Integrating Native .NET Applications 3-5 if user record does not exist, create one ifuser == null || StringUtil.IsEmptyuser.LoginId { string customerId = loginId; string userGroupId = PremiumCustomer; string password = _; this value is not used for now user = new VCryptAuthUserloginId, customerId, userGroupId, password; user = proxy.createUseruser; set the status of the new user to Invalid; once the user is authenticated, set the status to PendingActivation; after the user succssfully completes registration, set the status to Valid proxy.setUserStatususer.CustomerId, intUserStatus.Invalid; } save the user record in the session for later reference AppSessionData sessionData = AppSessionData.GetInstanceSession; sessionData.CurrentUser = user; For further details, see the sample applications in Section 3.5.1, ASP.NET Applications.

3.4.2 User Logins and Transactions

Oracle Adaptive Access Manager provides APIs to capture user login information, user login status, and other user session attributes to determine device and location information. Oracle Adaptive Access Manager also provides APIs to collect transaction details. The following code sample illustrates the use of this API: record a user login attempt in OAAM string requestId = sessionData.RequestId; string remoteIPAddr = Request.UserHostAddress; string remoteHost = Request.UserHostName; bool isFlashRequest = Request.Params[client].Equalsvfc; string secureCookie = Request.Cookies[vsc] = null ? Request.Cookies[vsc].Value : null; string digitalCookie = isFlashRequest ? Request.Params[v] : null; object[] browserFpInfo = HttpUtil.GetBrowserFingerPrint; object[] flashFpInfo = HttpUtil.GetFlashFingerPrint; int browserFingerPrintType = browserFpInfo == null ? 0 : int browserFpInfo [0]; string browserFingerPrint = browserFpInfo == null ? : string browserFpInfo [1]; int flashFingerPrintType = flashFpInfo == null ? 0 : int flashFpInfo[0]; string flashFingerPrint = flashFpInfo == null ? : string flashFpInfo[1]; if user name and password have been validated by now, set the status to the appropriate value, such as success, wrong_password, or invalid_user int status = statusEnum.getElementValuesuccess; 3-6 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager if user name and password have not yet been validated, set the status to pending; after validation is done call updateLog to update status int status = statusEnum.getElementValuepending; Call updateLog to record the user login attempt CookieSet cs = proxy.updateLogrequestId, remoteIPAddr, remoteHost, secureCookie, digitalCookie, user.CustomerGroupId, user.CustomerId, user.LoginId, false, status, ClientTypeEnum.Normal, 1.0, browserFingerPrintType, browserFingerPrint, flashFingerPrintType, flashFingerPrint; Update secure cookie in the browser with the new value from OAAM if cs = null { HttpUtil.UpdateSecureCookieResponse, cs; }

3.4.3 Rules Engine

The Rules Engine is the component of Oracle Adaptive Access Manager used to enforce policies. Based on a calling context, the Rules Engine evaluates policies and provides the results of those evaluations. Policies are configured by the administrator; for details on policy configuration, see the Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager. The following code sample illustrates the use of APIs to invoke the Rules Engine after a user has been authorized and to process the rule evaluation result: AppSessionData sessionData = AppSessionData.GetInstanceSession; IBharosaProxy proxy = BharosaClientFactory.getProxyInstance; UserDefEnumFactory factory = UserDefEnumFactory.getInstance; UserDefEnum profileTypeEnum = factory.getEnumprofile.type.enum; string requestId = sessionData.RequestId; BharosaStringList profileTypes = new BharosaStringList; BharosaStringTable contextList = new BharosaStringTable; int postAuthType = profileTypeEnum.getElementValuepostauth; profileTypes.AddpostAuthType.ToString; Run postauth rules VCryptRulesResult res = proxy.processRulesrequestId, profileTypes, contextList; process the rule result if StringUtil.EqualsIgnoreCaseres.Result, Allow { Allow the user login } else if StringUtil.EqualsIgnoreCaseres.Result, Block { Block the user login } else if res.Result.StartsWithChallenge { Take the user through challenge question flow } else if res.Result.StartsWithRegisterUser