public AddDummyClaimTransformation(IIdentifyLogWriter identifyLogWriter)
{
if (identifyLogWriter == null)
{
throw new ArgumentNullException("identifyLogWriter");
}
this.identifyLogWriter = identifyLogWriter;
}
private bool VerifyIfUserNameIsCorrect(string username, IIdentifyLogWriter logWriter)
{
if (username.Equals("unknownusername", StringComparison.InvariantCultureIgnoreCase))
{
logWriter.WriteError($"Incorrect passord {username}");
return(false);
}
return(true);
}
public GenericProviderSampleClaimTransformation(IIdentifyLogWriter identifyLogWriter)
{
if (identifyLogWriter == null)
{
throw new ArgumentNullException(nameof(identifyLogWriter));
}
_identifyLogWriter = identifyLogWriter;
}
private bool VerifyPasswordIsCorrect(string password, IIdentifyLogWriter logWriter)
{
if (password.Equals("incorrectpassword", StringComparison.InvariantCultureIgnoreCase))
{
logWriter.WriteError($"Incorrect passord {password}");
return(false);
}
return(true);
}
/// <summary>
/// It is an example how to access protocol connection id and entityId in external modules
/// </summary>
/// <param name="cc"></param>
/// <param name="logWriter"></param>
private void LookupProtocolConnection(ControllerContext cc, IIdentifyLogWriter logWriter)
{
const string temporaryContextKey = "ici_TemporaryProtocolContext";
var httpContext = cc.HttpContext;
dynamic temporaryContext = httpContext.Items[temporaryContextKey];
dynamic contextIdKey = temporaryContext.ContextIdKey;
string contextId = contextIdKey.ContextId;
Guid protocolConnectionId = contextIdKey.ProtocolConnectionId;
string protocolConnectionEntityId = contextIdKey.ProtocolConnectionEntityId;
logWriter.WriteInformation(
$"DummyGenericValidatorUsernamePassword. ContextId = '{contextId}'. Protocol connection id = '{protocolConnectionId}', entityId = '{protocolConnectionEntityId}'");
}
/// <summary>
/// This sample has two dependencies to IIdentifyLdapStore and IIdentifyLogWriter. Their implementations are provided by Identify.
/// </summary>
/// <param name="identifyLdapStore">A service whose implementation is built in Identify. It is used to access LDAP stores</param>
/// <param name="logWriter">A logger</param>
public LdapUserProfileService(IIdentifyLdapStore identifyLdapStore, IIdentifyLogWriter logWriter)
{
if (identifyLdapStore == null)
{
throw new ArgumentNullException("identifyLdapStore");
}
if (logWriter == null)
{
throw new ArgumentNullException("logWriter");
}
this.identifyLdapStore = identifyLdapStore;
this.logWriter = logWriter;
}
public BootstrapTokenTestClaimTransformation(IIdentifyLogWriter identifyLogWriter)
{
this.identifyLogWriter = identifyLogWriter ?? throw new ArgumentNullException("identifyLogWriter");
}
public CredentialsValidationResult Validate(ControllerContext cc, IDictionary <string, string> inputs, IIdentifyLogWriter logWriter)
{
if (cc == null)
{
throw new ArgumentNullException("cc");
}
if (inputs == null)
{
throw new ArgumentNullException("inputs");
}
if (logWriter == null)
{
throw new ArgumentNullException("logWriter");
}
// Old ATP login code - execute as normal if connvert setting is false
ValueProviderResult cprClaimType;
if (!GetValue(cc, "CprClaimType", out cprClaimType))
{
return(CreateShowLoginViewResult());
}
ValueProviderResult cprNumber;
if (!GetValue(cc, "CprNumber", out cprNumber))
{
return(CreateShowLoginViewResult());
}
ClaimsPrincipal principal = this.BuildPrincipal(cprClaimType, cprNumber);
AddConnectionEntityIdentifiers(cc, principal);
return(new CredentialsValidationResult
{
ResultCode = CredentialsValidationResultCode.Success,
ClaimsPrincipal = principal
});
}
public CredentialsValidationResult Validate(ControllerContext cc, IDictionary <string, string> input, IIdentifyLogWriter logWriter)
{
var validationResult = ValidateInput(input);
LookupProtocolConnection(cc, logWriter);
if (validationResult.ResultCode != CredentialsValidationResultCode.Success)
{
logWriter.WriteWarning("Validate the input failed. Error code: " + validationResult.ResultCode +
". ExternalErrorMessages: " + string.Join("\n-", validationResult.ExternalErrorMessages));
