public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
try
{
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap();
if (map.Database.UseRefreshToken || map.Equals(Durados.Web.Mvc.Maps.Instance.DuradosMap))
{
//var guid = Guid.NewGuid().ToString();
//// maybe only create a handle the first time, then re-use for same client
//var refreshToken = System.Web.Helpers.Crypto.HashPassword(guid);
//_refreshTokens.TryAdd(refreshToken, context.Ticket);
// consider storing only the hash of the handle
string username = map.Database.GetCurrentUsername();
string refreshToken = Durados.Web.Mvc.UI.Helpers.RefreshToken.Get(map.Equals(Durados.Web.Mvc.Maps.Instance.DuradosMap) ? Durados.Web.Mvc.Maps.DuradosAppName : map.AppName, username);
if (refreshToken != null)
{
context.SetToken(refreshToken);
}
}
}
catch { }
}
private string GetApprovalParametersToken(string appName, string username, string redirect)
{
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
string userToken = Durados.Web.Mvc.UI.Helpers.SecurityHelper.GetTmpUserGuidFromGuid(map.Database.GetGuidByUsername(username));
return(EncryptApprovalParameters(appName, userToken, redirect));
}
protected virtual string AssignPendingAppsCallback(Dictionary <string, object> paraemeters)
{
string appName = paraemeters["@appName"].ToString();
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
string username = paraemeters["@newUser"].ToString();
System.Web.Security.MembershipUser user = map.GetMembershipProvider().GetUser(username, true);
if (user != null)
{
if (!user.IsApproved && Durados.Web.Mvc.Maps.MultiTenancy)
{
user.IsApproved = true;
System.Web.Security.Membership.UpdateUser(user);
}
}
//string appName = paraemeters["@appName"].ToString();
//Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
//if (!map.Database.BackandSSO)
//{
// Durados.Web.Mvc.UI.Helpers.AccountService.UpdateIsApproved(username, true, map);
//}
return("success");
}
private void ValidateById(OAuthGrantResourceOwnerCredentialsContext context)
{
if (System.Web.HttpContext.Current.Request.Form["appid"] == null || System.Web.HttpContext.Current.Request.Form["userid"] == null)
{
context.SetError(UserValidationErrorMessages.MissingUserIdOrAppId, UserValidationErrorMessages.MissingUserIdOrAppId);
return;
}
string appName = GetAppName(System.Web.HttpContext.Current.Request.Form["appid"]);
if (appName == null)
{
context.SetError(UserValidationErrorMessages.WrongUserIdOrAppId, UserValidationErrorMessages.WrongUserIdOrAppId);
return;
}
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
if (map == Durados.Web.Mvc.Maps.Instance.DuradosMap)
{
context.SetError(UserValidationErrorMessages.WrongUserIdOrAppId, UserValidationErrorMessages.WrongUserIdOrAppId);
return;
}
if (!map.Database.EnableSecretKeyAccess)
{
context.SetError(UserValidationErrorMessages.EnableKeysAccess, UserValidationErrorMessages.EnableKeysAccess);
return;
}
string username = GetUserName(System.Web.HttpContext.Current.Request.Form["userid"], appName);
if (username == null)
{
context.SetError(UserValidationErrorMessages.WrongUserIdOrAppId, UserValidationErrorMessages.WrongUserIdOrAppId);
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(Database.Username, username));
identity.AddClaim(new Claim(Database.AppName, appName));
context.Validated(identity);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appName, username, null, 3, string.Empty);
}
protected virtual HttpResponseMessage Approve(string userToken, string appName, string redirect)
{
try
{
if (string.IsNullOrEmpty(appName))
{
string message = "Could not find app";
return(Request.CreateResponse(HttpStatusCode.Unauthorized, message));
}
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
if (map == null)
{
string message = "Could not find app";
return(Request.CreateResponse(HttpStatusCode.Unauthorized, message));
}
bool allowRegistration = IsRegisreationAllowed(map);
if (!allowRegistration)
{
string message = "To enable Sign Up, please Enable User Registration";
return(Request.CreateResponse(HttpStatusCode.Unauthorized, message));
}
string userGuid = Durados.Web.Mvc.UI.Helpers.SecurityHelper.GetUserGuidFromTmpGuid(userToken);
string username = map.Database.GetUsernameByGuid(userGuid);
ApproveUser(appName, username);
var response = Request.CreateResponse(HttpStatusCode.Moved);
response.Headers.Location = new Uri(redirect);
return(response);
}
