/// <summary>
/// Authenticate request at LDAP/Active Directory Domain with user-name and password
/// </summary>
private async Task <PacketCode> ProcessLdapAuthentication(PendingRequest request, ClientConfiguration clientConfig)
{
var userName = request.RequestPacket.UserName;
var password = request.RequestPacket.UserPassword;
if (string.IsNullOrEmpty(userName))
{
_logger.Warning("Can't find User-Name in message id={id} from {host:l}:{port}", request.RequestPacket.Identifier, request.RemoteEndpoint.Address, request.RemoteEndpoint.Port);
return(PacketCode.AccessReject);
}
if (string.IsNullOrEmpty(password))
{
_logger.Warning("Can't find User-Password in message id={id} from {host:l}:{port}", request.RequestPacket.Identifier, request.RemoteEndpoint.Address, request.RemoteEndpoint.Port);
return(PacketCode.AccessReject);
}
LdapService _service;
switch (clientConfig.FirstFactorAuthenticationSource)
{
case AuthenticationSource.ActiveDirectory:
_service = new ActiveDirectoryService(_serviceConfiguration, _logger);
break;
case AuthenticationSource.Ldap:
_service = new LdapService(_serviceConfiguration, _logger);
break;
default:
throw new NotImplementedException(clientConfig.FirstFactorAuthenticationSource.ToString());
}
//check all hosts
var ldapUriList = clientConfig.ActiveDirectoryDomain.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
foreach (var ldapUri in ldapUriList)
{
var isValid = await _service.VerifyCredential(userName, password, ldapUri, request, clientConfig);
if (isValid)
{
return(PacketCode.AccessAccept);
}
}
return(PacketCode.AccessReject);
}
