Ejemplo n.º 1
0
        /// <summary>
        /// Initiates a new authentication process and returns to the ADFS system.
        /// </summary>
        /// <param name="identityClaim">Claim information from the ADFS</param>
        /// <param name="request">The http request</param>
        /// <param name="authContext">The context for the authentication</param>
        /// <returns>new instance of IAdapterPresentationForm</returns>
        public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListenerRequest request, IAuthenticationContext authContext)
        {
#if DEBUG
            Debug.WriteLine(debugPrefix + " Claim value: " + identityClaim.Value);
#endif
            // seperates the username from the domain
            // TODO: Map the domain to the ID3A realm
            string[] tmp      = identityClaim.Value.Split('\\');
            string   username = "";
            if (tmp.Length > 1)
            {
                username = tmp[1];
            }
            else
            {
                username = tmp[0];
            }
            // check if ssl is disabled in the config
            // TODO: Delete for security reasons
            if (!ssl)
            {
                ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
            }

            // trigger challenge
            otp_prov = new OTPprovider(privacyIDEAurl);
            // get a new admin token for all requests if the an admin pw is defined
            // #2
            if (!string.IsNullOrEmpty(admin_pw) && !string.IsNullOrEmpty(admin_user))
            {
                token = otp_prov.getAuthToken(admin_user, admin_pw);
                // trigger a challenge (SMS, Mail ...) for the the user
#if DEBUG
                Debug.WriteLine(debugPrefix + " User: "******" Realm: " + privacyIDEArealm);
#endif
                transaction_id = otp_prov.triggerChallenge(username, privacyIDEArealm, token);
            }
            // set vars to context - fix for 14 and 15
            authContext.Data.Add("userid", username);
            authContext.Data.Add("realm", privacyIDEArealm);
            authContext.Data.Add("transaction_id", transaction_id);

            return(new AdapterPresentationForm(false, uidefinition));
        }
        /// <summary>
        /// Initiates a new authentication process and returns to the ADFS system.
        /// </summary>
        /// <param name="identityClaim">Claim information from the ADFS</param>
        /// <param name="request">The http request</param>
        /// <param name="authContext">The context for the authentication</param>
        /// <returns>new instance of IAdapterPresentationForm</returns>
        public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListenerRequest request, IAuthenticationContext authContext)
        {
#if DEBUG
            Debug.WriteLine(debugPrefix + " Claim value: " + identityClaim.Value);
#endif
            // seperates the username from the domain
            // TODO: Map the domain to the ID3A realm
            string   username, domain, upn;
            string[] tmp = identityClaim.Value.Split('\\');

            if (tmp.Length > 1)
            {
                username = tmp[1];
                domain   = tmp[0];
                if (use_upn)
                {
                    // get UPN from sAMAccountName
                    upn = GetUserPrincipalName(username, domain);
                }
                else
                {
                    upn = "not configured";
                }
            }
            else
            {
                username = tmp[0];
                upn      = tmp[0];
                domain   = privacyIDEArealm;
            }
#if DEBUG
            Debug.WriteLine(debugPrefix + " UPN value: " + upn + " Domain value: " + domain);
#endif
            // check if ssl is disabled in the config
            // TODO: Delete for security reasons
            if (!ssl)
            {
                ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
            }

            // use upn or sam as loginname attribute
            if (use_upn)
            {
                username = upn;
            }

            // trigger challenge
            otp_prov = new OTPprovider(privacyIDEAurl);
            // get a new admin token for all requests if the an admin pw is defined
            // #2
            if (!string.IsNullOrEmpty(admin_pw) && !string.IsNullOrEmpty(admin_user))
            {
                token = otp_prov.getAuthToken(admin_user, admin_pw);
                // trigger a challenge (SMS, Mail ...) for the the user
#if DEBUG
                Debug.WriteLine(debugPrefix + " User: "******" Realm: " + privacyIDEArealm);
#endif
                transaction_id = otp_prov.triggerChallenge(username, privacyIDEArealm, token);
            }
            // set vars to context - fix for 14 and 15
            authContext.Data.Add("userid", username);
            authContext.Data.Add("realm", privacyIDEArealm);
            authContext.Data.Add("transaction_id", transaction_id);
            // defeine if massage will be showen
            if (show_challenge)
            {
                message = otp_prov.ChallengeMessage;
            }

            return(new AdapterPresentationForm(false, message, uidefinition));
        }