public HttpClientEx(Lpp.Dns.DataMart.Lib.NetWorkSetting ns, System.Security.Cryptography.X509Certificates.X509Certificate2 cert)
{
_NetworkSetting = ns;
if (cert == null)
{
this._Client = new HttpClient()
{
Timeout = new TimeSpan(0, 10, 0)
};
}
else
{
var handler = new WebRequestHandler {
ClientCertificateOptions = ClientCertificateOption.Manual, UseDefaultCredentials = false
};
handler.ClientCertificates.Add(cert);
this._Client = new HttpClient(handler)
{
Timeout = new TimeSpan(0, 10, 0)
};
}
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12 | System.Net.SecurityProtocolType.Tls11;
var metadata = new DMCMetadata {
DMCFileVersion = _FileVersion, DMCProductVersion = _ProductVersion
};
var creds = Crypto.EncryptStringAES(string.Format("{0}:{1}", _NetworkSetting.Username, _NetworkSetting.DecryptedPassword), "PopMedNet Authorization", _NetworkSetting.EncryptionSalt);
this._Credentials = Convert.ToBase64String(Encoding.UTF8.GetBytes(creds + ":" + "" + ":" + JsonConvert.SerializeObject(metadata)));
this._Client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("PopMedNet", _Credentials);
this._Host = ns.HubWebServiceUrl.TrimEnd("/".ToCharArray());
}
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
if (context.Request.Headers.Authorization == null)
{
HttpContext.Current.User = null;
Thread.CurrentPrincipal = null;
return;
}
var authToken = context.Request.Headers.Authorization.Parameter;
ApiIdentity ident = HttpContext.Current.Cache[authToken] as ApiIdentity;
if (ident != null)
{
if (string.Equals("PopMedNet", context.Request.Headers.Authorization.Scheme))
{
var ctx = context.Request.Properties["MS_HttpContext"] as HttpContextWrapper;
var unsplitToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken));
var decodedToken = unsplitToken.Split(':');
DMCMetadata metadata = null;
if (decodedToken.Length > 2)
{
metadata = JsonConvert.DeserializeObject <DMCMetadata>(unsplitToken.Substring(decodedToken[0].Length + decodedToken[1].Length + 2));
}
using (var db = new DataContext())
{
Dns.Data.Audit.UserAuthenticationLogs successAudit = new UserAuthenticationLogs
{
UserID = ident.ID,
Description = $"User Authenticated Successfully from DataMart Client (Release: {metadata.DMCProductVersion}, Version: {metadata.DMCFileVersion}, IP Address: {ctx.Request.UserHostAddress}).",
Success = true,
IPAddress = ctx.Request.UserHostAddress,
Environment = "DataMart Client",
Details = unsplitToken.Substring(decodedToken[0].Length + decodedToken[1].Length + 2),
DMCVersion = metadata.DMCFileVersion,
Source = ident.RawUrl
};
db.LogsUserAuthentication.Add(successAudit);
await db.SaveChangesAsync();
}
}
}
else
{
if (string.Equals("PopMedNet", context.Request.Headers.Authorization.Scheme))
{
using (var db = new DataContext())
{
string username = null;
string password = null;
IUser user = null;
var ctx = context.Request.Properties["MS_HttpContext"] as HttpContextWrapper;
var unsplitToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken));
var decodedToken = unsplitToken.Split(':');
Lpp.Utilities.WebSites.Models.LoginResponseModel.DecryptCredentials(decodedToken[0], out username, out password);
if (!db.ValidateUser2(username, password, out user))
{
if (user != null)
{
DMCMetadata metadata = null;
string reserializedJson = "";
if (decodedToken.Length > 2)
{
metadata = JsonConvert.DeserializeObject <DMCMetadata>(unsplitToken.Substring(decodedToken[0].Length + decodedToken[1].Length + 2));
metadata.InvalidCredentials = Lpp.Utilities.Crypto.EncryptStringAES("UserName: "******" was attempted with Password:"******"AuthenticationLog", user.ID.ToString("D"));
reserializedJson = JsonConvert.SerializeObject(metadata);
}
UserAuthenticationLogs failedAudit = new UserAuthenticationLogs
{
UserID = user.ID,
Description = $"User Authenticated Failed from DataMart Client (Release: {metadata.DMCProductVersion}, Version: {metadata.DMCFileVersion}, IP Address: {ctx.Request.UserHostAddress}).",
Success = false,
IPAddress = ctx.Request.UserHostAddress,
Environment = "DataMart Client",
Details = reserializedJson,
DMCVersion = metadata.DMCFileVersion,
Source = ctx.Request.RawUrl
};
db.LogsUserAuthentication.Add(failedAudit);
await db.SaveChangesAsync();
}
}
}
}
}
}