blob: ae5aa45432fdd4886a66f8793ec02ea9cb0caf51 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Authentication;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using Tango.AzureUtils;
using Tango.AzureUtils.Web;
using Tango.MachineService.Gateway.Filters;
using Tango.Web.Controllers;
using Tango.Web.Security;
namespace Tango.MachineService.Gateway.Controllers
{
public class AzureUtilsController : TangoController<AzureUtilsController.TokenObject>
{
public class TokenObject
{
public String Email { get; set; }
}
[HttpPost]
public async Task<LoginResponse> Login(LoginRequest request)
{
var azure = await AzureUtils.AzureUtilsAuthenticationFactory.AuthenticateOrGetAsync();
AzureUtils.ActiveDirectory.ActiveDirectoryManager adManager = new AzureUtils.ActiveDirectory.ActiveDirectoryManager(azure);
try
{
await adManager.Authenticate(request.Email, request.Password);
}
catch (Exception ex)
{
throw new AuthenticationException("The specified email or password is incorrect.", ex);
}
if (!adManager.IsUserMemberOf(GatewayConfig.AZURE_UTILS_GROUP, request.Email))
{
throw new AuthenticationException("The specified user is not authorized to access the resource.");
}
return new LoginResponse()
{
AccessToken = WebToken<TokenObject>.CreateNew(GatewayConfig.JWT_TOKEN_SECRET, new TokenObject()
{
Email = request.Email,
}, DateTime.UtcNow.AddDays(1)).AccessToken,
};
}
[JwtTokenFilter]
public AzureUtilsCredentials GetCredentials()
{
return AzureUtils.AzureUtilsAuthenticationFactory.GetGlobalCredentials();
}
}
}
|
