public InitiateSessionResponse InitiateSession(InitiateSessionRequest request)
{
bool ok = Membership.ValidateUser(request.UserName, request.Password);
if (ok)
{
Guid tokenId = Guid.NewGuid();
var token = new SessionToken(tokenId.ToString(), Platform.Time + ServerPlatform.WebSessionTimeout);
string[] authority = Roles.GetRolesForUser(request.UserName);
string displayName = request.UserName;
#if STANDALONE
var list = new List<string>();
list.AddRange(authority);
list.Add(Enterprise.Authentication.AuthorityTokens.Study.ViewImages);
list.Add("Viewer/Visible");
list.Add("Viewer/Clinical");
authority = list.ToArray();
#endif
var rsp = new InitiateSessionResponse(token, authority, new Guid[0], displayName,string.Empty);
SessionTokenManager.Instance.AddSession(token);
return rsp;
}
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
}
public InitiateSessionResponse InitiateSession(InitiateSessionRequest request)
{
Platform.CheckForNullReference(request, "request");
Platform.CheckMemberIsSet(request.UserName, "UserName");
Platform.CheckMemberIsSet(request.Application, "Application");
Platform.CheckMemberIsSet(request.HostName, "HostName");
Platform.CheckMemberIsSet(request.Password, "Password");
return InitiateSessionHelper(
request.UserName,
request.Application,
request.HostName,
request.GetAuthorizations,
user => user.InitiateSession(request.Application, request.HostName, request.Password, GetSessionTimeout()));
}
public InitiateSessionResponse InitiateSession(InitiateSessionRequest request)
{
bool ok = Membership.ValidateUser(request.UserName, request.Password);
if (ok)
{
Guid tokenId = Guid.NewGuid();
var token = new SessionToken(tokenId.ToString(), Platform.Time + ServerPlatform.WebSessionTimeout);
string[] authority = Roles.GetRolesForUser(request.UserName);
string displayName = request.UserName;
var rsp = new InitiateSessionResponse(token, authority, new Guid[0], displayName,string.Empty);
SessionTokenManager.Instance.AddSession(token);
return rsp;
}
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
}
public InitiateSessionResponse InitiateSession(InitiateSessionRequest request)
{
Platform.CheckForNullReference(request, "request");
Platform.CheckMemberIsSet(request.UserName, "UserName");
Platform.CheckMemberIsSet(request.Application, "Application");
Platform.CheckMemberIsSet(request.HostName, "HostName");
Platform.CheckMemberIsSet(request.Password, "Password");
// check host name against white-list
if (!CheckWhiteList(this.Settings.HostNameWhiteList, request.HostName))
throw new UserAccessDeniedException();
// check application name against white-list
if (!CheckWhiteList(this.Settings.ApplicationWhiteList, request.Application))
throw new UserAccessDeniedException();
// find user
var user = GetUser(request.UserName);
if (user == null)
throw new UserAccessDeniedException();
// clean-up any expired sessions
CleanExpiredSessions(user);
// initiate new session
var session = user.InitiateSession(request.Application, request.HostName, request.Password, GetSessionTimeout());
// get authority tokens if requested
var authorizations = request.GetAuthorizations ?
PersistenceContext.GetBroker<IAuthorityTokenBroker>().FindTokensByUserName(request.UserName) : new string[0];
// Get DataAccess authority groups if requested
var groups = request.GetAuthorizations
? PersistenceContext.GetBroker<IAuthorityGroupBroker>().FindDataGroupsByUserName(request.UserName)
: new Guid[0];
return new InitiateSessionResponse(session.GetToken(), authorizations, groups, user.DisplayName, user.EmailAddress);
}
public SessionInfo Login(string userName, string password, string appName)
{
if (string.IsNullOrEmpty(userName))
throw new ArgumentException(SR.UserIDIsEmpty);
if (string.IsNullOrEmpty(password))
throw new ArgumentException(SR.PasswordIsEmpty);
Platform.CheckForEmptyString(password, "password");
Platform.CheckForEmptyString(appName, "appName");
SessionInfo session = null;
Platform.GetService(
delegate(IAuthenticationService service)
{
try
{
var request = new InitiateSessionRequest(userName, appName,
Dns.GetHostName(), password)
{
GetAuthorizations = true
};
InitiateSessionResponse response = service.InitiateSession(request);
if (response != null)
{
var credentials = new LoginCredentials
{
UserName = userName,
DisplayName = response.DisplayName,
SessionToken = response.SessionToken,
Authorities = response.AuthorityTokens,
DataAccessAuthorityGroups = response.DataGroupOids,
EmailAddress = response.EmailAddress
};
var user = new CustomPrincipal(new CustomIdentity(userName, response.DisplayName),credentials);
Thread.CurrentPrincipal = user;
session = new SessionInfo(user);
session.User.WarningMessages = response.WarningMessages;
// Note: need to insert into the cache before calling SessionInfo.Validate()
SessionCache.Instance.AddSession(response.SessionToken.Id, session);
session.Validate();
Platform.Log(LogLevel.Info, "{0} has successfully logged in.", userName);
}
}
catch (FaultException<PasswordExpiredException> ex)
{
throw ex.Detail;
}
catch(FaultException<UserAccessDeniedException> ex)
{
throw ex.Detail;
}
catch (FaultException<RequestValidationException> ex)
{
throw ex.Detail;
}
}
);
return session;
}
