private ActiveDirectoryMetadata NewActiveDirectoryMetadata(string displayName, string domain, string searchBase, string username, string password, bool useProcessContext) { ActiveDirectoryMetadata idp = null; if (useProcessContext) { idp = new ActiveDirectoryMetadata() { Name = displayName, Domain = domain, Enabled = true, ActiveDirectoryMetadataType = ActiveDirectoryMetadataType.ActiveDirectoryIwa, Id = Guid.NewGuid(), SearchBase = searchBase }; } else { idp = new ActiveDirectoryMetadata() { Name = displayName, Domain = domain, Enabled = true, ActiveDirectoryMetadataType = ActiveDirectoryMetadataType.ActiveDirectoryBasic, Id = Guid.NewGuid(), SearchBase = searchBase, Username = username, Password = password }; } return(idp); }
public NodeDetails Get(string id) { if (string.IsNullOrEmpty(id)) { throw new ArgumentNullException("Invalid Node"); } Guid validatedId; if (!Guid.TryParse(id, out validatedId)) { throw new ArgumentOutOfRangeException("Invalid Node"); } NodeDetails node = configurationRepository.Get <NodeDetails>(validatedId); if (node == null) { throw new ReferencedObjectDoesNotExistException("Node could not be found"); } ActiveDirectoryMetadata idp = adIdpLogic.GetAll() .Where(item => item.Id == node.CredentialId) .FirstOrDefault(); node.CredentialDisplayName = idp.Name; return(node); }
public MicrosoftCertificateAuthorityOptions GetPrivateCertificateAuthorityOptions(HashAlgorithm hash) { PrivateCertificateAuthorityConfig caConfig = this.GetPrivateCertificateAuthorityConfigByHash(hash); ActiveDirectoryMetadata idp = this.Get <ActiveDirectoryMetadata>(caConfig.IdentityProviderId); MicrosoftCertificateAuthorityAuthenticationType authType; if (idp.ActiveDirectoryMetadataType == Entities.Enumerations.ActiveDirectoryMetadataType.ActiveDirectoryBasic) { authType = MicrosoftCertificateAuthorityAuthenticationType.UsernamePassword; } else { authType = MicrosoftCertificateAuthorityAuthenticationType.WindowsKerberos; } MicrosoftCertificateAuthorityOptions options = new MicrosoftCertificateAuthorityOptions() { AuthenticationRealm = idp.Domain, AuthenticationType = authType, HashAlgorithm = hash, CommonName = caConfig.CommonName, ServerName = caConfig.ServerName, Id = caConfig.Id, Password = idp.Password, Username = idp.Username }; return(options); }
public void Setup() { AdcsTemplate result = null; try { result = configDb.Get <AdcsTemplate>(x => x.Cipher == CipherAlgorithm.RSA && x.WindowsApi == WindowsApi.CryptoApi && x.KeyUsage == KeyUsage.ServerAuthentication).First(); //result = configDb.GetAdcsTemplate(HashAlgorithm.SHA256, CipherAlgorithm.RSA, WindowsApi.CryptoApi, KeyUsage.ServerAuthentication); } catch { if (result == null) { configDb.Insert <AdcsTemplate>(new AdcsTemplate() { WindowsApi = WindowsApi.CryptoApi, Cipher = CipherAlgorithm.RSA, //Hash = HashAlgorithm.SHA256, KeyUsage = KeyUsage.ServerAuthentication, Name = "ServerAuthentication-CapiRsa" }); } } ActiveDirectoryMetadata idp = configDb.GetAll <ActiveDirectoryMetadata>().FirstOrDefault(); configDb.DropCollection <PrivateCertificateAuthorityConfig>(); PrivateCertificateAuthorityConfig caConfig = new PrivateCertificateAuthorityConfig() { CommonName = caCommonName, ServerName = caServerName, HashAlgorithm = HashAlgorithm.SHA256, IdentityProviderId = idp.Id }; }
public ActiveDirectoryMetadata Add(string displayName, string domain, string searchBase, string username, string password, bool useProcessContext) { ActiveDirectoryMetadata idp = NewActiveDirectoryMetadata(displayName, domain, searchBase, username, password, useProcessContext); configurationRepository.Insert <ActiveDirectoryMetadata>(idp); return(idp); }
public JsonResult UpdateActiveDirectoryMetadata(ActiveDirectoryMetadata entity) { ActiveDirectoryMetadata existing = configurationRepository.Get <ActiveDirectoryMetadata>(entity.Id); entity.Password = existing.Password; configurationRepository.Update <ActiveDirectoryMetadata>(entity); return(Json(new { status = "success" })); }
