public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
var form = await context.Request.ReadFormAsync();
string usernameVal = context.UserName;
string passwordVal = context.Password;
string bankName = form["bankName"];
BusinessObjects.Models.User user = UserSecurity.Login(usernameVal, passwordVal, bankName);
if (user == null)
{
context.SetError("The user name, password or bankName is incorrect.", "invalid_grant");
context.Rejected();
}
else
{
var claims = new List <Claim>();
claims.Add(new Claim("BankId", user.bankId.ToString()));
claims.Add(new Claim(ClaimTypes.Name, user.userName));
ClaimsIdentity oAuthClaimIdentity = new ClaimsIdentity(claims, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesClaimIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.userName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthClaimIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesClaimIdentity);
}
}
catch (Exception ex)
{
ExceptionsWriter.saveEventsAndExceptions(ex, "Exceptions not handled", EventLogEntryType.Error);
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers
.Authorization.Parameter;
string decodedAuthenticationToken = Encoding.UTF8.GetString(
Convert.FromBase64String(authenticationToken));
string[] usernamePasswordArray = decodedAuthenticationToken.Split(':');
string username = usernamePasswordArray[0];
string password = usernamePasswordArray[1];
if (UserSecurity.Login(username, password))
{
Thread.CurrentPrincipal = new GenericPrincipal(
new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
/// <summary>
/// Registers the specified user.
/// </summary>
/// <param name="model">The registration model.</param>
/// <param name="errorMessage">The error message that occured during regustration.</param>
/// <param name="requireConfirmation">if set to <c>true</c> [require confirmation].</param>
/// <param name="token">Confirmation token</param>
/// <returns>
/// true when user is registered and logged in
/// </returns>
public static bool Register(RegisterModel model, bool requireConfirmation, out string errorMessage, out string token)
{
errorMessage = string.Empty;
token = string.Empty;
try
{
var id = Guid.NewGuid().ToString();
token = UserSecurity.CreateUserAndAccount(model.Email, model.Password, new
{
MemberId = id,
CustomerSession.StoreId,
RegisterType = RegisterType.GuestUser.GetHashCode(),
AccountState = requireConfirmation ? AccountState.PendingApproval.GetHashCode() : AccountState.Approved.GetHashCode(),
Discriminator = "Account"
}, requireConfirmation);
var contact = new Contact
{
MemberId = id,
FullName = String.Format("{0} {1}", model.FirstName, model.LastName)
};
contact.Emails.Add(new Email {
Address = model.Email, MemberId = id, Type = EmailType.Primary.ToString()
});
foreach (var addr in model.Addresses)
{
contact.Addresses.Add(addr);
}
UserClient.CreateContact(contact);
return(requireConfirmation || UserSecurity.Login(model.Email, model.Password));
}
catch (MembershipCreateUserException e)
{
errorMessage = ErrorCodeToString(e.StatusCode);
}
catch (Exception ex)
{
errorMessage = ex.Message;
}
return(false);
}
public IHttpActionResult ResetPassword(ResetPasswordRequest request)
{
int userId = UserSecurity.GetUserId(request.UserName);
if (request.SecretCode != null && request.SecretCode == secretResetCode)
{
ResetUserPassword(request.NewPassword, userId);
return(Ok());
}
else if (UserSecurity.Login(request.UserName, request.OldPassword))
{
//password matches user
ResetUserPassword(request.NewPassword, userId);
return(Ok());
}
return(Content(HttpStatusCode.Unauthorized, "Password or secret code does not match."));
}
public bool Authen(string username, string password)
{
return(UserSecurity.Login(username, password));
}