public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo)
{
//Fill IAuthSession with data you want to retrieve in the app eg:
if (authService.Request.Items.ContainsKey("account"))
{
JarsUserAccount account = authService.Request.Items["account"] as JarsUserAccount;
session.FirstName = account.AccountName;
session.DisplayName = account.AccountName;
session.UserName = account.AccountName;
session.UserAuthId = account.Id.ToString();
session.UserAuthName = account.AccountName;
//if (authService.Request.Items.ContainsKey(""))
}
else
{
session.FirstName = "Dev";
session.DisplayName = "TestAccount";
session.UserName = "******";
session.UserAuthId = 1.ToString();
}
//...
//Call base method to Save Session and fire Auth/Session callbacks:
return(base.OnAuthenticated(authService, session, tokens, authInfo));
//Alternatively avoid built-in behavior and explicitly save session with
//authService.SaveSession(session, SessionExpiry);
//return null;
}
bool VerifyWithActiveDirecory(IServiceBase authService, string adUserName, bool isLive)
{
//for AD we will set up the user by compiling the relevant criteria.
//we will only ever use the name part of AD so we need to add the domain and other details to do the AD query
//we also need to check if a user with that name does exist in the database
IJarsUserAccountRepository userRepo = _DataRepositoryFactory.GetDataRepository <IJarsUserAccountRepository>();
//log that a request was made that failed for the user.. this might help with identifying attacks on the system.
IErrorLogRepository errRepo = _DataRepositoryFactory.GetDataRepository <IErrorLogRepository>();
string domain = Environment.UserDomainName;
//string userName = $"{domain}\\{adUserName}";
if (isLive)
{
JarsUserAccount acc = userRepo.GetByUserNameEagerly(adUserName);
if (acc != null)
{
//while in dev we will just say the current user is authorized
authService.Request.Items.Add("account", acc);
//the user was found, but now we need to make sure that the user exists in AD.
if (acc.IsActive.HasValue && !acc.IsActive.Value)
{
authService.Request.Items.Add("IsActive", acc.IsActive.Value);
return(acc.IsActive.Value);
}
else
{
//now check if AD can be accessed
return(true);//as this computer does not sit on an AD domain
try
{
using (var domainContext = new PrincipalContext(ContextType.Domain, domain))
{
using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, adUserName))
{
//we could update the user settings here if they were assigned to another group or principal.
authService.Request.Items.Add("account", acc);
return(foundUser != null);
}
}
}
catch (PrincipalServerDownException pex)
{
errRepo.CreateUpdate(new ErrorLog
{
EnvironmentUserName = Environment.UserName,
ErrorText = pex.Message,
ErrorTime = DateTime.Now,
ErrorType = "LoginFailed"
}, "CustomAuthProvider");
return(false);
}
catch (Exception ex)
{
errRepo.CreateUpdate(new ErrorLog
{
EnvironmentUserName = Environment.UserName,
ErrorText = ex.Message,
ErrorTime = DateTime.Now,
ErrorType = "LoginFailed"
}, "CustomAuthProvider");
throw ex;
}
}
}
else
{
JarsUserAccount nacc = new JarsUserAccount {
AccountName = adUserName, IsActive = false, UserPermissions = "NONE"
}; // userRepo.GetByUserName(adUserName);
acc = userRepo.CreateUpdate(nacc, "AUTOREGISTER");
errRepo.CreateUpdate(new ErrorLog
{
EnvironmentUserName = Environment.UserName,
ErrorText = "Failed login attempt.",
ErrorTime = DateTime.Now,
ErrorType = "LoginFailed"
}, "CustomAuthProvider");
//!This needs changing, but for testing purposes this has been made so any new sign in will just create a user and continue
nacc.IsActive = true;
acc = userRepo.CreateUpdate(nacc, "AUTOREGISTER");
acc = userRepo.GetByUserNameEagerly(adUserName);
authService.Request.Items.Add("account", acc);
//the user was found, but now we need to make sure that the user exists in AD.
if (acc.IsActive.HasValue && !acc.IsActive.Value)
{
authService.Request.Items.Add("IsActive", acc.IsActive.Value);
return(acc.IsActive.Value);
}
else
{
return(false);//userName == "Dev" && password == "Pass";
}
}
}
else
{
if ("TestAccount" == adUserName)
{
return(true);
}
else
{
return(false);
}
}
}
