C# (CSharp) MultiFactor.SelfService.Windows.Portal.Services ActiveDirectoryCredentialValidationResult Examples

Programming Language: C# (CSharp)

Namespace/Package Name: MultiFactor.SelfService.Windows.Portal.Services

Class/Type: ActiveDirectoryCredentialValidationResult

Examples at hotexamples.com: 2

C# (CSharp) MultiFactor.SelfService.Windows.Portal.Services ActiveDirectoryCredentialValidationResult - 2 examples found. These are the top rated real world C# (CSharp) examples of MultiFactor.SelfService.Windows.Portal.Services.ActiveDirectoryCredentialValidationResult extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

ByPass(2)

KnownError(2)

Ok(2)

UnknowError(2)

Example #1

Show file

File: ActiveDirectoryService.cs Project: v-multifactor/MultiFactor.SelfService.Windows.Portal

        /// <summary>
        /// Verify User Name, Password, User Status and Policy against Active Directory
        /// </summary>
        public ActiveDirectoryCredentialValidationResult VerifyCredential(string userName, string password)
        {
            var login = CanonicalizeUserName(userName);

            try
            {
                _logger.Debug($"Verifying user {login} credential and status at {_configuration.Domain}");

                using (var connection = new LdapConnection(_configuration.Domain))
                {
                    connection.Credential = new NetworkCredential(login, password);
                    connection.Bind();
                }

                _logger.Information($"User {login} credential and status verified successfully at {_configuration.Domain}");

                var checkGroupMembership = !string.IsNullOrEmpty(_configuration.ActiveDirectory2FaGroup);
                if (checkGroupMembership)
                {
                    using (var ctx = new PrincipalContext(ContextType.Domain, _configuration.Domain, login, password))
                    {
                        using (var user = UserPrincipal.FindByIdentity(ctx, login))
                        {
                            //user must be member of security group
                            if (checkGroupMembership)
                            {
                                _logger.Debug($"Verifying user {login} is member of {_configuration.ActiveDirectory2FaGroup} group");

                                var isMemberOf = user.IsMemberOf(ctx, IdentityType.Name, _configuration.ActiveDirectory2FaGroup);
                                if (!isMemberOf)
                                {
                                    _logger.Information($"User {login} is NOT member of {_configuration.ActiveDirectory2FaGroup} group");
                                    _logger.Information($"Bypass second factor for user {login}");
                                    return(ActiveDirectoryCredentialValidationResult.ByPass());
                                }
                                _logger.Information($"User {login} is member of {_configuration.ActiveDirectory2FaGroup} group");
                            }
                        }
                    }
                }

                return(ActiveDirectoryCredentialValidationResult.Ok()); //OK
            }
            catch (LdapException lex)
            {
                var result = ActiveDirectoryCredentialValidationResult.KnownError(lex.ServerErrorMessage);
                _logger.Warning(lex.ServerErrorMessage);
                _logger.Warning($"Verification user {login} at {_configuration.Domain} failed: {result.Reason}");
                return(result);
            }
            catch (Exception ex)
            {
                _logger.Error(ex, $"Verification user {login} at {_configuration.Domain} failed.");
                return(ActiveDirectoryCredentialValidationResult.UnknowError());
            }
        }

Example #2

Show file

File: ActiveDirectoryService.cs Project: ilyacherevkov/MultiFactor.SelfService.Windows.Portal

        /// <summary>
        /// Verify User Name, Password, User Status and Policy against Active Directory
        /// </summary>
        public ActiveDirectoryCredentialValidationResult VerifyCredential(string userName, string password)
        {
            if (string.IsNullOrEmpty(userName))
            {
                throw new ArgumentNullException(nameof(userName));
            }
            if (string.IsNullOrEmpty(password))
            {
                _logger.Error($"Empty password provided for user '{userName}'");
                return(ActiveDirectoryCredentialValidationResult.UnknowError("Invalid credentials"));
            }

            var user = LdapIdentity.ParseUser(userName);

            try
            {
                _logger.Debug($"Verifying user '{user.Name}' credential and status at {_configuration.Domain}");

                using (var connection = new LdapConnection(_configuration.Domain))
                {
                    connection.Credential = new NetworkCredential(user.Name, password);
                    connection.Bind();

                    _logger.Information($"User '{user.Name}' credential and status verified successfully at {_configuration.Domain}");

                    var domain = LdapIdentity.FqdnToDn(_configuration.Domain);

                    var isProfileLoaded = LoadProfile(connection, domain, user, out var profile);
                    if (!isProfileLoaded)
                    {
                        return(ActiveDirectoryCredentialValidationResult.UnknowError("Unable to load profile"));
                    }

                    var checkGroupMembership = !string.IsNullOrEmpty(_configuration.ActiveDirectory2FaGroup);
                    if (checkGroupMembership)
                    {
                        var isMemberOf = IsMemberOf(connection, profile.BaseDn, user, _configuration.ActiveDirectory2FaGroup);

                        if (!isMemberOf)
                        {
                            _logger.Information($"User '{user.Name}' is NOT member of {_configuration.ActiveDirectory2FaGroup} group");
                            _logger.Information($"Bypass second factor for user '{user.Name}'");
                            return(ActiveDirectoryCredentialValidationResult.ByPass());
                        }
                        _logger.Information($"User '{user.Name}' is member of {_configuration.ActiveDirectory2FaGroup} group");
                    }

                    var result = ActiveDirectoryCredentialValidationResult.Ok();

                    result.DisplayName = profile.DisplayName;
                    result.Email       = profile.Email;

                    if (_configuration.UseActiveDirectoryUserPhone)
                    {
                        result.Phone = profile.Phone;
                    }
                    if (_configuration.UseActiveDirectoryMobileUserPhone)
                    {
                        result.Phone = profile.Mobile;
                    }

                    return(result);
                }
            }
            catch (LdapException lex)
            {
                var result = ActiveDirectoryCredentialValidationResult.KnownError(lex.ServerErrorMessage);
                _logger.Warning($"Verification user '{user.Name}' at {_configuration.Domain} failed: {result.Reason}");
                return(result);
            }
            catch (Exception ex)
            {
                _logger.Error(ex, $"Verification user '{user.Name}' at {_configuration.Domain} failed.");
                return(ActiveDirectoryCredentialValidationResult.UnknowError());
            }
        }