private void ValidateAdmin(BVSDAdmin candidateAdmin) { DynamicParameters sqlParams = new DynamicParameters(new { userID = candidateAdmin.UserID, calendarID = candidateAdmin.CalendarID }); sqlParams.Add("districtAdminYN", null, DbType.Boolean, ParameterDirection.Output, null); sqlParams.Add("schoolID", null, DbType.Int32, ParameterDirection.Output, null); sqlParams.Add("userName", null, DbType.String, ParameterDirection.Output, 255); using (SqlConnection conn = new SqlConnection(_connString)) { conn.Open(); conn.Execute("p_BVSD_BoC_ValidateBoCAdmin", sqlParams, commandType: CommandType.StoredProcedure); } candidateAdmin.School = new School { ID = sqlParams.Get <int?>("schoolID") ?? 0 }; //use 0 to represent a non-admin user (non school- & non district-admin) if (sqlParams.Get <bool?>("districtAdminYN") == true) { candidateAdmin.School.ID = -1; //use -1 to represent a district admin (which is not assoc. w/ any one school) } candidateAdmin.Name = sqlParams.Get <string>("userName"); }
protected override async Task <IPrincipal> AuthenticateAsync(string authorizationParameter, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ClaimsPrincipal principal; List <Claim> claims = new List <Claim>(); try { if (!string.IsNullOrWhiteSpace(_simpleApiKey) && (_simpleApiKey == HttpUtility.UrlDecode(authorizationParameter))) { claims.Add(new Claim(ClaimTypes.Role, BvsdRoles.BvsdEmployee)); } else { BVSDAdmin sessionUser = _bocAuthorizationService.ExtractUser(authorizationParameter); claims.Add(new Claim(ClaimTypes.Name, sessionUser.Name)); claims.Add(new Claim(ClaimTypes.NameIdentifier, sessionUser.ID.ToString())); claims.Add(new Claim(ClaimTypes.UserData, sessionUser.School.ID.ToString())); claims.Add(new Claim(ClaimTypes.Role, (sessionUser.School.ID == -1) ? BvsdRoles.DistrictAdmin : (sessionUser.School.ID > 0) ? BvsdRoles.SchoolAdmin : BvsdRoles.NotAnAdmin)); } // important to set the identity this way, otherwise IsAuthenticated will be false // see: ht tp://leastprivilege.com/2012/09/24/claimsidentity-isauthenticated-and-authenticationtype-in-net-4-5/ ClaimsIdentity identity = new ClaimsIdentity(claims, AuthenticationTypes.Basic); principal = new ClaimsPrincipal(identity); } catch (Exception ex) { //TODO: log ex principal = null; } return(principal); }
public string BuildToken(BVSDAdmin user) { //TODO: use Convert.ToBase64String() instead of HtmlEncode() if (((user?.ID ?? 0) == 0) || ((user?.School?.ID ?? 0) == 0) || (string.IsNullOrWhiteSpace(user?.Name))) { return(null); } else { lock (_icCipherService) { return(System.Web.HttpUtility.HtmlEncode(_icCipherService.Encrypt_ECB( string.Format("{0}={1}&{2}={3}&{4}={5}", bocTokenKeyPersonID, user.ID, bocTokenKeySchoolID, user.School.ID, bocTokenKeyUser, user.Name)))); } } }
public BVSDAdmin ExtractExternalUser(string externalToken) { BVSDAdmin user = new BVSDAdmin(); if (!string.IsNullOrWhiteSpace(externalToken)) { if (!string.IsNullOrWhiteSpace(_clearAuthenticationPrefix) && (externalToken.IndexOf(_clearAuthenticationPrefix) == 0)) { //split clear-text token try { string[] tokenParts = externalToken.Split(':')[1].Split(';'); user.ID = int.Parse(tokenParts[0]); user.UserID = int.Parse(tokenParts[1]); user.CalendarID = int.Parse(tokenParts[2]); } catch { } } else { try { lock (_icCipherService) { //decode/decrypt token //TODO: use Convert.ToBase64String() instead of Web.HttpUtility.. System.Collections.Specialized.NameValueCollection tokenParts = System.Web.HttpUtility.ParseQueryString( _icCipherService.Decrypt_ECB(System.Web.HttpUtility.UrlDecode(externalToken))); user.ID = int.Parse(tokenParts[icTokenKeyPersonID]); user.UserID = int.Parse(tokenParts[icTokenKeyUserID]); user.CalendarID = int.Parse(tokenParts[icTokenKeyCalendarID]); } } catch (Exception ex) { //TODO: log exception ; } } if ((user.ID != 0) && (user.UserID != 0)) { //call DB to flesh out user details ValidateAdmin(user); } } return(user); }
public BVSDAdmin ExtractUser(string bocToken) { //TODO: use Convert.ToBase64String() instead of HtmlEncode() BVSDAdmin user = new BVSDAdmin { School = new School() }; try { lock (_icCipherService) { string clearToken = _icCipherService.Decrypt_ECB(System.Web.HttpUtility.UrlDecode(bocToken)); var paramsCollection = System.Web.HttpUtility.ParseQueryString(clearToken); user.ID = int.Parse(paramsCollection[bocTokenKeyPersonID]); user.School.ID = int.Parse(paramsCollection[bocTokenKeySchoolID]); user.Name = paramsCollection[bocTokenKeyUser]; } } catch (Exception ex) { //TODO: log exception ; } return(user); }
public IHttpActionResult Authenticate(string externalToken) { string bocToken; BVSDAdmin user = null; try { //user = new BVSDAdmin { ID = 247006, Name = "EB A. Tester", School = new School { ID = -1 } }; user = _bocAuthService.ExtractExternalUser(externalToken); bocToken = _bocAuthService.BuildToken(user); } catch (Exception ex) { //TODO: log exception bocToken = null; } if (bocToken == null) { return(StatusCode(HttpStatusCode.Unauthorized)); } else { return(Ok(new { authToken = bocToken, userName = user.Name, userSchoolID = user.School?.ID })); } }