SetAuthenticationAndPasswordPolicy API Implementation Summary¶

? Implementation Complete¶

The SetAuthenticationAndPasswordPolicy web service API has been successfully implemented following the step-by-step guide in IRSoapApi/agents.md.

Files Modified¶

Step 1: Interface Declaration¶

File: IRSoapApi/ISrv.cs - ? Added [OperationContract] XElement SetAuthenticationAndPasswordPolicy(string authenticationTicket, string settingsXml); - Placed after GetAuthenticationAndPasswordPolicy for logical grouping

Step 2: SOAP Implementation¶

File: IRSoapApi/Srv.cs - ? Added delegation to WebAPI layer - csharp XElement ISrv.SetAuthenticationAndPasswordPolicy(string authenticationTicket, string settingsXml) => WebAPI.SettingsWebServices.SetAuthenticationAndPasswordPolicy(this.HttpContext(), this.GetSettings(), authenticationTicket, settingsXml);

Step 3: REST API Controllers¶

File: IRWebCore/Controllers/Srv.cs - ? Added GET endpoint: SetAuthenticationAndPasswordPolicy_Get - ? Added POST endpoint: SetAuthenticationAndPasswordPolicy_Post - ? Complete XML documentation with: - Summary - Parameter descriptions - Response codes - Remarks with permissions and help link

Step 4: WebAPI Layer¶

File: WebAPI/SettingsWebServices.cs - ? Added method using context.Call() helper - csharp public static XElement SetAuthenticationAndPasswordPolicy(HttpContext context, Settings settings, string? authenticationTicket, string settingsXml) { var result = context.Call(settings, authenticationTicket, SettingServices.SetAuthenticationAndPasswordPolicy, settingsXml); return result.ToXElement(); }

Step 5: Business Logic Layer¶

File: WebServices/SettingServices.cs - ? Implemented SetAuthenticationAndPasswordPolicy method with: - Admin permission check (UpdateApplicationSettingsAndPolicies) - XML deserialization with error handling - Call to irObj.UpdateAuthenticationAndPasswordPolicySettings(policy) - Proper error handling and ActionResult return

Step 6: API Documentation¶

File: WebApiDocs/wwwroot/documentation/SetAuthenticationAndPasswordPolicy.md - ? Complete markdown documentation including: - Endpoint information - Method signatures (GET, POST, SOAP) - Parameter descriptions - Response examples (success and error) - Required permissions - Sample XML payloads - PasswordPolicy and PasswordRePromptActions structure - Usage guidelines - Security recommendations - Integration examples in C# - Related APIs

API Overview¶

Endpoint¶

POST /srv.asmx/SetAuthenticationAndPasswordPolicy

Parameters¶

• authenticationTicket (required): Authentication ticket
• settingsXml (required): XML representation of AuthenticationAndPasswordPolicy object

Required Permission¶

• UpdateApplicationSettingsAndPolicies admin permission (checked at line 27 reference in ApplicationSettingsApply.cs)

Implementation Reference¶

Based on UI implementation at line 239-252 in PageMiddleware/pages/control-panel/ApplicationSettingsApply.cs

AuthenticationAndPasswordPolicy Structure¶

PasswordPolicy¶

• Expires - Password expiration in days
• MinLen - Minimum password length (1-14)
• MustIncludeAlphaNumericCharacters - Require letters
• MustIncludeNumericCharacters - Require numbers
• MustIncludeNonAlphaNumericCharacters - Require special chars
• MustNotEqualEmailAddress - Cannot equal email
• MustNotEqualUserName - Cannot equal username
• MustNotInCommonPasswordList - Reject weak passwords

PasswordRePromptActions¶

• DomainDelete - Re-prompt on domain deletion
• OnDelete - Re-prompt on item deletion
• UserDelete - Re-prompt on user deletion
• SecurityApply - Re-prompt on security changes
• OnOwnerChange - Re-prompt on ownership changes
• OnClassify - Re-prompt on classification
• OnReviewTask - Re-prompt on review tasks

Example Usage¶

REST POST Example¶

POST /srv.asmx/SetAuthenticationAndPasswordPolicy HTTP/1.1
Content-Type: application/x-www-form-urlencoded

authenticationTicket=abc123&
settingsXml=<AuthenticationAndPasswordPolicy>...</AuthenticationAndPasswordPolicy>

Sample XML¶

<AuthenticationAndPasswordPolicy>
  <PasswordPolicy>
    <Expires>90</Expires>
    <MinLen>8</MinLen>
    <MustIncludeAlphaNumericCharacters>true</MustIncludeAlphaNumericCharacters>
    <MustIncludeNumericCharacters>true</MustIncludeNumericCharacters>
    <MustIncludeNonAlphaNumericCharacters>true</MustIncludeNonAlphaNumericCharacters>
    <MustNotEqualEmailAddress>true</MustNotEqualEmailAddress>
    <MustNotEqualUserName>true</MustNotEqualUserName>
    <MustNotInCommonPasswordList>true</MustNotInCommonPasswordList>
  </PasswordPolicy>
  <PasswordRePromptActions>
    <DomainDelete>true</DomainDelete>
    <OnDelete>true</OnDelete>
    <UserDelete>true</UserDelete>
    <SecurityApply>true</SecurityApply>
    <OnOwnerChange>true</OnOwnerChange>
    <OnClassify>false</OnClassify>
    <OnReviewTask>false</OnReviewTask>
  </PasswordRePromptActions>
</AuthenticationAndPasswordPolicy>

Testing Checklist¶

• [ ] Test GET endpoint with valid authentication ticket and settings XML
• [ ] Test POST endpoint with valid authentication ticket and settings XML
• [ ] Test SOAP endpoint
• [ ] Test with invalid/expired authentication ticket (should return error)
• [ ] Test with user lacking admin permission (should return error)
• [ ] Test with invalid XML format (should return deserialization error)
• [ ] Test with valid XML and verify settings are updated in database
• [ ] Test with boundary values (MinLen = 1, 14, Expires = 0, 90, etc.)
• [ ] Verify settings refresh in memory cache after update

Build Status¶

? Build Successful - All files compile without errors

Related APIs¶

• GetAuthenticationAndPasswordPolicy - Retrieve current policy
• GetSystemBehaviorSettings - Get system behavior settings
• SetSystemBehaviorSettings - Update system behavior settings
• SetGeneralAppSettings - Update general application settings

Implementation Date: 2024 Follow-up: Document in release notes and notify API consumers