catch (Exception exception)
{
throw new BackAndApiUnexpectedResponseException(exception, this);
}
}
//[Durados.Web.Mvc.Controllers.Attributes.RequiresSSL]
public ActionResult Home()
{
bool hostByUs = Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["hostByUs"] ?? "true");
//for the main app (www), when routing back to the website, first redirect to / (e.g. www.backand.com)
//and only when coming iwth url= '/' load the index page and return it
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap();
if (map.IsMainMap && hostByUs)
{
if (Request.Url.AbsoluteUri != map.Url && Request.Url.AbsoluteUri != map.Url + "/")
{
return(RedirectPermanent(map.Url));
}
else
{
return(File(Server.MapPath("/ws/index.html"), "text/html"));
}
}
else
{
return(RedirectToAction("Default", "Home"));
}
}
private void ApproveUser(string appName, string username)
{
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
string mapId = map.Id;
if (string.IsNullOrEmpty(mapId))
{
System.Data.DataRow appRow = Durados.Web.Mvc.Maps.Instance.GetAppRow(appName);
mapId = appRow != null ? appRow["Id"].ToString() : string.Empty;
}
string userId = map.Database.GetUserID(username).ToString();
Dictionary <string, object> parameters2 = new Dictionary <string, object>();
parameters2.Add("@UserId", userId);
parameters2.Add("@AppId", mapId);
Durados.DataAccess.SqlAccess sql = new Durados.DataAccess.SqlAccess();
if (string.IsNullOrEmpty(sql.ExecuteScalar(Durados.Web.Mvc.Maps.Instance.DuradosMap.connectionString, "SELECT TOP 1 [ID] FROM [durados_UserApp] WHERE [UserId]=@UserId AND [AppId]=@AppId", parameters2)))
{
parameters2.Add("@newUser", username);
parameters2.Add("@appName", appName);
sql.ExecuteNonQuery(Durados.Web.Mvc.Maps.Instance.DuradosMap.Database.ConnectionString, "durados_AssignPendingApps @newUser,@appName", parameters2, AssignPendingAppsCallback);
}
}
public void EditPreview(string configViewName, string property, string value, string pk, string guid, out Durados.Web.Mvc.View view)
{
Durados.Web.Mvc.Map previewMap = Maps.Instance.GetMap();
Durados.DataAccess.ConfigAccess configAccess = new DataAccess.ConfigAccess();
view = null;
if (configViewName == "Page" && guid == PageGuid)
{
try
{
view = null;
Page page = Maps.Instance.GetMap().Database.Pages[Convert.ToInt32(pk)];
System.Reflection.PropertyInfo propertyInfo = page.GetType().GetProperty(property);
object value2;
if (propertyInfo.PropertyType.BaseType.FullName == "System.Enum")
{
value2 = Enum.Parse(propertyInfo.PropertyType, value);
}
else
{
value2 = Convert.ChangeType(value, propertyInfo.PropertyType);
}
propertyInfo.SetValue(page, value2, null);
Save((View)previewMap.GetConfigDatabase().Views["Page"], property, value2, pk);
}
catch (Exception ex)
{
throw new DuradosException("Failed to set value to field property.", ex);
}
}
else if (configViewName == "View")
{
string viewName = configAccess.GetViewNameByPK(pk, previewMap.GetConfigDatabase().ConnectionString);
if (string.IsNullOrEmpty(viewName))
{
// previewMap.Logger.Log("Admmin", "PreviewEdit", "EditPreview", null, 15, "viewName are null or empty.");
throw new DuradosException("viewName are null or empty or not exists.");
}
if (!previewMap.Database.Views.ContainsKey(viewName))
{
//previewMap.Logger.Log("Admmin", "PreviewEdit", "EditPreview", null, 15, "viewName are not contained in Views.");
throw new DuradosException("viewName are not contained in Views.");
}
view = (Durados.Web.Mvc.View)previewMap.Database.Views[viewName];
try
{
System.Reflection.PropertyInfo propertyInfo = view.GetType().GetProperty(property);
object value2;
if (propertyInfo.PropertyType.BaseType.FullName == "System.Enum")
{
value2 = Enum.Parse(propertyInfo.PropertyType, value);
}
else
{
value2 = Convert.ChangeType(value, propertyInfo.PropertyType);
}
propertyInfo.SetValue(view, value2, null);
if (guid == PageGuid)
{
Save((View)previewMap.GetConfigDatabase().Views["View"], property, value2, pk);
}
}
catch (Exception ex)
{
throw new DuradosException("Failed to set value to field property.", ex);
}
}
else if (configViewName == "Field")
{
string fieldName = configAccess.GetFieldNameByPK(pk, previewMap.GetConfigDatabase().ConnectionString);
string viewPK = configAccess.GetViewPKByFieldPK(pk, previewMap.GetConfigDatabase().ConnectionString);
string viewName = configAccess.GetViewNameByPK(viewPK, previewMap.GetConfigDatabase().ConnectionString);
