public HttpClientEx(Lpp.Dns.DataMart.Lib.NetWorkSetting ns, System.Security.Cryptography.X509Certificates.X509Certificate2 cert) { _NetworkSetting = ns; if (cert == null) { this._Client = new HttpClient() { Timeout = new TimeSpan(0, 10, 0) }; } else { var handler = new WebRequestHandler { ClientCertificateOptions = ClientCertificateOption.Manual, UseDefaultCredentials = false }; handler.ClientCertificates.Add(cert); this._Client = new HttpClient(handler) { Timeout = new TimeSpan(0, 10, 0) }; } System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12 | System.Net.SecurityProtocolType.Tls11; var metadata = new DMCMetadata { DMCFileVersion = _FileVersion, DMCProductVersion = _ProductVersion }; var creds = Crypto.EncryptStringAES(string.Format("{0}:{1}", _NetworkSetting.Username, _NetworkSetting.DecryptedPassword), "PopMedNet Authorization", _NetworkSetting.EncryptionSalt); this._Credentials = Convert.ToBase64String(Encoding.UTF8.GetBytes(creds + ":" + "" + ":" + JsonConvert.SerializeObject(metadata))); this._Client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("PopMedNet", _Credentials); this._Host = ns.HubWebServiceUrl.TrimEnd("/".ToCharArray()); }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { if (context.Request.Headers.Authorization == null) { HttpContext.Current.User = null; Thread.CurrentPrincipal = null; return; } var authToken = context.Request.Headers.Authorization.Parameter; ApiIdentity ident = HttpContext.Current.Cache[authToken] as ApiIdentity; if (ident != null) { if (string.Equals("PopMedNet", context.Request.Headers.Authorization.Scheme)) { var ctx = context.Request.Properties["MS_HttpContext"] as HttpContextWrapper; var unsplitToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); var decodedToken = unsplitToken.Split(':'); DMCMetadata metadata = null; if (decodedToken.Length > 2) { metadata = JsonConvert.DeserializeObject <DMCMetadata>(unsplitToken.Substring(decodedToken[0].Length + decodedToken[1].Length + 2)); } using (var db = new DataContext()) { Dns.Data.Audit.UserAuthenticationLogs successAudit = new UserAuthenticationLogs { UserID = ident.ID, Description = $"User Authenticated Successfully from DataMart Client (Release: {metadata.DMCProductVersion}, Version: {metadata.DMCFileVersion}, IP Address: {ctx.Request.UserHostAddress}).", Success = true, IPAddress = ctx.Request.UserHostAddress, Environment = "DataMart Client", Details = unsplitToken.Substring(decodedToken[0].Length + decodedToken[1].Length + 2), DMCVersion = metadata.DMCFileVersion, Source = ident.RawUrl }; db.LogsUserAuthentication.Add(successAudit); await db.SaveChangesAsync(); } } } else { if (string.Equals("PopMedNet", context.Request.Headers.Authorization.Scheme)) { using (var db = new DataContext()) { string username = null; string password = null; IUser user = null; var ctx = context.Request.Properties["MS_HttpContext"] as HttpContextWrapper; var unsplitToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); var decodedToken = unsplitToken.Split(':'); Lpp.Utilities.WebSites.Models.LoginResponseModel.DecryptCredentials(decodedToken[0], out username, out password); if (!db.ValidateUser2(username, password, out user)) { if (user != null) { DMCMetadata metadata = null; string reserializedJson = ""; if (decodedToken.Length > 2) { metadata = JsonConvert.DeserializeObject <DMCMetadata>(unsplitToken.Substring(decodedToken[0].Length + decodedToken[1].Length + 2)); metadata.InvalidCredentials = Lpp.Utilities.Crypto.EncryptStringAES("UserName: "******" was attempted with Password:"******"AuthenticationLog", user.ID.ToString("D")); reserializedJson = JsonConvert.SerializeObject(metadata); } UserAuthenticationLogs failedAudit = new UserAuthenticationLogs { UserID = user.ID, Description = $"User Authenticated Failed from DataMart Client (Release: {metadata.DMCProductVersion}, Version: {metadata.DMCFileVersion}, IP Address: {ctx.Request.UserHostAddress}).", Success = false, IPAddress = ctx.Request.UserHostAddress, Environment = "DataMart Client", Details = reserializedJson, DMCVersion = metadata.DMCFileVersion, Source = ctx.Request.RawUrl }; db.LogsUserAuthentication.Add(failedAudit); await db.SaveChangesAsync(); } } } } } }