public ValidateSessionResponse ValidateSession(ValidateSessionRequest request)
{
SessionToken session = SessionTokenManager.Instance.FindSession(request.SessionToken.Id);
if (session!=null)
{
if (session.ExpiryTime < Platform.Time)
{
Platform.Log(LogLevel.Error, "Session ID {0} already expired", session.Id);
SessionTokenManager.Instance.RemoveSession(request.SessionToken);
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
}
if (!request.ValidateOnly)
session = SessionTokenManager.Instance.UpdateSession(session);
if (Platform.IsLogLevelEnabled(LogLevel.Debug))
Platform.Log(LogLevel.Debug, "Session ID {0} is updated. Valid until {1}", session.Id, session.ExpiryTime);
return new ValidateSessionResponse(session, Roles.GetRolesForUser(session.Id));
}
#if false
return new ValidateSessionResponse(new SessionToken(request.SessionToken.Id,DateTime.Now.AddHours(1)),
new[] {AuthorityTokens.DataAccess.AllStudies,
AuthorityTokens.DataAccess.AllPartitions,
"Viewer/Visible",
"Viewer/Clinical"});
#endif
Platform.Log(LogLevel.Error, "Session ID {0} does not exist", request.SessionToken.Id);
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
}
public ValidateSessionResponse ValidateSession(ValidateSessionRequest request)
{
SessionToken session = SessionTokenManager.Instance.FindSession(request.SessionToken.Id);
if (session!=null)
{
if (session.ExpiryTime < Platform.Time)
{
Platform.Log(LogLevel.Error, "Session ID {0} already expired", session.Id);
SessionTokenManager.Instance.RemoveSession(request.SessionToken);
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
}
if (!request.ValidateOnly)
session = SessionTokenManager.Instance.UpdateSession(session);
if (Platform.IsLogLevelEnabled(LogLevel.Debug))
Platform.Log(LogLevel.Debug, "Session ID {0} is updated. Valid until {1}", session.Id, session.ExpiryTime);
var authority = Roles.GetRolesForUser(session.Id);
#if STANDALONE
var list = new List<string>();
list.AddRange(authority);
list.Add(Enterprise.Authentication.AuthorityTokens.Study.ViewImages);
list.Add("Viewer/Visible");
list.Add("Viewer/Clinical");
authority = list.ToArray();
#endif
return new ValidateSessionResponse(session, authority, new Guid[0]);
}
#if STANDALONE
return new ValidateSessionResponse(new SessionToken(request.SessionToken.Id,DateTime.Now.AddHours(1)),
new[] {AuthorityTokens.DataAccess.AllStudies,
AuthorityTokens.DataAccess.AllPartitions,
Enterprise.Authentication.AuthorityTokens.Study.ViewImages,
"Viewer/Visible",
"Viewer/Clinical"});
#else
Platform.Log(LogLevel.Error, "Session ID {0} does not exist", request.SessionToken.Id);
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
#endif
}
public ValidateSessionResponse ValidateSession(ValidateSessionRequest request)
{
SessionToken session = SessionTokenManager.Instance.FindSession(request.SessionToken.Id);
if (session!=null)
{
if (session.ExpiryTime < Platform.Time)
{
Platform.Log(LogLevel.Error, "Session ID {0} already expired", session.Id);
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
}
session = SessionTokenManager.Instance.UpdateSession(session);
if (Platform.IsLogLevelEnabled(LogLevel.Debug))
Platform.Log(LogLevel.Debug, "Session ID {0} is updated. Valid until {1}", session.Id, session.ExpiryTime);
return new ValidateSessionResponse(session, Roles.GetRolesForUser(session.Id));
}
Platform.Log(LogLevel.Error, "Session ID {0} does not exist", request.SessionToken.Id);
throw new FaultException<UserAccessDeniedException>(new UserAccessDeniedException());
}
public ValidateSessionResponse ValidateSession(ValidateSessionRequest request)
{
Platform.CheckForNullReference(request, "request");
Platform.CheckMemberIsSet(request.UserName, "UserName");
Platform.CheckMemberIsSet(request.SessionToken, "SessionToken");
// get the session
var session = GetSession(request.SessionToken);
if (session == null)
throw new InvalidUserSessionException();
// determine if still valid
session.Validate(request.UserName, this.Settings.UserSessionTimeoutEnabled);
// renew
if (!request.ValidateOnly)
session.Renew(GetSessionTimeout());
// get authority tokens if requested
var authorizations = request.GetAuthorizations ?
