private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail) { viaEmail = true; var action = MessageAction.LoginFailViaApi; UserInfo user; try { if (string.IsNullOrEmpty(provider) || provider == "email") { userName.ThrowIfNull(new ArgumentException("userName empty", "userName")); password.ThrowIfNull(new ArgumentException("password empty", "password")); if (!ActiveDirectoryUserImporter.TryGetLdapUserInfo(userName, password, out user)) { user = CoreContext.UserManager.GetUsers( CoreContext.TenantManager.GetCurrentTenant().TenantId, userName, Hasher.Base64Hash(password, HashAlg.SHA256)); } if (user == null || !CoreContext.UserManager.UserExists(user.ID)) { throw new Exception("user not found"); } } else { viaEmail = false; action = MessageAction.LoginFailViaApiSocialAccount; var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken); userName = thirdPartyProfile.EMail; user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile); } } catch { MessageService.Send(Request, string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action); throw new AuthenticationException("User authentication failed"); } var tenant = CoreContext.TenantManager.GetCurrentTenant(); var settings = SettingsManager.Instance.LoadSettings <IPRestrictionsSettings>(tenant.TenantId); if (settings.Enable && user.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant)) { throw new IPSecurityException(); } return(user); }
private UserInfo GetUser(out AuthMethod method) { UserInfo userInfo; if (ActiveDirectoryUserImporter.TryGetLdapUserInfo(Login, Password, out userInfo)) { method = AuthMethod.Ldap; return(userInfo); } Guid userId; if (LoginWithThirdParty.TryGetUserByHash(HashId, out userId)) { method = AuthMethod.ThirdParty; return(CoreContext.UserManager.GetUsers(userId)); } method = AuthMethod.Login; return(CoreContext.UserManager.GetUsers(TenantProvider.CurrentTenantID, Login, Hasher.Base64Hash(Password, HashAlg.SHA256))); }
protected void Page_Load(object sender, EventArgs e) { Page.RegisterStyleControl(VirtualPathUtility.ToAbsolute("~/usercontrols/common/authorize/css/authorize.less")); Page.RegisterBodyScripts(ResolveUrl("~/usercontrols/common/authorize/js/authorize.js")); Login = ""; Password = ""; HashId = ""; //Account link control AccountLinkControl accountLink = null; if (SetupInfo.ThirdPartyAuthEnabled && AccountLinkControl.IsNotEmpty) { accountLink = (AccountLinkControl)LoadControl(AccountLinkControl.Location); accountLink.Visible = true; accountLink.ClientCallback = "authCallback"; accountLink.SettingsView = false; signInPlaceholder.Controls.Add(accountLink); } //top panel var master = Page.Master as BaseTemplate; if (master != null) { master.TopStudioPanel.DisableProductNavigation = true; master.TopStudioPanel.DisableSearch = true; } Page.Title = HeaderStringHelper.GetPageTitle(Resource.Authorization); pwdReminderHolder.Controls.Add(LoadControl(PwdTool.Location)); var msg = Request["m"]; var urlError = Request.QueryString["error"]; if (!string.IsNullOrEmpty(msg)) { ErrorMessage = msg; } else if (urlError == "ipsecurity") { ErrorMessage = Resource.LoginFailIPSecurityMsg; } var thirdPartyProfile = Request.Url.GetProfile(); if ((IsPostBack || thirdPartyProfile != null) && !SecurityContext.IsAuthenticated) { var tryByHash = false; var smsLoginUrl = string.Empty; try { if (thirdPartyProfile != null) { if (string.IsNullOrEmpty(thirdPartyProfile.AuthorizationError)) { HashId = thirdPartyProfile.HashId; } else { // ignore cancellation if (thirdPartyProfile.AuthorizationError != "Canceled at provider") { ErrorMessage = thirdPartyProfile.AuthorizationError; } } } else { if (!string.IsNullOrEmpty(Request["__EVENTARGUMENT"]) && Request["__EVENTTARGET"] == "signInLogin" && accountLink != null) { HashId = ASC.Common.Utils.Signature.Read <string>(Request["__EVENTARGUMENT"]); } } if (!string.IsNullOrEmpty(Request["login"])) { Login = Request["login"].Trim(); } else if (string.IsNullOrEmpty(HashId)) { throw new InvalidCredentialException("login"); } if (!string.IsNullOrEmpty(Request["pwd"])) { Password = Request["pwd"]; } else if (string.IsNullOrEmpty(HashId)) { throw new InvalidCredentialException("password"); } if (string.IsNullOrEmpty(HashId)) { var counter = (int)(cache.Get("loginsec/" + Login) ?? 0); if (++counter % 5 == 0) { Thread.Sleep(TimeSpan.FromSeconds(10)); } cache.Insert("loginsec/" + Login, counter, DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); } if (!ActiveDirectoryUserImporter.TryLdapAuth(Login, Password)) { smsLoginUrl = SmsLoginUrl(accountLink); if (string.IsNullOrEmpty(smsLoginUrl)) { var session = string.IsNullOrEmpty(Request["remember"]); if (string.IsNullOrEmpty(HashId)) { var cookiesKey = SecurityContext.AuthenticateMe(Login, Password); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey, session); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess); } else { Guid userId; tryByHash = TryByHashId(accountLink, HashId, out userId); var cookiesKey = SecurityContext.AuthenticateMe(userId); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey, session); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccessViaSocialAccount); } } } } catch (InvalidCredentialException) { Auth.ProcessLogout(); ErrorMessage = tryByHash ? Resource.LoginWithAccountNotFound : Resource.InvalidUsernameOrPassword; var loginName = tryByHash && !string.IsNullOrWhiteSpace(HashId) ? HashId : string.IsNullOrWhiteSpace(Login) ? AuditResource.EmailNotSpecified : Login; var messageAction = tryByHash ? MessageAction.LoginFailSocialAccountNotFound : MessageAction.LoginFailInvalidCombination; MessageService.Send(HttpContext.Current.Request, loginName, messageAction); return; } catch (System.Security.SecurityException) { Auth.ProcessLogout(); ErrorMessage = Resource.ErrorDisabledProfile; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailDisabledProfile); return; } catch (IPSecurityException) { Auth.ProcessLogout(); ErrorMessage = Resource.ErrorIpSecurity; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailIpSecurity); return; } catch (Exception ex) { Auth.ProcessLogout(); ErrorMessage = ex.Message; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFail); return; } if (!string.IsNullOrEmpty(smsLoginUrl)) { Response.Redirect(smsLoginUrl); } var refererURL = (string)Session["refererURL"]; if (string.IsNullOrEmpty(refererURL)) { Response.Redirect(CommonLinkUtility.GetDefault()); } else { Session["refererURL"] = null; Response.Redirect(refererURL); } } ProcessConfirmedEmailCondition(); }