validationResult.ShowErrorViewWhenResultCodeIsNotSuccess = true;
return(validationResult);
}
var connectionString = input[ConnectionString];
try
{
var userRepository = new DummyUserRepository(connectionString);
var username = input[UserName].Trim();
var user = userRepository.GetUserByName(username);
if (user == null)
{
logWriter.WriteInformation("User not found. Search username: "******"User information: [UserName: {0}], [Password: {1}], [IsDisabled: {2}], [IsLocked: {3}]",
user.Username,
user.Password, user.IsDisabled, user.IsLocked));
var password = input[Password].Trim();
if (user.Password.Trim() != password)
{
validationResult.ExternalErrorMessages.Add("Password is invalid. Expected: " + user.Password);
validationResult.ResultCode = CredentialsValidationResultCode.IncorrectPassword;
}
else if (user.IsDisabled)
{
validationResult.ResultCode = CredentialsValidationResultCode.UserDisabled;
}
else if (user.IsLocked)
{
validationResult.ResultCode = CredentialsValidationResultCode.UserLocked;
}
else
{
validationResult.UserIdentity = user.Username;
validationResult.ResultCode = CredentialsValidationResultCode.Success;
}
}
}
catch (Exception ex)
{
logWriter.WriteError("An unexpected exception happends. Error message: " + ex.Message + ". StackTrace: " + ex.StackTrace);
validationResult.ResultCode = CredentialsValidationResultCode.UnknownError;
validationResult.ExternalErrorMessages.Add(ex.Message);
}
logWriter.WriteInformation("Validation with result code: " + validationResult.ResultCode + ". ExternalErrorMessages: " +
string.Join("\n-", validationResult.ExternalErrorMessages));
validationResult.ShowErrorViewWhenResultCodeIsNotSuccess = true;
return(validationResult);
}
/// <summary>
/// Validate credentials by generic provider
/// </summary>
/// <param name="cc">Notice that on STs the controller context is irrelevant</param>
/// <param name="inputs"></param>
/// <param name="logWriter"></param>
/// <returns></returns>
public CredentialsValidationResult Validate(ControllerContext cc, IDictionary <string, string> inputs, IIdentifyLogWriter logWriter)
{
var validationResult = ValidateInput(inputs);
if (validationResult.ResultCode != CredentialsValidationResultCode.Success)
{
logWriter.WriteError("Validate the input failed. Error code: " + validationResult.ResultCode +
". ExternalErrorMessages: " + string.Join("\n-", validationResult.ExternalErrorMessages));
validationResult.ShowErrorViewWhenResultCodeIsNotSuccess = false;
return(validationResult);
}
var username = inputs[UserName];
var password = inputs[Password];
var serviceIdentifier = inputs[ServiceIdentifier];
if (!VerifyIfUserNameIsCorrect(username, logWriter))
{
return(new CredentialsValidationResult {
ResultCode = CredentialsValidationResultCode.UnknownUserName
});
}
if (!VerifyPasswordIsCorrect(password, logWriter))
{
return(new CredentialsValidationResult {
ResultCode = CredentialsValidationResultCode.IncorrectPassword
});
}
var logResult = new StringBuilder();
logResult.AppendLine(
$"Successfully validate generic credentials for username = '******' with service identifier ='{serviceIdentifier}'");
logResult.AppendLine("");
// For this example, we are returning only claims whose types start with "additionalClaims". In reality, here is where you put on your business logic code to return claims.
var identity = new ClaimsIdentity(AuthenticationTypes.Password);
foreach (var input in inputs)
{
if (input.Key.StartsWith(AdditionalClaims, StringComparison.InvariantCultureIgnoreCase))
{
identity.AddClaim(new Claim(input.Key, input.Value));
logResult.AppendLine($"Additional claims received: type = '{input.Key}' - value ='{input.Value}'");
if (input.Value.Equals("exception"))
{
throw new GenericProviderSampleException("Generic provider exception is thrown on UsernamePasswordGenericCredentialsValidator as requested");
}
}
}
logWriter.WriteInformation(logResult);
return(new CredentialsValidationResult {
ResultCode = CredentialsValidationResultCode.Success, ClaimsPrincipal = new ClaimsPrincipal(identity)
});
}
