private void ValidSecurityToken(string securityToken, string ipAddress)
{
if (string.IsNullOrEmpty(securityToken))
{
throw new Exception("SecurityToken is invalid");
}
//SessionId|ID|yyyyMMddHHmmss|IpAddress
string[] variableToken;
try
{
variableToken = Cryptographic.Decryptor(securityToken).Split('|');
}
catch (Exception ex)
{
throw new Exception("SecurityToken is invalid - " + ex.Message, ex);
}
if (variableToken.Length <= 3)
{
throw new Exception("SecurityToken is invalid");
}
string clientIdOrUserId = variableToken[1].Trim();
//string sessionId = variableToken[0].Trim();
string date = variableToken[2].Trim();
string ipSecurity = variableToken[3].Trim().Replace(".", "").Replace(":", "").Replace("\0", "");
if (ipSecurity != ipAddress && ipAddress != "1" && ipAddress != "127001")
{
throw new Exception("Ip is invalid. Your IP: " + ipAddress + " and Ip Security: " + ipSecurity);
}
int id;
if (!int.TryParse(clientIdOrUserId, out id))
{
throw new Exception("Client or User is invalid");
}
if (DateTime.Now.AddMinutes(-1) > DateTime.ParseExact(date, "yyyyMMddHHmmss", CultureInfo.InvariantCulture))
{
throw new Exception("Session expired");
}
}
private void ValidSecurityToken()
{
bool isNew = false;
if (string.IsNullOrEmpty(SecurityToken) && Request.QueryString["Token"] != null)
{
SecurityToken = Request.QueryString["Token"];
isNew = true;
}
if (string.IsNullOrEmpty(SecurityToken))
{
throw new Exception("SecurityToken is invalid");
}
//SessionId|ID|yyyyMMddHHmmss|IpAddress
string[] variableToken;
try
{
variableToken = Cryptographic.Decryptor(SecurityToken).Split('|');
}
catch (Exception ex)
{
throw new Exception("SecurityToken is invalid - " + ex.Message, ex);
}
if (variableToken.Length <= 3)
{
throw new Exception("SecurityToken is invalid");
}
string clientIdOrUserId = variableToken[1].Trim();
string sessionId = variableToken[0].Trim();
string date = variableToken[2].Trim();
string ipSecurity = variableToken[3].Trim().Replace(".", "").Replace(":", "").Replace("\0", "");
//string tipoUserOrClient = variableToken[4].Trim().Replace("\0", "");
string ipAddress = Context.Request.ServerVariables["REMOTE_ADDR"].Replace(".", "").Replace(":", "");
if (String.IsNullOrEmpty(ipAddress))
{
if (Context.Request.UserHostAddress != null)
{
ipAddress = Context.Request.UserHostAddress.Replace(".", "").Replace(":", "");
}
}
if (ipSecurity != ipAddress && ipAddress != "1" && ipAddress != "127001")
{
throw new Exception("Ip is invalid. Your IP: " + ipAddress + " and Ip Security: " + ipSecurity);
}
int id;
if (!int.TryParse(clientIdOrUserId, out id))
{
throw new Exception("Client or User is invalid");
}
if (SessionString != sessionId && isNew == false)
{
throw new Exception("SessionId is invalid");
}
if (DateTime.Now.AddMinutes(-1) > DateTime.ParseExact(date, "yyyyMMddHHmmss", CultureInfo.InvariantCulture))
{
throw new Exception("Session expired");
}
if (id != ClientOrUserId && isNew == false && ClientOrUserId != 0)
{
throw new Exception("Client or User is invalid");
}
if (UsuarioLogado == null || isNew)
{
SecurityController controller = new SecurityController();
UsuarioLogado = controller.GetUser(ClientOrUserId);
}
}
// ReSharper disable once ParameterHidesMember
private int ValidSecurityToken(AuthHeader authHeader)
{
if (authHeader != null)
{
if (string.IsNullOrEmpty(authHeader.SecurityToken))
{
throw new SoapException("SecurityToken is invalid", SoapException.ClientFaultCode,
Context.Request.Url.AbsoluteUri);
}
//SessionId|ID|yyyyMMddHHmmss|IpAddress
string[] variableToken;
try
{
variableToken = Cryptographic.Decryptor(authHeader.SecurityToken).Split('|');
}
catch (Exception ex)
{
throw new SoapException("SecurityToken is invalid - " + ex.Message, SoapException.ClientFaultCode,
Context.Request.Url.AbsoluteUri);
}
if (variableToken.Length <= 2)
{
throw new SoapException("SecurityToken is invalid", SoapException.ClientFaultCode,
Context.Request.Url.AbsoluteUri);
}
string clientIdOrUserId = variableToken[1].Trim();
string sessionId = variableToken[0].Trim();
string date = variableToken[2].Trim();
string ipSecurity = variableToken[3].Trim().Replace(".", "").Replace(":", "").Replace("\0", "");
string ipAddress = Context.Request.ServerVariables["REMOTE_ADDR"].Replace(".", "").Replace(":", "");
if (String.IsNullOrEmpty(ipAddress))
{
if (Context.Request.UserHostAddress != null)
{
ipAddress = Context.Request.UserHostAddress.Replace(".", "").Replace(":", "");
}
}
if (ipSecurity != ipAddress && ipAddress != "1" && ipAddress != "127001")
{
throw new SoapException("Ip is invalid. Your IP: " + ipAddress + " and Ip Security: " + ipSecurity,
SoapException.ClientFaultCode, Context.Request.Url.AbsoluteUri);
}
int id;
if (!int.TryParse(clientIdOrUserId, out id))
{
throw new SoapException("Client or User is invalid", SoapException.ClientFaultCode,
Context.Request.Url.AbsoluteUri);
}
if (authHeader.SessionId != sessionId)
{
throw new SoapException("SessionId is invalid", SoapException.ClientFaultCode,
Context.Request.Url.AbsoluteUri);
}
if (DateTime.Now.AddMinutes(-1) >
DateTime.ParseExact(date, "yyyyMMddHHmmss", CultureInfo.InvariantCulture))
{
throw new SoapException("Session expired", SoapException.ClientFaultCode,
Context.Request.Url.AbsoluteUri);
}
return(id);
}
throw new SoapException("User is no logged", SoapException.ClientFaultCode, Context.Request.Url.AbsoluteUri);
}