Esempio n. 1
0
        public override bool TryValidateUser(byte[] registrationData, WorkflowAuthenticationResponse responseData, out string validationError)
        {
            //Your validation errors must start with this prefix to show up on the request status details
            validationError = AuthenticationGate.AuthNValidationError;

            if (responseData == null)
            {
                throw new ArgumentNullException("responseData");
            }

            //At this point, if we had some registration data, it would be provided in registrationData
            //string customActivityData = UnicodeEncoding.Unicode.GetString(registrationData);
            // In the case of some activities, we might need to compare this data with the submitted data. For example, the QA activity needs to make sure the
            //answers submitted match the ones provided during registration
            // For the OTP Authentication Gate, we don't need to do that.  We just take the otp code and compare it against what we generated

            string userSubmittedOTP = UnicodeEncoding.Unicode.GetString(responseData.data);

            if (userSubmittedOTP != this.currentInstanceOTP)
            {
                validationError += "The submitted one time pin was incorrect.";
                return(false);
            }

            return(true);
        }
Esempio n. 2
0
        public static ContextualSecurityToken OTPGateChallengeResponse(WorkflowAuthenticationResponse gateResponse,
                                                                       ref AuthenticationRequiredException authNException,
                                                                       out WorkflowAuthenticationChallenge workflowAuthenticationChallenge)
        {
            AuthenticationChallengeResponseType[] authenticationChallengeResponses = null;


            if (gateResponse != null)
            {
                AuthenticationChallengeResponseType authenticationChallengeResponse = new AuthenticationChallengeResponseType();
                authenticationChallengeResponse.Response = new ClientSerializer(
                    typeof(WorkflowAuthenticationResponse)).WriteObjectToXmlElement(gateResponse);

                authenticationChallengeResponses = new AuthenticationChallengeResponseType[] { authenticationChallengeResponse };
            }

            ContextualSecurityToken authNSecurityToken = null;

            workflowAuthenticationChallenge = null;

            try
            {
                MessageBuffer messageBuffer;
                authNSecurityToken = authNException.Authenticate(authenticationChallengeResponses, out messageBuffer);
            }
            catch (AuthenticationRequiredException exception)
            {
                authNException = exception;
                workflowAuthenticationChallenge = (WorkflowAuthenticationChallenge) new Microsoft.ResourceManagement.Client.ClientSerializer(
                    typeof(WorkflowAuthenticationChallenge)).ReadObjectFromXmlNode(
                    authNException.AuthenticationChallenges[0].Challenge);
            }

            return(authNSecurityToken);
        }
Esempio n. 3
0
        public static ContextualSecurityToken OTPGateChallengeResponse(WorkflowAuthenticationResponse gateResponse, 
                                                   ref AuthenticationRequiredException authNException, 
                                                   out WorkflowAuthenticationChallenge workflowAuthenticationChallenge)
        {
            AuthenticationChallengeResponseType[] authenticationChallengeResponses = null;

            if (gateResponse != null)
            {
                AuthenticationChallengeResponseType authenticationChallengeResponse = new AuthenticationChallengeResponseType();
                authenticationChallengeResponse.Response = new ClientSerializer(
                    typeof(WorkflowAuthenticationResponse)).WriteObjectToXmlElement(gateResponse);

                authenticationChallengeResponses = new AuthenticationChallengeResponseType[] { authenticationChallengeResponse };
            }

            ContextualSecurityToken authNSecurityToken = null;
            workflowAuthenticationChallenge = null;

            try
            {
                MessageBuffer messageBuffer;
                authNSecurityToken = authNException.Authenticate(authenticationChallengeResponses, out messageBuffer);
            }
            catch (AuthenticationRequiredException exception)
            {
                authNException = exception;
                workflowAuthenticationChallenge = (WorkflowAuthenticationChallenge)new Microsoft.ResourceManagement.Client.ClientSerializer(
                        typeof(WorkflowAuthenticationChallenge)).ReadObjectFromXmlNode(
                            authNException.AuthenticationChallenges[0].Challenge);
            }

            return authNSecurityToken;
        }
Esempio n. 4
0
        internal static void TestOTPBusiness()
        {
            AuthenticationRequiredException authnException = null;
            WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;

