public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims)
{
claims = null;
IAdapterPresentation result = null;
string userName = proofData.Properties["upn"].ToString();
string pin = proofData.Properties["pin"].ToString();
string pollingEndpoint = proofData.Properties["pollingEndpoint"].ToString();
string windir = Environment.GetFolderPath(Environment.SpecialFolder.Windows);
System.Configuration.ExeConfigurationFileMap fileMap = new System.Configuration.ExeConfigurationFileMap();
fileMap.ExeConfigFilename = windir + "\\ADFS\\OktaMFA-ADFS.dll.config";
System.Configuration.Configuration cfg =
System.Configuration.ConfigurationManager.OpenMappedExeConfiguration(fileMap, System.Configuration.ConfigurationUserLevel.None);
string oktaTenant = cfg.AppSettings.Settings["Tenant"].Value;
string authToken = cfg.AppSettings.Settings["apiKey"].Value;
string baseUrl = oktaTenant + "/api/v1/";
string pinSuccess = "no";
string verifyResult = "false";
HttpWebRequest upnRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userName);
upnRequest.Headers.Add("Authorization", authToken);
upnRequest.Method = "GET";
upnRequest.ContentType = "application/json";
var upnResponse = (HttpWebResponse)upnRequest.GetResponse();
var idReader = new StreamReader(upnResponse.GetResponseStream());
var id = idReader.ReadToEnd();
RootObject userProfile = JsonConvert.DeserializeObject <RootObject>(id);
string userID = userProfile.id.ToString();
HttpWebRequest factorRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors");
factorRequest.Headers.Add("Authorization", authToken);
factorRequest.Method = "GET";
factorRequest.ContentType = "application/json";
factorRequest.Accept = "application/json";
var factorResponse = (HttpWebResponse)factorRequest.GetResponse();
var factorReader = new StreamReader(factorResponse.GetResponseStream());
var factorList = factorReader.ReadToEnd();
RootObject[] factors = JsonConvert.DeserializeObject <RootObject[]>(factorList);
string factorID = "";
foreach (RootObject factor in factors)
{
if (factor.provider == "OKTA" && factor.factorType == "push")
{
// string pushfactorID = factor.id;
// HttpWebRequest pushRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + pushfactorID + "/verify");
// pushRequest.Headers.Add("Authorization", authToken);
// pushRequest.Method = "POST";
// pushRequest.ContentType = "application/json";
// pushRequest.Accept = "application/json";
// pushRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36";
// var pushResponse = (HttpWebResponse)pushRequest.GetResponse();
// var pushReader = new StreamReader(pushResponse.GetResponseStream());
// var pushStatus = pushReader.ReadToEnd();
// RootObject pushResult = JsonConvert.DeserializeObject<RootObject>(pushStatus);
// string pollingEndpoint = pushResult._links.poll.href.ToString();
int attemptPoll = 1;
while (verifyResult == "false" && attemptPoll <= 20 && pinSuccess == "no")
{
HttpWebRequest verifyRequest = (HttpWebRequest)WebRequest.Create(pollingEndpoint);
verifyRequest.Headers.Add("Authorization", authToken);
verifyRequest.Method = "GET";
verifyRequest.ContentType = "application/json";
verifyRequest.Accept = "application/json";
verifyRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36";
var pushAnswer = (HttpWebResponse)verifyRequest.GetResponse();
var pushStatus2 = new StreamReader(pushAnswer.GetResponseStream());
var pushStatus3 = pushStatus2.ReadToEnd();
RootObject pushWait = JsonConvert.DeserializeObject <RootObject>(pushStatus3);
if (pushWait.factorResult == "SUCCESS")
{
verifyResult = "true";
Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new Claim[] { claim };
return(result);
}
else
{
attemptPoll++;
}
}
return(result);
}
if (factor.provider == "OKTA" && factor.factorType == "token:software:totp" && verifyResult == "false" && pin != "")
{
factorID = factor.id;
HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify");
httprequest.Headers.Add("Authorization", authToken);
httprequest.Method = "POST";
httprequest.ContentType = "application/json";
