private bool IsAuthenticateUserWithToken(HttpContextBase context, out int UserId) { UserId = -1; if (!context.Request.Headers.AllKeys.Contains("VpnAuthToken", StringComparer.OrdinalIgnoreCase)) { return(false); } if (!context.Request.Headers.AllKeys.Contains("VpnUserId", StringComparer.OrdinalIgnoreCase)) { return(false); } string token = context.Request.Headers["VpnAuthToken"]; int uid = -1; int.TryParse(context.Request.Headers["VpnUserId"], out uid); var api = new LibLogic.Accounts.UserApiTokens(); var data = api.Retrieve(uid); if (data.Token1 != token) { LibLogic.Helpers.Logging.Log("data.Token1 != token", false); return(false); } if (data.Token1ExpireTime <= DateTime.UtcNow) { LibLogic.Helpers.Logging.Log("data.Token1ExpireTime <= DateTime.UtcNow", false); return(false); } UserId = uid; return(true); }
public ContentResult Auth() { // LibLogic.DTO.ApiAuthResponse results; try { if (!HttpContext.Request.Headers.AllKeys.Contains("Authorization", StringComparer.OrdinalIgnoreCase)) { HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden; return(Content("Authorization not sent")); } string authHeader = HttpContext.Request.Headers["Authorization"]; var creds = ParseAuthHeader(authHeader); var login = new LibLogic.Login(creds[0], creds[1]); try { login.Execute(); } catch (LibLogic.Exceptions.InvalidDataException ex) { HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError; LibLogic.Helpers.Logging.Log(ex); return(Content("InternalServerError")); } if (!login.LoggedIn) { HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden; return(Content("Unauthorized")); } sessionVars.LoggedIn = login.LoggedIn; sessionVars.IsAdmin = login.IsAdmin; sessionVars.UserId = login.UserId; sessionVars.Username = login.Username; var toks = new LibLogic.Accounts.UserApiTokens(); var tokData = toks.Retrieve(login.UserId); var results = new LibLogic.DTO.ApiAuthResponse() { Token1 = tokData.Token1, Token2 = tokData.Token2, Token1ExpireUtc = tokData.Token1ExpireTime, Token2ExpireUtc = tokData.Token2ExpireTime, UserId = sessionVars.UserId }; var json = Newtonsoft.Json.JsonConvert.SerializeObject(results); HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.OK; return(Content(json)); } catch (Exception ex) { Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError; LibLogic.Helpers.Logging.Log(ex); return(Content("InternalServerError")); } }