/// <summary>
/// Validates the users login and password sent in, and returns the users information if valid.
/// </summary>
/// <param name="Assemblyname">Assembly name of the calling assembly</param>
/// <param name="Appid">Application id to verify originator.</param>
/// <param name="Username">Username to validate.</param>
/// <param name="Password">Password to validate.</param>
/// <returns>User information</returns>
public Common ValidateLogin(string Assemblyname, string Appid, string Username, string Password)
{
lock (Authenticated)
{
Authenticated.Clear();
}
using (CommonTableAdapters.sp_GetApplicationByTokenTableAdapter tokenAdapter = new CommonTableAdapters.sp_GetApplicationByTokenTableAdapter())
using (Common.sp_GetApplicationByTokenDataTable dtApps = new Common.sp_GetApplicationByTokenDataTable())
{
tokenAdapter.Fill(dtApps, new Guid(StringCipher.Decrypt(Appid)), StringCipher.Decrypt(Assemblyname));
if (dtApps != null && dtApps.Rows.Count <= 0)
{
//Could not find matching GUID for application in the apps table.
//This could possibly be an intruder posing as an app.
throw new FaultException("Application token validation failed.");
}
}
using (CommonTableAdapters.sp_GetLoginTableAdapter ta = new CommonTableAdapters.sp_GetLoginTableAdapter())
using (Common d = new Common())
{
try
{
//check the login against plain text in the database but the password is encrypted in the database so only decrypt one layer
//username is encrypted on the outer layer using the rotating key, and the inner with the fixed key.
//password is encrypted on the outer layer using the rotating key. The inner layer is never unencrypted.
ta.Fill(d.sp_GetLogin, StringCipher.Decrypt(StringCipher.Decrypt(Username), true), StringCipher.Decrypt(Password));
if (d.sp_GetLogin != null && d.sp_GetLogin.Count == 1)
{
//login accepted start session
Guid newSessionId = Guid.NewGuid();
lock (Authenticated)
{
Authenticated.Add(newSessionId);
}
//update user entry with the latest session id
using (CommonTableAdapters.QueriesTableAdapter queries = new CommonTableAdapters.QueriesTableAdapter())
{
queries.sp_UpdateUserSession(d.sp_GetLogin.First().user_id, newSessionId);
}
d.sp_GetLogin.First().sessionid = newSessionId;
return(d);
}
else
{
//no user by that name exists
throw new FaultException("Login failed.");
}
}
catch (Exception ex)
{
if (ex is FaultException)
{
throw;
}
else
{
throw new FaultException("Unexpected error: " + ex.Message);
}
}
}
}
/// <summary>
/// Validates the users login and password sent in, and returns the users information if valid.
/// </summary>
/// <param name="Assemblyname">Assembly name of the calling assembly</param>
/// <param name="Appid">Application id to verify originator.</param>
/// <param name="Username">Username to validate.</param>
/// <param name="Password">Password to validate.</param>
/// <returns>User information</returns>
public Common ValidateLogin(string Assemblyname, string Appid, string Username, string Password)
{
lock (Authenticated)
{
Authenticated.Clear();
}
using (CommonTableAdapters.sp_GetApplicationByTokenTableAdapter tokenAdapter = new CommonTableAdapters.sp_GetApplicationByTokenTableAdapter())
using (Common.sp_GetApplicationByTokenDataTable dtApps = new Common.sp_GetApplicationByTokenDataTable())
{
tokenAdapter.Fill(dtApps, new Guid(StringCipher.Decrypt(Appid)), StringCipher.Decrypt(Assemblyname));
if (dtApps != null && dtApps.Rows.Count <= 0)
{
//Could not find matching GUID for application in the apps table.
//This could possibly be an intruder posing as an app.
throw new FaultException("Application token validation failed.");
}
}
using (CommonTableAdapters.sp_GetLoginTableAdapter ta = new CommonTableAdapters.sp_GetLoginTableAdapter())
using (Common d = new Common())
{
try
{
//check the login against plain text in the database but the password is encrypted in the database so only decrypt one layer
//username is encrypted on the outer layer using the rotating key, and the inner with the fixed key.
//password is encrypted on the outer layer using the rotating key. The inner layer is never unencrypted.
ta.Fill(d.sp_GetLogin, StringCipher.Decrypt(StringCipher.Decrypt(Username), true), StringCipher.Decrypt(Password));
if (d.sp_GetLogin != null && d.sp_GetLogin.Count == 1)
{
//login accepted start session
Guid newSessionId = Guid.NewGuid();
lock (Authenticated)
{
Authenticated.Add(newSessionId);
}
//update user entry with the latest session id
using (CommonTableAdapters.QueriesTableAdapter queries = new CommonTableAdapters.QueriesTableAdapter())
{
queries.sp_UpdateUserSession(d.sp_GetLogin.First().user_id, newSessionId);
}
d.sp_GetLogin.First().sessionid = newSessionId;
return d;
}
else
{
//no user by that name exists
throw new FaultException("Login failed.");
}
}
catch (Exception ex)
{
if (ex is FaultException)
throw;
else
throw new FaultException("Unexpected error: " + ex.Message);
}
}
}