otpCode otpCode = new otpCode
{
passCode = pin
};
string otpString = JsonConvert.SerializeObject(otpCode);
using (var streamWriter = new StreamWriter(httprequest.GetRequestStream()))
{
streamWriter.Write(otpString);
}
try
{
var httpResponse = (HttpWebResponse)httprequest.GetResponse();
if (httpResponse.StatusCode.ToString() == "OK" && pin != "")
{
pinSuccess = "yes";
Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new Claim[] { claim };
return(result);
}
// using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
// {
// var factorResult = streamReader.ReadToEnd();
// }
}
catch (WebException we)
{
var failResponse = we.Response as HttpWebResponse;
if (failResponse == null)
{
throw;
}
result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false);
}
}
}
//HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify");
//httprequest.Headers.Add("Authorization", authToken);
//httprequest.Method = "POST";
//httprequest.ContentType = "application/json";
//otpCode otpCode = new otpCode
//{ passCode = pin };
//string otpString = JsonConvert.SerializeObject(otpCode);
//using (var streamWriter = new StreamWriter(httprequest.GetRequestStream()))
//{
// streamWriter.Write(otpString);
//}
//try
//{
// var httpResponse = (HttpWebResponse)httprequest.GetResponse();
// if (httpResponse.StatusCode.ToString() == "OK")
// {
// System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
// claims = new System.Security.Claims.Claim[] { claim };
// }
// using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
// {
// var factorResult = streamReader.ReadToEnd();
// }
//}
//catch (WebException we)
//{
// var failResponse = we.Response as HttpWebResponse;
// if (failResponse == null)
// throw;
// result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false);
//}
if (pinSuccess == "yes" || verifyResult == "true")
{
Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new Claim[] { claim };
return(result);
}
else
{
result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false);
}
return(result);
}
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims )
{
claims = null;
IAdapterPresentation result = null;
string userName = proofData.Properties["upn"].ToString();
string pin = proofData.Properties["pin"].ToString();
string pollingEndpoint = proofData.Properties["pollingEndpoint"].ToString();
string windir = Environment.GetFolderPath(Environment.SpecialFolder.Windows);
System.Configuration.ExeConfigurationFileMap fileMap = new System.Configuration.ExeConfigurationFileMap();
fileMap.ExeConfigFilename = windir + "\\ADFS\\OktaMFA-ADFS.dll.config";
System.Configuration.Configuration cfg =
System.Configuration.ConfigurationManager.OpenMappedExeConfiguration(fileMap, System.Configuration.ConfigurationUserLevel.None);
string oktaTenant = cfg.AppSettings.Settings["Tenant"].Value;
string authToken = cfg.AppSettings.Settings["apiKey"].Value;
string baseUrl = oktaTenant + "/api/v1/";
string pinSuccess = "no";
string verifyResult = "false";
HttpWebRequest upnRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userName);
upnRequest.Headers.Add("Authorization", authToken);
upnRequest.Method = "GET";
upnRequest.ContentType = "application/json";
var upnResponse = (HttpWebResponse)upnRequest.GetResponse();
var idReader = new StreamReader(upnResponse.GetResponseStream());
var id = idReader.ReadToEnd();
RootObject userProfile = JsonConvert.DeserializeObject<RootObject>(id);
string userID = userProfile.id.ToString();
HttpWebRequest factorRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors");
factorRequest.Headers.Add("Authorization", authToken);
factorRequest.Method = "GET";
factorRequest.ContentType = "application/json";
factorRequest.Accept = "application/json";
var factorResponse = (HttpWebResponse)factorRequest.GetResponse();
var factorReader = new StreamReader(factorResponse.GetResponseStream());
var factorList = factorReader.ReadToEnd();
RootObject[] factors = JsonConvert.DeserializeObject<RootObject[]>(factorList);
string factorID = "";
foreach (RootObject factor in factors)
