bool VerifyWithActiveDirecory(IServiceBase authService, string adUserName, bool isLive)
{
//for AD we will set up the user by compiling the relevant criteria.
//we will only ever use the name part of AD so we need to add the domain and other details to do the AD query
//we also need to check if a user with that name does exist in the database
IJarsUserAccountRepository userRepo = _DataRepositoryFactory.GetDataRepository <IJarsUserAccountRepository>();
//log that a request was made that failed for the user.. this might help with identifying attacks on the system.
IErrorLogRepository errRepo = _DataRepositoryFactory.GetDataRepository <IErrorLogRepository>();
string domain = Environment.UserDomainName;
//string userName = $"{domain}\\{adUserName}";
if (isLive)
{
JarsUserAccount acc = userRepo.GetByUserNameEagerly(adUserName);
if (acc != null)
{
//while in dev we will just say the current user is authorized
authService.Request.Items.Add("account", acc);
//the user was found, but now we need to make sure that the user exists in AD.
if (acc.IsActive.HasValue && !acc.IsActive.Value)
{
authService.Request.Items.Add("IsActive", acc.IsActive.Value);
return(acc.IsActive.Value);
}
else
{
//now check if AD can be accessed
return(true);//as this computer does not sit on an AD domain
try
{
using (var domainContext = new PrincipalContext(ContextType.Domain, domain))
{
using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, adUserName))
{
//we could update the user settings here if they were assigned to another group or principal.
authService.Request.Items.Add("account", acc);
return(foundUser != null);
}
}
}
catch (PrincipalServerDownException pex)
{
errRepo.CreateUpdate(new ErrorLog
{
EnvironmentUserName = Environment.UserName,
ErrorText = pex.Message,
ErrorTime = DateTime.Now,
ErrorType = "LoginFailed"
}, "CustomAuthProvider");
return(false);
}
catch (Exception ex)
{
errRepo.CreateUpdate(new ErrorLog
{
EnvironmentUserName = Environment.UserName,
ErrorText = ex.Message,
ErrorTime = DateTime.Now,
ErrorType = "LoginFailed"
}, "CustomAuthProvider");
throw ex;
}
}
}
else
{
JarsUserAccount nacc = new JarsUserAccount {
AccountName = adUserName, IsActive = false, UserPermissions = "NONE"
}; // userRepo.GetByUserName(adUserName);
acc = userRepo.CreateUpdate(nacc, "AUTOREGISTER");
errRepo.CreateUpdate(new ErrorLog
{
EnvironmentUserName = Environment.UserName,
ErrorText = "Failed login attempt.",
ErrorTime = DateTime.Now,
ErrorType = "LoginFailed"
}, "CustomAuthProvider");
//!This needs changing, but for testing purposes this has been made so any new sign in will just create a user and continue
nacc.IsActive = true;
acc = userRepo.CreateUpdate(nacc, "AUTOREGISTER");
acc = userRepo.GetByUserNameEagerly(adUserName);
authService.Request.Items.Add("account", acc);
//the user was found, but now we need to make sure that the user exists in AD.
if (acc.IsActive.HasValue && !acc.IsActive.Value)
{
authService.Request.Items.Add("IsActive", acc.IsActive.Value);
return(acc.IsActive.Value);
}
else
{
return(false);//userName == "Dev" && password == "Pass";
}
}
}
else
{
if ("TestAccount" == adUserName)
{
return(true);
}
else
{
return(false);
}
}
}