Example #1
0
        private bool HandleWindowsAuthentication(HttpActionContext actionContext)
        {
            var mgmtConfig       = _configurationService.GetManagementServerConfiguration();
            var windowsPrincipal = (WindowsPrincipal)actionContext.RequestContext.Principal;

            UserRoleEnum?roleToAssign = null;

            if (windowsPrincipal.IsInRole(_domainDetails.AdminDomainGroup))
            {
                roleToAssign = UserRoleEnum.Admin;
            }
            else if (windowsPrincipal.IsInRole(_domainDetails.AnalystDomainGroup))
            {
                roleToAssign = UserRoleEnum.Analyst;
            }

            if (roleToAssign == null)
            {
                Logger.Instance.Warn(string.Format("Blocked connection attempt by Windows account {0} not in Admin or Analyst group.", windowsPrincipal.Identity.Name),
                                     LoggerConsts.AccountLogInError);
                return(false);
            }

            var profile = _userProfileAccessor.GetUserProfile(windowsPrincipal.Identity.GetUserName());

            if (profile == null)
            {
                if (!mgmtConfig.AutoCreateUsers)
                {
                    Logger.Instance.Warn(string.Format("Windows account {0} is authorized but does not have profile.", windowsPrincipal.Identity.Name),
                                         LoggerConsts.AccountLogInError);
                    return(false);
                }

                var userDetails = UserAndDomainHelper.GetUserPrincipal(windowsPrincipal.Identity.GetUserName(), GetActiveDirectoryCredentials());
                var user        = new UserProfile
                {
                    FirstName   = userDetails.GivenName,
                    LastName    = userDetails.Surname,
                    UserName    = windowsPrincipal.Identity.Name,
                    Email       = userDetails.EmailAddress,
                    Role        = roleToAssign.Value,
                    UserType    = UserType.Windows,
                    ImageBase64 = null
                };

                _userProfileAccessor.AddOrUpdateUserProfile(user);
            }
            else
            {
                if (profile.Role != roleToAssign.Value)
                {
                    profile.Role = roleToAssign.Value;
                    _userProfileAccessor.AddOrUpdateUserProfile(profile);
                }

                if (profile.IsDisabled)
                {
                    Logger.Instance.Debug(string.Format("Blocked login attempt by disabled user {0}", profile.UserName), LoggerConsts.AccountLogInError);
                    return(false);
                }
            }
            return(true);
        }