public async Task <PasswordTestResult> TestPassword(string username, string password) { try { UserPrincipal up = await WindowsSamController.GetUserPrincipal(username); PasswordTestResultCode result = (PasswordTestResultCode)(int)FilterInterface.TestPassword(up.SamAccountName, up.DisplayName, password, false); if (result != PasswordTestResultCode.Approved) { Logger.Warn($"User {username} attempted to set a password that was rejected by Lithnet Password Protection with the following code: {result}"); } return(new PasswordTestResult(result)); } catch (NotFoundException) { throw; } catch (Exception ex) { Logger.Error(ex, "An unexpected error occurred checking the password against the Lithnet Password Protection service"); if (PasswordChangeConfigSection.Configuration.PasswordTesting.LppIgnoreErrors) { return(new PasswordTestResult()); } else { return(new PasswordTestResult(PasswordTestResultCode.GeneralError)); } } }
/// <summary> /// Connect to the Security Account Manager service and retrieve the user principal /// structure for a given username or user email address. /// </summary> /// <param name="userOrEmail">User login name or account email address</param> /// <returns>User Principal data structure if found</returns> public static async Task <UserPrincipal> GetUserPrincipal(string userOrEmail) { ContextOptions options = ContextOptions.Negotiate | ContextOptions.Sealing | ContextOptions.Signing; if (ConfigurationManager.AppSettings["ad-bind-force-ssl"] == "1") { options = ContextOptions.Negotiate | ContextOptions.SecureSocketLayer; } using (PrincipalContext context = new PrincipalContext(ContextType.Domain, null, null, options)) { // Try to retrieve the user principal data from the security account manager UserPrincipal userItem = null; if (userOrEmail.IndexOf('@') >= 0) { return(await WindowsSamController.GetUserPrincipalByUpn(userOrEmail, context) ?? await GetUserPrincipalByEmail(userOrEmail, context) ?? throw new NotFoundException()); } else { userItem = await Task.Run(() => UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userOrEmail)); } // If we couldn't find a matching account, throw an error to the calling routine if (userItem == null) { throw new NotFoundException(); } // Otherwise, return the principal structure located return(userItem); } }