{
if (factor.provider == "OKTA" && factor.factorType == "push")
{
// string pushfactorID = factor.id;
// HttpWebRequest pushRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + pushfactorID + "/verify");
// pushRequest.Headers.Add("Authorization", authToken);
// pushRequest.Method = "POST";
// pushRequest.ContentType = "application/json";
// pushRequest.Accept = "application/json";
// pushRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36";
// var pushResponse = (HttpWebResponse)pushRequest.GetResponse();
// var pushReader = new StreamReader(pushResponse.GetResponseStream());
// var pushStatus = pushReader.ReadToEnd();
// RootObject pushResult = JsonConvert.DeserializeObject<RootObject>(pushStatus);
// string pollingEndpoint = pushResult._links.poll.href.ToString();
int attemptPoll = 1;
while (verifyResult == "false" && attemptPoll <= 20 && pinSuccess == "no")
{
HttpWebRequest verifyRequest = (HttpWebRequest)WebRequest.Create(pollingEndpoint);
verifyRequest.Headers.Add("Authorization", authToken);
verifyRequest.Method = "GET";
verifyRequest.ContentType = "application/json";
verifyRequest.Accept = "application/json";
verifyRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36";
var pushAnswer = (HttpWebResponse)verifyRequest.GetResponse();
var pushStatus2 = new StreamReader(pushAnswer.GetResponseStream());
var pushStatus3 = pushStatus2.ReadToEnd();
RootObject pushWait = JsonConvert.DeserializeObject<RootObject>(pushStatus3);
if (pushWait.factorResult == "SUCCESS")
{
verifyResult = "true";
Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new Claim[] { claim };
return result;
}
else
{
attemptPoll++;
}
}
return result;
}
if (factor.provider == "OKTA" && factor.factorType == "token:software:totp" && verifyResult == "false" && pin != "")
{
factorID = factor.id;
HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify");
httprequest.Headers.Add("Authorization", authToken);
httprequest.Method = "POST";
httprequest.ContentType = "application/json";
otpCode otpCode = new otpCode
{ passCode = pin };
string otpString = JsonConvert.SerializeObject(otpCode);
using (var streamWriter = new StreamWriter(httprequest.GetRequestStream()))
{
streamWriter.Write(otpString);
}
try
{
var httpResponse = (HttpWebResponse)httprequest.GetResponse();
if (httpResponse.StatusCode.ToString() == "OK" && pin != "" )
{
pinSuccess = "yes";
Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new Claim[] { claim };
return result;
}
// using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
// {
// var factorResult = streamReader.ReadToEnd();
// }
}
catch (WebException we)
{
var failResponse = we.Response as HttpWebResponse;
if (failResponse == null)
throw;
result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false);
}
}
}
//HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify");
//httprequest.Headers.Add("Authorization", authToken);
//httprequest.Method = "POST";
//httprequest.ContentType = "application/json";
//otpCode otpCode = new otpCode
//{ passCode = pin };
//string otpString = JsonConvert.SerializeObject(otpCode);
//using (var streamWriter = new StreamWriter(httprequest.GetRequestStream()))
//{
// streamWriter.Write(otpString);
//}
//try
//{
// var httpResponse = (HttpWebResponse)httprequest.GetResponse();
// if (httpResponse.StatusCode.ToString() == "OK")
// {
// System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
// claims = new System.Security.Claims.Claim[] { claim };
// }
// using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
// {
// var factorResult = streamReader.ReadToEnd();
// }
//}
//catch (WebException we)
//{
// var failResponse = we.Response as HttpWebResponse;
// if (failResponse == null)
// throw;
// result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false);
//}
if (pinSuccess == "yes" || verifyResult == "true")
{
Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new Claim[] { claim };
return result;
}
else
{
result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false);
}
return result;
}