if (string.IsNullOrEmpty(viewName) || string.IsNullOrEmpty(fieldName))
{
throw new DuradosException("fieldName or viewName are null or empty.");
//previewMap.Logger.Log("Admmin","PreviewEdit","EditPreview",null,15,"fieldName or viewName are null or empty.");
}
if (!previewMap.Database.Views.ContainsKey(viewName) || !previewMap.Database.Views[viewName].Fields.ContainsKey(fieldName))
{
throw new DuradosException("fieldName or viewName are not contained in file.");
//previewMap.Logger.Log("Admmin", "PreviewEdit", "EditPreview", null, 15, "fieldName or viewName are not contained in file.");
}
Durados.Field field = previewMap.Database.Views[viewName].Fields[fieldName];
try
{
System.Reflection.PropertyInfo propertyInfo = field.GetType().GetProperty(property);
object value2;
if (propertyInfo.PropertyType.BaseType.FullName == "System.Enum")
{
value2 = Enum.Parse(propertyInfo.PropertyType, value);
}
else
{
value2 = Convert.ChangeType(value, propertyInfo.PropertyType);
}
propertyInfo.SetValue(field, value2, null);
}
catch (Exception ex)
{
throw new DuradosException("Failed to set value to field property.", ex);
}
}
}
// public override async Task GrantRefreshToken(
//OAuthGrantRefreshTokenContext context)
// {
// var originalClient = context.Ticket.Properties.Dictionary["as:client_id"];
// var currentClient = context.OwinContext.Get<string>("as:client_id");
// // enforce client binding of refresh token
// if (originalClient != currentClient)
// {
// context.Rejected();
// return;
// }
// // chance to change authentication ticket for refresh token requests
// var newId = new ClaimsIdentity(context.Ticket.Identity);
// newId.AddClaim(new Claim("newClaim", "refreshToken"));
// var newTicket = new Microsoft.Owin.Security.AuthenticationTicket(newId, context.Ticket.Properties);
// context.Validated(newTicket);
// }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["userid"] != null)
{
ValidateById(context);
return;
}
else if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["accessToken"] != null)
{
ValidateByOneTimeAccessToken(context);
return;
}
else if (System.Web.HttpContext.Current.Request.Form["refreshToken"] != null)
{
if (System.Web.HttpContext.Current.Request.Form["username"] == null)
{
throw new DuradosException("username is missing.");
}
if (System.Web.HttpContext.Current.Request.Form[Database.AppName] == null)
{
throw new DuradosException(Database.AppName + " is missing.");
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, System.Web.HttpContext.Current.Request.Form[Database.AppName]);
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
System.Web.HttpContext.Current.Items.Add(Database.Username, System.Web.HttpContext.Current.Request.Form["username"]);
}
ValidateByRefreshToken(context, System.Web.HttpContext.Current.Request.Form["username"], System.Web.HttpContext.Current.Request.Form[Database.AppName], System.Web.HttpContext.Current.Request.Form["refreshToken"]);
return;
}
string appname = null;
appname = System.Web.HttpContext.Current.Request.Form[Database.AppName];
if (SharedMemorySingeltone.Instance.Contains(appname, Durados.Data.SharedMemoryKey.DebugMode))
{
System.Web.HttpContext.Current.Items[Durados.Workflow.JavaScript.Debug] = true;
}
if (string.IsNullOrEmpty(appname))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.AppNameNotSupplied);
return;
}
if (!IsAppExists(appname))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppNameNotExists, appname));
return;
}
System.Collections.Specialized.NameValueCollection form = GetFixedForm();
string username = context.UserName;
try
{
username = form["username"];
}
catch { }
string password = context.Password;
try
{
password = form["password"];
}
catch { }
if (!Durados.Web.Mvc.Maps.IsDevUser(username) && IsAppLocked(appname))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppLocked, appname));
return;
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, appname);
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
System.Web.HttpContext.Current.Items.Add(Database.Username, username);
}
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-start", appname, username, null, 3, string.Empty);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, string.Empty);
}
UserValidationError userValidationError = UserValidationError.Valid;
string customError = null;
bool hasCustomValidation = false;
bool customValid = false;
try
{
