public override Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent) { List <string> cnValue = null; authenticationEvent.Rdn.TryGetValue("cn", out cnValue); List <string> dcValue = null; authenticationEvent.Rdn.TryGetValue("dc", out dcValue); if (cnValue.Contains("Manager") && dcValue.Contains("example") && dcValue.Contains("com")) { return(Task.FromResult(true)); } else if (cnValue.Contains("OnlyBindUser") && authenticationEvent.Password == "OnlyBindUserPassword") { return(Task.FromResult(true)); } return(Task.FromResult(false)); }
/// <summary> /// Override this for authentication requests. /// </summary> /// <param name="context"></param> /// <param name="authenticationEvent"></param> /// <returns>Whether the authentication should succeed or not</returns> public virtual Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent) { return(Task.FromResult(false)); }
public override async Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent) { List <string>?cns = null; authenticationEvent.Rdn.TryGetValue("cn", out cns); List <string>?dcs = null; authenticationEvent.Rdn.TryGetValue("dc", out dcs); List <string>?ous = null; authenticationEvent.Rdn.TryGetValue("ou", out ous); Guid appGuid = new Guid(dcs[0]); if (cns != null && dcs != null) { if (cns[0] == "BindUser" && ous == null) { LdapAppSettings?settings; using (var authDbContext = _authDbContextFactory.CreateDbContext()) { settings = await authDbContext.LdapAppSettings .Include(s => s.AuthApp) .SingleOrDefaultAsync(s => s.AuthApp.Id == appGuid); } if (settings != null) { byte[] correctPassword = Encoding.ASCII.GetBytes(_ldapSettingsDataProtector.Unprotect(settings.BindUserPassword)); byte[] providedPassword = Encoding.ASCII.GetBytes(authenticationEvent.Password); bool isCorrectPassword = CryptographicOperations.FixedTimeEquals(correctPassword, providedPassword); return(isCorrectPassword); } } else if (ous != null && ous[0] == "people") { Guid userId = new Guid(cns[0]); IEnumerable <LdapAppUserCredentials> creds = new List <LdapAppUserCredentials>(); using (var authDbContext = _authDbContextFactory.CreateDbContext()) { creds = await authDbContext.LdapAppUserCredentials .Where(c => c.User.Id == userId) .Where(c => c.LdapAppSettings.AuthApp.Id == appGuid) .ToListAsync(); } bool validCredentials = false; CancellationTokenSource cts = new CancellationTokenSource(); ParallelOptions po = new ParallelOptions(); po.CancellationToken = cts.Token; po.CancellationToken.ThrowIfCancellationRequested(); try { Parallel.ForEach(creds, po, (cred) => { bool isValid = _hasher.VerifyHash(cred.HashedPassword, authenticationEvent.Password); if (isValid) { validCredentials = true; cts.Cancel(); } }); } catch (OperationCanceledException) { } finally { cts.Dispose(); } return(validCredentials); } } return(false); }
public override async Task <bool> OnAuthenticationRequest(ClientContext context, IAuthenticationEvent authenticationEvent) { BindRequest bindRequest = new BindRequest { UserIdentity = ExtractUserIdentity(authenticationEvent.Rdn), IsEncryptedRequest = context.HasEncryptedConnection, Password = authenticationEvent.Password, IpAddress = context.IpAddress.ToString(), }; var response = await _ldapClient.ExecuteBindRequestAsync(bindRequest); return(response.WasBindSuccessful); }