private static string GetAuthUrl(int tenantId)
        {
            var tenantResource = new TenantResource();
            var tenant = tenantResource.GetTenant(tenantId);
            return HttpHelper.GetUrl(tenant.Domain);

           
        }
        //[HttpPost]
        //[ConfigurationAuthFilter]
        public async Task<ActionResult> Index(int? tenantId)
        {

            if (tenantId.HasValue)
            {
                var tenantResource = new TenantResource();
                var tenant = await tenantResource.GetTenantAsync(tenantId.Value);
            }

            string cookieToken;
            string formToken;

            AntiForgery.GetTokens(null, out cookieToken, out formToken);
            ViewBag.cookieToken = cookieToken;
            ViewBag.formToken = formToken;
            return View();
        }
Пример #3
0
        public async Task<Site> GetSite(IApiContext apiContext)
        {
            if (apiContext.SiteId.GetValueOrDefault(0) == 0)
                throw new Exception("Site ID is missing in api context");

            var tenant = apiContext.Tenant;
            if (tenant == null)
            {
                var tenantResource = new TenantResource();
                tenant = await tenantResource.GetTenantAsync(apiContext.TenantId);
            }

            var site = tenant.Sites.SingleOrDefault(x => x.Id == apiContext.SiteId);
            if (site == null)
                throw new Exception("Site " + apiContext.SiteId + " not found for tenant " + tenant.Name);
            return site;
        }
Пример #4
0
        private void cbTenant_changed(object sender, EventArgs e)
        {
            try
            {
                cbSite.DataSource = null;
                var scope = (Scope) cbTenant.SelectedItem;

                var tenantResource = new TenantResource();
                _tenant = tenantResource.GetTenant(scope.Id);
                var sites = _tenant.Sites;
                cbSite.DataSource = sites;
                cbSite.DisplayMember = "Name";
                panelAPI.Show();

            }
            catch (Exception exc)
            {
                LogError(exc);
            }
        }
Пример #5
0
	    private static Site GetSite(int tenantId, int siteId)
	    {
            var tenantResource = new TenantResource();
            var tenant = tenantResource.GetTenant(tenantId);
            var site = tenant.Sites.SingleOrDefault(x => x.Id.Equals(siteId));

            if (site == null) throw new Exception(string.Format("{0} not found for tenant {1}", siteId, tenantId));
	        return site;
	    }
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);

            if (!ConfigurationAuth.IsRequestValid(filterContext.HttpContext.Request))
                throw new SecurityException("Unauthorized");

            var request = filterContext.RequestContext.HttpContext.Request;
            var apiContext = new ApiContext(request.Headers); //try to load from headers
            if (apiContext.TenantId == 0)
            {
                //try to load from body
                apiContext = new ApiContext(request.Form);
            }

            if (apiContext.TenantId == 0) //if not found load from query string
            {
                var tenantId = request.QueryString.Get("tenantId");
                if (String.IsNullOrEmpty(tenantId))
                {
                    filterContext.HttpContext.Response.StatusCode = 401;
                    filterContext.HttpContext.Response.End();
                }
                apiContext = new ApiContext(int.Parse(tenantId));
            }
            var requestUri = filterContext.HttpContext.Request.Path.Split('/');
            string path ="/"+ requestUri[1] + "/" + apiContext.TenantId.ToString();
            filterContext.HttpContext.Response.Cookies.Add(GetCookie("subNavLink", (String.IsNullOrEmpty(apiContext.UserId) ? "0" : "1"), path));

            try
            {
                var tenantResource = new TenantResource();
                var tenant = Task.Factory.StartNew(() => tenantResource.GetTenantAsync(apiContext.TenantId).Result, TaskCreationOptions.LongRunning).Result;
            }
            catch (ApiException exc)
            {
                _logger.Error(exc);
                filterContext.HttpContext.Response.StatusCode = 401;
                filterContext.HttpContext.Response.End();
            }

            string cookieToken;
            string formToken;

            AntiForgery.GetTokens(null, out cookieToken, out formToken);
            filterContext.HttpContext.Response.Cookies.Add(GetCookie("formToken", HttpUtility.UrlEncode(formToken),path));
            filterContext.HttpContext.Response.Cookies.Add(GetCookie("cookieToken", HttpUtility.UrlEncode(cookieToken),path));
            filterContext.HttpContext.Response.Cookies.Add(GetCookie("tenantId", apiContext.TenantId.ToString(),path));
            if (!string.IsNullOrEmpty(apiContext.UserId))
                filterContext.HttpContext.Response.Cookies.Add(GetCookie(Headers.USERID, apiContext.UserId,path));
            else
                filterContext.HttpContext.Response.Cookies.Remove(Headers.USERID);
            var hashString = string.Concat(apiContext.TenantId.ToString(), cookieToken, formToken);
            if (!string.IsNullOrEmpty(apiContext.UserId))
            {
                _logger.Info("Adding userid to hash :" + apiContext.UserId);
                hashString = string.Concat(hashString, apiContext.UserId);
            }
            var hash = SHA256Generator.GetHash(string.Empty, hashString);
            _logger.Info("Computed Hash : " + hash);
            filterContext.HttpContext.Response.Cookies.Add(GetCookie("hash", HttpUtility.UrlEncode(hash),path));
        }
        private static bool Validate(IApiContext apiContext, string formToken, string cookieToken, bool isSubNavLink)
        {
            try
            {
                AntiForgery.Validate(cookieToken, formToken);
            }
            catch (Exception)
            {
                return false;
            }

            //Validate tenant access

            if (apiContext.TenantId < 0) return false;
            if (String.IsNullOrEmpty(apiContext.HMACSha256))
                throw new UnauthorizedAccessException();

            var stringToHash = String.Concat(apiContext.TenantId.ToString(), cookieToken, formToken);
            if (!String.IsNullOrEmpty(apiContext.UserId) && isSubNavLink)
            {
                _logger.Info("Userid:" + apiContext.UserId);
                stringToHash = String.Concat(stringToHash, apiContext.UserId);
            }
            var computedHash = Security.SHA256Generator.GetHash(string.Empty, stringToHash );
            if (apiContext.HMACSha256 != computedHash)
            {
                _logger.Info("Header hash : " + HttpUtility.UrlDecode(apiContext.HMACSha256));
                _logger.Info("Computed hash : " + computedHash);
                return false;
            }

            try
            {
                var tenantResource = new TenantResource();
                var tennat = Task.Factory.StartNew(() => tenantResource.GetTenantAsync(apiContext.TenantId).Result, TaskCreationOptions.LongRunning).Result;

            }
            catch (ApiException ae)
            {
                return false;
            }

            return true;
        }