public string Authenticate(AuthenticateModel authData)
{
string ret = "";
if (string.IsNullOrEmpty(authData.username) || string.IsNullOrEmpty(authData.password))
{
return(string.Format("The {0} can not be empty", string.IsNullOrEmpty(authData.username)?"user name":"password"));
}
Tenant tn = null;
if (!string.IsNullOrEmpty(authData.tenant))
{
tn = dbCtx.Tenants.SingleOrDefault(t => t.Name.ToLower().Equals(authData.tenant.ToLower()));
if (tn == null) // nonexisting tenant name provided
{
return(string.Format("Tenant {0} not found", authData.tenant));
}
}
// in this example application, we do not use the full ActiveDirectory identity features.
// That, plus synchronizing the users in Izenda configuration DB and in the
// authorization application DB, allows just to validate the user against the Active Directory.
// In case you dont want to synchronize the users and/or not using the authorization DB
// while still want to use the Active Directory - you need to implement
// the full - featured identity mechanizm with ActiveDirectory support.
//
// So, here we just validate the active directory user if we set to use the active directory.
ADUser adUser = null;
ADConfig adCfg = Utilities.ADSettings();
if (adCfg.UseActiveDirectory)
{
adUser = ADUtilities.ValidateADUser(authData.username, authData.password, adCfg);
}
if (adCfg.UseActiveDirectory && !adUser.IsValid)
{
return(string.Format("The user {0} is invalid or not found in the Active Directory.\nError:{1}", authData.username, adUser.Reserved));
}
// Check if the user exists in the authentication database.
// For the Active Directory, we still will verify this too, even in case the user is valid on A.D.
int?tnId = null;
if (tn != null)
{
tnId = tn.Id;
}
AspNetUser user = dbCtx.AspNetUsers.SingleOrDefault(
u => u.UserName.ToLower().Equals(authData.username.ToLower()) &&
u.TenantId == tnId);
// Tip.
// At this point, if the AD user exists/valid (adUser.IsValid == true), it is possible to automatically
// create the AD user in Izenda DB, if you'd like to. You can implement something like the following:
// if ((adCfg.UseActiveDirectory && adUser.IsValid) && user == null) {
// user = (cast/retrieve to the AspNetUser)CreateUser(new CreateUserBindingModel { FirstName = "", LastName = "", Tenant = authData.tenant, Password = authData.password, IsAdmin = false });
// }
// See the article "Few aspects of Active Directory authentication" at Izenda Confluence board for details
// as of now, we expect the A.D. user to exist in the database.
if (user == null)
{
return(string.Format("User {0} not found {1}", authData.username, tn == null ? "":"for the tenant " + tn.Name));
}
if (!VerifyPassword(authData.password, user))
{
return("The password is incorrect");
}
// our sample (custom authenticacion) database does not have the user status flag.
// we will use Izenda to find out if the user is active or not.
string adminToken = IzendaTokenAuthorization.GetIzendaAdminToken();
Task <IzendaBoundary.Models.UserDetail> getUser = IzendaUtilities.GetIzendaUserByTenantAndName(user.UserName, tn == null?null:tn.Name, adminToken);
IzendaBoundary.Models.UserDetail userDetails = getUser.Result;
if (userDetails == null)
{
return(string.Format("The user {0} not found in [Izenda database]. Contact your administrator please", user.UserName));
}
else if (!userDetails.Active)
{
return(string.Format("The user {0} was found but it is not active. Contact your administrator please", user.UserName));
}
return(ret);
}