public ValidateTokenResponse Validate(ValidateTokenRequest request, string securityToken)
{
try
{
ValidateTokenResponse response = null;
ObjectId tokenObjectId;
if (request != null)
{
if (ObjectId.TryParse(request.Token, out tokenObjectId))
{
MEAPISession session = _objectContext.APISessions.Collection.FindOneByIdAs <MEAPISession>(tokenObjectId);
if (session != null)
{
if (session.SecurityToken.ToUpper().Equals(securityToken.ToUpper()) &&
session.ContractNumber.ToUpper().Equals(request.ContractNumber.ToUpper()) &&
session.Product.ToUpper().Equals(request.Context.ToUpper()))
{
session.SessionTimeOut = DateTime.UtcNow.AddMinutes(session.SessionLengthInMinutes);
response = new ValidateTokenResponse
{
SessionLengthInMinutes = session.SessionLengthInMinutes,
SessionTimeOut = session.SessionTimeOut,
TokenId = session.Id.ToString(),
SQLUserId = session.SQLUserId,
UserId = session.UserId.ToString(),
UserName = session.UserName
};
_objectContext.APISessions.Collection.Save(session);
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Invalid Security Authorization Request");
}
return(response);
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Security Token does not exist");
}
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Security Token is not in correct format.");
}
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Request is invalid");
}
}
catch (Exception)
{
throw;
}
}
public AuthenticateResponse LoginUser(AuthenticateResponse existingReponse, string securityToken, string apiKey, string productName)
{
try
{
AuthenticateResponse response = new AuthenticateResponse();
//need to do a lookup against the APIKey collection to see if apiKey/Product combination exists
MEAPIKey key = (from k in _objectContext.APIKeys where k.ApiKey == apiKey && k.Product == productName && k.IsActive == true select k).FirstOrDefault();
if (key != null)
{
string contractNumber = existingReponse.Contracts[0].Number;
ObjectId UserId = GetUserId(contractNumber, productName, existingReponse.SQLUserID);
if (UserId != ObjectId.Empty)
{
MEAPISession session = new MEAPISession
{
SecurityToken = securityToken,
APIKey = apiKey,
Product = productName,
SessionLengthInMinutes = existingReponse.SessionTimeout,
SessionTimeOut = DateTime.UtcNow.AddMinutes(existingReponse.SessionTimeout),
UserName = existingReponse.UserName,
UserId = UserId,
ContractNumber = contractNumber,
SQLUserId = existingReponse.SQLUserID,
Version = 1.0
};
_objectContext.APISessions.Collection.Insert(session);
response = existingReponse;
response.UserId = UserId.ToString();
response.APIToken = session.Id.ToString();
}
else
{
throw new UnauthorizedAccessException("Login Failed! User does not have a valid contact card");
}
}
else
{
throw new UnauthorizedAccessException("Login Failed! Unknown Username/Password");
}
return(response);
}
catch (Exception)
{
throw;
}
}
public UserAuthenticateResponse LoginUser(string userName, string password, string securityToken, string apiKey, string productName, string contractNumber)
{
try
{
UserAuthenticateResponse response = new UserAuthenticateResponse();
MEAPISession session = null;
//need to do a lookup against the APIKey collection to see if apiKey/Product combination exists
MEAPIUser user = (from k in _objectContext.APIUsers where k.UserName == userName && k.ApiKey == apiKey && k.Product == productName.ToUpper() && k.IsActive == true select k).FirstOrDefault();
if (user != null)
{
//validate password
string dbPwd = HashText(password, user.Salt, new SHA1CryptoServiceProvider());
if (dbPwd.Equals(user.Password))
{
session = new MEAPISession
{
SecurityToken = securityToken,
APIKey = apiKey,
Product = productName,
SessionLengthInMinutes = user.SessionLengthInMinutes,
SessionTimeOut = DateTime.UtcNow.AddMinutes(user.SessionLengthInMinutes),
UserName = user.UserName,
Version = 1.0,
UserId = user.Id,
ContractNumber = (string.IsNullOrEmpty(contractNumber) ? user.DefaultContract : contractNumber)
};
_objectContext.APISessions.Collection.Insert(session);
}
else
{
throw new UnauthorizedAccessException("Login Failed! Password is incorrect");
}
List <ContractInfo> cts = new List <ContractInfo>();
cts.Add(new ContractInfo {
Number = session.ContractNumber
});
response = new UserAuthenticateResponse
{
APIToken = session.Id.ToString(),
Contracts = cts,
Name = user.UserName,
SessionTimeout = user.SessionLengthInMinutes,
UserName = user.UserName
};
}
else
{
throw new UnauthorizedAccessException("Login Failed! Incorrect login details like username, apikey or product.");
}
return(response);
}
catch (Exception)
{
throw;
}
}