public Response GetUserInformationBySession(string guid, out User user)
{
var response = new Response()
{
Message = "Not initializated.", Result = false
};
user = null;
try
{
//Se valida que la sesion no esté vacía
if (string.IsNullOrEmpty(guid))
{
response.Message = string.Format("No se ha proporcionado una sesión valida.");
response.Result = false;
user = null;
return(response);
}
//Se busca la sesion activa en la bd.
User userFinded = null;
var sessionLogic = new SessionLogic(_configuration);
Response userFindedResponse = sessionLogic.FindUserBySession(guid, out userFinded);
sessionLogic.Dispose();
if (!userFindedResponse.Result)
{
response = userFindedResponse;
return(response);
}
else
{
user = userFinded;
response.Result = true;
response.Message = "Se encontró la sesion";
}
}
catch (Exception exception)
{
response.Message =
string.Format("Ocurrio un error al consultar información de usuario en esquema de seguridad. {0}", exception.Message);
response.Result = false;
user = null;
}
return(response);
}
public Response GetUserInformationAndOperations(User userAuthenticaded, string applicationName, string applicationPassword, out List <Operation> operationUserList)
{
var response = new Response {
Message = "Not initilizated", Result = false
};
operationUserList = new List <Operation>();
try
{
//Validate data
if (userAuthenticaded == null)
{
response.Message = "No se puede enviar el objeto user como nulo.";
return(response);
}
if (string.IsNullOrEmpty(applicationName))
{
response.Message = "No se puede enviar el nombre de la aplicación como nulo.";
return(response);
}
if (string.IsNullOrEmpty(applicationPassword))
{
response.Message = "No se puede enviar la contraseña de la aplicación como nulo.";
return(response);
}
//1.-GetApplication Id
var applicationLogic = new ApplicationLogic(_configuration);
var applicationDbList = applicationLogic.GetApplicationList();
applicationLogic.Dispose();
var appFinded = applicationDbList.Find(app => app.ApplicationName == applicationName);
if (appFinded == null)
{
response.Message = string.Format("La aplicación {0} especificada no está registrada en esquema de seguridad. {1}", applicationName, DateTime.Now.ToString());
return(response);
}
if (applicationPassword.Trim() != appFinded.ApplicationPassword.Trim())
{
response.Message = string.Format("La contraseña de aplicación especificada no es válida. {0}", DateTime.Now.ToString());
return(response);
}
//var applicationPasswordResult = Cryptographer.CompareHash("SecurityAlgorithim", applicationPassword, appFinded.ApplicationPassword);
//if(!applicationPasswordResult)
//{
// response.Message = string.Format("La contraseña de aplicación especificada no es válida. {0}",DateTime.Now.ToString());
// return response;
//}
//Using appFinded and user, we search for operations
var userlogic = new UserLogic(_configuration);
var userFinded = userlogic.FindUser(userAuthenticaded.UserId);
userlogic.Dispose();
if (userFinded == null)
{
response.Message = string.Format("La cuenta {0} no existe en el esquema de seguridad. {1}", userAuthenticaded.UserId, DateTime.Now.ToString());
return(response);
}
var roleLogic = new RoleLogic(_configuration);
List <Role> rolesFinded = roleLogic.GetRoleList(appFinded, userFinded);
roleLogic.Dispose();
if (rolesFinded.Count == 0)
{
response.Message =
string.Format("No ha sido asignado ningún rol al usuario {0} en el esquema de seguridad. {1}", userAuthenticaded.UserId, DateTime.Now.ToString());
return(response);
}
//validate if User object has a valid sessionId
var sessionLogic = new SessionLogic(_configuration);
var sessionValidation = sessionLogic.ValidateSession(userAuthenticaded, appFinded);
sessionLogic.Dispose();
if (!sessionValidation.Result)
{
response.Message = string.Format("Sesión de usuario no válida. {0}", sessionValidation.Message);
return(response);
}
var operationLogic = new OperationLogic(_configuration);
operationUserList = operationLogic.GetOperationList(rolesFinded);
operationLogic.Dispose();
response.Result = true;
response.Message = string.Format("Se encontraron {0} operaciones para la el usuario {1} y aplicacion {2}. ", operationUserList.Count, userFinded.UserId, appFinded.ApplicationName, DateTime.Now.ToString());
}
catch (Exception err)
{
response.Message = string.Format("Ocurrio un error al autorizar. {0} {1} ", err.Message, DateTime.Now.ToString());
return(response);
}
return(response);
}
/// <summary>
/// Returns a true or false response against Active Directory and Application Security Service
