public override bool TryValidateUser(byte[] registrationData, WorkflowAuthenticationResponse responseData, out string validationError) { //Your validation errors must start with this prefix to show up on the request status details validationError = AuthenticationGate.AuthNValidationError; if (responseData == null) { throw new ArgumentNullException("responseData"); } //At this point, if we had some registration data, it would be provided in registrationData //string customActivityData = UnicodeEncoding.Unicode.GetString(registrationData); // In the case of some activities, we might need to compare this data with the submitted data. For example, the QA activity needs to make sure the //answers submitted match the ones provided during registration // For the OTP Authentication Gate, we don't need to do that. We just take the otp code and compare it against what we generated string userSubmittedOTP = UnicodeEncoding.Unicode.GetString(responseData.data); if (userSubmittedOTP != this.currentInstanceOTP) { validationError += "The submitted one time pin was incorrect."; return(false); } return(true); }
public static ContextualSecurityToken OTPGateChallengeResponse(WorkflowAuthenticationResponse gateResponse, ref AuthenticationRequiredException authNException, out WorkflowAuthenticationChallenge workflowAuthenticationChallenge) { AuthenticationChallengeResponseType[] authenticationChallengeResponses = null; if (gateResponse != null) { AuthenticationChallengeResponseType authenticationChallengeResponse = new AuthenticationChallengeResponseType(); authenticationChallengeResponse.Response = new ClientSerializer( typeof(WorkflowAuthenticationResponse)).WriteObjectToXmlElement(gateResponse); authenticationChallengeResponses = new AuthenticationChallengeResponseType[] { authenticationChallengeResponse }; } ContextualSecurityToken authNSecurityToken = null; workflowAuthenticationChallenge = null; try { MessageBuffer messageBuffer; authNSecurityToken = authNException.Authenticate(authenticationChallengeResponses, out messageBuffer); } catch (AuthenticationRequiredException exception) { authNException = exception; workflowAuthenticationChallenge = (WorkflowAuthenticationChallenge) new Microsoft.ResourceManagement.Client.ClientSerializer( typeof(WorkflowAuthenticationChallenge)).ReadObjectFromXmlNode( authNException.AuthenticationChallenges[0].Challenge); } return(authNSecurityToken); }
public static ContextualSecurityToken OTPGateChallengeResponse(WorkflowAuthenticationResponse gateResponse, ref AuthenticationRequiredException authNException, out WorkflowAuthenticationChallenge workflowAuthenticationChallenge) { AuthenticationChallengeResponseType[] authenticationChallengeResponses = null; if (gateResponse != null) { AuthenticationChallengeResponseType authenticationChallengeResponse = new AuthenticationChallengeResponseType(); authenticationChallengeResponse.Response = new ClientSerializer( typeof(WorkflowAuthenticationResponse)).WriteObjectToXmlElement(gateResponse); authenticationChallengeResponses = new AuthenticationChallengeResponseType[] { authenticationChallengeResponse }; } ContextualSecurityToken authNSecurityToken = null; workflowAuthenticationChallenge = null; try { MessageBuffer messageBuffer; authNSecurityToken = authNException.Authenticate(authenticationChallengeResponses, out messageBuffer); } catch (AuthenticationRequiredException exception) { authNException = exception; workflowAuthenticationChallenge = (WorkflowAuthenticationChallenge)new Microsoft.ResourceManagement.Client.ClientSerializer( typeof(WorkflowAuthenticationChallenge)).ReadObjectFromXmlNode( authNException.AuthenticationChallenges[0].Challenge); } return authNSecurityToken; }
internal static void TestOTPBusiness() { AuthenticationRequiredException authnException = null; WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null; //Initiate OTP Reset try { OTPReset("ilm-vm-serverad", "jdoe", null, null); } catch (AuthenticationRequiredException exception) { authnException = exception; } //Go to STS to get the challenge Utilities.OTPGateChallengeResponse(null /* we don't have anything to respond yet*/, ref authnException, out workflowAuthenticationChallenge); Console.WriteLine(UnicodeEncoding.Unicode.GetString(workflowAuthenticationChallenge.data)); //Now send our challenge response aka the OTP Pin string otpTestPin = Console.ReadLine(); var workflowChallengeResponse = new WorkflowAuthenticationResponse(); workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(otpTestPin); var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge); //Now we have a security token. Time to go back to the MT to resubmit our initial request Utilities.OTPReset("ilm-vm-serverad", "jdoe", securityToken, authnException.InitialContextMessageProperty); //Bi-winning }
protected void validateOTPButton_Click(object sender, EventArgs e) { //Now send our challenge response aka the OTP Pin string[] userDetails = this.domainUserName.Text.Split('\\'); WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null; var workflowChallengeResponse = new WorkflowAuthenticationResponse(); workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(this.otpInput.Text); var authnException = HttpContext.Current.Cache.Get("authNExcep") as AuthenticationRequiredException; var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge); //Now we have a security token. Time to go back to the MT to resubmit our initial request try { Utilities.OTPReset(userDetails[0], userDetails[1], securityToken, authnException.InitialContextMessageProperty); //Bi-winning this.otpvalidationResults.Text = "You are winning so radically before our first cup of coffee. Your new password has been sent to your phone. I take it back, you are bi-winning."; } catch { this.otpvalidationResults.Text = "Stop trying to hack other people's accounts by guessing passwords; this is FIM not facebook. Or maybe you can't type your pin from your phone correctly. That's prolly worse. Either way, you just won two side orders of FAIL."; } stage = 2; ScriptManager sm = ScriptManager.GetCurrent(Page); if (sm.IsInAsyncPostBack) { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "anotherKey", "available_indexes.push(" + stage + ");$('#accordion').accordion('activate', " + stage + ");", true); } }
