Simias.Authentication.Status C# (CSharp)のコード例

コード例 #1

0

ファイルを表示

        /// <summary>
        /// Gets the login status for the specified user.
        /// </summary>
        /// <param name="connection">Ldap connection to use to get the status.</param>
        /// <param name="status">User information.</param>
        private void GetUserStatus(bool proxyUser, LdapConnection connection, Simias.Authentication.Status status)
        {
            if (connection != null)
            {
                readADDomainInfo(connection);

                // Get the search attributes for login status.
                string[] searchAttributes =
                {
                    "userAccountControl",
                    "accountExpires",
                    "pwdLastSet",
                    "lockoutTime"
                };
                LdapEntry ldapEntry = connection.Read(status.DistinguishedUserName, searchAttributes);
                if (ldapEntry != null)
                {
                    // If the account has been disabled or the account has expired
                    // the bind will fail and we'll come through on the proxy user
                    // connection so there is no reason for the extra checking on
                    // a successful bind in the context of the actual user.
                    if (proxyUser == true && AccountDisabled(ldapEntry))
                    {
                        status.statusCode = SCodes.AccountDisabled;
                    }
                    else if (proxyUser == true && AccountExpired(ldapEntry))
                    {
                        status.statusCode = SCodes.AccountDisabled;
                    }
                    else if (proxyUser == true && AccountLockedOut(ldapEntry))
                    {
                        status.statusCode = SCodes.AccountLockout;
                    }
                    else
                    {
                        if (IsPasswordRequired(ldapEntry))
                        {
                            if (CanUserChangePassword(ldapEntry))
                            {
                                int daysUntilExpired;
                                if (IsPasswordExpired(ldapEntry, out daysUntilExpired))
                                {
                                    status.statusCode = SCodes.AccountLockout;
                                }
                                else if (status.statusCode.Equals(SCodes.Success))
                                {
                                    status.DaysUntilPasswordExpires = daysUntilExpired;
                                }
                            }
                        }
                    }
                }
                else
                {
                    status.statusCode       = SCodes.InternalException;
                    status.ExceptionMessage = "Failed reading LDAP attributes";
                }
            }
        }

コード例 #2

0

ファイルを表示

ファイル: User.cs プロジェクト: lulzzz/ifolder

        /// <summary>
        /// Method to verify a user's password
        /// </summary>
        /// <param name="Username">User to verify the password against</param>
        /// <param name="Password">Password to verify</param>
        /// <param name="status">Structure used to pass additional information back to the user.</param>
        /// <returns>true - Valid password, false Invalid password</returns>
        static public bool VerifyPassword(string Username, string Password, Simias.Authentication.Status status)
        {
            if (User.provider != null)
            {
                return(User.provider.VerifyPassword(Username, Password, status));
            }

            return(false);
        }

コード例 #3

0

ファイルを表示

ファイル: User.cs プロジェクト: lulzzz/ifolder

        /// <summary>
        /// Method to verify a user's password
        /// </summary>
        /// <param name="Username">User to verify the password against</param>
        /// <param name="Password">Password to verify</param>
        /// <param name="status">Structure used to pass additional information back to the user.</param>
        /// <returns>true - Valid password, false Invalid password</returns>
        public bool VerifyPassword(string Username, string Password, Simias.Authentication.Status status)
        {
            bool result;

            try
            {
                Member member = domain.GetMemberByName(Username);
                if (member != null)
                {
                    Property pwd = member.Properties.GetSingleProperty(InternalUser.pwdProperty);
                    if (pwd != null && (pwd.Value as string == HashPassword(Password)))
                    {
                        status.UserID     = member.UserID;
                        status.statusCode = SCodes.Success;
                        result            = true;
                    }
                    else
                    {
                        status.statusCode = SCodes.InvalidCredentials;
                        result            = false;
                    }
                }
                else
                {
                    log.Debug("failed to find user: {0}", Username);
                    status.statusCode = SCodes.UnknownUser;
                    result            = false;
                }
            }
            catch (Exception e1)
            {
                log.Error(e1.Message);
                log.Error(e1.StackTrace);
                status.statusCode       = SCodes.InternalException;
                status.ExceptionMessage = e1.Message;
                result = false;
            }