            //Initiate OTP Reset
            try
            {
                OTPReset("ilm-vm-serverad", "jdoe", null, null);
            }
            catch (AuthenticationRequiredException exception)
            {
                authnException = exception;
            }

            //Go to STS to get the challenge
            Utilities.OTPGateChallengeResponse(null /* we don't have anything to respond yet*/, ref authnException, out workflowAuthenticationChallenge);
            Console.WriteLine(UnicodeEncoding.Unicode.GetString(workflowAuthenticationChallenge.data));

            //Now send our challenge response aka the OTP Pin
            string otpTestPin = Console.ReadLine();
            var    workflowChallengeResponse = new WorkflowAuthenticationResponse();

            workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(otpTestPin);

            var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);

            //Now we have a security token.  Time to go back to the MT to resubmit our initial request
            Utilities.OTPReset("ilm-vm-serverad", "jdoe", securityToken, authnException.InitialContextMessageProperty);

            //Bi-winning
        }
Esempio n. 5
0
        protected void validateOTPButton_Click(object sender, EventArgs e)
        {
            //Now send our challenge response aka the OTP Pin
            string[] userDetails = this.domainUserName.Text.Split('\\');
            WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;
            var workflowChallengeResponse = new WorkflowAuthenticationResponse();

            workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(this.otpInput.Text);

            var authnException = HttpContext.Current.Cache.Get("authNExcep") as AuthenticationRequiredException;
            var securityToken  = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);

            //Now we have a security token.  Time to go back to the MT to resubmit our initial request
            try
            {
                Utilities.OTPReset(userDetails[0], userDetails[1], securityToken, authnException.InitialContextMessageProperty);

                //Bi-winning
                this.otpvalidationResults.Text = "You are winning so radically before our first cup of coffee. Your new password has been sent to your phone. I take it back, you are bi-winning.";
            }
            catch
            {
                this.otpvalidationResults.Text = "Stop trying to hack other people's accounts by guessing passwords; this is FIM not facebook. Or maybe you can't type your pin from your phone correctly.  That's prolly worse. Either way, you just won two side orders of FAIL.";
            }

            stage = 2;
            ScriptManager sm = ScriptManager.GetCurrent(Page);

            if (sm.IsInAsyncPostBack)
            {
                ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "anotherKey", "available_indexes.push(" + stage + ");$('#accordion').accordion('activate', " + stage + ");", true);
            }
        }
Esempio n. 6
0
        public override byte[] RegisterUser(WorkflowAuthenticationResponse responseData)
        {
            //Since we're going to flow out the phone attribute, we don't need to retrieve data from the user

            //If we did need to store registration data (for example, we were going to ask the user for his phone number instead of flowing it, we would:
            // Take the data that he submitted (let's say it's the phone number). The format of this is controlled by what your activity on the client side submits
            // Then we would do any necessary parsing or data transformation.  For example, let's say we needed to determine the Carrier Type and store that.
            // Once we have the data, we just return the byte stream that we want to persist

            string userCustomNumber = UnicodeEncoding.Unicode.GetString(responseData.data);

            //We could expand this by making another client call to store the number into the FIM Person object
            return(UnicodeEncoding.Unicode.GetBytes(userCustomNumber));
        }
Esempio n. 7
0
        internal static void TestOTPBusiness()
        {
            AuthenticationRequiredException authnException = null;
            WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;

            //Initiate OTP Reset
            try
            {
                OTPReset("ilm-vm-serverad", "jdoe", null, null);
            }
            catch (AuthenticationRequiredException exception)
            {
                authnException = exception;
            }

