Beispiel #1
0
        /// <summary>
        /// AuthenticateUser
        /// </summary>
        /// <param name="domain"></param>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <param name="LdapPath"></param>
        /// <param name="Errmsg"></param>
        /// <returns></returns>
        public Dictionary <string, object> AuthenticateUser(string domain, string username, string password, string LdapPath, out string Errmsg, out Dictionary <string, object> DictDetails)
        {
            CompanyDTO    objSelectedCompany = null;
            UserInfoDTO   ObjuserDTO         = null;
            UserPrincipal userPrincipal      = null;

            Errmsg = "";
            string         domainAndUsername = domain + @"\" + username;
            DirectoryEntry entry             = new DirectoryEntry(LdapPath, domainAndUsername, password);

            DictDetails = new Dictionary <string, object>();

            try
            {
                using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
                {
                    userPrincipal = UserPrincipal.FindByIdentity(ctx, username);

                    if (compilationSection.Debug)
                    {
                        Common.Common.WriteLogToFile("ConnectedServer " + ctx.ConnectedServer + "Container " + ctx.Container + "ContextType " + ctx.ContextType + "Name " + ctx.Name + "Options " + ctx.Options + "UserName " + ctx.UserName, null);
                        if (userPrincipal == null)
                        {
                            Common.Common.WriteLogToFile("userPrincipal null ", null);
                        }
                    }

                    if (userPrincipal != null)
                    {
                        using (LoginUserDetails objLoginUserDetails = new LoginUserDetails())
                        {
                            using (SSOSL objSSOSL = new SSOSL())
                            {
                                using (DataSecurity objDataSecurity = new DataSecurity())
                                {
                                    // Bind to the native AdsObject to force authentication.
                                    Object obj = entry.NativeObject;

                                    DirectorySearcher search = new DirectorySearcher(entry);

                                    search.Filter = "(SAMAccountName=" + username + ")";
                                    search.PropertiesToLoad.Add("cn");
                                    SearchResult result = search.FindOne();

                                    if (result == null)
                                    {
                                        //return false;
                                        DictDetails = null;
                                        return(DictDetails);
                                    }
                                    // Update the new path to the user in the directory
                                    LdapPath = result.Path;
                                    string _filterAttribute = (String)result.Properties["cn"][0];

                                    objSelectedCompany = new CompanyDTO();

                                    objSelectedCompany = objSSOSL.getSingleCompanies(InsiderTradingSSO.Common.Common.getSystemConnectionString(), ConfigurationManager.AppSettings["DBName"].ToString());
                                    objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString;

                                    Hashtable ht_Param = new Hashtable();

                                    if (username != null && !username.Length.Equals(0))
                                    {
                                        ht_Param.Add("EmployeeId", username);
                                    }
                                    if (compilationSection.Debug)
                                    {
                                        Common.Common.WriteLogToFile("Get EmployeeID as " + userPrincipal.EmployeeId, null);
                                    }
                                    else
                                    {
                                        ht_Param.Add("EmployeeId", null);
                                    }
                                    ht_Param.Add("EmailId", userPrincipal.EmailAddress);
                                    if (compilationSection.Debug)
                                    {
                                        Common.Common.WriteLogToFile("Get EmailID as " + userPrincipal.EmailAddress, null);
                                    }

                                    ObjuserDTO = objSSOSL.LoginSSOUserInfo(objLoginUserDetails.CompanyDBConnectionString, ht_Param);

                                    DictDetails.Add("sUserName", ObjuserDTO.LoginID);
                                    DictDetails.Add("sPassword", ObjuserDTO.Password);
                                    DictDetails.Add("sCompanyName", objSelectedCompany.sCompanyDatabaseName);
                                    DictDetails.Add("sCalledFrom", objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), Common.ConstEnum.User_Password_Encryption_Key));

                                    if (compilationSection.Debug)
                                    {
                                        if (DictDetails.Count >= 0)
                                        {
                                            Common.Common.WriteLogToFile("Diction object with all details ", null);
                                        }
                                    }

                                    return(DictDetails);
                                }
                            }
                        }
                    }
                }
            }

            catch (Exception ex)
            {
                Errmsg = ex.Message;

                if (compilationSection.Debug)
                {
                    Common.Common.WriteLogToFile("Exception occurred (AuthenticateUser failed ", ex);
                }

                DictDetails = null;
                throw new Exception("Error authenticating user." + ex.Message);
            }

            return(DictDetails);
        }
Beispiel #2
0
        public ActionResult Index()
        {
            LoginUserDetails objLoginUserDetails = null;
            SSOSL            objSSOSL            = null;
            UserInfoDTO      ObjuserDTO          = null;
            CompanyDTO       objSelectedCompany  = null;
            DataSecurity     objDataSecurity     = null;
            UserPrincipal    userPrincipal       = null;
            string           s_debugInfo         = string.Empty;
            string           PrompSSOCredentials = "1";

            try
            {
                if (PrompSSOCredentials == (ConfigurationManager.AppSettings["PromptSSOCredentials"].ToString()))
                {
                    Dictionary <string, string>         objCompaniesDictionary = null;
                    List <InsiderTradingDAL.CompanyDTO> lstCompanies           = null;
                    using (CompaniesSL objCompaniesSL = new CompaniesSL())
                    {
                        lstCompanies = objCompaniesSL.getAllCompanies(Common.Common.getSystemConnectionString());

