public ActionResult ValidateUser()
{
PswMigrationResponse pswMigrationRsp = new PswMigrationResponse();
LdapServiceModel ldapServiceModel = null;
CustomUser oktaUser = null;
string username = null;
string password = null;
username = Request["username"];
password = Request["password"];
ldapServiceModel = new LdapServiceModel();
ldapServiceModel.ldapServer = appSettings["ldap.server"];
ldapServiceModel.ldapPort = appSettings["ldap.port"];
ldapServiceModel.baseDn = appSettings["ldap.baseDn"];
//use received username and password to bind with LDAP
//if password is valid, set password in Okta
try
{
//check username in Okta and password status
oktaUser = _oktaUserMgmt.GetCustomUser(username);
}
catch (OktaException)
{
//trap error, handle User is null
}
if (oktaUser != null)
{
if (string.IsNullOrEmpty(oktaUser.Profile.IsPasswordInOkta) || oktaUser.Profile.IsPasswordInOkta == "false")
{
//check user credentials in LDAP
bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, password, ldapServiceModel);
if (rspIsAuthenticated)
{
//set password in Okta
bool rspSetPsw = _oktaUserMgmt.SetUserPassword(oktaUser.Id, password);
if (rspSetPsw)
{
//update attribute in user profile when set password successful
oktaUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser);
if (rspPartialUpdate)
{
pswMigrationRsp.status = "set password in Okta successful";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.status = "set password in Okta successful";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
else
{
//update attribute in user profile when set password fails
oktaUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser);
if (rspPartialUpdate)
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
else
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
}
else
{
//arrive here is user creds not validated in Ldap
pswMigrationRsp.status = "LDAP validation failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
//no work required
pswMigrationRsp.status = oktaUser.Status;
pswMigrationRsp.isPasswordInOkta = "true";
}
//build response
pswMigrationRsp.oktaId = oktaUser.Id;
pswMigrationRsp.login = oktaUser.Profile.Login;
}
else
{
//arrive here if user not found in Okta
//check user credentials and get profile from LDAP
CustomUser rspCustomUser = _credAuthentication.IsCreated(username, password, ldapServiceModel);
if (rspCustomUser != null)
{
rspCustomUser.Profile.Login = username + _userdomain;
Okta.Core.Models.Password pswd = new Okta.Core.Models.Password();
pswd.Value = password;
rspCustomUser.Credentials.Password = pswd;
//create Okta user with password
rspAddCustomUser = _oktaUserMgmt.AddCustomUser(rspCustomUser);
if (rspAddCustomUser != null)
{
Uri rspUri = new Uri("https://tbd.com");
bool rspActivate = _oktaUserMgmt.ActivateUser(rspAddCustomUser, out rspUri);
if (rspActivate)
{
rspCustomUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(rspAddCustomUser);
if (rspPartialUpdate)
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "Created in Okta";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "Created in Okta";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json"));
}
public IActionResult ValidateUser(string psw, string username)
{
string temp = psw;
PswMigrationResponse pswMigrationRsp = new PswMigrationResponse();
Okta.Sdk.IUser oktaUser = null;
var client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = _config.GetValue <string>("OktaWeb:OktaDomain"),
Token = _config.GetValue <string>("OktaWeb:ApiToken")
});
//use received username and password to bind with LDAP
//if password is valid, set password in Okta
try
{
//check username in Okta and password status
oktaUser = (Okta.Sdk.User)client.Users.GetUserAsync(username).Result;
}
catch (OktaApiException ex)
{
//trap error, handle User is null
var test = ex.ErrorCode;
}
catch (Exception e)
{
//trap error, handle User is null
OktaApiException myExp = (OktaApiException)e.InnerException;
var myErr = myExp.ErrorCode;
}
if (oktaUser != null)
{
//if user password already set, no furhter processing
if (oktaUser.Profile["IsPasswordInOkta"] == null || oktaUser.Profile["IsPasswordInOkta"].ToString() == "false")
{
//check user credentials in LDAP
bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, psw, _ldapServiceModel);
if (rspIsAuthenticated)
{
//set password in Okta
Okta.Sdk.PasswordCredential setPassword = new Okta.Sdk.PasswordCredential();
setPassword.Value = psw;
oktaUser.Credentials.Password = setPassword;
oktaUser.Profile["IsPasswordInOkta"] = "true";
Okta.Sdk.IUser rspPartialUpdate = oktaUser.UpdateAsync().Result;
if (rspPartialUpdate != null)
{
if (rspPartialUpdate.PasswordChanged != null)
{
pswMigrationRsp.status = "set password in Okta successful";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
//arrive here is user creds not validated in Ldap
pswMigrationRsp.status = "LDAP validation failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
//no work required
pswMigrationRsp.status = oktaUser.Status;
pswMigrationRsp.isPasswordInOkta = "true";
}
//build response
pswMigrationRsp.oktaId = oktaUser.Id;
pswMigrationRsp.login = oktaUser.Profile.Login;
}
else
{
//arrive here if user not found in Okta
//check user credentials and get profile from LDAP
//Okta.Sdk.IUser rspOktaUser = null;
CustomUser rspCustomUser = _credAuthentication.IsCreated(username, psw, _ldapServiceModel);
if (rspCustomUser != null)
{
//create Okta user with password
//dont auto activate, sincewe dont want email
CreateUserWithPasswordOptions newUserOptions = new CreateUserWithPasswordOptions
{
// User profile object
Profile = new UserProfile
{
Login = rspCustomUser.Email,
FirstName = rspCustomUser.FirstName,
LastName = rspCustomUser.LastName,
Email = rspCustomUser.Email
},
Password = psw,
Activate = false,
};
newUserOptions.Profile["IsPasswordInOkta"] = "true";
Okta.Sdk.IUser rspAddCustomUser = client.Users.CreateUserAsync(newUserOptions).Result;
if (rspAddCustomUser != null)
{
var rspActivate = rspAddCustomUser.ActivateAsync(sendEmail: false).Result;
if (rspActivate != null)
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "Created in Okta";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "User NOT ACTIVE in Okta";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT found in External Source";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json"));
// return this.Ok("Web Api unprotected endpoint, SUCCESS");
}