/// </summary>
/// <param name="domain">string</param>
/// <param name="userId">string</param>
/// <param name="password">string</param>
/// <param name="userAuthenticated">User</param>
/// <param name="applicationName">applicationName</param>
/// <param name="activeDirectoryAuthenticationRequired">activeDirectoryAuthenticationRequired</param>
/// <returns>Response</returns>
public Response Authenticate(string domain, string userId, string password, string applicationName, out User userAuthenticated)
{
var response = new Response {
Message = "Not initializated", Result = false
};
userAuthenticated = null;
bool InActiveDirectory = false;
//Security Service Validation
try
{
var userLogic = new UserLogic(_configuration);
userAuthenticated = userLogic.FindUser(userId);
userLogic.Dispose();
if (userAuthenticated == null)
{
response.Message = "500 - La cuenta de usuario no existe en SeguridadApp.";
return(response);
}
}
catch (Exception securityException)
{
response.Message = string.Format("900 - Ocurrió un error al consultar el la cuenta de usuario en SeguridadApp: {0} ", securityException.Message);
return(response);
}
//ActiveDirectory Authentication
User AdUserFinded;
this.GetUserInformation(userAuthenticated.EmployeeNumber, out AdUserFinded);
if (AdUserFinded != null)
{
var pathLDap = _LDapConnectionString;
string domainAndUsername;
domainAndUsername = domain + @"\" + userAuthenticated.EmployeeNumber;
var entry = new DirectoryEntry(pathLDap, domainAndUsername, password);
try
{
// Bind to the native AdsObject to force authentication.
var obj = entry.NativeObject;
var search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + userAuthenticated.EmployeeNumber + ")";
search.PropertiesToLoad.Add("cn");
search.PropertiesToLoad.Add("mail");
search.PropertiesToLoad.Add("givenname");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("samaccountname");
SearchResult result = search.FindOne();
if (null != result)
{
InActiveDirectory = true;
}
}
catch (Exception ex)
{
response.Message = string.Format
("600 - No fue posible autenticar la cuenta de usuario en el Directorio Activo - {0}. Intente nuevamente. Error: {1}", DateTime.Now.ToString(),
ex.Message);
return(response);
}
}
if (!InActiveDirectory)
{
response.Message = string.Format("600 - No fue posible autenticar la cuenta de usuario en el Directorio Activo. {0}", DateTime.Now.ToString());
return(response);
}
//Se valida la vigencia de fechas de la cuenta en SeguridadApp
DateTime declineDate = new DateTime(Convert.ToInt32(userAuthenticated.DeclineDate.Substring(6, 4))
, Convert.ToInt32(userAuthenticated.DeclineDate.Substring(3, 2))
, Convert.ToInt32(userAuthenticated.DeclineDate.Substring(0, 2)));
DateTime declineDateSIO = new DateTime(Convert.ToInt32(userAuthenticated.DeclineDateSIO.Substring(6, 4))
, Convert.ToInt32(userAuthenticated.DeclineDateSIO.Substring(3, 2))
, Convert.ToInt32(userAuthenticated.DeclineDateSIO.Substring(0, 2)));
if (declineDate <= DateTime.Now || declineDateSIO <= DateTime.Now)
{
response.Message = "501 - La cuenta de usuario no es vigente en SeguridadApp.";
return(response);
}
userAuthenticated.AuthenticationType = AuthenticationTypeEnum.SecurityServiceAndActiveDirectory;
//Add session to the user
//1.-GetApplication Id
var applicationLogic = new ApplicationLogic(_configuration);
var applicationDbList = applicationLogic.GetApplicationList();
applicationLogic.Dispose();
var appFinded = applicationDbList.Find(app => app.ApplicationName == applicationName);
if (appFinded == null)
{
response.Message = string.Format("700 - La aplicación {0} no existe en SeguridadApp. {1}", applicationName, DateTime.Now.ToString());
return(response);
}
//2.-AddSession to user
var sessionLogic = new SessionLogic(_configuration);
Response sessionResponse = sessionLogic.AddSession(userAuthenticated, appFinded);
sessionLogic.Dispose();
if (!sessionResponse.Result)
{
response.Message = string.Format("502 - No fue posible asignar una sesión a la cuenta de usuario en SeguridadApp");
return(response);
}
response.Result = true;
response.Message = @"000 - La cuenta de Usuario se autenticó correctamente en SeguridadApp y Directorio Activo.";
return(response);
}
/// <summary>
/// Returns a true or false response against Security schema
/// </summary>
/// <param name="userAuthenticaded"></param>
/// <param name="applicationName"></param>
/// <param name="applicationPassword"></param>
/// <param name="operation"></param>
