/// <summary> /// Log an attempt to open a door. This does not validate the attempt, it only stores the result /// in the database. /// </summary> /// <param name="doorId">The door being accessed</param> /// <param name="credentials">The items presented to authorize entry</param> /// <param name="result">Whether or not entry was allowed</param> public void LogAuthorizationAttempt(int doorId, IEnumerable <UserCredential> credentials, bool result, int?userId = null) { var AuthorizationAttempt = new AuthorizationAttempt { AttemptDate = DateTime.Now, Result = result, DoorID = doorId, UserID = userId }; Db.AuthorizationAttempts.Add(AuthorizationAttempt); Db.SaveChanges(); foreach (var credential in credentials) { Db.AuthorizationAttemptsCredentials.Add(new AuthorizationAttemptCredential { AuthorizationAttemptID = AuthorizationAttempt.AuthorizationAttemptID, CredentialID = credential.CredentialID, Value = credential.Value }); } Db.SaveChanges(); }
public ActionResult <AuthorizationResult> Authorize(AuthorizationAttempt request) { AuthDegree attemptedAuth = botConfig.AuthConfiguration.TryCredentials(request.Password, out string authString); if (!botConfig.AuthConfiguration.PublicAuthAllowed && attemptedAuth <= AuthDegree.Privileged) { communication.SendWarningMessage($"User tried to authenticate as {attemptedAuth} with password \"{request.Password}\" while locked down."); return(Forbid()); } if (attemptedAuth == AuthDegree.None) { communication.SendWarningMessage($"User failed to authenticate with password \"{request.Password}\"."); return(Unauthorized()); } communication.SendWarningMessage($"{attemptedAuth} authenticated."); return(new AuthorizationResult(attemptedAuth.ToString(), authString)); }