/// <summary>
/// MutualAuthBind
/// This action is used to do Mutual authentication.
/// This method is used to authenticate the Domain user
/// on both regular and protected LDAP ports between client and server mutually
/// </summary>
/// <param name="userName">Contains username in Domain</param>
/// <param name="passWord">Contains the password to the username</param>
/// <param name="validSPN">This variable i used to state when we are using valid SPN </param>
/// <returns>Returns Success if the method is successful
/// Returns InvalidCredentials if the passed in credentials are invalid</returns>
public errorstatus MutualAuthBind(name userName,
Password passWord,
bool validSPN)
{
if (userName == name.nonexistUserName)
{
//get from config file
user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName;
}
else if (userName == name.validUserName)
{
//Current user
user = ClientUserName;
}
if (passWord == Password.invalidPassword)
{
//get from config file
userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword;
}
else if (passWord == Password.validPassword)
{
userPassword = ClientUserPassword;
}
//Mutual Bind
strResult = adtsRequirementsValidation.MutualBind(user, userPassword, validSPN);
//returned result
return(strResult);
}
/// <summary>
/// SicilyBind
/// This method is used for modeling behaviors pertaining to
/// SicilyBind. Similar to SASL GSSSPNEGO type of binding
/// </summary>
/// <param name="userName">Contains username in Domain</param>
/// <param name="passWord">Contains the password to the username</param>
/// <param name="portNum">Contains the port number over which the bind will accomplish</param>
/// <param name="enableTLS">This variable is used to state when we are using TLS </param>
/// <returns>Returns Success if the method is successful
/// Returns InvalidCredentials if the passed in credentials are invalid</returns>
public errorstatus SicilyBind(name userName,
Password passWord,
Port portNum,
bool enableTLS)
{
//Assigning Authorization mechanism to Bind
strAuthMech = authenticationMech.sicily;
//Assigning port number .
enumPortNum = portNum;
//if invalid user name
if (userName == name.nonexistUserName)
{
//get from config file
user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName;
}
//valid user
else if (userName == name.validUserName)
{
//Current user
user = ClientUserName;
}
//invalid password
if (passWord == Password.invalidPassword)
{
//get from config file
userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword;
}
else if (passWord == Password.validPassword)
{
//get from config file
userPassword = ClientUserPassword;
if (userName == name.anonymousUser)
{
//anonymous user password.
userPassword = null;
}
}
//SicilyBind Authentication
strResult = adtsRequirementsValidation.SicilyBind(PdcFqdn, (uint)enumPortNum, user, userPassword, enableTLS);
return(strResult);
}
/// <summary>
/// The following authentication mechanisms are covered under SASL authentication:
/// GSS-SPNEGO
/// GSSAPI
/// External
/// Digest-MD5/
/// This action is used to do SPNEGOBind, GSSAPI, External or Digest-MD5
/// authentication as per authMech passed from InitializeSession.
/// This method is used to authenticate the Domain user
/// on both regular and protected LDAP ports
/// </summary>
/// <param name="userName">Contains username in Domain</param>
/// <param name="passWord">Contains the password to the username</param>
/// <param name="saslMech">Specifies the SASL Mechanism preferred</param>
/// <param name="portNum">Contains the port number over which the bind will accomplish</param>
/// <param name="enableTLS">This variable i used to state when we are using TLS </param>
/// <returns>Returns Success if the method is successful
/// Returns InvalidCreadentials if the passed in credentials are invalid</returns>
public errorstatus SASLAuthentication(name userName,
SASLChoice saslMech,
Password passWord,
Port portNum,
bool enableTLS)
{
//get the port number
enumPortNum = portNum;
//specifies invalidSPN.
bool invalidSPN = false;
if (userName == name.nonexistUserName)
{
//get from config file
user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName;
}
else if (userName == name.validUserName)
{
//Current user
user = ClientUserName;
}
if (passWord == Password.invalidPassword)
{
//get from config file
userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword;
}
else if (passWord == Password.validPassword)
{
userPassword = ClientUserPassword;
}
//SASL Bind
strResult = adtsRequirementsValidation.SASLBind(PdcFqdn,
(uint)enumPortNum,
user,
userPassword,
enableTLS,
saslMech,
invalidSPN);
//returned result
return(strResult);
}
/// <summary>
/// SimpleBind
/// This action is used for doing simple authentication.
/// This method is used for authenticating the Domain user and anonymous user
/// on both regular and protected LDAP ports
/// </summary>
/// <param name="userName">Contains username in Domain</param>
/// <param name="passWord">Contains the password to the username</param>
/// <param name="portNum">Contains the port number over which the bind will accomplish</param>
/// <param name="enableTLS">This variable i used to state when we are using TLS </param>
/// <returns>Returns Success if the method is successful
/// Returns InvalidCredentials if the passed in credentials are invalid</returns>
public errorstatus SimpleBind(name userName,
Password passWord,
Port portNum,
bool enableTLS)
{
//Assigning Authorization mechanism to Bind
strAuthMech = authenticationMech.simple;
//Assigning port number .
enumPortNum = portNum;
//Valid nameMapsMoreThanOneObject user and valid password
if ((userName == name.nameMapsMoreThanOneObject) && (passWord == Password.validPassword))
{
//name maps more than one object.
//To validate if name maps more than object
user = MS_ADTS_SecurityRequirementsValidator.NameMapsMorethanOneObject;
//Create an AD User.
ADTSHelper.CreateActiveDirUser(PdcFqdn, userName, ClientUserPassword, PdcDN);
//Change the attribute
ADTSHelper.ModifyOperation(PdcFqdn, userName, adTestType, ClientUserName, ClientUserPassword, PrimaryDomainDnsName, PDCOSVersion);
}
else if ((userName == name.nameMapsMoreThanOneObject) && (passWord == Password.invalidPassword))
{
//name maps more than one object.
user = MS_ADTS_SecurityRequirementsValidator.NameMapsMorethanOneObject;
//Invalid password
userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword;
}
//if invalid user name
else if (userName == name.nonexistUserName)
{
//get from config file
user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName;
}
//valid user
else if (userName == name.validUserName)
{
//get the Current username from config file
user = ClientUserName;
}
//Anonymous user
else if (userName == name.anonymousUser)
{
//Empty user name and Empty password
//Anonymous user should have (null,null) credentials
//Setting the credentials to null
user = null;
}
//invalid password
if ((passWord == Password.invalidPassword) && (userName != name.anonymousUser))
{
//get from config file
userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword;
}
if ((passWord == Password.invalidPassword) && (userName == name.anonymousUser))
{
//Anonymous user passowrd.
userPassword = null;
}
else if (passWord == Password.validPassword)
{
//get from config file
userPassword = ClientUserPassword;
if (userName == name.anonymousUser)
{
//anonymous user password.
userPassword = null;
}
}
//SimpleBind Authentication
strResult = adtsRequirementsValidation.SimpleBind(PdcFqdn, (uint)enumPortNum, user, userPassword, enableTLS, adTestType);
return(strResult);
}
