Esempio n. 1
0
        private MCredentialsCheckResultClass SearchUserInfoLDAP(SMUserCredentials credentials)
        {
            MCredentialsCheckResultClass result = new MCredentialsCheckResultClass()
            {
                Message = "",
                Result  = null
            };

            try {
                string         path           = "LDAP://" + string.Join(',', new string[] { credentials.Domain.ToLower(), "SYKES", "COM" }.Select(s => "DC=" + s));
                DirectoryEntry directoryEntry = new DirectoryEntry()
                {
                    Path               = path,
                    Username           = GlobalData.Current.ActiveDirectoryInfo["AppUserN"],
                    Password           = GlobalData.Current.ActiveDirectoryInfo["AppUserP"],
                    AuthenticationType = AuthenticationTypes.Secure
                };
                DirectorySearcher searcher = new DirectorySearcher()
                {
                    Filter     = string.Format("(sAMAccountName={0})", credentials.Username),
                    SearchRoot = directoryEntry
                };
                SearchResult  searchResult = searcher.FindOne();
                List <string> roles        = new List <string>();
                Dictionary <string, List <string> > secGroupsMaping = dBContext.UserGroupsOrNames
                                                                      .Where(w => w.UserName == null)
                                                                      .Include(i => i.UserPermissions).ThenInclude(ti => ti.Role)
                                                                      .ToDictionary(k => k.UserGroup,
                                                                                    v => v.UserPermissions.Select(x => x.Role.Name).ToList()
                                                                                    );
                foreach (string prop in searchResult.Properties["memberof"])
                {
                    foreach (string str in prop.Split(',')
                             .Select(x => x.Trim())
                             .Where(x => x.Length > 3 && x.StartsWith("CN=", StringComparison.InvariantCultureIgnoreCase)))
                    {
                        string group = str.Substring(3).Trim();
                        foreach (KeyValuePair <string, List <string> > secGroup in secGroupsMaping)
                        {
                            if (secGroup.Key == group)
                            {
                                roles = roles.Concat(secGroup.Value).ToList();
                            }
                        }
                    }
                }
                roles         = roles.Distinct().ToList();
                result.Result = roles;
            } catch (Exception e) {
                result.Message = GlobalData.Current.EnableVervose ? e.ToString() : "Error fetching info from Active Directory";
                result.Result  = null;
            }
            return(result);
        }
Esempio n. 2
0
        public ObjectResult Login([FromBody] SMUserCredentials data)
        {
            SMGenericResponse response = new SMGenericResponse()
            {
                Status  = "Success",
                Message = "Credentials Correct"
            };

            try {
                SMUserCredentials            credentials = data.CleanData();
                MCredentialsCheckResultClass result      = CheckCredentials(credentials);
                switch (CastToEnum <HttpStatusCode>(result.Result))
                {
                case HttpStatusCode.BadRequest: {
                    response.Status  = "Error";
                    response.Message = result.Message;
                    response.Data    = null;
                    return(BuildResponseObjectResult(response, (int)HttpStatusCode.BadRequest));
                }

                case HttpStatusCode.InternalServerError: {
                    response.Status  = "Error";
                    response.Message = result.Message;
                    response.Data    = null;
                    return(BuildResponseObjectResult(response, (int)HttpStatusCode.InternalServerError));
                }

                case HttpStatusCode.Unauthorized: {
                    response.Status  = "Error";
                    response.Message = result.Message;
                    response.Data    = null;
                    return(BuildResponseObjectResult(response, (int)HttpStatusCode.Unauthorized));
                }

                case HttpStatusCode.Accepted: {
                    response.Status  = "Success";
                    response.Message = "The user has valid access";

                    result = SearchUserInfoLDAP(credentials);
                    if (result.Result == null)
                    {
                        response.Status  = "Error";
                        response.Message = result.Message;
                        response.Data    = null;
                        return(BuildResponseObjectResult(response, (int)HttpStatusCode.InternalServerError));
                    }

                    List <string> roles = (List <string>)result.Result;
                    if (roles.Count <= 0)
                    {
                        response.Status  = "Error";
                        response.Message = "The user has no valid access roles to this application";
                        response.Data    = null;
                        return(BuildResponseObjectResult(response, (int)HttpStatusCode.Unauthorized));
                    }

                    RosterMeta4 rosterMeta4 = dBContext.RosterMeta4.Include(i => i.User).First(f => f.NetworkLogin == credentials.Username);
                    if (!rosterMeta4.Status)
                    {
                        response.Status  = "Error";
                        response.Message = "The user has no access permission due inactivity";
                        response.Data    = null;
                        return(BuildResponseObjectResult(response, (int)HttpStatusCode.Forbidden));
                    }

