/// <summary>
/// Validates the client.
/// </summary>
/// <param name="clientId">The client identifier.</param>
/// <param name="loginMessage">The login message.</param>
/// <param name="client">The client.</param>
/// <returns>is valid client</returns>
private static bool ValidateClient(string clientId, ref string loginMessage, out AuthClient client)
{
client = null;
if (string.IsNullOrEmpty(clientId))
{
loginMessage = "Client id should be sent.";
return(false);
}
else
{
client = AuthenticationCommands.FindAuthClient(clientId);
}
if (client == null)
{
loginMessage = string.Format("Client '{0}' is not registered in the system.", clientId);
return(false);
}
else
{
if (!client.IsActive)
{
loginMessage = string.Format("Client {0} is inactive.", client.Id);
return(false);
}
}
return(true);
}
public async Task <HttpResponseMessage> SwitchOrganization(Login loginModel)
{
string pswd = string.Empty;
if (ApiContext.ActiveUser.OrganizationId != loginModel.OrganizationId)
{
pswd = Business.Common.CommonCommands.SwitchOrganization(ApiContext.ActiveUser, loginModel.OrganizationId); // Updating default Role
AuthenticationCommands.SetTokenExpires();
HttpRequest request = HttpContext.Current.Request;
string tokenServiceUrl = request.Url.GetLeftPart(UriPartial.Authority) + request.ApplicationPath + "/Token";
loginModel.Password = SecureString.Decrypt(pswd);
loginModel.OrganizationId = loginModel.OrganizationId;
using (var client = new HttpClient())
{
var requestParams = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("grant_type", "password"),
new KeyValuePair <string, string>("username", loginModel.Username),
new KeyValuePair <string, string>("password", loginModel.Password),
new KeyValuePair <string, string>("organizationId", loginModel.OrganizationId.ToString())
};
if (string.IsNullOrEmpty(loginModel.ClientId) == false)
{
requestParams.Add(new KeyValuePair <string, string>("client_id", loginModel.ClientId));
}
if (loginModel.ForceLogin)
{
requestParams.Add(new KeyValuePair <string, string>("forceLogin", loginModel.ForceLogin.ToString()));
}
if (loginModel.RememberMe)
{
requestParams.Add(new KeyValuePair <string, string>("rememberMe", loginModel.RememberMe.ToString()));
}
var requestParamsFormUrlEncoded = new FormUrlEncodedContent(requestParams);
var tokenServiceResponse = client.PostAsync(tokenServiceUrl, requestParamsFormUrlEncoded).Result;
if (tokenServiceResponse.IsSuccessStatusCode)
{
var accessToken = tokenServiceResponse.Content.ReadAsAsync <Token>().Result;
HttpResponseMessage successResponse = Request.CreateResponse(HttpStatusCode.OK, accessToken);
return(successResponse);
}
else
{
var responseString = tokenServiceResponse.Content.ReadAsStringAsync();
HttpResponseMessage failedResponse = Request.CreateResponse(tokenServiceResponse.StatusCode);
failedResponse.Content = new StringContent("failed", Encoding.UTF8, "application/json");
return(failedResponse);
}
}
}
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.PreconditionFailed);
response.Content = new StringContent("failed", Encoding.UTF8, "application/json");
return(response);
}
/// <summary>
/// Handles the OnAuthenticate event of the FormsAuthentication control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="args">The <see cref="FormsAuthenticationEventArgs"/> instance containing the event data.</param>
public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
if (args == null)
{
return;
}
try
{
if (Request.Cookies[SimplexRestAuthenticationModule.CookieName] != null)
{
args.User = AuthenticationCommands.AuthenticateTicket(Request.Cookies[SimplexRestAuthenticationModule.CookieName].Value);