if (!IsValid(appname, username, password, out userValidationError, out customError, out hasCustomValidation, out customValid))
{
Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService();
string message = UserValidationErrorMessages.Unknown;
switch (userValidationError)
{
case UserValidationError.IncorrectUsernameOrPassword:
message = UserValidationErrorMessages.IncorrectUsernameOrPassword;
break;
case UserValidationError.LockedOut:
message = UserValidationErrorMessages.LockedOut;
break;
case UserValidationError.NotApproved:
message = UserValidationErrorMessages.NotApproved;
break;
case UserValidationError.NotRegistered:
message = UserValidationErrorMessages.NotRegistered;
break;
case UserValidationError.UserDoesNotBelongToApp:
message = UserValidationErrorMessages.UserDoesNotBelongToApp;
break;
case UserValidationError.Custom:
if (customError != null)
{
message = customError;
}
else
{
message = UserValidationErrorMessages.Unknown;
}
break;
default:
message = UserValidationErrorMessages.Unknown;
break;
}
context.SetError(UserValidationErrorMessages.InvalidGrant, message);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, message);
}
return;
}
}
catch (System.Exception exception)
{
context.SetError(UserValidationErrorMessages.InvalidGrant, exception.Message);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message);
}
return;
}
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appname);
Durados.Web.Mvc.Controllers.AccountMembershipService account = new Durados.Web.Mvc.Controllers.AccountMembershipService();
if (!hasCustomValidation || !customValid)
{
if (map.Database.SecureLevel == SecureLevel.AllUsers)
{
try
{
if (!(account.AuthenticateUser(map, username, password)))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.IncorrectUsernameOrPassword);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword);
}
return;
}
else if (!(account.IsApproved(username)))
{
if (map.HasAuthApp && account.IsApproved(username, map.AuthAppName))
{
userController uc = new userController();
var userRow = map.GetAuthAppMap().Database.GetUserRow(username);
var signUpResults = uc.SignUp(appname, null, null, true, GetFirstName(userRow), username, GetLastName(userRow), password, password, new Dictionary <string, object>());
}
else
{
context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.NotApproved);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved);
}
return;
}
}
}
catch (System.Exception exception)
{
context.SetError(UserValidationErrorMessages.Unknown, exception.Message);
return;
}
}
}
if (!string.IsNullOrEmpty(map.Database.LogOnUrlAuth) && !new DuradosAuthorizationHelper().ValidateLogOnAuthUrl(map, System.Web.HttpContext.Current.Request.Form))
{
string message = "External authentication failer";
context.SetError(UserValidationErrorMessages.InvalidGrant, message);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, message);
}
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(Database.Username, username));
identity.AddClaim(new Claim(Database.AppName, appname));
// create metadata to pass on to refresh token provider
//var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string>
//{
// { "as:client_id", context.ClientId }
//});
//var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props);
//context.Validated(ticket);
context.Validated(identity);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appname, username, null, 3, string.Empty);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end", appname, username, null, 3, string.Empty);
}
}
private string GetUserName(string userId, string appName)
{
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
return(map.Database.GetUsernameByGuid(userId));
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
var usernameObj = context.Identity.Claims.Where(c => c.Type == Database.Username).Single();
var appnameObj = context.Identity.Claims.Where(c => c.Type == Database.AppName).Single();
if (usernameObj != null && appnameObj != null)
{
string username = usernameObj.Value;
if (System.Web.HttpContext.Current != null && System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
username = System.Web.HttpContext.Current.Items[Database.Username].ToString();
}
string appname = appnameObj.Value;
context.AdditionalResponseParameters.Add("appName", appname);
context.AdditionalResponseParameters.Add("username", username);
try
{