                    MUserTokenClaimsClass userTokenClaims = null;
                    try {
                        if (rosterMeta4.User == null)
                        {
                            rosterMeta4.User = new Users()
                            {
                                EmployeeNumber = rosterMeta4.EmployeeNumber,
                                DateFirstLogin = DateTime.Now,
                                DateLastLogin  = DateTime.Now
                            };
                        }
                        else
                        {
                            rosterMeta4.User.DateLastLogin = DateTime.Now;
                        }
                        dBContext.SaveChanges();


                        roles.AddRange(GetExtraRoles(rosterMeta4));
                        userTokenClaims = new MUserTokenClaimsClass()
                        {
                            FullName          = rosterMeta4.FullName,
                            NetworkLogin      = rosterMeta4.NetworkLogin,
                            UserID            = rosterMeta4.User.ID,
                            EmployeeNumber    = rosterMeta4.EmployeeNumber,
                            EmployeeNumberSup = rosterMeta4.EmployeeNumberSup,
                            ClientIP          = Request.HttpContext.Connection.RemoteIpAddress.ToString(),
                            Roles             = roles.Distinct().ToList(),
                            TokenV            = 1.0
                        };
                    } catch (Exception) {
                        response.Status  = "Error";
                        response.Message = "Error fetching App/User extra info from requests";
                        response.Data    = null;
                        return(BuildResponseObjectResult(response, (int)HttpStatusCode.InternalServerError));
                    }


                    response.Data = GetJWTToken(userTokenClaims);
                }
                break;

                default: {
                    response.Status  = "Error";
                    response.Message = "Internal server error authenticating with Active Directory (Unknow)";
                    response.Data    = null;
                    return(BuildResponseObjectResult(response, (int)HttpStatusCode.InternalServerError));
                }
                }
            } catch (Exception e) {
                response.SetErrorInfo(e);
            }
            return(BuildResponseObjectResult(response));
        }
Esempio n. 3
0
        private MCredentialsCheckResultClass CheckCredentials(SMUserCredentials credentials)
        {
            if (credentials == null)
            {
                return(new MCredentialsCheckResultClass()
                {
                    Message = "Insufficient information for login",
                    Result = HttpStatusCode.BadRequest
                });
            }
            LdapDirectoryIdentifier      ldapDirectoryIdentifier = new LdapDirectoryIdentifier(GlobalData.Current.ActiveDirectoryInfo["Server"], false, false);
            NetworkCredential            networkCredential       = new NetworkCredential(credentials.Username, credentials.Password, credentials.Domain);
            MCredentialsCheckResultClass result = new MCredentialsCheckResultClass()
            {
                Message = "",
                Result  = HttpStatusCode.Unauthorized
            };

            using (LdapConnection ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential)) {
                try {
                    ldapConnection.Bind();
                    result.Result = HttpStatusCode.Accepted;
                } catch (LdapException ex) {
                    switch (ex.ErrorCode)
                    {
                    case 49: {
                        result.Result = HttpStatusCode.Unauthorized;
                        if (ex.ServerErrorMessage == null)
                        {
                            result.Message = "The supplied credential is invalid";
                        }
                        else
                        {
                            // Getting error codes from http://www-01.ibm.com/support/docview.wss?uid=swg21290631
                            System.Text.RegularExpressions.Regex regex = new System.Text.RegularExpressions.Regex(@"(?<=data\s)\d+[^,]");
                            string code = regex.Match(ex.ServerErrorMessage).Value;
                            switch (code)
                            {
                            case "525": result.Message = "User not found (AD)"; break;

                            case "52e": result.Message = "Invalid username/password"; break;

                            case "530": result.Message = "Not permitted to logon at this time (AD)"; break;

                            case "531": result.Message = "Not permitted to logon at this workstation (AD)"; break;

                            case "532": result.Message = "Password expired (AD)"; break;

                            case "533": result.Message = "Account disabled (AD)"; break;

                            case "534": result.Message = "The user has not been granted the requested logon type at this machine (AD)"; break;

                            case "701": result.Message = "Account expired (AD)"; break;

                            case "773": result.Message = "User must reset password (AD)"; break;

                            case "775": result.Message = "User account locked, contact your local IT to unlock the account (AD)"; break;

                            default: result.Result = HttpStatusCode.InternalServerError; break;
                            }
                        }
                    }
                    break;

                    case 81: {
                        result.Result  = HttpStatusCode.InternalServerError;
                        result.Message = "Authentication server is down or unavailable (AD)";
                    }
                    break;

                    default: {
                        result.Result  = HttpStatusCode.InternalServerError;
                        result.Message = "Internal server error (LDAP)";
                    }
                    break;
                    }
                } catch (Exception) {
                    result.Result  = HttpStatusCode.InternalServerError;
                    result.Message = "Cannot establish connection with Active Directory server";
                }
            }
            return(result);
        }