            return(result);
        }

コード例 #4

0

ファイルを表示

ファイル: GaimDomainAuth.cs プロジェクト: RoDaniel/featurehouse

 public Simias.Authentication.Status Authenticate( string collectionID )
 {
     HttpWebResponse response = null;
        Simias.Authentication.Status status =
     new Simias.Authentication.Status( SCodes.Unknown );
        Store store = Store.GetStore();
        Simias.Storage.Domain domain = store.GetDomain( GaimDomain.ID );
        Simias.Storage.Member member = domain.GetCurrentMember();
        GaimDomainProvider gaimDomainProvider = new GaimDomainProvider();
        Uri remoteUri = gaimDomainProvider.ResolveLocation( GaimDomain.ID, collectionID );
        if ( remoteUri == null )
        {
     status.statusCode = SCodes.UnknownDomain;
     return status;
        }
        Uri loginUri = new Uri( remoteUri.ToString() + "/Login.ashx" );
        HttpWebRequest request = WebRequest.Create( loginUri ) as HttpWebRequest;
        WebState webState = new WebState( GaimDomain.ID );
        webState.InitializeWebRequest( request, GaimDomain.ID );
        request.Headers.Add(
     Simias.Security.Web.AuthenticationService.Login.DomainIDHeader,
     GaimDomain.ID );
        request.Headers.Add( "gaim-member", member.UserID );
        request.Method = "POST";
        request.ContentLength = 0;
        try
        {
     request.GetRequestStream().Close();
     response = request.GetResponse() as HttpWebResponse;
     if ( response != null )
     {
      status.statusCode = SCodes.Success;
     }
        }
        catch(WebException webEx)
        {
     response = webEx.Response as HttpWebResponse;
     if (response != null)
     {
      log.Debug( response.StatusCode.ToString() );
      if ( response.StatusCode == System.Net.HttpStatusCode.Unauthorized )
      {
       string oneTimeChallenge = response.Headers[ "gaim-secret" ];
       if ( oneTimeChallenge != null && oneTimeChallenge != "" )
       {
        HttpWebRequest request2 = WebRequest.Create( loginUri ) as HttpWebRequest;
        WebState webState2 = new WebState( GaimDomain.ID );
        webState2.InitializeWebRequest( request2, GaimDomain.ID );
        request2.CookieContainer.Add(response.Cookies);
        request2.Headers.Add(
     Simias.Security.Web.AuthenticationService.Login.DomainIDHeader,
     GaimDomain.ID );
        request2.Headers.Add( "gaim-member", member.UserID );
        try
        {
     RSACryptoServiceProvider credential = GaimDomain.GetCredential();
     if (credential != null)
     {
      byte[] oneTime = Convert.FromBase64String( oneTimeChallenge );
      byte[] decryptedText = credential.Decrypt( oneTime, false );
      request2.Headers.Add( "gaim-secret", Convert.ToBase64String( decryptedText ) );
     }
     else
     {
      log.Debug( "Couldn't get our own RSACryptoServiceProvider (our private key)" );
      status.statusCode = SCodes.Unknown;
      return status;
     }
        }
        catch( Exception enc )
        {
     log.Debug( "Error decrypting one time secret." );
     log.Debug( enc.Message );
     log.Debug( enc.StackTrace );
        }
        request2.Method = "POST";
        request2.ContentLength = 0;
        try
        {
     request2.GetRequestStream().Close();
     response = request2.GetResponse() as HttpWebResponse;
     if ( response != null )
     {
      status.statusCode = SCodes.Success;
     }
        }
        catch( WebException webEx2 )
        {
     log.Debug( "WebException: " + webEx2.Status.ToString() );
     log.Debug( webEx2.Message );
     log.Debug( webEx2.StackTrace );
        }
        catch( Exception e2 )
        {
     log.Debug( "Other exception" );
     log.Debug( e2.Message );
     log.Debug( e2.StackTrace );
        }
       }
       else
       {
        log.Debug( "One Time Challenge NOT present");
       }
      }
     }
     else
     {
      log.Debug( "Couldn't get the HttpWebResponse" );
      log.Debug(webEx.Message);
      log.Debug(webEx.StackTrace);
     }
        }
        catch(Exception ex)
        {
     log.Debug( "Catch-all Exception" );
     log.Debug(ex.Message);
     log.Debug(ex.StackTrace);
        }
        return status;
 }

コード例 #5

0

ファイルを表示

        /// <summary>
        /// Method to verify a user's password
        /// </summary>
        /// <param name="Username">User to verify the password against</param>
        /// <param name="Password">Password to verify</param>
        /// <param name="status">Structure used to pass additional information back to the user.</param>
        /// <returns>true - Valid password, false Invalid password</returns>
        public bool VerifyPassword(string Username, string Password, Simias.Authentication.Status status)
        {
            log.Debug("VerifyPassword for: " + Username);