public string GetLdapConnectionString(NamingContext namingContext, ActiveDirectoryMetadata metadata) { switch (namingContext) { case NamingContext.Configuration: return(string.Format("LDAP://{0}/CN=Configuration,{1}", metadata.Domain, this.GetBaseDistinguishedName(metadata.Domain))); default: return(string.Format("LDAP://{0}/{1}", metadata.Domain, this.GetBaseDistinguishedName(metadata.Domain))); } }
public List <T> Search <T>(NamingContext namingContext, ActiveDirectoryMetadata metadata) { List <T> list = new List <T>(); string searchFilter = string.Format("(objectClass={0})", metadataResolver.GetSchemaClass <T>()); using (DirectoryEntry entry = new DirectoryEntry(GetLdapConnectionString(namingContext, metadata), metadata.Username, metadata.Password)) { using (DirectorySearcher searcher = new DirectorySearcher(entry)) { searcher.Filter = searchFilter; var propertiesToLoad = metadataResolver.GetPropertiesToLoad <T>(); searcher.PropertiesToLoad.AddRange(propertiesToLoad); foreach (SearchResult result in searcher.FindAll()) { list.Add(ActiveDirectoryEntityMapper.MapSearchResult <T>(result)); } } } return(list); }
public ClaimsPrincipal AuthenticateActiveDirectory(string upn, Guid domain, string password) { AuthenticablePrincipal authenticablePrincipal = configurationRepository.GetAuthenticablePrincipal(upn); ActiveDirectoryMetadata ActiveDirectoryMetadata = configurationRepository.Get <ActiveDirectoryMetadata>(domain); if (ActiveDirectoryMetadata == null || ActiveDirectoryMetadata.Enabled != true) { throw new Exception("Authentication failed"); } if (activeDirectoryAuthenticator.Authenticate(upn, password, ActiveDirectoryMetadata.Domain)) { this.IncrementSuccessfulAuthentication(authenticablePrincipal, domain); return(ConstructClaimsPrincipal(authenticablePrincipal, ActiveDirectoryMetadata.Name)); } else { throw new Exception("Authentication failed"); } }
public void Complete(InitialSetupConfigModel config) { ActiveDirectoryMetadata idp = idpLogic.Add(config.AdName, config.AdServer, config.AdSearchBase, config.AdServiceAccountUsername, config.AdServiceAccountPassword, config.AdUseAppPoolIdentity); certificateAuthorityConfigurationLogic.AddPrivateCertificateAuthority(config.AdcsServerName, config.AdcsCommonName, config.AdcsHashAlgorithm, idp.Id); AdcsTemplate adcsTemplate = templateLogic.AddTemplate(config.AdcsTemplateName, config.AdcsTemplateCipher, config.AdcsTemplateKeyUsage, config.AdcsTemplateWindowsApi, RoleManagementLogic.DefaultTemplateIssuerRoles); AuthenticablePrincipal emergencyAccess = localIdpLogic.InitializeEmergencyAccess(config.EmergencyAccessKey); AuthenticablePrincipal admin = localIdpLogic.InitializeLocalAdministrator(config.LocalAdminPassword); authorizationLogic.InitializeScopes(); roleManagement.InitializeRoles(new List <Guid>() { emergencyAccess.Id, admin.Id }); AppConfig appConfig = new AppConfig() { EncryptionKey = config.EncryptionKey, Id = Guid.NewGuid() }; configurationRepository.SetAppConfig(appConfig); }
public List <AdcsCertificateTemplate> GetActiveDirectoryTemplates(ActiveDirectoryMetadata metadata) { List <AdcsCertificateTemplate> templates = activeDirectory.Search <AdcsCertificateTemplate>(NamingContext.Configuration, metadata); return(templates); }
public JsonResult DeleteActiveDirectoryMetadata(ActiveDirectoryMetadata entity) { configurationRepository.Delete <ActiveDirectoryMetadata>(entity.Id); return(Json(new { status = "success" })); }
public JsonResult AddActiveDirectoryMetadata(ActiveDirectoryMetadata entity) { configurationRepository.Insert <ActiveDirectoryMetadata>(entity); return(Json(new { status = "success" })); }