PersistenceContext.GetBroker<IAuthorityTokenBroker>().FindTokensByUserName(request.UserName) : new string[0];
// Get DataAccess authority groups if requested
var groups = request.GetAuthorizations
? PersistenceContext.GetBroker<IAuthorityGroupBroker>().FindDataGroupsByUserName(request.UserName)
: new Guid[0];
return new ValidateSessionResponse(session.GetToken(), authorizations, groups);
}
/// <summary>
/// Verifies the specified session
/// </summary>
/// <param name="userId"></param>
/// <param name="sessionToken"></param>
/// <param name="authorityTokens"></param>
/// <param name="bypassCache">True to always bypass the response cache and get a "fresh" response from the server.</param>
/// <returns></returns>
public static bool VerifySession(string userId, string sessionToken, out string[] authorityTokens, bool bypassCache = false)
{
try
{
ValidateSessionResponse response = null;
var request = new ValidateSessionRequest(userId, new SessionToken(sessionToken));
if (bypassCache)
{
using (new ResponseCacheBypassScope())
{
Platform.GetService<IAuthenticationService>(service => response = service.ValidateSession(request));
}
}
else
{
Platform.GetService<IAuthenticationService>(service => response = service.ValidateSession(request));
}
authorityTokens = response.AuthorityTokens;
return response.SessionToken.ExpiryTime > Platform.Time; //TODO : Utc?
}
catch (FaultException<InvalidUserSessionException> e)
{
}
authorityTokens = null;
return false;
}
private SessionInfo CheckSession(string tokenId, bool renew)
{
SessionInfo sessionInfo = SessionCache.Instance.Find(tokenId);
if (sessionInfo == null)
{
throw new Exception(String.Format("Unexpected error: session {0} does not exist in the cache", tokenId));
}
var request = new ValidateSessionRequest(sessionInfo.Credentials.UserName,
sessionInfo.Credentials.SessionToken)
{
GetAuthorizations = true,
ValidateOnly = !renew
};
try
{
SessionToken newToken = null;
Platform.GetService(
delegate(IAuthenticationService service)
{
DateTime originalExpiryTime = sessionInfo.Credentials.SessionToken.ExpiryTime;
ValidateSessionResponse response = service.ValidateSession(request);
//If we're renewing, might as well renew well before expiry. If we're only validating,
//we don't want to force a call to the server unless it's actually expired.
var addSeconds = 0.0;
if (renew)
{
//Minor hack - the ImageServer client shows a little bar at the top of the page counting down to session timeout,
//and allowing the user to cancel. This timeout value determines when that bar shows up. If, however, the
//validate response is being cached, we need to make sure we hit the server - otherwise the bar doesn't go away.
double.TryParse(ConfigurationManager.AppSettings.Get("ClientTimeoutWarningMinDuration"), out addSeconds);
addSeconds = Math.Max(addSeconds, 30);
}
if (Platform.Time.AddSeconds(addSeconds) >= response.SessionToken.ExpiryTime)
{
Platform.Log(LogLevel.Debug, "Session is at or near expiry; bypassing cache.");
//The response likely came from the cache, and we want to make sure we get a real validation response.
//Note that this only really matters when 2 processes are sharing a session, like ImageServer and Webstation.
using (new ResponseCacheBypassScope()) { response = service.ValidateSession(request); }
}
// update session info
string id = response.SessionToken.Id;
newToken = SessionCache.Instance.Renew(id, response.SessionToken.ExpiryTime);
sessionInfo.Credentials.Authorities = response.AuthorityTokens;
sessionInfo.Credentials.SessionToken = newToken;
if (Platform.IsLogLevelEnabled(LogLevel.Debug))
{
Platform.Log(LogLevel.Debug, "Session {0} for {1} is renewed. Valid until {2}", id, sessionInfo.Credentials.UserName, newToken.ExpiryTime);
if (originalExpiryTime == newToken.ExpiryTime)
{
Platform.Log(LogLevel.Warn, "Session expiry time is not changed. Is it cached?");
}
}
});
return sessionInfo;
}
catch(FaultException<InvalidUserSessionException> ex)
{
SessionCache.Instance.RemoveSession(tokenId);
throw new SessionValidationException(ex.Detail);
}
catch(FaultException<UserAccessDeniedException> ex)
{
SessionCache.Instance.RemoveSession(tokenId);
throw new SessionValidationException(ex.Detail);
}
catch(Exception ex)
{
//TODO: for now we can't distinguish communicate errors and credential validation errors.
// All exceptions are treated the same: we can't verify the login.
var e = new SessionValidationException(ex);
throw e;
}
}
private SessionInfo CheckSession(string tokenId, bool renew)
{
SessionInfo sessionInfo = SessionCache.Instance.Find(tokenId);
if (sessionInfo == null)
{
throw new Exception(String.Format("Unexpected error: session {0} does not exist in the cache", tokenId));
}
var request = new ValidateSessionRequest(sessionInfo.Credentials.UserName,
sessionInfo.Credentials.SessionToken)
{
GetAuthorizations = true,
ValidateOnly = !renew
};
try
{
SessionToken newToken = null;
Platform.GetService(
delegate(IAuthenticationService service)
{
DateTime originalExpiryTime = sessionInfo.Credentials.SessionToken.ExpiryTime;
ValidateSessionResponse response = service.ValidateSession(request);
//If we're renewing, might as well renew well before expiry. If we're only validating,
//we don't want to force a call to the server unless it's actually expired.
var addSeconds = renew ? 30 : 0;
if (Platform.Time.AddSeconds(addSeconds) >= response.SessionToken.ExpiryTime)
{
Platform.Log(LogLevel.Info, "Session is at or near expiry; bypassing cache.");
//The response likely came from the cache, and we want to make sure we get a real validation response.
