//private AuthClient _authclient = new AuthClient(appSettings["okta.baseURL"]);
public bool AuthenticateUser(string userName, string passWord)
{
//declare local variables
string myStatus = null;
string myStateToken;
string mySessionToken;
UserAuthnRequest userAuthnRequest = new UserAuthnRequest();
userAuthnRequest.username = userName;
userAuthnRequest.password = passWord;
try
{
var client = new RestClient(appSettings["okta.baseURL"] + "/api/v1/authn");
var request = new RestRequest(Method.POST);
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/json");
request.AddJsonBody(userAuthnRequest);
IRestResponse <userAuthnResponse> response = client.Execute <userAuthnResponse>(request);
myStatus = response.Data.status;
mySessionToken = response.Data.sessionToken;
myStateToken = response.Data.stateToken;
}
catch (OktaException ex)
{
if (ex.ErrorCode == "E0000004")
{
logger.Error("Invalid Credentials for User: "******"E0000085")
{
logger.Error("Access Denied by Polciy for User: "******" = " + ex.ErrorCode + ":" + ex.ErrorSummary);
throw ex;
}
}//end catch
switch (myStatus)
{
//ref http://developer.okta.com/docs/api/resources/authn.html#transaction-state
case "PASSWORD_WARN": //password about to expire
logger.Debug("User’s password was successfully validated but expires in ");
break;
case "PASSWORD_EXPIRED": //password has expired
logger.Debug("User’s password was successfully validated but is expired. ");
break;
case "LOCKED_OUT": //user account is locked, unlock required
logger.Debug("Your account has been locked");
break;
case "MFA_ENROLL": //user must select and enroll an available factor
logger.Debug("user must select and enroll an available factor");
break;
case "MFA_REQUIRED": //user must provide second factor with previously enrolled factor
logger.Debug("user must provide second factor with previously enrolled factor");
break;
case "SUCCESS": //authentication is complete
logger.Debug(" Successful login");
return(true);
//break;
default:
logger.Debug(" Unhandled Status: " + myStatus);
break;
}//end of switch
return(false);
}
public ActionResult Route()
{
string myStatus = null;
string myStateToken = null;
string mySessionToken = null;
string myRelayState;
string myOktaId = null;
bool secQuestionSet = true;
string rspUserStatus = null;
// get form post parameters
string userName = Request["txtUserName"];
string passWord = Request["txtPassword"];
string relayState = Request["relayState"];
string rememberMe = Request["optRemember"];
string location = Request["location"];
logger.Debug("Home-Route POST User: "******" RelayState: " + relayState);
// set relayState to query param if post param is null or blank
if (!string.IsNullOrEmpty(relayState))
{
myRelayState = Request.QueryString["RelayState"];
TempData["relayState"] = myRelayState;
}
else
{
myRelayState = relayState;
TempData["relayState"] = relayState;
}
// redirect if missing username
if (string.IsNullOrEmpty(userName))
{
// made it this far must not have account
TempData["errMessage"] = "Username Missing";
return(RedirectToAction("Index"));
}
if (string.IsNullOrEmpty(passWord))
{
TempData["errMessage"] = "Password Missing";
return(RedirectToAction("Index"));
}
// implement authn process
try
{
UserAuthnRequest userAuthnRequest = new UserAuthnRequest();
userAuthnRequest.username = userName;
userAuthnRequest.password = passWord;
var client = new RestClient(appSettings["okta.OrgUrl"] + "/api/v1/authn");
var request = new RestRequest(Method.POST);
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/json");
//request.AddHeader("Authorization", " SSWS " + appSettings["okta:OrgToken"]);
request.AddJsonBody(userAuthnRequest);
//request.AddParameter("application/json", "{\n \"username\": \" " + userName + "\" ,\"password\":\"" + passWord + "\"}", ParameterType.RequestBody);
IRestResponse <userAuthnResponse> response = client.Execute <userAuthnResponse>(request);
myStatus = response.Data.status;
mySessionToken = response.Data.sessionToken;
myStateToken = response.Data.stateToken;
}
catch (Exception ex)
{
logger.Error("Sign in process failed!");
// generic failure
TempData["errMessage"] = "Sign in process failed!";
TempData["userName"] = userName;
//return RedirectToAction("Index");
return(View("Index"));
}//end catch
switch (myStatus)
{
case "PASSWORD_WARN": //password about to expire
logger.Debug("PASSWORD_WARN ");
//no action required
break;
case "PASSWORD_EXPIRED": //password has expired
logger.Debug("PASSWORD_EXPIRED ");
break;
case "RECOVERY": //user has requested a recovery token
logger.Debug("RECOVERY ");
//find which recovery mode sms, email is being used
//POST to next link
break;
case "RECOVERY_CHALLENGE": //user must verify factor specific recovery challenge
logger.Debug("RECOVERY_CHALLENGE ");
//verify the recovery factor
//POST to verify link
break;
case "PASSWORD_RESET": //user satified recovery and must now set password
logger.Debug("PASSWORD_RESET ");
//reset users password
//POST to next link
break;
case "LOCKED_OUT": //user account is locked, unlock required
logger.Debug("LOCKED_OUT ");
break;
case "MFA_ENROLL": //user must select and enroll an available factor
logger.Debug("MFA_ENROLL ");
break;
case "MFA_ENROLL_ACTIVATE": //user must activate the factor to complete enrollment
logger.Debug("MFA_ENROLL_ACTIVATE ");
//user must activate the factor
//POST to next link
break;
case "MFA_REQUIRED": //user must provide second factor with previously enrolled factor
logger.Debug("MFA_REQUIRED ");
break;
case "MFA_CHALLENGE": //use must verify factor specifc challenge
logger.Debug("MFA_CHALLENGE ");
break;
case "SUCCESS": //authentication is complete
logger.Debug("SUCCESS");
string landingPage = null;
landingPage = location + "/Home/AltLanding";
//landingPage = location + "/Home/Sessions";
string redirectUrl = Toolbox.GotoDashboard(mySessionToken, myRelayState, landingPage);
return(Redirect(redirectUrl));
//break;
default:
logger.Debug("Status: " + myStatus);
TempData["errMessage"] = "Status: " + myStatus;
break;
}//end of switch
return(RedirectToAction("Index"));
}
