public GetUserPropertyValue ( string propertyName ) : string | ||
propertyName | string | Name of the active directory property whose value is to be retrieved. |
return | string |
public static ActionResult AuthenticateServiceAccountAction(Session session) { UserInfo serviceAccountInfo; IPrincipal servicePrincipal; string serviceAccount; string servicePassword; string[] splitServiceAccount; string serviceDomain = string.Empty; string serviceUser = string.Empty; bool isSystemAccount; bool isManagedServiceAccount; bool isManagedServiceAccountValid; session.Log("Begin AuthenticateServiceAccountAction"); serviceAccount = session["SERVICEACCOUNT"]; servicePassword = session["SERVICEPASSWORD"]; splitServiceAccount = serviceAccount.Split('\\'); switch (splitServiceAccount.Length) { case 1: serviceDomain = UserInfo.CurrentUserID.Split('\\')[0]; serviceUser = splitServiceAccount[0]; break; case 2: serviceDomain = splitServiceAccount[0]; serviceUser = splitServiceAccount[1]; break; } isSystemAccount = serviceAccount.Equals("LocalSystem", StringComparison.OrdinalIgnoreCase) || serviceAccount.StartsWith(@"NT AUTHORITY\", StringComparison.OrdinalIgnoreCase) || serviceAccount.StartsWith(@"NT SERVICE\", StringComparison.OrdinalIgnoreCase); isManagedServiceAccount = serviceAccount.EndsWith("$", StringComparison.Ordinal); if (isSystemAccount) { session["SERVICEPASSWORD"] = string.Empty; session["SERVICEAUTHENTICATED"] = "yes"; } else if (isManagedServiceAccount) { serviceAccountInfo = new UserInfo(serviceAccount); isManagedServiceAccountValid = serviceAccountInfo.Exists && !serviceAccountInfo.AccountIsDisabled && !serviceAccountInfo.AccountIsLockedOut && serviceAccountInfo.GetUserPropertyValue("msDS-HostServiceAccountBL").Split(',')[0].Equals("CN=" + Environment.MachineName, StringComparison.CurrentCultureIgnoreCase); if (isManagedServiceAccountValid) { session["SERVICEPASSWORD"] = string.Empty; session["SERVICEAUTHENTICATED"] = "yes"; } else { session["SERVICEAUTHENTICATED"] = null; } } else { servicePrincipal = UserInfo.AuthenticateUser(serviceDomain, serviceUser, servicePassword); if ((object)servicePrincipal != null && servicePrincipal.Identity.IsAuthenticated) session["SERVICEAUTHENTICATED"] = "yes"; else session["SERVICEAUTHENTICATED"] = null; } session.Log("End AuthenticateServiceAccountAction"); return ActionResult.Success; }