Beispiel #1
0
        public Mercury.Server.Security.AuthenticationResponse Authenticate(String environment)
        {
            AuthenticationResponse authenticationResponse = new AuthenticationResponse();

            Mercury.Server.Public.Interfaces.Security.Credentials credentials = new Public.Interfaces.Security.Credentials();

            Mercury.Server.Security.SecurityAuthority securityAuthority;

            Mercury.Server.Session session = null;

            try {
                if (((System.Threading.Thread.CurrentPrincipal.Identity.AuthenticationType == "NTLM") ||
                     (System.Threading.Thread.CurrentPrincipal.Identity.AuthenticationType == "Kerberos") ||
                     (System.Threading.Thread.CurrentPrincipal.Identity.AuthenticationType == "Negotiate")
                     ) &&
                    (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated) &&
                    (!String.IsNullOrEmpty(System.Threading.Thread.CurrentPrincipal.Identity.Name)))
                {
                    #region Retreive Credentials from Thread.CurrentPrincipal

                    credentials.Domain = System.Threading.Thread.CurrentPrincipal.Identity.Name.Split('\\')[0];

                    credentials.UserName = System.Threading.Thread.CurrentPrincipal.Identity.Name.Split('\\')[1];

                    application.TraceWriteLineInfo(application.TraceSwitchSecurity, "\r\n[Mercury.Server.Security.Authenticate] Credentials: " + credentials.Domain + "\\" + credentials.UserName);

                    #endregion

                    #region Retreive Security Authority for Domain and Authenticate

                    // validate that the domain is a trusted security authority

                    securityAuthority = application.SecurityAuthorityGet(credentials.Domain);

                    if (securityAuthority != null)
                    {
                        if (securityAuthority.SecurityAuthorityType == Enumerations.SecurityAuthorityType.WindowsIntegrated)
                        {
                            #region Authenticate

                            SetProviderCredentials(String.Empty, securityAuthority, credentials);

                            Mercury.Server.Security.Providers.WindowsIntegrated.Provider windowsProvider = new Providers.WindowsIntegrated.Provider();

                            authenticationResponse.IsAuthenticated = windowsProvider.Authenticate(credentials);

                            if (authenticationResponse.IsAuthenticated)
                            {
                                session = CreateSession(securityAuthority, authenticationResponse, credentials, environment);
                            }

                            SetAuthenticationError(authenticationResponse, credentials);

                            #endregion
                        }

                        else
                        {
                            #region SECURITY AUTHORITY TYPE NOT WINDOWS INTEGRATED

                            authenticationResponse.IsAuthenticated = false;

                            credentials.AuthenticationError = Public.Interfaces.Security.Enumerations.AuthenticationError.SecurityAuthorityError;

                            SetAuthenticationError(authenticationResponse, credentials);

                            authenticationResponse.AuthenticationException = new ApplicationException("[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Type is not Windows Integrated.");

                            application.TraceWriteLineWarning(application.TraceSwitchSecurity, "\r\n[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Type is not Windows Integrated.");

                            #endregion
                        }
                    }

                    else
                    {
                        #region SECURITY AUTHORITY NOT FOUND

                        authenticationResponse.IsAuthenticated = false;

                        credentials.AuthenticationError = Public.Interfaces.Security.Enumerations.AuthenticationError.SecurityAuthorityError;

                        SetAuthenticationError(authenticationResponse, credentials);

                        authenticationResponse.AuthenticationException = new ApplicationException("[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Not Found.");

                        application.TraceWriteLineWarning(application.TraceSwitchSecurity, "\r\n[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "]: Security Authority Not Found.");

                        #endregion
                    }

                    #endregion
                }

                else
                {
                    credentials.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.InvalidUserOrPassword;

                    SetAuthenticationError(authenticationResponse, credentials);
                }
            }

            catch (Exception domainAccountException) {
                authenticationResponse.IsAuthenticated = false;

                credentials.AuthenticationError = Mercury.Server.Public.Interfaces.Security.Enumerations.AuthenticationError.InvalidUserOrPassword;

                SetAuthenticationError(authenticationResponse, credentials);

                authenticationResponse.AuthenticationException = new ApplicationException("[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "] " + authenticationResponse.AuthenticationException.Message, domainAccountException);

                application.TraceWriteLineError(application.TraceSwitchSecurity, "[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "] " + authenticationResponse.AuthenticationException.Message);

                application.TraceWriteLineError(application.TraceSwitchSecurity, "[Windows Integrated Authentication: " + credentials.Domain + "\\" + credentials.UserName + "] " + domainAccountException.Message);
            }

            return(authenticationResponse);
        }