/// <summary>
/// Constructor for a new application session which verifies AppId.
/// <para>To begin a new session, the Start method must be called.</para>
/// </summary>
/// <param name="daMgr">DataAccessMgr object</param>
/// <param name="appId">Application's unique string identifier</param>
/// <param name="appVersion">Application's version string</param>
/// <param name="appName">Applications's name</param>
/// <param name="heartBeatStatusHdlr">The application's delegate to call during every heartbeat to get the status</param>
public AppSession(DataAccessMgr daMgr
, string appId
, string appVersion
, string appName
, HeartbeatStatusHandler heartBeatStatusHdlr)
{
_daMgr = daMgr;
_appId = appId;
_appName = appName;
_appVersion = appVersion;
_heartbeatStatusHdlr = heartBeatStatusHdlr;
_signonControl = new SignonControl(_daMgr);
DbTableDmlMgr dmlSelectMgr = _daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.AppMaster, Constants.AppCode, Constants.AllowMultipleSessions);
dmlSelectMgr.SetWhereCondition((j) => j.Column(Constants.AppId)
== j.Parameter(dmlSelectMgr.MainTable.SchemaName
, dmlSelectMgr.MainTable.TableName
, Constants.AppId
, _daMgr.BuildParamName(Constants.AppId)));
DbCommand cmdSelect = _daMgr.BuildSelectDbCommand(dmlSelectMgr, null);
cmdSelect.Parameters[_daMgr.BuildParamName(Constants.AppId)].Value = appId;
DataTable appMaster = _daMgr.ExecuteDataSet(cmdSelect, null, null).Tables[0];
if (appMaster.Rows.Count == 0)
{
throw new ExceptionEvent(enumExceptionEventCodes.AppCodeNotFound
, string.Format("AppId: {0}", appId));
}
_appCode = Convert.ToInt32(appMaster.Rows[0][Constants.AppCode]);
_allowMultipleSessions = Convert.ToBoolean(appMaster.Rows[0][Constants.AllowMultipleSessions]);
if (!_allowMultipleSessions)
{
_appSessionCode = 0;
}
else
{
_appSessionCode = _daMgr.GetNextSequenceNumber(Constants.MultipleSessionCode);
}
}
/// <summary>
/// Implements the user signon operation
/// </summary>
/// <param name="daMgr">DataAccessMgr object</param>
/// <param name="signonControl">SignonControl data structure</param>
/// <param name="userId">Unique user identifier</param>
/// <param name="userPassword">User's password (NULL for first time initialization)</param>
/// <param name="userEnv">Meta data about user's environment</param>
/// <param name="allowMultipleSessions">Indicates whether to allow multiple session for an account that was not setup for multiple sessions</param>
/// <returns>SignonResult data structure</returns>
public static SignonResultsStructure Signon(DataAccessMgr daMgr
, SignonControl signonControl
, string userId
, string userPassword
, UserEnvironmentStructure userEnv
, bool allowMultipleSessions = false)
{
SignonResultsStructure results = new SignonResultsStructure();
results.ResultEnum = SignonResultsEnum.Success;
results.ResultMessage = null;
DbTableDmlMgr dmlSelectMgr = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserMaster
, Constants.UserCode
, Constants.UserPassword
, Constants.PasswordSalt
, Constants.SignonRestricted
, Constants.LastSignonDateTime
, Constants.FailedSignonAttempts
, Constants.ForcePasswordChange
, Constants.MultipleSignonAllowed
, Constants.DefaultAccessGroupCode);
dmlSelectMgr.SetWhereCondition((j) => j.Column(Constants.UserId)
== j.Parameter(dmlSelectMgr.MainTable.SchemaName
, dmlSelectMgr.MainTable.TableName
, Constants.UserId
, daMgr.BuildParamName(Constants.UserId)));
DbCommand cmdSelectUserMaster = daMgr.BuildSelectDbCommand(dmlSelectMgr, null);
cmdSelectUserMaster.Parameters[daMgr.BuildParamName(Constants.UserId)].Value = userId;
DbCommandMgr dbCmdMgr = new DbCommandMgr(daMgr);
dbCmdMgr.AddDbCommand(cmdSelectUserMaster);
if (!allowMultipleSessions)
{
dmlSelectMgr = daMgr.DbCatalogGetTableDmlMgr(DataAccess.Constants.SCHEMA_CORE
, Constants.UserSessions
, Constants.SessionCode
, Constants.SessionDateTime
, Constants.ForceSignOff);
dmlSelectMgr.SetWhereCondition((j) => j.Column(Constants.UserId)
== j.Parameter(dmlSelectMgr.MainTable.SchemaName
, dmlSelectMgr.MainTable.TableName
, Constants.UserId
, daMgr.BuildParamName(Constants.UserId)));
DbCommand cmdSelectSessions = daMgr.BuildSelectDbCommand(dmlSelectMgr, null);
cmdSelectSessions.Parameters[daMgr.BuildParamName(Constants.UserId)].Value = userId;
dbCmdMgr.AddDbCommand(cmdSelectSessions);
}
List <string> tableNames = new List <string>();
tableNames.Add(Constants.UserMaster);
if (!allowMultipleSessions)
{
