/// <summary> /// MutualAuthBind /// This action is used to do Mutual authentication. /// This method is used to authenticate the Domain user /// on both regular and protected LDAP ports between client and server mutually /// </summary> /// <param name="userName">Contains username in Domain</param> /// <param name="passWord">Contains the password to the username</param> /// <param name="validSPN">This variable i used to state when we are using valid SPN </param> /// <returns>Returns Success if the method is successful /// Returns InvalidCredentials if the passed in credentials are invalid</returns> public errorstatus MutualAuthBind(name userName, Password passWord, bool validSPN) { if (userName == name.nonexistUserName) { //get from config file user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName; } else if (userName == name.validUserName) { //Current user user = ClientUserName; } if (passWord == Password.invalidPassword) { //get from config file userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword; } else if (passWord == Password.validPassword) { userPassword = ClientUserPassword; } //Mutual Bind strResult = adtsRequirementsValidation.MutualBind(user, userPassword, validSPN); //returned result return(strResult); }
/// <summary> /// SicilyBind /// This method is used for modeling behaviors pertaining to /// SicilyBind. Similar to SASL GSSSPNEGO type of binding /// </summary> /// <param name="userName">Contains username in Domain</param> /// <param name="passWord">Contains the password to the username</param> /// <param name="portNum">Contains the port number over which the bind will accomplish</param> /// <param name="enableTLS">This variable is used to state when we are using TLS </param> /// <returns>Returns Success if the method is successful /// Returns InvalidCredentials if the passed in credentials are invalid</returns> public errorstatus SicilyBind(name userName, Password passWord, Port portNum, bool enableTLS) { //Assigning Authorization mechanism to Bind strAuthMech = authenticationMech.sicily; //Assigning port number . enumPortNum = portNum; //if invalid user name if (userName == name.nonexistUserName) { //get from config file user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName; } //valid user else if (userName == name.validUserName) { //Current user user = ClientUserName; } //invalid password if (passWord == Password.invalidPassword) { //get from config file userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword; } else if (passWord == Password.validPassword) { //get from config file userPassword = ClientUserPassword; if (userName == name.anonymousUser) { //anonymous user password. userPassword = null; } } //SicilyBind Authentication strResult = adtsRequirementsValidation.SicilyBind(PdcFqdn, (uint)enumPortNum, user, userPassword, enableTLS); return(strResult); }
/// <summary> /// The following authentication mechanisms are covered under SASL authentication: /// GSS-SPNEGO /// GSSAPI /// External /// Digest-MD5/ /// This action is used to do SPNEGOBind, GSSAPI, External or Digest-MD5 /// authentication as per authMech passed from InitializeSession. /// This method is used to authenticate the Domain user /// on both regular and protected LDAP ports /// </summary> /// <param name="userName">Contains username in Domain</param> /// <param name="passWord">Contains the password to the username</param> /// <param name="saslMech">Specifies the SASL Mechanism preferred</param> /// <param name="portNum">Contains the port number over which the bind will accomplish</param> /// <param name="enableTLS">This variable i used to state when we are using TLS </param> /// <returns>Returns Success if the method is successful /// Returns InvalidCreadentials if the passed in credentials are invalid</returns> public errorstatus SASLAuthentication(name userName, SASLChoice saslMech, Password passWord, Port portNum, bool enableTLS) { //get the port number enumPortNum = portNum; //specifies invalidSPN. bool invalidSPN = false; if (userName == name.nonexistUserName) { //get from config file user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName; } else if (userName == name.validUserName) { //Current user user = ClientUserName; } if (passWord == Password.invalidPassword) { //get from config file userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword; } else if (passWord == Password.validPassword) { userPassword = ClientUserPassword; } //SASL Bind strResult = adtsRequirementsValidation.SASLBind(PdcFqdn, (uint)enumPortNum, user, userPassword, enableTLS, saslMech, invalidSPN); //returned result return(strResult); }
/// <summary> /// SimpleBind /// This action is used for doing simple authentication. /// This method is used for authenticating the Domain user and anonymous user /// on both regular and protected LDAP ports /// </summary> /// <param name="userName">Contains username in Domain</param> /// <param name="passWord">Contains the password to the username</param> /// <param name="portNum">Contains the port number over which the bind will accomplish</param> /// <param name="enableTLS">This variable i used to state when we are using TLS </param> /// <returns>Returns Success if the method is successful /// Returns InvalidCredentials if the passed in credentials are invalid</returns> public errorstatus SimpleBind(name userName, Password passWord, Port portNum, bool enableTLS) { //Assigning Authorization mechanism to Bind strAuthMech = authenticationMech.simple; //Assigning port number . enumPortNum = portNum; //Valid nameMapsMoreThanOneObject user and valid password if ((userName == name.nameMapsMoreThanOneObject) && (passWord == Password.validPassword)) { //name maps more than one object. //To validate if name maps more than object user = MS_ADTS_SecurityRequirementsValidator.NameMapsMorethanOneObject; //Create an AD User. ADTSHelper.CreateActiveDirUser(PdcFqdn, userName, ClientUserPassword, PdcDN); //Change the attribute ADTSHelper.ModifyOperation(PdcFqdn, userName, adTestType, ClientUserName, ClientUserPassword, PrimaryDomainDnsName, PDCOSVersion); } else if ((userName == name.nameMapsMoreThanOneObject) && (passWord == Password.invalidPassword)) { //name maps more than one object. user = MS_ADTS_SecurityRequirementsValidator.NameMapsMorethanOneObject; //Invalid password userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword; } //if invalid user name else if (userName == name.nonexistUserName) { //get from config file user = MS_ADTS_SecurityRequirementsValidator.NonExistUserName; } //valid user else if (userName == name.validUserName) { //get the Current username from config file user = ClientUserName; } //Anonymous user else if (userName == name.anonymousUser) { //Empty user name and Empty password //Anonymous user should have (null,null) credentials //Setting the credentials to null user = null; } //invalid password if ((passWord == Password.invalidPassword) && (userName != name.anonymousUser)) { //get from config file userPassword = MS_ADTS_SecurityRequirementsValidator.InvalidPassword; } if ((passWord == Password.invalidPassword) && (userName == name.anonymousUser)) { //Anonymous user passowrd. userPassword = null; } else if (passWord == Password.validPassword) { //get from config file userPassword = ClientUserPassword; if (userName == name.anonymousUser) { //anonymous user password. userPassword = null; } } //SimpleBind Authentication strResult = adtsRequirementsValidation.SimpleBind(PdcFqdn, (uint)enumPortNum, user, userPassword, enableTLS, adTestType); return(strResult); }