public override byte[] RegisterUser(WorkflowAuthenticationResponse responseData) { //Since we're going to flow out the phone attribute, we don't need to retrieve data from the user //If we did need to store registration data (for example, we were going to ask the user for his phone number instead of flowing it, we would: // Take the data that he submitted (let's say it's the phone number). The format of this is controlled by what your activity on the client side submits // Then we would do any necessary parsing or data transformation. For example, let's say we needed to determine the Carrier Type and store that. // Once we have the data, we just return the byte stream that we want to persist string userCustomNumber = UnicodeEncoding.Unicode.GetString(responseData.data); //We could expand this by making another client call to store the number into the FIM Person object return(UnicodeEncoding.Unicode.GetBytes(userCustomNumber)); }
internal static void TestOTPBusiness() { AuthenticationRequiredException authnException = null; WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null; //Initiate OTP Reset try { OTPReset("ilm-vm-serverad", "jdoe", null, null); } catch (AuthenticationRequiredException exception) { authnException = exception; } //Go to STS to get the challenge Utilities.OTPGateChallengeResponse(null /* we don't have anything to respond yet*/, ref authnException, out workflowAuthenticationChallenge); Console.WriteLine(UnicodeEncoding.Unicode.GetString(workflowAuthenticationChallenge.data)); //Now send our challenge response aka the OTP Pin string otpTestPin = Console.ReadLine(); var workflowChallengeResponse = new WorkflowAuthenticationResponse(); workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(otpTestPin); var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge); //Now we have a security token. Time to go back to the MT to resubmit our initial request Utilities.OTPReset("ilm-vm-serverad", "jdoe", securityToken, authnException.InitialContextMessageProperty); //Bi-winning }
public override bool TryValidateUser(byte[] registrationData, WorkflowAuthenticationResponse responseData, out string validationError) { //Your validation errors must start with this prefix to show up on the request status details validationError = AuthenticationGate.AuthNValidationError; if (responseData == null) { throw new ArgumentNullException("responseData"); } //At this point, if we had some registration data, it would be provided in registrationData //string customActivityData = UnicodeEncoding.Unicode.GetString(registrationData); // In the case of some activities, we might need to compare this data with the submitted data. For example, the QA activity needs to make sure the //answers submitted match the ones provided during registration // For the OTP Authentication Gate, we don't need to do that. We just take the otp code and compare it against what we generated string userSubmittedOTP = UnicodeEncoding.Unicode.GetString(responseData.data); if (userSubmittedOTP != this.currentInstanceOTP) { validationError += "The submitted one time pin was incorrect."; return false; } return true; }
public override byte[] RegisterUser(WorkflowAuthenticationResponse responseData) { //Since we're going to flow out the phone attribute, we don't need to retrieve data from the user //If we did need to store registration data (for example, we were going to ask the user for his phone number instead of flowing it, we would: // Take the data that he submitted (let's say it's the phone number). The format of this is controlled by what your activity on the client side submits // Then we would do any necessary parsing or data transformation. For example, let's say we needed to determine the Carrier Type and store that. // Once we have the data, we just return the byte stream that we want to persist string userCustomNumber = UnicodeEncoding.Unicode.GetString(responseData.data); //We could expand this by making another client call to store the number into the FIM Person object return UnicodeEncoding.Unicode.GetBytes(userCustomNumber); }
protected void validateOTPButton_Click(object sender, EventArgs e) { //Now send our challenge response aka the OTP Pin string[] userDetails = this.domainUserName.Text.Split('\\'); WorkflowAuthenticationChallenge workflowAuthenticationChallenge = null; var workflowChallengeResponse = new WorkflowAuthenticationResponse(); workflowChallengeResponse.data = UnicodeEncoding.Unicode.GetBytes(this.otpInput.Text); var authnException = HttpContext.Current.Cache.Get("authNExcep") as AuthenticationRequiredException; var securityToken = Utilities.OTPGateChallengeResponse(workflowChallengeResponse, ref authnException, out workflowAuthenticationChallenge); //Now we have a security token. Time to go back to the MT to resubmit our initial request try { Utilities.OTPReset(userDetails[0], userDetails[1], securityToken, authnException.InitialContextMessageProperty); //Bi-winning this.otpvalidationResults.Text = "You are winning so radically before our first cup of coffee. Your new password has been sent to your phone. I take it back, you are bi-winning."; } catch { this.otpvalidationResults.Text = "Stop trying to hack other people's accounts by guessing passwords; this is FIM not facebook. Or maybe you can't type your pin from your phone correctly. That's prolly worse. Either way, you just won two side orders of FAIL."; } stage = 2; ScriptManager sm = ScriptManager.GetCurrent(Page); if (sm.IsInAsyncPostBack) { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "anotherKey", "available_indexes.push(" + stage + ");$('#accordion').accordion('activate', " + stage + ");", true); } }