/// <summary>
/// Check the OTP and do the real authentication
/// </summary>
/// <param name="proofData">the data from the HTML field</param>
/// <param name="authContext">The auth context which contains secured parametes</param>
/// <returns>True if auth is done and user can be validated</returns>
private bool ValidateProofData(IProofData proofData, IAuthenticationContext authContext)
{
if (authContext is null)
{
authContext = new AuthenticationContext();
}
if (proofData == null || proofData.Properties == null || !proofData.Properties.ContainsKey("otpvalue"))
{
throw new ExternalAuthenticationException($"ValidateProofData() OTP not found for {authContext.Data["userid"]}", authContext);
}
if (!ssl)
{
#pragma warning disable CA5359 // Do Not Disable Certificate Validation
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
#pragma warning restore CA5359 // Do Not Disable Certificate Validation
}
try
{
string otpvalue = (string)proofData.Properties["otpvalue"];
string session_user = (string)authContext.Data["userid"];
string session_realm = (string)authContext.Data["realm"];
string transaction_id = authContext.Data.ContainsKey("transaction_id") ? (string)authContext.Data["transaction_id"] : "";
#if DEBUG
Debug.WriteLine($"{Helper.debugPrefix} ValidateProofData() user {session_user}, OTP {otpvalue}, realm {session_realm}, transaction {transaction_id}");
#endif
// if we're running a server farm and BeginAuthentication was called on a different server
if (otp_prov is null)
{
otp_prov = new OTPprovider(privacyIDEAurl);
}
return(otp_prov.ValidateOTP(session_user, otpvalue, session_realm, transaction_id));
}
catch (Exception ex)
{
#if DEBUG
Debug.WriteLine($"{Helper.debugPrefix} ValidateProofData() exception: {ex.Message}");
#endif
throw new ExternalAuthenticationException($"ValidateProofData() exception: {ex.Message}", authContext);
}
}