// Add the details in the cookis which is uesed to navigate to the details page in case of opening from other application (CC)
if (Request.QueryString["ReturnUrl"] != null && Request.QueryString["ReturnUrl"].Contains("VendorBillDetails"))
{
var authCookie = new HttpCookie("ReturnUrl", Request.QueryString["ReturnUrl"].ToString());
// Removed Remember Me support due to ticket expiration conflict
HttpContext.Current.Response.Cookies.Add(authCookie);
}
}
else if (Request.QueryString[SimplexRestAuthenticationModule.CookieName] != null && !string.IsNullOrEmpty(Request.QueryString[SimplexRestAuthenticationModule.CookieName]))
{
// Authenticate the external tickets
args.User = AuthenticationCommands.AuthenticateTicket(Request.QueryString[SimplexRestAuthenticationModule.CookieName].ToString());
if (args.User.Identity.IsAuthenticated)
{
if (Request.Cookies[SimplexRestAuthenticationModule.CookieName] == null)
{
var authCookie = new HttpCookie(SimplexRestAuthenticationModule.CookieName, Request.QueryString[SimplexRestAuthenticationModule.CookieName].ToString());
// Removed Remember Me support due to ticket expiration conflict
HttpContext.Current.Response.Cookies.Add(authCookie);
}
if (Request.QueryString["ReturnUrl"] != null)
{
var authCookie = new HttpCookie("ReturnUrl", Request.QueryString["ReturnUrl"].ToString());
// Removed Remember Me support due to ticket expiration conflict
HttpContext.Current.Response.Cookies.Add(authCookie);
}
}
}
}
catch (ExpiredTicketException)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
catch (AuthenticationException)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
}
public static int CreateUser(string username = "******", string password = "******", bool addGroup = false, bool createResource = false)
{
var userId = AuthenticationCommands.CreateSecurityUser(username, "*****@*****.**");
AuthenticationCommands.SetPassword(userId, password);
if (addGroup)
{
AddUserToGroup(userId);
}
if (createResource)
{
CreateLogicalResource();
}
return(userId);
}
public async Task <IHttpActionResult> RegisterExternal(RegisterExternalBindingModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var verifiedAccessToken = await CommonValidations.VerifyExternalAccessToken(model.Provider, model.ExternalAccessToken);
if (verifiedAccessToken == null)
{
return(BadRequest("Invalid Provider or External Access Token"));
}
UserIdentity userIdentity = AuthenticationCommands.FindLoginProvider(model.Provider, verifiedAccessToken.user_id);
bool hasRegistered = userIdentity != null;
if (hasRegistered)
{
return(BadRequest("External user is already registered"));
}
var userId = AuthenticationCommands.AddUser(model.UserName, model.Password);
if (userId < 1)
{
return(BadRequest("Unable to create user."));
}
var authProvider = new AuthProvider
{
LoginProvider = model.Provider,
ProviderKey = verifiedAccessToken.user_id,
UserId = userId
};
var isInserted = AuthenticationCommands.AddNewUserLoginProvider(authProvider);
//generate access token response
var accessTokenResponse = Helper.GenerateLocalAccessTokenResponse(AuthenticationCommands.FindUserByUserId(userId));
return(Ok(accessTokenResponse));
}
public async Task <IHttpActionResult> ObtainLocalAccessToken(string provider, string externalAccessToken)
{
if (string.IsNullOrWhiteSpace(provider) || string.IsNullOrWhiteSpace(externalAccessToken))
{
return(BadRequest("Provider or external access token is not sent"));
}
var verifiedAccessToken = await CommonValidations.VerifyExternalAccessToken(provider, externalAccessToken);
