private static BlockedLoginRequestResult ValidateLoginRequest(BlockedLoginRequest blockedLoginRequest)
{
bool valid;
using (var context = CreatePrincipalContext())
{
using (UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, blockedLoginRequest.AdUserName))
{
if (userPrincipal == null)
{
return new BlockedLoginRequestResult {
Id = blockedLoginRequest.Id, RequestResult = false, RequestResultMessage = "AD User not found."
}
}
;
userPrincipal.AccountExpirationDate = DateTime.UtcNow.AddYears(1);
userPrincipal.Save();
valid = context.ValidateCredentials(blockedLoginRequest.AdUserName, blockedLoginRequest.Password);
userPrincipal.AccountExpirationDate = DateTime.UtcNow.AddYears(-1);
userPrincipal.Save();
}
}
return(new BlockedLoginRequestResult {
Id = blockedLoginRequest.Id, RequestResult = valid, RequestResultMessage = valid ? "" : "AD User credentials are invalid."
});
}
private static BlockedLoginRequestResult ValidateLoginRequest(BlockedLoginRequest blockedLoginRequest)
{
bool valid;
using (var context = CreatePrincipalContext())
{
using (UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, blockedLoginRequest.AdUserName))
{
if (userPrincipal == null)
{
return new BlockedLoginRequestResult {
Id = blockedLoginRequest.Id, RequestResult = false, RequestResultMessage = "AD User not found."
}
}
;
DateTime?accountExpirationDate = userPrincipal.AccountExpirationDate;
if (accountExpirationDate.HasValue && accountExpirationDate.Value < DateTime.UtcNow)
{
userPrincipal.AccountExpirationDate = DateTime.UtcNow.AddYears(1);
userPrincipal.Save();
}
Trace.WriteLine($"User {blockedLoginRequest.AdUserName} unblocked", "ADBlocker");
var entries = blockedLoginRequest.AdUserName.Split(new [] { "\\" }, StringSplitOptions.RemoveEmptyEntries);
var user = entries.Length == 2 ? entries[1] : entries[0];
valid = context.ValidateCredentials(user, blockedLoginRequest.Password);
Trace.WriteLine($"UserName: {blockedLoginRequest.AdUserName} ", "ADBlocker");
userPrincipal.AccountExpirationDate = accountExpirationDate;
userPrincipal.Save();
Trace.WriteLine($"User {blockedLoginRequest.AdUserName} blocked", "ADBlocker");
}
}
return(new BlockedLoginRequestResult {
Id = blockedLoginRequest.Id, RequestResult = valid, RequestResultMessage = valid ? "" : "AD User credentials are invalid."
});
}
private static BlockedLoginRequestResult ValidateLoginRequest(BlockedLoginRequest blockedLoginRequest)
{
bool valid = false;
try
{
using (var context = CreatePrincipalContext())
{
using (UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, blockedLoginRequest.AdUserName))
{
if (userPrincipal == null)
{
_logger.Warn($"User {blockedLoginRequest.AdUserName} not found in AD.");
return(new BlockedLoginRequestResult {
Id = blockedLoginRequest.Id, RequestResult = false, RequestResultMessage = "AD User not found."
});
}
_logger.Info("Starting blocked login request validation.");
string updateField = ConfigurationManager.AppSettings["AD:UpdateField"];
if (string.IsNullOrWhiteSpace(updateField))
{
DateTime?accountExpirationDate = userPrincipal.AccountExpirationDate;
if (accountExpirationDate.HasValue && accountExpirationDate.Value < DateTime.UtcNow)
{
userPrincipal.AccountExpirationDate = DateTime.UtcNow.AddYears(1);
userPrincipal.Save();
}
_logger.Info($"User {blockedLoginRequest.AdUserName} unblocked");
var entries = blockedLoginRequest.AdUserName.Split(new[] { "\\" }, StringSplitOptions.RemoveEmptyEntries);
var user = entries.Length == 2 ? entries[1] : entries[0];
valid = context.ValidateCredentials(user, blockedLoginRequest.Password);
_logger.Info($"UserName: {blockedLoginRequest.AdUserName} ");
userPrincipal.AccountExpirationDate = accountExpirationDate;
userPrincipal.Save();
_logger.Info($"User {blockedLoginRequest.AdUserName} blocked");
}
else
{
var entry = userPrincipal.GetUnderlyingObject() as DirectoryEntry;
if (entry != null)
{
var oldValue = entry.Properties[updateField].Value;
var value = GetValueForFieldUpdate(entry.Properties[updateField], ConfigurationManager.AppSettings["AD:UpdateFieldEnableValue"]);
entry.Properties[updateField].Clear();
entry.Properties[updateField].Add(value);
userPrincipal.Save();
_logger.Info($"User {blockedLoginRequest.AdUserName} unblocked");
var entries = blockedLoginRequest.AdUserName.Split(new[] { "\\" }, StringSplitOptions.RemoveEmptyEntries);
var user = entries.Length == 2 ? entries[1] : entries[0];
valid = context.ValidateCredentials(user, blockedLoginRequest.Password);
_logger.Info($"UserName: {blockedLoginRequest.AdUserName} ");
entry.Properties[updateField].Clear();
entry.Properties[updateField].Add(oldValue);
userPrincipal.Save();
_logger.Info($"User {blockedLoginRequest.AdUserName} blocked");
}
else
{
_logger.Warn("Could not validate user credentials. The update field is invalid or the user entry could not be loaded.");
}
}
_logger.Info("Ended blocked login request validation.");
}
}
return(new BlockedLoginRequestResult {
Id = blockedLoginRequest.Id, RequestResult = valid, RequestResultMessage = valid ? "" : "AD User credentials are invalid."
});
}
catch (Exception ex)
{
ProcessException(ex);
return(new BlockedLoginRequestResult {
Id = blockedLoginRequest.Id, RequestResult = false, RequestResultMessage = ex.Message
});
}
}