public override bool TryValidateUser(byte[] registrationData, WorkflowAuthenticationResponse responseData, out string validationError)
{
//Your validation errors must start with this prefix to show up on the request status details
validationError = AuthenticationGate.AuthNValidationError;
if (responseData == null)
{
throw new ArgumentNullException("responseData");
}
//At this point, if we had some registration data, it would be provided in registrationData
//string customActivityData = UnicodeEncoding.Unicode.GetString(registrationData);
// In the case of some activities, we might need to compare this data with the submitted data. For example, the QA activity needs to make sure the
//answers submitted match the ones provided during registration
// For the OTP Authentication Gate, we don't need to do that. We just take the otp code and compare it against what we generated
string userSubmittedOTP = UnicodeEncoding.Unicode.GetString(responseData.data);
if (userSubmittedOTP != this.currentInstanceOTP)
{
validationError += "The submitted one time pin was incorrect.";
return(false);
}
return(true);
}
public static ContextualSecurityToken OTPGateChallengeResponse(WorkflowAuthenticationResponse gateResponse,
ref AuthenticationRequiredException authNException,
out WorkflowAuthenticationChallenge workflowAuthenticationChallenge)
{
AuthenticationChallengeResponseType[] authenticationChallengeResponses = null;
if (gateResponse != null)
{
AuthenticationChallengeResponseType authenticationChallengeResponse = new AuthenticationChallengeResponseType();
authenticationChallengeResponse.Response = new ClientSerializer(
typeof(WorkflowAuthenticationResponse)).WriteObjectToXmlElement(gateResponse);
authenticationChallengeResponses = new AuthenticationChallengeResponseType[] { authenticationChallengeResponse };
}
ContextualSecurityToken authNSecurityToken = null;
workflowAuthenticationChallenge = null;
try
{
MessageBuffer messageBuffer;
authNSecurityToken = authNException.Authenticate(authenticationChallengeResponses, out messageBuffer);
}
catch (AuthenticationRequiredException exception)
{
authNException = exception;
workflowAuthenticationChallenge = (WorkflowAuthenticationChallenge) new Microsoft.ResourceManagement.Client.ClientSerializer(
typeof(WorkflowAuthenticationChallenge)).ReadObjectFromXmlNode(
authNException.AuthenticationChallenges[0].Challenge);
}
return(authNSecurityToken);
}
public static ContextualSecurityToken OTPGateChallengeResponse(WorkflowAuthenticationResponse gateResponse,
ref AuthenticationRequiredException authNException,
out WorkflowAuthenticationChallenge workflowAuthenticationChallenge)
{
AuthenticationChallengeResponseType[] authenticationChallengeResponses = null;
if (gateResponse != null)
{
AuthenticationChallengeResponseType authenticationChallengeResponse = new AuthenticationChallengeResponseType();
authenticationChallengeResponse.Response = new ClientSerializer(
typeof(WorkflowAuthenticationResponse)).WriteObjectToXmlElement(gateResponse);
authenticationChallengeResponses = new AuthenticationChallengeResponseType[] { authenticationChallengeResponse };
}
ContextualSecurityToken authNSecurityToken = null;
workflowAuthenticationChallenge = null;
try
{
MessageBuffer messageBuffer;
authNSecurityToken = authNException.Authenticate(authenticationChallengeResponses, out messageBuffer);
}
catch (AuthenticationRequiredException exception)
{
authNException = exception;
workflowAuthenticationChallenge = (WorkflowAuthenticationChallenge)new Microsoft.ResourceManagement.Client.ClientSerializer(
typeof(WorkflowAuthenticationChallenge)).ReadObjectFromXmlNode(
authNException.AuthenticationChallenges[0].Challenge);
}
return authNSecurityToken;
}
internal static void TestOTPBusiness()
{
AuthenticationRequiredException authnException = null;
WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;
//Initiate OTP Reset
try
{
OTPReset("ilm-vm-serverad", "jdoe", null, null);
}
catch (AuthenticationRequiredException exception)
{
authnException = exception;
}
//Go to STS to get the challenge
Utilities.OTPGateChallengeResponse(null /* we don't have anything to respond yet*/, ref authnException, out workflowAuthenticationChallenge);
Console.WriteLine(UnicodeEncoding.Unicode.GetString(workflowAuthenticationChallenge.data));
//Now send our challenge response aka the OTP Pin
string otpTestPin = Console.ReadLine();
var workflowChallengeResponse = new WorkflowAuthenticationResponse();
workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(otpTestPin);
var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);
//Now we have a security token. Time to go back to the MT to resubmit our initial request
Utilities.OTPReset("ilm-vm-serverad", "jdoe", securityToken, authnException.InitialContextMessageProperty);
//Bi-winning
}
protected void validateOTPButton_Click(object sender, EventArgs e)
{
//Now send our challenge response aka the OTP Pin
string[] userDetails = this.domainUserName.Text.Split('\\');
WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;
var workflowChallengeResponse = new WorkflowAuthenticationResponse();
workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(this.otpInput.Text);
var authnException = HttpContext.Current.Cache.Get("authNExcep") as AuthenticationRequiredException;
var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);
//Now we have a security token. Time to go back to the MT to resubmit our initial request
try
{
Utilities.OTPReset(userDetails[0], userDetails[1], securityToken, authnException.InitialContextMessageProperty);
//Bi-winning
this.otpvalidationResults.Text = "You are winning so radically before our first cup of coffee. Your new password has been sent to your phone. I take it back, you are bi-winning.";
}
catch
{
this.otpvalidationResults.Text = "Stop trying to hack other people's accounts by guessing passwords; this is FIM not facebook. Or maybe you can't type your pin from your phone correctly. That's prolly worse. Either way, you just won two side orders of FAIL.";
}
stage = 2;
ScriptManager sm = ScriptManager.GetCurrent(Page);
if (sm.IsInAsyncPostBack)
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "anotherKey", "available_indexes.push(" + stage + ");$('#accordion').accordion('activate', " + stage + ");", true);
}
}
public override byte[] RegisterUser(WorkflowAuthenticationResponse responseData)
{
//Since we're going to flow out the phone attribute, we don't need to retrieve data from the user
//If we did need to store registration data (for example, we were going to ask the user for his phone number instead of flowing it, we would:
// Take the data that he submitted (let's say it's the phone number). The format of this is controlled by what your activity on the client side submits
// Then we would do any necessary parsing or data transformation. For example, let's say we needed to determine the Carrier Type and store that.
