//private AuthClient _authclient = new AuthClient(appSettings["okta.baseURL"]); public bool AuthenticateUser(string userName, string passWord) { //declare local variables string myStatus = null; string myStateToken; string mySessionToken; UserAuthnRequest userAuthnRequest = new UserAuthnRequest(); userAuthnRequest.username = userName; userAuthnRequest.password = passWord; try { var client = new RestClient(appSettings["okta.baseURL"] + "/api/v1/authn"); var request = new RestRequest(Method.POST); request.AddHeader("Accept", "application/json"); request.AddHeader("Content-Type", "application/json"); request.AddJsonBody(userAuthnRequest); IRestResponse <userAuthnResponse> response = client.Execute <userAuthnResponse>(request); myStatus = response.Data.status; mySessionToken = response.Data.sessionToken; myStateToken = response.Data.stateToken; } catch (OktaException ex) { if (ex.ErrorCode == "E0000004") { logger.Error("Invalid Credentials for User: "******"E0000085") { logger.Error("Access Denied by Polciy for User: "******" = " + ex.ErrorCode + ":" + ex.ErrorSummary); throw ex; } }//end catch switch (myStatus) { //ref http://developer.okta.com/docs/api/resources/authn.html#transaction-state case "PASSWORD_WARN": //password about to expire logger.Debug("User’s password was successfully validated but expires in "); break; case "PASSWORD_EXPIRED": //password has expired logger.Debug("User’s password was successfully validated but is expired. "); break; case "LOCKED_OUT": //user account is locked, unlock required logger.Debug("Your account has been locked"); break; case "MFA_ENROLL": //user must select and enroll an available factor logger.Debug("user must select and enroll an available factor"); break; case "MFA_REQUIRED": //user must provide second factor with previously enrolled factor logger.Debug("user must provide second factor with previously enrolled factor"); break; case "SUCCESS": //authentication is complete logger.Debug(" Successful login"); return(true); //break; default: logger.Debug(" Unhandled Status: " + myStatus); break; }//end of switch return(false); }
public ActionResult Route() { string myStatus = null; string myStateToken = null; string mySessionToken = null; string myRelayState; string myOktaId = null; bool secQuestionSet = true; string rspUserStatus = null; // get form post parameters string userName = Request["txtUserName"]; string passWord = Request["txtPassword"]; string relayState = Request["relayState"]; string rememberMe = Request["optRemember"]; string location = Request["location"]; logger.Debug("Home-Route POST User: "******" RelayState: " + relayState); // set relayState to query param if post param is null or blank if (!string.IsNullOrEmpty(relayState)) { myRelayState = Request.QueryString["RelayState"]; TempData["relayState"] = myRelayState; } else { myRelayState = relayState; TempData["relayState"] = relayState; } // redirect if missing username if (string.IsNullOrEmpty(userName)) { // made it this far must not have account TempData["errMessage"] = "Username Missing"; return(RedirectToAction("Index")); } if (string.IsNullOrEmpty(passWord)) { TempData["errMessage"] = "Password Missing"; return(RedirectToAction("Index")); } // implement authn process try { UserAuthnRequest userAuthnRequest = new UserAuthnRequest(); userAuthnRequest.username = userName; userAuthnRequest.password = passWord; var client = new RestClient(appSettings["okta.OrgUrl"] + "/api/v1/authn"); var request = new RestRequest(Method.POST); request.AddHeader("Accept", "application/json"); request.AddHeader("Content-Type", "application/json"); //request.AddHeader("Authorization", " SSWS " + appSettings["okta:OrgToken"]); request.AddJsonBody(userAuthnRequest); //request.AddParameter("application/json", "{\n \"username\": \" " + userName + "\" ,\"password\":\"" + passWord + "\"}", ParameterType.RequestBody); IRestResponse <userAuthnResponse> response = client.Execute <userAuthnResponse>(request); myStatus = response.Data.status; mySessionToken = response.Data.sessionToken; myStateToken = response.Data.stateToken; } catch (Exception ex) { logger.Error("Sign in process failed!"); // generic failure TempData["errMessage"] = "Sign in process failed!"; TempData["userName"] = userName; //return RedirectToAction("Index"); return(View("Index")); }//end catch switch (myStatus) { case "PASSWORD_WARN": //password about to expire logger.Debug("PASSWORD_WARN "); //no action required break; case "PASSWORD_EXPIRED": //password has expired logger.Debug("PASSWORD_EXPIRED "); break; case "RECOVERY": //user has requested a recovery token logger.Debug("RECOVERY "); //find which recovery mode sms, email is being used //POST to next link break; case "RECOVERY_CHALLENGE": //user must verify factor specific recovery challenge logger.Debug("RECOVERY_CHALLENGE "); //verify the recovery factor //POST to verify link break; case "PASSWORD_RESET": //user satified recovery and must now set password logger.Debug("PASSWORD_RESET "); //reset users password //POST to next link break; case "LOCKED_OUT": //user account is locked, unlock required logger.Debug("LOCKED_OUT "); break; case "MFA_ENROLL": //user must select and enroll an available factor logger.Debug("MFA_ENROLL "); break; case "MFA_ENROLL_ACTIVATE": //user must activate the factor to complete enrollment logger.Debug("MFA_ENROLL_ACTIVATE "); //user must activate the factor //POST to next link break; case "MFA_REQUIRED": //user must provide second factor with previously enrolled factor logger.Debug("MFA_REQUIRED "); break; case "MFA_CHALLENGE": //use must verify factor specifc challenge logger.Debug("MFA_CHALLENGE "); break; case "SUCCESS": //authentication is complete logger.Debug("SUCCESS"); string landingPage = null; landingPage = location + "/Home/AltLanding"; //landingPage = location + "/Home/Sessions"; string redirectUrl = Toolbox.GotoDashboard(mySessionToken, myRelayState, landingPage); return(Redirect(redirectUrl)); //break; default: logger.Debug("Status: " + myStatus); TempData["errMessage"] = "Status: " + myStatus; break; }//end of switch return(RedirectToAction("Index")); }