public virtual bool AuthenticateWithCertificate(Guid accountID, X509Certificate2 certificate, out UserAccount account)
{
Tracing.Information("[UserAccountService.AuthenticateWithCertificate] called for userID: {0}", accountID);
certificate.Validate();
account = this.GetByID(accountID);
if (account == null)
{
throw new ArgumentException("Invalid AccountID");
}
var result = account.Authenticate(certificate);
Update(account);
Tracing.Verbose("[UserAccountService.AuthenticateWithCertificate] result: {0}", result);
return(result);
}
public virtual bool AuthenticateWithCertificate(X509Certificate2 certificate, out UserAccount account)
{
Tracing.Information("[UserAccountService.AuthenticateWithCertificate] called");
certificate.Validate();
account = this.GetByCertificate(certificate.Thumbprint);
if (account == null)
{
return(false);
}
var result = account.Authenticate(certificate);
Update(account);
Tracing.Verbose("[UserAccountService.AuthenticateWithCertificate] result {0}", result);
return(result);
}
public virtual bool AuthenticateWithCertificate(Guid accountID, X509Certificate2 certificate, out UserAccount account)
{
Tracing.Information("[UserAccountService.AuthenticateWithCertificate] called for userID: {0}", accountID);
certificate.Validate();
account = this.GetByID(accountID);
if (account == null) throw new ArgumentException("Invalid AccountID");
var result = account.Authenticate(certificate);
Update(account);
Tracing.Verbose("[UserAccountService.AuthenticateWithCertificate] result: {0}", result);
return result;
}
public virtual bool AuthenticateWithCertificate(X509Certificate2 certificate, out UserAccount account)
{
Tracing.Information("[UserAccountService.AuthenticateWithCertificate] called");
certificate.Validate();
account = this.GetByCertificate(certificate.Thumbprint);
if (account == null) return false;
var result = account.Authenticate(certificate);
Update(account);
Tracing.Verbose("[UserAccountService.AuthenticateWithCertificate] result {0}", result);
return result;
}
protected internal virtual bool Authenticate(UserAccount account, string password, AuthenticationPurpose purpose)
{
Tracing.Verbose("[UserAccountService.Authenticate] for account: {0}", account.ID);
int failedLoginCount = SecuritySettings.AccountLockoutFailedLoginAttempts;
TimeSpan lockoutDuration = SecuritySettings.AccountLockoutDuration;
var result = account.Authenticate(password, failedLoginCount, lockoutDuration);
if (result &&
purpose == AuthenticationPurpose.SignIn &&
account.AccountTwoFactorAuthMode != TwoFactorAuthMode.None)
{
Tracing.Verbose("[UserAccountService.Authenticate] password authN successful, doing two factor auth checks: {0}, {1}", account.Tenant, account.Username);
bool shouldRequestTwoFactorAuthCode = true;
if (this.Configuration.TwoFactorAuthenticationPolicy != null)
{
shouldRequestTwoFactorAuthCode = this.Configuration.TwoFactorAuthenticationPolicy.RequestRequiresTwoFactorAuth(account);
Tracing.Verbose("[UserAccountService.Authenticate] TwoFactorAuthenticationPolicy.RequestRequiresTwoFactorAuth called, result: {0}", shouldRequestTwoFactorAuthCode);
}
if (shouldRequestTwoFactorAuthCode)
{
if (account.AccountTwoFactorAuthMode == TwoFactorAuthMode.Certificate)
{
Tracing.Verbose("[UserAccountService.Authenticate] requesting 2fa certificate: {0}, {1}", account.Tenant, account.Username);
result = account.RequestTwoFactorAuthCertificate();
}
if (account.AccountTwoFactorAuthMode == TwoFactorAuthMode.Mobile)
{
Tracing.Verbose("[UserAccountService.Authenticate] requesting 2fa mobile code: {0}, {1}", account.Tenant, account.Username);
result = account.RequestTwoFactorAuthCode();
}
}
}
Update(account);
Tracing.Verbose("[UserAccountService.Authenticate] authentication outcome: {0}", result ? "Successful Login" : "Failed Login");
return result;
}
protected internal virtual bool Authenticate(UserAccount account, string password, int failedLoginCount, TimeSpan lockoutDuration)