public void InitializeTest() { user = new Mock <ClaimsPrincipal>(); string configPath = Path.GetTempFileName(); configDb = new LiteDbConfigurationRepository(configPath); configDb.Insert <AdcsTemplate>(new AdcsTemplate() { WindowsApi = WindowsApi.CryptoApi, Cipher = CipherAlgorithm.RSA, //Hash = HashAlgorithm.SHA256, KeyUsage = KeyUsage.ServerAuthentication, Name = "ServerAuthentication-CapiRsa" }); configDb.Insert <AdcsTemplate>(new AdcsTemplate() { WindowsApi = WindowsApi.CryptoApi, Cipher = CipherAlgorithm.RSA, //Hash = HashAlgorithm.SHA256, KeyUsage = KeyUsage.None, Name = "NoKeyUsage-CapiRsa" }); configDb.Insert <AdcsTemplate>(new AdcsTemplate() { WindowsApi = WindowsApi.Cng, Cipher = CipherAlgorithm.RSA, // Hash = HashAlgorithm.SHA256, KeyUsage = KeyUsage.ServerAuthentication, Name = "ServerAuthentication-CngRsa" }); configDb.Insert <AdcsTemplate>(new AdcsTemplate() { WindowsApi = WindowsApi.Cng, Cipher = CipherAlgorithm.RSA, //Hash = HashAlgorithm.SHA256, KeyUsage = KeyUsage.ServerAuthentication | KeyUsage.ClientAuthentication, Name = "ClientServerAuthentication-CngRsa" }); configDb.Insert <AdcsTemplate>(new AdcsTemplate() { WindowsApi = WindowsApi.Cng, Cipher = CipherAlgorithm.ECDH, //Hash = HashAlgorithm.SHA256, KeyUsage = KeyUsage.ServerAuthentication, Name = "ServerAuthentication-CngEcdh" }); configDb.Insert <AdcsTemplate>(new AdcsTemplate() { WindowsApi = WindowsApi.Cng, Cipher = CipherAlgorithm.ECDSA, //Hash = HashAlgorithm.SHA256, KeyUsage = KeyUsage.ServerAuthentication, Name = "ServerAuthentication-CngEcdsa" }); Logic.SecretKeyProvider secretKeyProvider = new Logic.SecretKeyProvider(); AppConfig appConfig = new AppConfig() { EncryptionKey = secretKeyProvider.NewSecretBase64(32) }; configDb.SetAppConfig(appConfig); ActiveDirectoryMetadata identitySource = new ActiveDirectoryMetadata() { Domain = "cm.local", Enabled = true, ActiveDirectoryMetadataType = ActiveDirectoryMetadataType.ActiveDirectoryBasic, Id = Guid.NewGuid(), Name = "cm.local", Password = password, Username = username, SearchBase = "DC=cm,DC=local" }; PrivateCertificateAuthorityConfig caConfig = new PrivateCertificateAuthorityConfig() { CommonName = caCommonName, ServerName = caServerName, HashAlgorithm = HashAlgorithm.SHA256, Id = Guid.NewGuid(), IdentityProviderId = identitySource.Id }; configDb.Insert <PrivateCertificateAuthorityConfig>(caConfig); configDb.Insert <ActiveDirectoryMetadata>(identitySource); templateLogic = new AdcsTemplateLogic(configDb, activeDirectory); KeyUsage keyUsage = KeyUsage.ClientAuthentication | KeyUsage.ServerAuthentication; //AdcsTemplate config = configDb.Get<AdcsTemplate>(x => x.Cipher == CipherAlgorithm.RSA && x.WindowsApi == WindowsApi.Cng && x.KeyUsage == keyUsage).First(); //var config = configDb.GetAdcsTemplate(HashAlgorithm.SHA256, CipherAlgorithm.RSA, WindowsApi.Cng, KeyUsage.ClientAuthentication | KeyUsage.ServerAuthentication); string certDbPath = Path.GetTempFileName(); certDb = new LiteDbCertificateRepository(certDbPath); }
public T GetObject <T>(string schemaClass, string searchValue, ActiveDirectoryMetadata metadata, bool retry = false) { return(default(T)); }
public AdcsCertificateTemplate GetActiveDirectoryPublishedTemplate(string name, ActiveDirectoryMetadata metadata) { return(activeDirectory.Search <AdcsCertificateTemplate>(NamingContext.Configuration, metadata) .Where(x => x.Name == name) .First()); }
public AdcsCertificateTemplate GetTemplateInAllActiveDirectoryRealms(string name, ActiveDirectoryMetadata metadata) { List <AdcsCertificateTemplate> templates = activeDirectory.Search <AdcsCertificateTemplate>("name", name, NamingContext.Configuration, metadata); if (!templates.Any()) { throw new AdcsTemplateValidationException(string.Format("Adcs template is not published in Active Directory - {0}", metadata.Domain)); } if (templates.Count > 1) { throw new AdcsTemplateValidationException(string.Format("More than one template in {0} matched the query. Please specify a unique template name. ", metadata.Domain)); } return(templates.First()); }
public void InitializeTest() { activeDirectory = new ActiveDirectoryRepository(); metadata = new ActiveDirectoryMetadata(domain, username, password); }