/// <summary>
/// Creates the identity.
/// </summary>
/// <param name="userPrincipal">The user principal.</param>
/// <returns></returns>
public ClaimsIdentity CreateIdentity(ActiveDirectoryUser userPrincipal)
{
var identity = new ClaimsIdentity("ApplicationCookie", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Windows"));
identity.AddClaim(new Claim(ClaimTypes.Name, userPrincipal.SamAccountName));
//identity.AddClaim(new Claim(ClaimTypes.Email, userPrincipal.EmailAddress));
//identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.Name + " " + userPrincipal.MiddleName + " " + userPrincipal.Surname));
//identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.SamAccountName));
identity.AddClaim(new Claim("DisplayName", userPrincipal.DisplayName));
if (!string.IsNullOrEmpty(userPrincipal.EmailAddress))
{
identity.AddClaim(new Claim(ClaimTypes.Email, userPrincipal.EmailAddress));
}
//TODO: Ir buscar os roles ao AD
IList <string> roles = this.GetRoles(userPrincipal);
foreach (var role in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
return(identity);
}
/// <summary>
/// Adds information to the response environment that will cause the appropriate authentication
/// middleware to grant a claims-based identity to the recipient of the response.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <returns></returns>
public AuthenticationResult SignIn(string username, string password)
{
// authenticates against your Domain AD
//ContextType authenticationType = ContextType.Domain;
bool isAuthenticated = false;
ActiveDirectoryUser userPrincipal = null;
string[] tokens = username.Split('\\');
if (tokens.Length == 2)
{
var repo = new ActiveDirectoryReadOnlyRepository(tokens[0], username, password);
try
{
//isAuthenticated = repo.ValidateCredentials(tokens[1], password, ContextOptions.Negotiate);
isAuthenticated = ValidateCredentials(tokens[1], password);
if (isAuthenticated)
{
//userPrincipal = UserPrincipal.FindByIdentity(principalContext, username);
userPrincipal = repo.GetUser(tokens[1]);
}
}
catch (Exception)
{
isAuthenticated = false;
userPrincipal = null;
}
}
else
{
isAuthenticated = false;
userPrincipal = null;
}
if (!isAuthenticated || userPrincipal == null)
{
return(new AuthenticationResult("Username or Password is not correct"));
}
if (userPrincipal.IsAccountLockedOut())
{
// here can be a security related discussion weather it is worth
// revealing this information
return(new AuthenticationResult("Your account is locked."));
}
if (userPrincipal.Enabled.HasValue && userPrincipal.Enabled.Value == false)
{
// here can be a security related discussion weather it is worth
// revealing this information
return(new AuthenticationResult("Your account is disabled"));
}
ClaimsIdentity identity = CreateIdentity(userPrincipal);
authenticationManager.SignOut("ApplicationCookie");
authenticationManager.SignIn(new AuthenticationProperties()
{
IsPersistent = true
}, identity);
return(new AuthenticationResult());
}
/// <summary>
/// Gets and user with the supplied distinguished name
/// </summary>
/// <param name="distinguishedName">distinguished name</param>
/// <returns></returns>
public ActiveDirectoryUser GetUserByDistinguishedName(string distinguishedName)
{
ActiveDirectoryUser user = ActiveDirectoryUser.FindByIdentity(principalContext, IdentityType.DistinguishedName, distinguishedName);
return(user);
}
/// <summary>
/// Gets an user with the supplied Sam Account Name
/// </summary>
/// <param name="samaccountname">samaccountname</param>
/// /// <param name="identityType">samaccountname</param>
/// <returns></returns>
public ActiveDirectoryUser GetUser(string samaccountname, IdentityType identityType)
{
ActiveDirectoryUser user = ActiveDirectoryUser.FindByIdentity(principalContext, identityType, samaccountname);
return(user);
}