            LdapConnection conn            = null;
            LdapConnection proxyConnection = null;

            // Get the distinguished name and member(user) id from the
            // simias store rather than the ldap server
            if (GetUserDN(Username, out status.DistinguishedUserName, out status.UserID) == false)
            {
                log.Debug("failed to get the user's distinguished name");
                status.statusCode = SCodes.UnknownUser;
                return(false);
            }

            bool doNotCheckStatus = false;

            try
            {
                conn = new LdapConnection();
                conn.SecureSocketLayer = ldapSettings.SSL;
                conn.UserDefinedServerCertValidationDelegate += new CertificateValidationCallback(SSLHandler);
                conn.Connect(ldapSettings.Host, ldapSettings.Port);
                conn.Bind(status.DistinguishedUserName, Password);
                if (conn.AuthenticationDN == null)
                {
                    doNotCheckStatus = true;
                    throw new LdapException("Anonymous bind is not allowed", LdapException.INAPPROPRIATE_AUTHENTICATION, "Anonymous bind is not allowed");
                }
                status.statusCode = SCodes.Success;
                GetUserStatus(false, conn, status);
                return(true);
            }
            catch (LdapException e)
            {
                log.Error("LdapError:" + e.LdapErrorMessage);
                log.Error("Error:" + e.Message);
                log.Error("DN:" + status.DistinguishedUserName);

                switch (e.ResultCode)
                {
                case LdapException.INVALID_CREDENTIALS:
                    status.statusCode = SCodes.InvalidCredentials;
                    break;

                case LdapException.SSL_HANDSHAKE_FAILED:
                case LdapException.CONNECT_ERROR:
                    if (CertFailure == true)
                    {
                        status.statusCode = SCodes.InvalidCertificate;
                    }
                    CertFailure = false;
                    break;

                default:
                    status.statusCode = SCodes.InternalException;
                    break;
                }

                status.ExceptionMessage = e.Message;
                if (!doNotCheckStatus)
                {
                    proxyConnection = BindProxyUser();
                    if (proxyConnection != null)
                    {
                        // GetUserStatus may change the status code
                        GetUserStatus(true, proxyConnection, status);
                    }
                }
            }
            catch (Exception e)
            {
                log.Error("Error:" + e.Message);
                status.statusCode       = SCodes.InternalException;
                status.ExceptionMessage = e.Message;
                proxyConnection         = BindProxyUser();
                if (proxyConnection != null)
                {
                    // GetUserStatus may change the status code
                    GetUserStatus(true, proxyConnection, status);
                }
            }
            finally
            {
                if (conn != null)
                {
                    // In Mono 2.0 runtime environment, first connection.Disconnect()
                    // always throws exception(bug 449092).
                    // First disconnect always throws "The socket is not connected" Messages.
                    // With this try, catch only ignoring that perticular Exception
                    try
                    {
                        conn.Disconnect();
                    }
                    catch (Exception Ex)
                    {
                        if (String.Compare(Ex.Message, "The socket is not connected") != 0)
                        {
                            throw Ex;
                        }
                        else
                        {
                            log.Info("LdapConnection.Disconnect Exception {0} {1} ", Ex.Message, Ex.StackTrace);
                        }
                    }
                }

                if (proxyConnection != null)
                {
                    try{
                        proxyConnection.Disconnect();
                    }catch {}
                }
            }

            return(false);
        }

コード例 #6

0

ファイルを表示

        /// <summary>
        /// Set the response headers for Http actions
        /// </summary>
        /// <param name="ctx">Context for the Http</param>
        /// <param name="status">Status whether authenticated or not</param>
        private static void SetResponseHeaders(HttpContext ctx, Simias.Authentication.Status status)
        {
            switch (status.statusCode)
            {
            case StatusCodes.Success:
            {
                if (status.DaysUntilPasswordExpires != -1)
                {
                    ctx.Response.AppendHeader(
                        DaysUntilPwdExpiresHeader,
                        status.DaysUntilPasswordExpires.ToString());
                }
                if (UserMoved == 1)
                {
                    ctx.Response.AppendHeader(
                        UserMovedHeader,
                        StatusCodes.UserAlreadyMoved.ToString());
                }

                break;
            }

            case StatusCodes.SuccessInGrace:
            {
                ctx.Response.AppendHeader(
                    GraceTotalHeader,
                    status.TotalGraceLogins.ToString());