tableNames.Add(Constants.UserSessions);
}
DataSet userSigonData = dbCmdMgr.ExecuteDataSet(tableNames);
DataTable userMaster = userSigonData.Tables[Constants.UserMaster];
// see if the userId exists and that the password is correct
if (userMaster.Rows.Count == 0)
{
// userId does not exists, return an invalid credentials message
results.ResultEnum = SignonResultsEnum.InvaldCredentials;
results.ResultMessage = "Incorrect UserId or Password, please try again.";
return(results);
}
string storedUserPassword = userMaster.Rows[0][Constants.UserPassword].ToString();
string passwordSalt = userMaster.Rows[0][Constants.PasswordSalt].ToString();
userPassword = Cryptography.HashOperation.ComputeHash(HashAlgorithmTypeEnum.SHA512HashAlgorithm, userPassword, passwordSalt);
if (storedUserPassword != userPassword)
{
// invalid credentials; do not indicate whether userId or password is incorrect
results.ResultEnum = SignonResultsEnum.InvaldCredentials;
results.ResultMessage = "Incorrect UserId or Password, please try again.";
Int16 failedAttempts = IncreaseFailedAttemptCount(daMgr, userId);
// check for failed limit and restrict account
if (failedAttempts >= signonControl.SignonControlData.FailedAttemptLimit)
{
RestrictSignon(daMgr, userId);
}
return(results);
}
// Since the UserId and Password matched, we found the account,
// now check for account level restrictions
bool signonRestricted = Convert.ToBoolean(userMaster.Rows[0][Constants.SignonRestricted]);
if (signonRestricted)
{
// invalid credentials; do not indicate whether userId or password is incorrect
results.ResultEnum = SignonResultsEnum.SignonsRestricted;
results.ResultMessage = "The account is restrcited from signing on.";
return(results);
}
bool ForcePasswordChange = Convert.ToBoolean(userMaster.Rows[0][Constants.ForcePasswordChange]);
if (ForcePasswordChange)
{
// invalid credentials; do not indicate whether userId or password is incorrect
results.ResultEnum = SignonResultsEnum.PasswordChangeRequired;
results.ResultMessage = "The account requires a password change before proceeding.";
return(results);
}
if (!allowMultipleSessions)
{
bool MultipleSignonAllowed = Convert.ToBoolean(userMaster.Rows[0][Constants.MultipleSignonAllowed]);
DataTable userSessions = userSigonData.Tables[Constants.UserSessions];
Int16 sessionCount = 0;
foreach (DataRow userSession in userSessions.Rows)
{
DateTime sessionDateTime = Convert.ToDateTime(userSession[Constants.SessionDateTime]);
TimeSpan sessionInterval = daMgr.DbSynchTime - sessionDateTime;
if (sessionInterval.TotalSeconds < signonControl.SignonControlData.TimeOutSeconds)
{
if (!MultipleSignonAllowed)
{
// if the user cannot have multiple signons, then we must check
// for existing (Active) session
results.ResultEnum = SignonResultsEnum.MultipleSignonRestricted;
results.ResultMessage = "The account can only have a single signon session. They must signOff the other session first.";
return(results);
}
++sessionCount;
}
}
}
// if the userId and password are correct, check signon control (general restrictions)
if (signonControl.SignonControlData.RestrictSignon)
{
results.ResultEnum = SignonResultsEnum.SignonsRestricted;
results.ResultMessage = signonControl.SignonControlData.RestrictSignonMsg;
return(results);
}
if (signonControl.SignonControlData.ForceSignoff)
{
results.ResultEnum = SignonResultsEnum.ForcedSignoff;
results.ResultMessage = signonControl.SignonControlData.SignoffWarningMsg;
return(results);
}
// successful signon
UserSignonSessionStructure uss = new UserSignonSessionStructure();
uss.UserCode = Convert.ToInt32(userMaster.Rows[0][Constants.UserCode]);
uss.PasswordHash = userMaster.Rows[0][Constants.UserPassword].ToString();
uss.DefaultAccessGroupCode = Convert.ToInt32(userMaster.Rows[0][Constants.DefaultAccessGroupCode]);
uss.UserId = userId;
uss.SignonApp.AppCode = userEnv.AppCode;
uss.SignonApp.AppId = userEnv.AppId;
uss.SignonApp.AppVersion = userEnv.AppVersion;
uss.SessionCode = AddSession(daMgr, userId, uss.UserCode, userEnv);
UserSession sessionMgr = new UserSession(daMgr, uss);
results.ResultMessage = "Welcome.";
if (userMaster.Rows[0][Constants.LastSignonDateTime] != DBNull.Value)
{
DateTime signonDateTime = Convert.ToDateTime(userMaster.Rows[0][Constants.LastSignonDateTime]);
results.ResultMessage += " Your last signon was: ." + signonDateTime.ToString();
}
results.ResultEnum = SignonResultsEnum.Success;
results.UserSessionMgr = sessionMgr;
return(results);
}