//Note that this only really matters when 2 processes are sharing a session, like ImageServer and Webstation.
using (new ResponseCacheBypassScope()) { response = service.ValidateSession(request); }
}
// update session info
string id = response.SessionToken.Id;
newToken = SessionCache.Instance.Renew(id, response.SessionToken.ExpiryTime);
sessionInfo.Credentials.Authorities = response.AuthorityTokens;
sessionInfo.Credentials.SessionToken = newToken;
if (Platform.IsLogLevelEnabled(LogLevel.Debug))
{
Platform.Log(LogLevel.Debug, "Session {0} for {1} is renewed. Valid until {2}", id, sessionInfo.Credentials.UserName, newToken.ExpiryTime);
if (originalExpiryTime == newToken.ExpiryTime)
{
Platform.Log(LogLevel.Warn, "Session expiry time is not changed. Is it cached?");
}
}
});
return sessionInfo;
}
catch(FaultException<InvalidUserSessionException> ex)
{
SessionCache.Instance.RemoveSession(tokenId);
throw new SessionValidationException(ex.Detail);
}
catch(FaultException<UserAccessDeniedException> ex)
{
SessionCache.Instance.RemoveSession(tokenId);
throw new SessionValidationException(ex.Detail);
}
catch(Exception ex)
{
//TODO: for now we can't distinguish communicate errors and credential validation errors.
// All exceptions are treated the same: we can't verify the login.
var e = new SessionValidationException(ex);
throw e;
}
}
public SessionToken Renew(string tokenId)
{
SessionInfo sessionInfo = SessionCache.Instance.Find(tokenId);
if (sessionInfo == null)
{
throw new Exception(String.Format("Unexpected error: session {0} does not exist in the cache", tokenId));
}
var request = new ValidateSessionRequest(sessionInfo.Credentials.UserName,
sessionInfo.Credentials.SessionToken)
{
GetAuthorizations = true
};
try
{
SessionToken newToken = null;
Platform.GetService(
delegate(IAuthenticationService service)
{
DateTime originalExpiryTime = sessionInfo.Credentials.SessionToken.ExpiryTime;
ValidateSessionResponse response = service.ValidateSession(request);
// update session info
string id = response.SessionToken.Id;
newToken= SessionCache.Instance.Renew(id, response.SessionToken.ExpiryTime);
if (Platform.IsLogLevelEnabled(LogLevel.Debug))
{
Platform.Log(LogLevel.Debug, "Session {0} for {1} is renewed. Valid until {2}", id, sessionInfo.Credentials.UserName, newToken.ExpiryTime);
if (originalExpiryTime == newToken.ExpiryTime)
{
Platform.Log(LogLevel.Warn, "Session expiry time is not changed. Is it cached?");
}
}
});
return newToken;
}
catch(FaultException<InvalidUserSessionException> ex)
{
throw new SessionValidationException(ex.Detail);
}
catch(FaultException<UserAccessDeniedException> ex)
{
throw new SessionValidationException(ex.Detail);
}
catch(Exception ex)
{
//TODO: for now we can't distinguish communicate errors and credential validation errors.
// All exceptions are treated the same: we can't verify the login.
var e = new SessionValidationException(ex);
throw e;
}
}
public SessionInfo VerifySession(string userId, string sessionTokenId)
{
SessionInfo sessionInfo = SessionCache.Instance.Find(sessionTokenId);
if (sessionInfo != null) return sessionInfo;
// Session does not exist in the cache.
// Go to the server to see if the session exists
// It may
var request = new ValidateSessionRequest(userId, new SessionToken(sessionTokenId))
{
GetAuthorizations = true,
ValidateOnly = false // load the tokens too since we don't know anything about session yet
};
try
{
using (new ResponseCacheBypassScope()) //bypass the response cache
{
Platform.GetService(
delegate(IAuthenticationService service)
{
ValidateSessionResponse response = service.ValidateSession(request);
sessionInfo = new SessionInfo(userId, userId, response.SessionToken);
SessionCache.Instance.AddSession(sessionTokenId, sessionInfo);
sessionInfo.Validate();
});
}
return sessionInfo;
}
catch (FaultException<InvalidUserSessionException> ex)
{
SessionCache.Instance.RemoveSession(sessionTokenId);
throw new SessionValidationException(ex.Detail);
}
catch (FaultException<UserAccessDeniedException> ex)
{
SessionCache.Instance.RemoveSession(sessionTokenId);
throw new SessionValidationException(ex.Detail);
}
catch (Exception ex)
{
//TODO: for now we can't distinguish communicate errors and credential validation errors.
// All exceptions are treated the same: we can't verify the session.
var e = new SessionValidationException(ex);
throw e;
}
}
