResult = _authenticationManagement.AuthenticateUser(userName, password);
if (!authenticateUserResult.IsSuccess)
{
return new GenericActionResult <string>()
{
IsSuccess = false,
Result = null,
Errors = authenticateUserResult.Errors
}
}
;
//get all information on person,roles & claims
var user = _userManagement.FindByUserName(userName);
var userAuthorizationInfo = new UserAuthorizationInfo()
{
UserName = authenticateUserResult.Result.UserName,
ExpiryDate = DateTime.Now.AddMinutes(Convert.ToInt32(ConfigurationManager.AppSettings["tokenExpirationInMinutes"])),
UserId = user.Id,
Roles = user.Roles
};
//serialize object for storing in database
var serializedAuthorizationInfo = JsonConvert.SerializeObject(userAuthorizationInfo);
var authToken = _dataAccess.CreateToken(serializedAuthorizationInfo);
var authenticationResult = new GenericActionResult <string>()
{
Errors = null, IsSuccess = true, Result = authToken
};
return(authenticationResult);
}
private AuthorizationResult VerifyAuthorizationToken(UserAuthorizationInfo authInfo, string AuthorizationRoles)
{
if (authInfo == null)
{
return new AuthorizationResult {
Authorized = false
}
}
;
if (DateTime.Now > authInfo.ExpiryDate)
{
return new AuthorizationResult {
Authorized = false, Errors = new List <String>()
{
"Token expired"
}
}
}
;
if (!string.IsNullOrEmpty(AuthorizationRoles) && !authInfo.Roles.Contains(AuthorizationRoles))
{
return new AuthorizationResult {
Authorized = false, Errors = new List <string>()
{
"User does not have permission to perform this action"
}
}
}
;
return(new AuthorizationResult {
Authorized = true
});
}
public IHttpActionResult Auth([FromBody] UserAuthorizationInfo userAuthorizationInfo)
{
if (!ModelState.IsValid)
{
return(this.BadRequest(ModelState));
}
if (userAuthorizationInfo == null)
{
return(this.BadRequest("Body must be not null"));
}
try
{
var session = authenticator.Authenticate(userAuthorizationInfo.Login, userAuthorizationInfo.Password);
return(this.Ok(session));
}
catch (UserNotFoundException)
{
return(this.NotFound());
}
catch (Exception)
{
return(this.Conflict());
}
}
