public override Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent)
{
List <string> cnValue = null;
authenticationEvent.Rdn.TryGetValue("cn", out cnValue);
List <string> dcValue = null;
authenticationEvent.Rdn.TryGetValue("dc", out dcValue);
if (cnValue.Contains("Manager") && dcValue.Contains("example") && dcValue.Contains("com"))
{
return(Task.FromResult(true));
}
else if (cnValue.Contains("OnlyBindUser") && authenticationEvent.Password == "OnlyBindUserPassword")
{
return(Task.FromResult(true));
}
return(Task.FromResult(false));
}
/// <summary>
/// Override this for authentication requests.
/// </summary>
/// <param name="context"></param>
/// <param name="authenticationEvent"></param>
/// <returns>Whether the authentication should succeed or not</returns>
public virtual Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent)
{
return(Task.FromResult(false));
}
public override async Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent)
{
List <string>?cns = null;
authenticationEvent.Rdn.TryGetValue("cn", out cns);
List <string>?dcs = null;
authenticationEvent.Rdn.TryGetValue("dc", out dcs);
List <string>?ous = null;
authenticationEvent.Rdn.TryGetValue("ou", out ous);
Guid appGuid = new Guid(dcs[0]);
if (cns != null && dcs != null)
{
if (cns[0] == "BindUser" && ous == null)
{
LdapAppSettings?settings;
using (var authDbContext = _authDbContextFactory.CreateDbContext())
{
settings = await authDbContext.LdapAppSettings
.Include(s => s.AuthApp)
.SingleOrDefaultAsync(s => s.AuthApp.Id == appGuid);
}
if (settings != null)
{
byte[] correctPassword = Encoding.ASCII.GetBytes(_ldapSettingsDataProtector.Unprotect(settings.BindUserPassword));
byte[] providedPassword = Encoding.ASCII.GetBytes(authenticationEvent.Password);
bool isCorrectPassword = CryptographicOperations.FixedTimeEquals(correctPassword, providedPassword);
return(isCorrectPassword);
}
}
else if (ous != null && ous[0] == "people")
{
Guid userId = new Guid(cns[0]);
IEnumerable <LdapAppUserCredentials> creds = new List <LdapAppUserCredentials>();
using (var authDbContext = _authDbContextFactory.CreateDbContext())
{
creds = await authDbContext.LdapAppUserCredentials
.Where(c => c.User.Id == userId)
.Where(c => c.LdapAppSettings.AuthApp.Id == appGuid)
.ToListAsync();
}
bool validCredentials = false;
CancellationTokenSource cts = new CancellationTokenSource();
ParallelOptions po = new ParallelOptions();
po.CancellationToken = cts.Token;
po.CancellationToken.ThrowIfCancellationRequested();
try
{
Parallel.ForEach(creds, po, (cred) =>
{
bool isValid = _hasher.VerifyHash(cred.HashedPassword, authenticationEvent.Password);
if (isValid)
{
validCredentials = true;
cts.Cancel();
}
});
}
catch (OperationCanceledException) { }
finally
{
cts.Dispose();
}
return(validCredentials);
}
}
return(false);
}
public override async Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent)
{
BindRequest bindRequest = new BindRequest
{
UserIdentity = ExtractUserIdentity(authenticationEvent.Rdn),
IsEncryptedRequest = context.HasEncryptedConnection,
Password = authenticationEvent.Password,
IpAddress = context.IpAddress.ToString(),
};
var response = await _ldapClient.ExecuteBindRequestAsync(bindRequest);
return(response.WasBindSuccessful);
}