                        objCompaniesDictionary = new Dictionary <string, string>();

                        objCompaniesDictionary.Add("", "Select Company");

                        foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in lstCompanies)
                        {
                            objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName);
                        }
                    }
                    ViewBag.JavascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
                    ViewBag.CompaniesDropDown       = objCompaniesDictionary;
                    return(View("SSOLogin"));
                    //return View("AuthenticationFailed");
                }
                else
                {
                    //Login with Directory Credentials
                    using (DirectoryEntry dirEntry = new DirectoryEntry("WinNT://" + Environment.UserDomainName))
                    {
                        string s_CurrentLoggedInUser = Request.ServerVariables["LOGON_USER"].ToUpper();
                        s_debugInfo = "# Domain Name - " + Environment.UserDomainName + "# Request Server Variables (LOGON_USER) - " + s_CurrentLoggedInUser;

                        if (string.IsNullOrEmpty(s_CurrentLoggedInUser))
                        {
                            s_CurrentLoggedInUser = System.Web.HttpContext.Current.User.Identity.Name;
                            s_debugInfo          += "# System.Web.HttpContext.Current.User.Identity.Name - " + s_CurrentLoggedInUser;
                        }

                        if (string.IsNullOrEmpty(s_CurrentLoggedInUser))
                        {
                            s_CurrentLoggedInUser = User.Identity.Name;
                            s_debugInfo          += "# User.Identity.Name - " + User.Identity.Name;
                        }

                        foreach (DirectoryEntry item in dirEntry.Children)
                        {
                            using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
                            {
                                userPrincipal = UserPrincipal.FindByIdentity(ctx, Request.ServerVariables["LOGON_USER"].Replace(Environment.UserDomainName + @"\", string.Empty));

                                if (userPrincipal != null)
                                {
                                    if (s_CurrentLoggedInUser.Equals((Environment.UserDomainName + @"\" + userPrincipal.SamAccountName).ToUpper()))
                                    {
                                        s_debugInfo += "# User Principal Given Name - " + userPrincipal.GivenName + "# User Principal EmployeeId - " + userPrincipal.EmployeeId + "# User Principal EmailAddress - " + userPrincipal.EmailAddress;

                                        using (objSSOSL = new SSOSL())
                                        {
                                            objLoginUserDetails = new LoginUserDetails();
                                            objSelectedCompany  = new CompanyDTO();

                                            objSelectedCompany = objSSOSL.getSingleCompanies(InsiderTradingSSO.Common.Common.getSystemConnectionString(), ConfigurationManager.AppSettings["DBName"].ToString());
                                            objLoginUserDetails.CompanyDBConnectionString = objSelectedCompany.CompanyConnectionString;

                                            Hashtable ht_Param = new Hashtable();

                                            if (userPrincipal.EmployeeId != null && !userPrincipal.EmployeeId.Length.Equals(0))
                                            {
                                                ht_Param.Add("EmployeeId", userPrincipal.EmployeeId);
                                            }
                                            else
                                            {
                                                ht_Param.Add("EmailId", userPrincipal.EmailAddress);
                                            }

                                            ObjuserDTO = objSSOSL.LoginSSOUserInfo(objLoginUserDetails.CompanyDBConnectionString, ht_Param);

                                            objDataSecurity = new DataSecurity();

                                            Dictionary <string, object> dictUserDetails = new Dictionary <string, object>();
                                            dictUserDetails.Add("sUserName", ObjuserDTO.LoginID);
                                            dictUserDetails.Add("sPassword", ObjuserDTO.Password);
                                            dictUserDetails.Add("sCompanyName", objSelectedCompany.sCompanyDatabaseName);
                                            dictUserDetails.Add("sCalledFrom", objDataSecurity.CreateHash(string.Format(Common.ConstEnum.s_SSO, Convert.ToString(DateTime.Now.Year)), Common.ConstEnum.User_Password_Encryption_Key));

                                            return(this.RedirectAndPost(ConfigurationManager.AppSettings["VigilanteURL"].ToString(), dictUserDetails));
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            catch
            {
                s_debugInfo += "# Login Failed. ";
                return(View("AuthenticationFailed"));
            }
            finally
            {
                if (compilationSection.Debug)
                {
                    if (!Directory.Exists(System.Web.HttpContext.Current.Server.MapPath("~/DebugLogs")))
                    {
                        Directory.CreateDirectory(System.Web.HttpContext.Current.Server.MapPath("~/DebugLogs"));
                    }

                    using (FileStream filestream = new FileStream(System.Web.HttpContext.Current.Server.MapPath("~/DebugLogs/SSODebugLogs.txt"), FileMode.Append, FileAccess.Write, FileShare.ReadWrite))
                    {
                        StreamWriter sWriter = new StreamWriter(filestream);

                        sWriter.WriteLine(" SSO Login - " + DateTime.Now);
                        string[] arr_debugInfo = s_debugInfo.Split('#');
                        foreach (string debugInfo in arr_debugInfo)
                        {
                            sWriter.WriteLine(debugInfo);
                        }

                        sWriter.WriteLine("--------------------------------------------------------------------");
                        sWriter.Close();
                        sWriter.Dispose();
                        filestream.Close();
                        filestream.Dispose();
                    }
                }
            }

            return(View());
        }