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appname);
var currentUtc = new Microsoft.Owin.Infrastructure.SystemClock().UtcNow;
int expiration = map.Database.TokenExpiration;
if (expiration == 0 || expiration == 8640)
{
expiration = 86400;
}
context.Properties.IssuedUtc = currentUtc;
context.Properties.ExpiresUtc = currentUtc.Add(System.TimeSpan.FromSeconds(expiration));
string role = map.Database.GetUserRole2(username);
int backandUserId = map.Database.GetUserID(username);
object userId = map.Database.GetCurrentUserId();
context.AdditionalResponseParameters.Add("role", role);
try
{
string firstName = map.Database.GetUserFirstName();
context.AdditionalResponseParameters.Add("firstName", firstName);
string lastName = map.Database.GetUserLastName();
context.AdditionalResponseParameters.Add("lastName", lastName);
string fullName = map.Database.GetUserFullName2(username).ToString();
context.AdditionalResponseParameters.Add("fullName", fullName);
}
catch { }
context.AdditionalResponseParameters.Add("regId", backandUserId);
context.AdditionalResponseParameters.Add("userId", userId);
}
catch { }
try
{
if (System.Web.HttpContext.Current.Items.Contains(Durados.Database.CustomTokenAttrKey))
{
IDictionary <string, object> dic = (IDictionary <string, object>)System.Web.HttpContext.Current.Items[Durados.Database.CustomTokenAttrKey];
const string ForToken = "forToken";
if (dic.ContainsKey(ForToken))
{
var additionalValuesForToken = (IDictionary <string, object>)dic[ForToken];
foreach (string key in additionalValuesForToken.Keys)
{
context.AdditionalResponseParameters.Add(key, additionalValuesForToken[key]);
}
}
//else
//{
// foreach (string key in dic.Keys)
// {
// context.AdditionalResponseParameters.Add(key, dic[key]);
// }
//}
}
}
catch { }
}
return(Task.FromResult <object>(null));
}
private void ValidateByOneTimeAccessToken(OAuthGrantResourceOwnerCredentialsContext context)
{
if (System.Web.HttpContext.Current.Request.Form["accessToken"] == null)
{
context.SetError(UserValidationErrorMessages.MissingAccessToken, UserValidationErrorMessages.MissingAccessToken);
return;
}
string accessToken = System.Web.HttpContext.Current.Request.Form["accessToken"];
string appName = System.Web.HttpContext.Current.Request.Form["appName"];
if (appName == null)
{
context.SetError(UserValidationErrorMessages.AppNameNotSupplied, UserValidationErrorMessages.AppNameNotSupplied);
return;
}
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
if (map == null || (appName != Durados.Web.Mvc.Maps.DuradosAppName && map == Durados.Web.Mvc.Maps.Instance.DuradosMap))
{
context.SetError(UserValidationErrorMessages.WrongAppName, UserValidationErrorMessages.WrongAppName);
return;
}
string userGuid = Durados.Web.Mvc.UI.Helpers.SecurityHelper.GetUserGuidFromTmpGuid(accessToken);
string username = Durados.Web.Mvc.Maps.Instance.DuradosMap.Database.GetUsernameByGuid(userGuid);
if (username == null)
{
context.SetError(UserValidationErrorMessages.InvalidAccessToken, UserValidationErrorMessages.InvalidAccessToken);
return;
}
Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService();
if (map.Database.GetUserRow(username) == null)
{
context.SetError(UserValidationErrorMessages.UserDoesNotBelongToApp, UserValidationErrorMessages.UserDoesNotBelongToApp);
return;
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, appName);
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
System.Web.HttpContext.Current.Items.Add(Database.Username, username);
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(Database.Username, username));
identity.AddClaim(new Claim(Database.AppName, appName));
if (!System.Web.HttpContext.Current.Items.Contains(Durados.Database.CustomTokenAttrKey))
{
string tokenInfo;
var profile = GetProfileFromSharedMemoryToModulateInAccessToken(accessToken, out tokenInfo);
if (profile != null)
{
if (profile.ContainsKey(AdditionalValues) && profile[AdditionalValues] is IDictionary <string, object> )
{
System.Web.HttpContext.Current.Items.Add(Durados.Database.CustomTokenAttrKey, (IDictionary <string, object>)profile[AdditionalValues]);
}
identity.AddClaim(new Claim(Database.TokenInfo, tokenInfo));
}
}
context.Validated(identity);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appName, username, null, 3, string.Empty);
}
private bool IsRegisreationAllowed(Durados.Web.Mvc.Map map)
{
return(map.Database.EnableUserRegistration);
}