                ctx.Response.AppendHeader(
                    GraceRemainingHeader,
                    status.RemainingGraceLogins.ToString());
                if (UserMoved == 1)
                {
                    ctx.Response.AppendHeader(
                        UserMovedHeader,
                        StatusCodes.UserAlreadyMoved.ToString());
                }

                break;
            }

            case StatusCodes.AccountDisabled:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.AccountDisabled.ToString());
                break;
            }

            case StatusCodes.AccountLockout:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.AccountLockout.ToString());
                break;
            }

            case StatusCodes.SimiasLoginDisabled:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.SimiasLoginDisabled.ToString());
                break;
            }

            case StatusCodes.AmbiguousUser:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.AmbiguousUser.ToString());
                break;
            }

            case StatusCodes.UnknownUser:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.UnknownUser.ToString());
                break;
            }

            case StatusCodes.Unknown:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.Unknown.ToString());
                break;
            }

            case StatusCodes.InvalidCredentials:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.InvalidCredentials.ToString());
                break;
            }

            case StatusCodes.InvalidCertificate:
            {
                ctx.Response.StatusCode = 401;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.InvalidCertificate.ToString());
                break;
            }

            case StatusCodes.InvalidPassword:
            {
                ctx.Response.StatusCode = 401;

                /*
                 * context.Response.AppendHeader(
                 *      Login.SimiasErrorHeader,
                 *      StatusCodes.InvalidPassword.ToString() );
                 */
                break;
            }

            case StatusCodes.InternalException:
            {
                ctx.Response.StatusCode = 500;
                ctx.Response.AddHeader(
                    SimiasErrorHeader,
                    StatusCodes.InternalException.ToString());
                break;
            }

            case StatusCodes.UserAlreadyMoved:
            {
                ctx.Response.AddHeader(
                    UserMovedHeader,
                    StatusCodes.UserAlreadyMoved.ToString());
                break;
            }

            default:
                ctx.Response.StatusCode = 401;
                break;
            }
        }

コード例 #7

0

ファイルを表示

ファイル: User.cs プロジェクト: lulzzz/simias

        /// <summary>
        /// Gets the login status for the specified user.
        /// </summary>
        /// <param name="connection">Ldap connection to use to get the status.</param>
        /// <param name="status">User information.</param>
        private void GetUserStatus(bool proxyUser, LdapConnection connection, Simias.Authentication.Status status)
        {
            if (connection != null)
            {
                // Get the search attributes for login status.
                string[] searchAttributes =
                {
                    "loginDisabled",
                    "loginExpirationTime",
                    "loginGraceLimit",
                    "loginGraceRemaining",
                    "passwordAllowChange",
                    "passwordRequired",
                    "passwordExpirationTime"
                };
                LdapEntry ldapEntry = connection.Read(status.DistinguishedUserName, searchAttributes);
                if (ldapEntry != null)
                {
                    // If the account has been disabled or the account has expired
                    // the bind will fail and we'll come through on the proxy user
                    // connection so there is no reason for the extra checking on
                    // a successful bind in the context of the actual user.
                    if (proxyUser == true && LoginDisabled(ldapEntry) == true)
                    {
                        status.statusCode = SCodes.AccountDisabled;
                    }
                    else
                    if (proxyUser == true && LoginAccountExpired(ldapEntry) == true)
                    {
                        status.statusCode = SCodes.AccountDisabled;
                    }
                    else
                    {
                        if (LoginIsPasswordRequired(ldapEntry) == true)
                        {
                            if (LoginCanUserChangePassword(ldapEntry) == true)
                            {
                                if (LoginPasswordExpired(ldapEntry) == true)
                                {
                                    status.TotalGraceLogins     = LoginGraceLimit(ldapEntry);
                                    status.RemainingGraceLogins = LoginGraceRemaining(ldapEntry);

                                    if (status.statusCode == SCodes.Success &&
                                        (status.TotalGraceLogins == -1 ||
                                         status.RemainingGraceLogins >= 0))
                                    {
                                        status.statusCode = SCodes.SuccessInGrace;
                                    }
                                    else
                                    {
                                        status.statusCode = SCodes.AccountLockout;
                                    }
                                }
                            }
                        }
                    }
                }
                else
                {
                    status.statusCode       = SCodes.InternalException;
                    status.ExceptionMessage = "Failed reading LDAP attributes";
                }
            }
        }

C# (CSharp) Simias.Authentication.Statusの例