// Once we have the data, we just return the byte stream that we want to persist
string userCustomNumber = UnicodeEncoding.Unicode.GetString(responseData.data);
//We could expand this by making another client call to store the number into the FIM Person object
return(UnicodeEncoding.Unicode.GetBytes(userCustomNumber));
}
internal static void TestOTPBusiness()
{
AuthenticationRequiredException authnException = null;
WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;
//Initiate OTP Reset
try
{
OTPReset("ilm-vm-serverad", "jdoe", null, null);
}
catch (AuthenticationRequiredException exception)
{
authnException = exception;
}
//Go to STS to get the challenge
Utilities.OTPGateChallengeResponse(null /* we don't have anything to respond yet*/, ref authnException, out workflowAuthenticationChallenge);
Console.WriteLine(UnicodeEncoding.Unicode.GetString(workflowAuthenticationChallenge.data));
//Now send our challenge response aka the OTP Pin
string otpTestPin = Console.ReadLine();
var workflowChallengeResponse = new WorkflowAuthenticationResponse();
workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(otpTestPin);
var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);
//Now we have a security token. Time to go back to the MT to resubmit our initial request
Utilities.OTPReset("ilm-vm-serverad", "jdoe", securityToken, authnException.InitialContextMessageProperty);
//Bi-winning
}
public override bool TryValidateUser(byte[] registrationData, WorkflowAuthenticationResponse responseData, out string validationError)
{
//Your validation errors must start with this prefix to show up on the request status details
validationError = AuthenticationGate.AuthNValidationError;
if (responseData == null)
{
throw new ArgumentNullException("responseData");
}
//At this point, if we had some registration data, it would be provided in registrationData
//string customActivityData = UnicodeEncoding.Unicode.GetString(registrationData);
// In the case of some activities, we might need to compare this data with the submitted data. For example, the QA activity needs to make sure the
//answers submitted match the ones provided during registration
// For the OTP Authentication Gate, we don't need to do that. We just take the otp code and compare it against what we generated
string userSubmittedOTP = UnicodeEncoding.Unicode.GetString(responseData.data);
if (userSubmittedOTP != this.currentInstanceOTP)
{
validationError += "The submitted one time pin was incorrect.";
return false;
}
return true;
}
public override byte[] RegisterUser(WorkflowAuthenticationResponse responseData)
{
//Since we're going to flow out the phone attribute, we don't need to retrieve data from the user
//If we did need to store registration data (for example, we were going to ask the user for his phone number instead of flowing it, we would:
// Take the data that he submitted (let's say it's the phone number). The format of this is controlled by what your activity on the client side submits
// Then we would do any necessary parsing or data transformation. For example, let's say we needed to determine the Carrier Type and store that.
// Once we have the data, we just return the byte stream that we want to persist
string userCustomNumber = UnicodeEncoding.Unicode.GetString(responseData.data);
//We could expand this by making another client call to store the number into the FIM Person object
return UnicodeEncoding.Unicode.GetBytes(userCustomNumber);
}
protected void validateOTPButton_Click(object sender, EventArgs e)
{
//Now send our challenge response aka the OTP Pin
string[] userDetails = this.domainUserName.Text.Split('\\');
WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;
var workflowChallengeResponse = new WorkflowAuthenticationResponse();
workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(this.otpInput.Text);
var authnException = HttpContext.Current.Cache.Get("authNExcep") as AuthenticationRequiredException;
var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);
//Now we have a security token. Time to go back to the MT to resubmit our initial request
try
{
Utilities.OTPReset(userDetails[0], userDetails[1], securityToken, authnException.InitialContextMessageProperty);
//Bi-winning
this.otpvalidationResults.Text = "You are winning so radically before our first cup of coffee. Your new password has been sent to your phone. I take it back, you are bi-winning.";
}
catch
{
this.otpvalidationResults.Text = "Stop trying to hack other people's accounts by guessing passwords; this is FIM not facebook. Or maybe you can't type your pin from your phone correctly. That's prolly worse. Either way, you just won two side orders of FAIL.";
}
stage = 2;
ScriptManager sm = ScriptManager.GetCurrent(Page);
if (sm.IsInAsyncPostBack)
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "anotherKey", "available_indexes.push(" + stage + ");$('#accordion').accordion('activate', " + stage + ");", true);
}
}
