public bool Authenticate(ref String Email, String Password)
{
bool LDAPAuthSuccess = false;
bool IsClassicAuth = AppSession.Parameters.LDAPUseOnly.Value == "false";
bool IsLDAPAuth = AppSession.Parameters.LDAPEnabled.Value == "true";
//LDAP Auth
if (AppSession.Parameters.LDAPEnabled.Value == "true" && Email.IndexOf("@"+AppSession.Parameters.LDAPDomain.Value) > 0)
{
LDAPTools ldapTools = new LDAPTools();
ldapTools.UserName = Email;
ldapTools.Password = Password;
ldapTools.DirectoryPath = AppSession.Parameters.LDAPPath.Value;
if (ldapTools.Authenticate())
{
LDAPAuthSuccess = true;
string memberName = ldapTools.MemberInfo.DisplayName;
string memberAllGroups = ldapTools.GetGroups();
///////////////////////////////////////////////////////////////////////////////////////////////////////////
// The member email will be changed because the first part of e-mail can be different with user network id.
///////////////////////////////////////////////////////////////////////////////////////////////////////////
Email = ldapTools.MemberInfo.Email;
Member memberNew = Members.GetByEmail(Email);
if (memberNew.MemberID <= 0)
{
memberNew.Name = memberName;
memberNew.Email = Email;
memberNew.Password = StringTool.RandomString(80);
memberNew.IsBuiltIn = false;
memberNew.Created = DateTime.UtcNow;
memberNew.Save();
string Message = String.Format("LDAP member added: {0} {1}", memberName, Email);
AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message , null, true);
// Add signin/sign up domain.
Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
if (_domain.DomainID > 0)
{
MemberDomain _memberDomain = new MemberDomain();
_memberDomain.DomainID = _domain.DomainID;
_memberDomain.MemberID = memberNew.MemberID;
_memberDomain.Save();
}
// Create LDAP settings roles
if (AppSession.Parameters.LDAPAddToRoles.Value != null && AppSession.Parameters.LDAPAddToRoles.Value.Length > 0)
{
string[] memberRoles = AppSession.Parameters.LDAPAddToRoles.Value.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string memberRole in memberRoles)
{
Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberRole);
if (_role.RoleID > 0)
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Save();
}
}
}
}
// Create LDAP specific roles
if (memberAllGroups != null && memberAllGroups.Length > 0 && AppSession.Parameters.LDAPAddRoleGroup.Value == "true")
{
string[] memberGroups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string memberGroup in memberGroups)
{
Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberGroup);
if (_role.RoleID <= 0)
{
_role.Name = memberGroup;
_role.Settings = "LDAP role reflection. Keep key word: [LDAP-Auto-Role] to be synchronized.";
_role.BackColor = "6bbb54";
_role.ForeColor = "ffffff";
_role.Save();
string Message = String.Format("LDAP role added: {0}", _role.Name);
AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true);
};
if (_role.RoleID > 0)
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Save();
}
}
}
// Synchronize members roles with LDAP [LDAP-Auto-Role] key words.
List<Role> _roles = Web.Admin.Logic.Collections.Roles.GetByMemberKeyWordInDescription(memberNew.MemberID, "[LDAP-Auto-Role]");
string[] _groups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
foreach (Web.Admin.Logic.Objects.Role _role in _roles)
{
if (_groups != null && _groups.Length > 0)
{
if (_groups.Where(t => t.Trim().ToLower() == _role.Name.Trim().ToLower()).FirstOrDefault() == default(String))
{
Web.Admin.Logic.Objects.Role removeRoleFromUser = Web.Admin.Logic.Collections.Roles.GetBy(_role.Name);
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = removeRoleFromUser.RoleID;
_memberRole.Delete();
}
}
else
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Delete();
}
}
}
}
//Classic Auth
Member member = Members.GetByEmail(Email);
if (member.MemberID > 0)
{
if ( (IsLDAPAuth && LDAPAuthSuccess) ||
(IsClassicAuth && Member.ComputePasswordHash(Password) == member.Password)
)
{
MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);
if (Attempt.AttemptID > 0)
{
Attempt.IsAttemptValid = 0;
Attempt.Save();
}
// Add signin/sign up domain.
Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
if (_domain.DomainID > 0)
{
MemberDomain _memberDomain = new MemberDomain();
_memberDomain.DomainID = _domain.DomainID;
_memberDomain.MemberID = member.MemberID;
_memberDomain.Save();
}
member.UpdateLoginTime();
return true;
}
else
{
MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);
if (Attempt.MemberID <= 0)
{
Attempt.MemberID = member.MemberID;
Attempt.AttemptType = MemberAttemptTypes.LoginPasswordFailed;
Attempt.IsAttemptValid = 1;
}
if (Attempt.Attempts > 0)
Attempt.Attempts++;
else
Attempt.Attempts = 1;
Attempt.Save();
if (AppSession.Parameters.RulesPasswordFailedRoles.Value != null && AppSession.Parameters.RulesPasswordFailedRoles.Value.Length > 0 && !AppSession.IsMemberInAdminRole)
{
Parameter Param = AppSession.Parameters.RulesPasswordFailedAttempts;
long value = -1;
bool result = long.TryParse(Param.Value, out value);
if (result && value > 0 && Attempt.Attempts >= value)
{
string[] RoleNames = AppSession.Parameters.RulesPasswordFailedRoles.Value.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
foreach (String RoleName in RoleNames)
{
Role role = Web.Admin.Logic.Collections.Roles.GetBy(RoleName);
if (role.RoleID > 0)
{
MemberRole memberrole = new MemberRole();
memberrole.MemberID = member.MemberID;
memberrole.RoleID = role.RoleID;
memberrole.Save();
}
}
}
}
return false;
}
}
else
return false;
}
public bool Authenticate(ref String Email, String Password)
{
bool LDAPAuthSuccess = false;
bool IsClassicAuth = AppSession.Parameters.LDAPUseOnly.Value == "false";
bool IsLDAPAuth = AppSession.Parameters.LDAPEnabled.Value == "true";
//LDAP Auth
if (AppSession.Parameters.LDAPEnabled.Value == "true" && Email.IndexOf("@" + AppSession.Parameters.LDAPDomain.Value) > 0)
{
LDAPTools ldapTools = new LDAPTools();
ldapTools.UserName = Email;
ldapTools.Password = Password;
ldapTools.DirectoryPath = AppSession.Parameters.LDAPPath.Value;
if (ldapTools.Authenticate())
{
LDAPAuthSuccess = true;
string memberName = ldapTools.MemberInfo.DisplayName;
string memberAllGroups = ldapTools.GetGroups();
///////////////////////////////////////////////////////////////////////////////////////////////////////////
// The member email will be changed because the first part of e-mail can be different with user network id.
///////////////////////////////////////////////////////////////////////////////////////////////////////////
Email = ldapTools.MemberInfo.Email;
Member memberNew = Members.GetByEmail(Email);
if (memberNew.MemberID <= 0)
{
memberNew.Name = memberName;
memberNew.Email = Email;
memberNew.Password = StringTool.RandomString(80);
memberNew.IsBuiltIn = false;
memberNew.Created = DateTime.UtcNow;
memberNew.Save();
string Message = String.Format("LDAP member added: {0} {1}", memberName, Email);
AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true);
// Add signin/sign up domain.
Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
if (_domain.DomainID > 0)
{
MemberDomain _memberDomain = new MemberDomain();
_memberDomain.DomainID = _domain.DomainID;
_memberDomain.MemberID = memberNew.MemberID;
_memberDomain.Save();
}
// Create LDAP settings roles
if (AppSession.Parameters.LDAPAddToRoles.Value != null && AppSession.Parameters.LDAPAddToRoles.Value.Length > 0)
{
string[] memberRoles = AppSession.Parameters.LDAPAddToRoles.Value.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string memberRole in memberRoles)
{
Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberRole);
if (_role.RoleID > 0)
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Save();
}
}
}
}
// Create LDAP specific roles
if (memberAllGroups != null && memberAllGroups.Length > 0 && AppSession.Parameters.LDAPAddRoleGroup.Value == "true")
{
string[] memberGroups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string memberGroup in memberGroups)
{
Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberGroup);
if (_role.RoleID <= 0)
{
_role.Name = memberGroup;
_role.Settings = "LDAP role reflection. Keep key word: [LDAP-Auto-Role] to be synchronized.";
_role.BackColor = "6bbb54";
_role.ForeColor = "ffffff";
_role.Save();
string Message = String.Format("LDAP role added: {0}", _role.Name);
AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true);
}
;
if (_role.RoleID > 0)
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Save();
}
}
}
// Synchronize members roles with LDAP [LDAP-Auto-Role] key words.
List <Role> _roles = Web.Admin.Logic.Collections.Roles.GetByMemberKeyWordInDescription(memberNew.MemberID, "[LDAP-Auto-Role]");
string[] _groups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
foreach (Web.Admin.Logic.Objects.Role _role in _roles)
{
if (_groups != null && _groups.Length > 0)
{
if (_groups.Where(t => t.Trim().ToLower() == _role.Name.Trim().ToLower()).FirstOrDefault() == default(String))
{
Web.Admin.Logic.Objects.Role removeRoleFromUser = Web.Admin.Logic.Collections.Roles.GetBy(_role.Name);
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = removeRoleFromUser.RoleID;
_memberRole.Delete();
}
}
else
{
MemberRole _memberRole = new MemberRole();
_memberRole.MemberID = memberNew.MemberID;
_memberRole.RoleID = _role.RoleID;
_memberRole.Delete();
}
}
}
}
//Classic Auth
Member member = Members.GetByEmail(Email);
if (member.MemberID > 0)
{
if ((IsLDAPAuth && LDAPAuthSuccess) ||
(IsClassicAuth && Member.ComputePasswordHash(Password) == member.Password)
)
{
MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);
if (Attempt.AttemptID > 0)
{
Attempt.IsAttemptValid = 0;
Attempt.Save();
}
// Add signin/sign up domain.
Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
if (_domain.DomainID > 0)
{
MemberDomain _memberDomain = new MemberDomain();
_memberDomain.DomainID = _domain.DomainID;
_memberDomain.MemberID = member.MemberID;
_memberDomain.Save();
}
member.UpdateLoginTime();
return(true);
}
else
{
MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);
if (Attempt.MemberID <= 0)
{
Attempt.MemberID = member.MemberID;
Attempt.AttemptType = MemberAttemptTypes.LoginPasswordFailed;
Attempt.IsAttemptValid = 1;
}
if (Attempt.Attempts > 0)
{
Attempt.Attempts++;
}
else
{
Attempt.Attempts = 1;
}
Attempt.Save();
if (AppSession.Parameters.RulesPasswordFailedRoles.Value != null && AppSession.Parameters.RulesPasswordFailedRoles.Value.Length > 0 && !AppSession.IsMemberInAdminRole)
{
Parameter Param = AppSession.Parameters.RulesPasswordFailedAttempts;
long value = -1;
bool result = long.TryParse(Param.Value, out value);
if (result && value > 0 && Attempt.Attempts >= value)
{
string[] RoleNames = AppSession.Parameters.RulesPasswordFailedRoles.Value.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
foreach (String RoleName in RoleNames)
{
Role role = Web.Admin.Logic.Collections.Roles.GetBy(RoleName);
if (role.RoleID > 0)
{
MemberRole memberrole = new MemberRole();
memberrole.MemberID = member.MemberID;
memberrole.RoleID = role.RoleID;
memberrole.Save();
}
}
}
}
return(false);
}
}
else
{
return(false);
}
}
