private bool HandleWindowsAuthentication(HttpActionContext actionContext)
{
var mgmtConfig = _configurationService.GetManagementServerConfiguration();
var windowsPrincipal = (WindowsPrincipal)actionContext.RequestContext.Principal;
UserRoleEnum?roleToAssign = null;
if (windowsPrincipal.IsInRole(_domainDetails.AdminDomainGroup))
{
roleToAssign = UserRoleEnum.Admin;
}
else if (windowsPrincipal.IsInRole(_domainDetails.AnalystDomainGroup))
{
roleToAssign = UserRoleEnum.Analyst;
}
if (roleToAssign == null)
{
Logger.Instance.Warn(string.Format("Blocked connection attempt by Windows account {0} not in Admin or Analyst group.", windowsPrincipal.Identity.Name),
LoggerConsts.AccountLogInError);
return(false);
}
var profile = _userProfileAccessor.GetUserProfile(windowsPrincipal.Identity.GetUserName());
if (profile == null)
{
if (!mgmtConfig.AutoCreateUsers)
{
Logger.Instance.Warn(string.Format("Windows account {0} is authorized but does not have profile.", windowsPrincipal.Identity.Name),
LoggerConsts.AccountLogInError);
return(false);
}
var userDetails = UserAndDomainHelper.GetUserPrincipal(windowsPrincipal.Identity.GetUserName(), GetActiveDirectoryCredentials());
var user = new UserProfile
{
FirstName = userDetails.GivenName,
LastName = userDetails.Surname,
UserName = windowsPrincipal.Identity.Name,
Email = userDetails.EmailAddress,
Role = roleToAssign.Value,
UserType = UserType.Windows,
ImageBase64 = null
};
_userProfileAccessor.AddOrUpdateUserProfile(user);
}
else
{
if (profile.Role != roleToAssign.Value)
{
profile.Role = roleToAssign.Value;
_userProfileAccessor.AddOrUpdateUserProfile(profile);
}
if (profile.IsDisabled)
{
Logger.Instance.Debug(string.Format("Blocked login attempt by disabled user {0}", profile.UserName), LoggerConsts.AccountLogInError);
return(false);
}
}
return(true);
}