/// <summary>
/// Method to revoke/invalidate authentication token
/// </summary>
/// <param name="AuthToken"></param>
/// <param name="UserType">type of user to be validated</param>
/// <returns></returns>
public bool revokeAuthToken(string AuthToken)
{
try
{
string AES_KEY = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_KEY);
string AES_SALT = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_SALT);
int SaltLength = Convert.ToInt32(CommonUtility.GetAppSettingKey(Constants.AuthToken.SaltLength));
var TokenBody = CryptoUtility.Decrypt(AuthToken, AES_KEY, AES_SALT);
var LstTokenBody = JLT.Common.Utility.StringUtility.SplitString(TokenBody, "##");
var LstInnerMsg = JLT.Common.Utility.StringUtility.SplitString(LstTokenBody[0], Constants.AuthToken.SeperatorString); //InnerMsg = UserID + Role + IPAddress + CryptoUtility.GenerateTimeStamp();
var TokenHash = LstTokenBody[1];
using (var objTokenDBService = new TokenDBService())
{
return(objTokenDBService.ChangeHashSalt(LstInnerMsg[0], CryptoUtility.GenerateSalt(SaltLength)));
}
}
catch (MySqlException odbcEx)
{
throw odbcEx;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
///
/// </summary>
/// <param name="UserID"></param>
/// <param name="Role"></param>
/// <param name="IPAddress"></param>
/// <param name="AES_KEY"></param>
/// <param name="AES_SALT"></param>
/// <param name="IsAdmin">If true it will fetch HashSalt from a_Admin table else from contact table</param>
/// <param name="SaltLength"></param>
/// <returns></returns>
public T obtainAuthToken <T>(T adminEntity, string IPAddress) where T : new()
{
try
{
string AES_KEY = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_KEY);
string AES_SALT = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_SALT);
int SaltLength = Convert.ToInt32(CommonUtility.GetAppSettingKey(Constants.AuthToken.SaltLength));
PropertyInfo useridPropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_UserId));
PropertyInfo idPropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_ID));
PropertyInfo rolePropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_Role));
PropertyInfo authTokenPropertyInfo = typeof(T).GetProperty(CommonUtility.GetAppSettingKey(Constants.AuthToken.UserEntity_AuthToken));
using (var objTokenDBService = new TokenDBService())
{
var objAdminEntity = objTokenDBService.ValidateAdminCredentials(adminEntity);
var id = (UInt64)idPropertyInfo.GetValue(objAdminEntity, null);
var role = Convert.ToString(rolePropertyInfo.GetValue(objAdminEntity, null));
var userid = (string)useridPropertyInfo.GetValue(objAdminEntity, null);
var authTolen = (string)authTokenPropertyInfo.GetValue(objAdminEntity, null);
if (userid == (string)useridPropertyInfo.GetValue(adminEntity, null))
{
var Inner_Msg = id + Constants.AuthToken.SeperatorString + role + Constants.AuthToken.SeperatorString + IPAddress + Constants.AuthToken.SeperatorString + CryptoUtility.GenerateTimeStamp();
var HASH_SALT = CryptoUtility.GenerateSalt(SaltLength);
objTokenDBService.ChangeHashSalt(id.ToString(), HASH_SALT);
var Msg_Hash = CryptoUtility.GenerateHash(Inner_Msg, HASH_SALT);
authTokenPropertyInfo.SetValue(objAdminEntity, CryptoUtility.Encrypt(Inner_Msg + "##" + Msg_Hash, AES_KEY, AES_SALT), null);
return(objAdminEntity);
}
else
{
throw new SecurityTokenException("-3|Error granting access token: You entered wrong UserId or Password(UserID: " + userid + " | IP Address: " + IPAddress + ")");
}
}
}
catch (SecurityTokenException e)
{
throw e;
}
catch (MySqlException odbcEx)
{
throw odbcEx;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Method to validate an authentication token
/// </summary>
/// <param name="AuthToken"></param>
/// <param name="IPAddress"></param>
/// <param name="UserType">type of user to be validated</param>
/// <param name="IsAuthorize"></param>
/// <param name="Action"></param>
/// <returns></returns>
public bool validateAuthToken(string AuthToken, string IPAddress, bool IsAuthorize, Enums.Action Action)
{
try
{
string AES_KEY = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_KEY);
string AES_SALT = CommonUtility.GetAppSettingKey(Constants.AuthToken.AES_SALT);
bool IsValidateIPAddress = Convert.ToBoolean(CommonUtility.GetAppSettingKey(Constants.AuthToken.IsValidateIPAddress));
int TokenValiditySec = Convert.ToInt32(CommonUtility.GetAppSettingKey(Constants.AuthToken.TokenValiditySec));
var TokenBody = CryptoUtility.Decrypt(AuthToken, AES_KEY, AES_SALT);
var LstTokenBody = JLT.Common.Utility.StringUtility.SplitString(TokenBody, "##");
var LstInnerMsg = JLT.Common.Utility.StringUtility.SplitString(LstTokenBody[0], Constants.AuthToken.SeperatorString); //InnerMsg = UserID + Role + IPAddress + CryptoUtility.GenerateTimeStamp();
var TokenHash = LstTokenBody[1];
string Msg_Hash = string.Empty;
using (var objTokenDBService = new TokenDBService())
{
var Hash_Salt = objTokenDBService.GetHashSalt(LstInnerMsg[0]);
Msg_Hash = CryptoUtility.GenerateHash(LstTokenBody[0], Hash_Salt);
}
if (Convert.ToInt64(CryptoUtility.GenerateTimeStamp()) - Convert.ToInt64(LstInnerMsg[3]) < TokenValiditySec)
{
if (IsValidateIPAddress)
{
if (!String.Equals(LstInnerMsg[2], IPAddress, StringComparison.Ordinal))
{
throw new SecurityTokenException("401|Error validating access token: Suspicious request, IP mismatch found(Token: " + AuthToken + " :: Token IP Address: " + LstInnerMsg[2] + " - Current IP Address: " + IPAddress + ")"); //Suspicious Request
}
}
if (String.Equals(Msg_Hash, TokenHash, StringComparison.Ordinal))
{
if (IsAuthorize)
{
if ((Convert.ToInt64(Action) & Convert.ToInt64(LstInnerMsg[1])) == Convert.ToInt64(Action))
{
return(true);
}
else
{
throw new SecurityTokenException("403|User is not authorized to perform this action(Token: " + AuthToken + " :: IP Address: " + IPAddress + ")"); //User does not have role for this action
}
}
else
{
return(true);
}
}
else
{
throw new SecurityTokenException("401|Error validating access token: token not valid(Token: " + AuthToken + " :: IP Address: " + IPAddress + ")"); //Token Expired
}
}
else
{
throw new SecurityTokenException("401|Error validating access token: Session has expired(Token: " + AuthToken + " :: IP Address: " + IPAddress + ")"); //Token Expired
}
}
catch (SecurityTokenException e)
{
throw e;
}
catch (Exception ex)
{
throw new Exception("401|Default Exeption(Token: " + AuthToken + " | IP Address: " + IPAddress + ")", ex);
}
}