            //Go to STS to get the challenge
            Utilities.OTPGateChallengeResponse(null /* we don't have anything to respond yet*/, ref authnException, out workflowAuthenticationChallenge);
            Console.WriteLine(UnicodeEncoding.Unicode.GetString(workflowAuthenticationChallenge.data));

            //Now send our challenge response aka the OTP Pin
            string otpTestPin = Console.ReadLine();
            var workflowChallengeResponse = new WorkflowAuthenticationResponse();
            workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(otpTestPin);

            var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);

            //Now we have a security token.  Time to go back to the MT to resubmit our initial request
            Utilities.OTPReset("ilm-vm-serverad", "jdoe", securityToken, authnException.InitialContextMessageProperty);

            //Bi-winning
        }
Esempio n. 8
0
        public override bool TryValidateUser(byte[] registrationData, WorkflowAuthenticationResponse responseData, out string validationError)
        {
            //Your validation errors must start with this prefix to show up on the request status details
            validationError = AuthenticationGate.AuthNValidationError;

            if (responseData == null)
            {
                throw new ArgumentNullException("responseData");
            }

            //At this point, if we had some registration data, it would be provided in registrationData
            //string customActivityData = UnicodeEncoding.Unicode.GetString(registrationData);
            // In the case of some activities, we might need to compare this data with the submitted data. For example, the QA activity needs to make sure the
            //answers submitted match the ones provided during registration
            // For the OTP Authentication Gate, we don't need to do that.  We just take the otp code and compare it against what we generated

            string userSubmittedOTP = UnicodeEncoding.Unicode.GetString(responseData.data);

            if (userSubmittedOTP != this.currentInstanceOTP)
            {
                validationError += "The submitted one time pin was incorrect.";
                return false;
            }

            return true;
        }
Esempio n. 9
0
        public override byte[] RegisterUser(WorkflowAuthenticationResponse responseData)
        {
            //Since we're going to flow out the phone attribute, we don't need to retrieve data from the user

            //If we did need to store registration data (for example, we were going to ask the user for his phone number instead of flowing it, we would:
            // Take the data that he submitted (let's say it's the phone number). The format of this is controlled by what your activity on the client side submits
            // Then we would do any necessary parsing or data transformation.  For example, let's say we needed to determine the Carrier Type and store that.
            // Once we have the data, we just return the byte stream that we want to persist

            string userCustomNumber = UnicodeEncoding.Unicode.GetString(responseData.data);

            //We could expand this by making another client call to store the number into the FIM Person object
            return UnicodeEncoding.Unicode.GetBytes(userCustomNumber);
        }
Esempio n. 10
0
        protected void validateOTPButton_Click(object sender, EventArgs e)
        {
            //Now send our challenge response aka the OTP Pin
            string[] userDetails = this.domainUserName.Text.Split('\\');
            WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null;
            var workflowChallengeResponse = new WorkflowAuthenticationResponse();
            workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(this.otpInput.Text);

            var authnException = HttpContext.Current.Cache.Get("authNExcep") as AuthenticationRequiredException;
            var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge);

            //Now we have a security token.  Time to go back to the MT to resubmit our initial request
            try
            {
                Utilities.OTPReset(userDetails[0], userDetails[1], securityToken, authnException.InitialContextMessageProperty);

                //Bi-winning
                this.otpvalidationResults.Text = "You are winning so radically before our first cup of coffee. Your new password has been sent to your phone. I take it back, you are bi-winning.";
            }
            catch
            {
                this.otpvalidationResults.Text = "Stop trying to hack other people's accounts by guessing passwords; this is FIM not facebook. Or maybe you can't type your pin from your phone correctly.  That's prolly worse. Either way, you just won two side orders of FAIL.";
            }

            stage = 2;
            ScriptManager sm = ScriptManager.GetCurrent(Page);
            if (sm.IsInAsyncPostBack)
            {
                ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "anotherKey", "available_indexes.push(" + stage + ");$('#accordion').accordion('activate', " + stage + ");", true);
            }
        }