SetAuthenticationAndPasswordPolicy API Implementation Summary

? Implementation Complete

The SetAuthenticationAndPasswordPolicy web service API has been successfully implemented following the step-by-step guide in IRSoapApi/agents.md.

Files Modified

Step 1: Interface Declaration

File: IRSoapApi/ISrv.cs

• ? Added [OperationContract] XElement SetAuthenticationAndPasswordPolicy(string authenticationTicket, string settingsXml);
• Placed after GetAuthenticationAndPasswordPolicy for logical grouping

Step 2: SOAP Implementation

File: IRSoapApi/Srv.cs

• ? Added delegation to WebAPI layer

• XElement ISrv.SetAuthenticationAndPasswordPolicy(string authenticationTicket, string settingsXml)
    => WebAPI.SettingsWebServices.SetAuthenticationAndPasswordPolicy(this.HttpContext(), this.GetSettings(), authenticationTicket, settingsXml);
  

Step 3: REST API Controllers

File: IRWebCore/Controllers/Srv.cs

• ? Added GET endpoint: SetAuthenticationAndPasswordPolicy_Get
• ? Added POST endpoint: SetAuthenticationAndPasswordPolicy_Post
• ? Complete XML documentation with:
  • Summary
  • Parameter descriptions
  • Response codes
  • Remarks with permissions and help link

Step 4: WebAPI Layer

File: WebAPI/SettingsWebServices.cs

• ? Added method using context.Call() helper

• public static XElement SetAuthenticationAndPasswordPolicy(HttpContext context, Settings settings, string? authenticationTicket, string settingsXml)
  {
      var result = context.Call(settings, authenticationTicket, SettingServices.SetAuthenticationAndPasswordPolicy, settingsXml);
      return result.ToXElement();
  }
  

Step 5: Business Logic Layer

File: WebServices/SettingServices.cs

• ? Implemented SetAuthenticationAndPasswordPolicy method with:
  • Admin permission check (UpdateApplicationSettingsAndPolicies)
  • XML deserialization with error handling
  • Call to irObj.UpdateAuthenticationAndPasswordPolicySettings(policy)
  • Proper error handling and ActionResult return

Step 6: API Documentation

File: WebApiDocs/wwwroot/documentation/SetAuthenticationAndPasswordPolicy.md

• ? Complete markdown documentation including:
  • Endpoint information
  • Method signatures (GET, POST, SOAP)
  • Parameter descriptions
  • Response examples (success and error)
  • Required permissions
  • Sample XML payloads
  • PasswordPolicy and PasswordRePromptActions structure
  • Usage guidelines
  • Security recommendations
  • Integration examples in C#
  • Related APIs

API Overview

Endpoint

POST /srv.asmx/SetAuthenticationAndPasswordPolicy

Parameters

• authenticationTicket (required): Authentication ticket
• settingsXml (required): XML representation of AuthenticationAndPasswordPolicy object

Required Permission

• UpdateApplicationSettingsAndPolicies admin permission (checked at line 27 reference in ApplicationSettingsApply.cs)

Implementation Reference

Based on UI implementation at line 239-252 in PageMiddleware/pages/control-panel/ApplicationSettingsApply.cs

AuthenticationAndPasswordPolicy Structure

PasswordPolicy

• Expires - Password expiration in days
• MinLen - Minimum password length (1-14)
• MustIncludeAlphaNumericCharacters - Require letters
• MustIncludeNumericCharacters - Require numbers
• MustIncludeNonAlphaNumericCharacters - Require special chars
• MustNotEqualEmailAddress - Cannot equal email
• MustNotEqualUserName - Cannot equal username
• MustNotInCommonPasswordList - Reject weak passwords

PasswordRePromptActions

• DomainDelete - Re-prompt on domain deletion
• OnDelete - Re-prompt on item deletion
• UserDelete - Re-prompt on user deletion
• SecurityApply - Re-prompt on security changes
• OnOwnerChange - Re-prompt on ownership changes
• OnClassify - Re-prompt on classification
• OnReviewTask - Re-prompt on review tasks

Example Usage

REST POST Example

POST /srv.asmx/SetAuthenticationAndPasswordPolicy HTTP/1.1
Content-Type: application/x-www-form-urlencoded

authenticationTicket=abc123&
settingsXml=<AuthenticationAndPasswordPolicy>...</AuthenticationAndPasswordPolicy>

Sample XML

<AuthenticationAndPasswordPolicy>
  <PasswordPolicy>
    <Expires>90</Expires>
    <MinLen>8</MinLen>
    <MustIncludeAlphaNumericCharacters>true</MustIncludeAlphaNumericCharacters>
    <MustIncludeNumericCharacters>true</MustIncludeNumericCharacters>
    <MustIncludeNonAlphaNumericCharacters>true</MustIncludeNonAlphaNumericCharacters>
    <MustNotEqualEmailAddress>true</MustNotEqualEmailAddress>
    <MustNotEqualUserName>true</MustNotEqualUserName>
    <MustNotInCommonPasswordList>true</MustNotInCommonPasswordList>
  </PasswordPolicy>
  <PasswordRePromptActions>
    <DomainDelete>true</DomainDelete>
    <OnDelete>true</OnDelete>
    <UserDelete>true</UserDelete>
    <SecurityApply>true</SecurityApply>
    <OnOwnerChange>true</OnOwnerChange>
    <OnClassify>false</OnClassify>
    <OnReviewTask>false</OnReviewTask>
  </PasswordRePromptActions>
</AuthenticationAndPasswordPolicy>

Testing Checklist

• Test GET endpoint with valid authentication ticket and settings XML
• Test POST endpoint with valid authentication ticket and settings XML
• Test SOAP endpoint
• Test with invalid/expired authentication ticket (should return error)
• Test with user lacking admin permission (should return error)
• Test with invalid XML format (should return deserialization error)
• Test with valid XML and verify settings are updated in database
• Test with boundary values (MinLen = 1, 14, Expires = 0, 90, etc.)
• Verify settings refresh in memory cache after update

Build Status

? Build Successful - All files compile without errors

Related APIs

• GetAuthenticationAndPasswordPolicy - Retrieve current policy
• GetSystemBehaviorSettings - Get system behavior settings
• SetSystemBehaviorSettings - Update system behavior settings
• SetGeneralAppSettings - Update general application settings

Implementation Date: 2024 Follow-up: Document in release notes and notify API consumers