if (verifiedAccessToken == null)
{
return(BadRequest("Invalid Provider or External Access Token"));
}
UserIdentity userIdentity = AuthenticationCommands.FindLoginProvider(provider, verifiedAccessToken.user_id);
bool hasRegistered = userIdentity != null;
if (!hasRegistered)
{
return(BadRequest("External user is not registered"));
}
string authToken = AuthenticationCommands.GenerateAuthToken(userIdentity.Username, !ApiSecurity.Configuration.Current.MultipleInstanceEnabled);
if (string.IsNullOrEmpty(authToken))
{
return(BadRequest(string.Format("The user {0}, is already logged in with other device/machine.", userIdentity.Username)));
}
else
{
userIdentity.UserAuthTokenId = authToken;
}
//generate access token response
var accessTokenResponse = Helper.GenerateLocalAccessTokenResponse(userIdentity);
return(Ok(accessTokenResponse));
}
private void ProcessResponse(string response)
{
if (!_greetSent)
{
return;
}
switch (CaptureData)
{
case 1:
TransactionCommands.ProcessData(this, response);
return;
case 2:
case 3:
case 4:
AuthenticationCommands.ProcessData(this, response.Trim());
return;
}
response = response.Trim();
string command;
var data = string.Empty;
if (response.Contains(":"))
{
command = response.Substring(0, response.IndexOf(":", StringComparison.Ordinal)).ToUpper().TrimEnd();
}
else if (response.Contains(" "))
{
command = response.Substring(0, response.IndexOf(" ", StringComparison.Ordinal)).ToUpper().TrimEnd();
}
else
{
command = response.ToUpper();
}
if (command.Length != response.Length)
{
data = response.Substring(command.Length).TrimStart();
}
switch (command)
{
case "EHLO":
Transaction = null;
_protocolVersion = 2;
WriteText($"250-{Server.Options.ServerName} at your service");
if (Server.AuthLogin != null)
{
WriteText("250-AUTH LOGIN PLAIN");
}
if (!Secure && Server.Certificate != null)
{
WriteText("250-STARTTLS");
}
WriteText("250 8BITMIME");
break;
case "HELO":
Transaction = null;
_protocolVersion = 1;
WriteText($"250 {Server.Options.ServerName} at your service");
break;
case "STARTTLS":
if (Secure)
{
WriteCode(503, "5.5.1");
return;
}
if (Server.Certificate == null)
{
WriteCode(502, "5.5.1");
return;
}
WriteCode(220, "2.0.0", "Ready for TLS");
_stream = new SslStream(_innerStream, false);
Secure = true;
Encryption = ConnectionEncryption.StartTls;
((SslStream)_stream).AuthenticateAsServer(Server.Certificate, false, Server.Options.Protocols, true);
_reader = new StreamReader(_stream);
break;
case "HELP":
WriteCode(214, "2.0.0");
break;
case "AUTH":
if (_protocolVersion == 0)
{
WriteCode(503, "5.5.1", "EHLO/HELO first.");
return;
}
AuthenticationCommands.ProcessCommand(this, data);
break;
case "NOOP":
WriteCode(250, "2.0.0");
break;
case "QUIT":
WriteCode(221, "2.0.0");
Dispose();
break;
case "RSET":
case "MAIL FROM":
case "RCPT TO":
case "DATA":
if (_protocolVersion == 0)
{
WriteCode(503, "5.5.1", "EHLO/HELO first.");
return;
}
TransactionCommands.ProcessCommand(this, command, data);
break;
case "VRFY":
if (_protocolVersion == 0)
{
WriteCode(503, "5.5.1", "EHLO/HELO first.");
return;
}
WriteCode(252, "5.5.1");
break;
default:
if (_protocolVersion == 0)
{
WriteCode(503, "5.5.1", "EHLO/HELO first.");
return;
}
WriteCode(502, "5.5.1");
break;
}
}
public int Logout()
{
ExternalProvider.SignOut(Request, HttpContext.Current.User.Identity.AuthenticationType);
return(AuthenticationCommands.SetTokenExpires());
}
public static void AddUserToGroup(int userId, string groupName = "UnitTest Group")
{
var groupId = AuthenticationCommands.CreateSecurityGroup(groupName);
AuthenticationCommands.AddUserToGroup(userId, groupId);
}