/// <returns></returns>
public Response Authorize(User userAuthenticaded, string applicationName, string applicationPassword, string operation)
{
var response = new Response {
Message = "Not initilizated", Result = false
};
try
{
//Validate data
if (userAuthenticaded == null)
{
response.Message = "502- Dato obligatorio: Cuenta de usuario.";
return(response);
}
if (string.IsNullOrEmpty(applicationName))
{
response.Message = "502- Dato obligatorio: Nombre de la aplicación.";
return(response);
}
if (string.IsNullOrEmpty(applicationPassword))
{
response.Message = "502- Dato obligatorio: Contraseña de la aplicación.";
return(response);
}
if (string.IsNullOrEmpty(operation))
{
response.Message = "502- Dato obligatorio: Nombre de la operación.";
return(response);
}
//1.-GetApplication Id
var applicationLogic = new ApplicationLogic(_configuration);
var applicationDbList = applicationLogic.GetApplicationList();
applicationLogic.Dispose();
var appFinded = applicationDbList.Find(app => app.ApplicationName == applicationName);
if (appFinded == null)
{
response.Message = string.Format("700 - La aplicación {0} no existe en SeguridadApp. {1}", applicationName, DateTime.Now.ToString());
return(response);
}
if (Convert.ToDateTime(appFinded.DeclineDate) < DateTime.Now)
{
response.Message =
string.Format(
"607 - La aplicacion no se encuentra vigente. Si considera que la aplicación debe estar vigente, repórtelo a la extensión 811-49111.");
return(response);
}
if (applicationPassword.Trim() != appFinded.ApplicationPassword.Trim())
{
response.Message = string.Format("701 - La contraseña de aplicación es incorrecta. {0}", DateTime.Now.ToString());
return(response);
}
//var applicationPasswordResult = Cryptographer.CompareHash("SecurityAlgorithim", applicationPassword, appFinded.ApplicationPassword);
//if(!applicationPasswordResult)
//{
// response.Message = string.Format("La contraseña de aplicación especificada no es válida. {0}",DateTime.Now.ToString());
// return response;
//}
//Using appFinded and user, we search for operations
var userLogic = new UserLogic(_configuration);
var userFinded = userLogic.FindUser(userAuthenticaded.UserId);
userLogic.Dispose();
if (userFinded == null)
{
response.Message = string.Format("500 - La cuenta de usuario {0} no existe en SeguridadApp. {1}", userAuthenticaded.UserId, DateTime.Now.ToString());
return(response);
}
var roleLogic = new RoleLogic(_configuration);
List <Role> rolesFinded = roleLogic.GetRoleList(appFinded, userFinded);
roleLogic.Dispose();
if (rolesFinded.Count == 0)
{
response.Message =
string.Format("503 - La cuenta de usuario {0} no tiene roles asignados. {1}", userAuthenticaded.UserId, DateTime.Now.ToString());
return(response);
}
var operationLogic = new OperationLogic(_configuration);
var operationsList = operationLogic.GetOperationList(rolesFinded);
operationLogic.Dispose();
if (operationsList.Count == 0)
{
var sb = new StringBuilder();
sb.Append(string.Format("504 - La cuenta de usuario {0} no tiene operaciones/transacciones asignadas. {1}", userFinded.UserId, DateTime.Now.ToString()));
foreach (var role in rolesFinded)
{
sb.Append(string.Format("Operaciones buscadas para el rol id {0}, nombre rol {1}, d ", role.RoleId, role.RoleName));
}
response.Message = sb.ToString();
return(response);
}
//Search for the Operation specified.
var operationFinded = operationsList.Find(operationsearched => operationsearched.OperationName == operation);
if (operationFinded == null)
{
response.Message = string.Format("La operación {0} solicitada, no está registrada en el esquema de seguridad o no está asignada al rol del usuario. {1}", operation, DateTime.Now.ToString());
return(response);
}
//validate if User object has a valid sessionId
var sessionLogic = new SessionLogic(_configuration);
var sessionValidation = sessionLogic.ValidateSession(userAuthenticaded, appFinded);
sessionLogic.Dispose();
if (!sessionValidation.Result)
{
response.Message = string.Format("Sesión de usuario no válida. {0}", sessionValidation.Message);
return(response);
}
response.Result = true;
response.Message = string.Format("Se validó correctamente la operacion {0} para la el usuario {1} y aplicacion {2}. {3}", operationFinded.OperationName, userFinded.UserId, appFinded.ApplicationName, DateTime.Now.ToString());
}
catch (Exception err)
{
response.Message = string.Format("Ocurrio un error al autorizar. {0} {1} ", err.Message, DateTime.Now.ToString());
return(response);
}
return(response);
}