{
var result = account.Authenticate(password, failedLoginCount, lockoutDuration);
this.userRepository.SaveChanges();
Tracing.Verbose(String.Format("[UserAccountService.Authenticate] authentication outcome: {0}, {1}, {2}", account.Tenant, account.Username, result ? "Successful Login" : "Failed Login"));
return result;
}
protected internal virtual bool Authenticate(UserAccount account, string password, AuthenticationPurpose purpose)
{
Tracing.Verbose("[UserAccountService.Authenticate] for account: {0}", account.ID);
int failedLoginCount = Configuration.AccountLockoutFailedLoginAttempts;
TimeSpan lockoutDuration = Configuration.AccountLockoutDuration;
var result = account.Authenticate(password, failedLoginCount, lockoutDuration);
if (result &&
purpose == AuthenticationPurpose.SignIn &&
account.AccountTwoFactorAuthMode != TwoFactorAuthMode.None)
{
Tracing.Verbose("[UserAccountService.Authenticate] password authN successful, doing two factor auth checks: {0}, {1}", account.Tenant, account.Username);
bool shouldRequestTwoFactorAuthCode = true;
if (this.Configuration.TwoFactorAuthenticationPolicy != null)
{
var token = this.Configuration.TwoFactorAuthenticationPolicy.GetTwoFactorAuthToken(account);
if (!String.IsNullOrWhiteSpace(token))
{
shouldRequestTwoFactorAuthCode = !account.VerifyTwoFactorAuthToken(token);
Tracing.Verbose("[UserAccountService.Authenticate] TwoFactorAuthenticationPolicy token found, was verified: {0}", shouldRequestTwoFactorAuthCode);
}
else
{
Tracing.Verbose("[UserAccountService.Authenticate] TwoFactorAuthenticationPolicy no token present");
}
}
if (shouldRequestTwoFactorAuthCode)
{
if (account.AccountTwoFactorAuthMode == TwoFactorAuthMode.Certificate)
{
Tracing.Verbose("[UserAccountService.Authenticate] requesting 2fa certificate: {0}, {1}", account.Tenant, account.Username);
result = account.RequestTwoFactorAuthCertificate();
}
if (account.AccountTwoFactorAuthMode == TwoFactorAuthMode.Mobile)
{
Tracing.Verbose("[UserAccountService.Authenticate] requesting 2fa mobile code: {0}, {1}", account.Tenant, account.Username);
result = account.RequestTwoFactorAuthCode();
}
}
}
Update(account);
Tracing.Verbose("[UserAccountService.Authenticate] authentication outcome: {0}", result ? "Successful Login" : "Failed Login");
return result;
}
protected internal virtual bool Authenticate(UserAccount account, string password, AuthenticationPurpose purpose)
{
int failedLoginCount = SecuritySettings.AccountLockoutFailedLoginAttempts;
TimeSpan lockoutDuration = SecuritySettings.AccountLockoutDuration;
var result = account.Authenticate(password, failedLoginCount, lockoutDuration);
if (result &&
purpose == AuthenticationPurpose.SignIn &&
account.UseTwoFactorAuth)
{
bool shouldRequestTwoFactorAuthCode = true;
if (this.Configuration.TwoFactorAuthenticationPolicy != null)
{
shouldRequestTwoFactorAuthCode = this.Configuration.TwoFactorAuthenticationPolicy.RequestRequiresTwoFactorAuth(account);
}
if (shouldRequestTwoFactorAuthCode)
{
Tracing.Verbose(String.Format("[UserAccountService.Authenticate] requesting 2fa code: {0}, {1}", account.Tenant, account.Username));
result = account.RequestTwoFactorAuthCode();
}
}
Update(account);
Tracing.Verbose(String.Format("[UserAccountService.Authenticate] authentication outcome: {0}, {1}, {2}", account.Tenant, account.Username, result ? "Successful Login" : "Failed Login"));
return result;
}
protected internal virtual bool Authenticate(UserAccount account, string password)
{
int failedLoginCount = securitySettings.AccountLockoutFailedLoginAttempts;
TimeSpan lockoutDuration = securitySettings.AccountLockoutDuration;
var result = account.Authenticate(password, failedLoginCount, lockoutDuration);
this.userRepository.Update(account);
Tracing.Verbose(String.Format("[UserAccountService.Authenticate] authentication outcome: {0}, {1}, {2}", account.Tenant, account.Username, result ? "Successful Login" : "Failed Login"));
return result;
}