/// <summary> /// Creates the identity. /// </summary> /// <param name="samaccountName">Name of the samaccount.</param> /// <returns></returns> public ClaimsIdentity CreateIdentity(string samaccountName) { ActiveDirectoryUser userPrincipal = new ActiveDirectoryReadOnlyRepository().GetUser(samaccountName); if (userPrincipal != null) { return(CreateIdentity(userPrincipal)); } else { return(null); } }
/// <summary> /// Check if username and password matches existing account in AD. /// </summary> /// <param name="username">The username.</param> /// <param name="password">The password.</param> /// <returns></returns> public bool ValidateCredentials(string username, string password) { string[] tokens = username.Split('\\'); string user = ""; if (tokens.Length == 2) { user = tokens[1]; } else { user = username; } var repo = new ActiveDirectoryReadOnlyRepository(); return(repo.ValidateCredentials(user, password, ContextOptions.Negotiate)); }
/// <summary> /// Adds information to the response environment that will cause the appropriate authentication /// middleware to grant a claims-based identity to the recipient of the response. /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <returns></returns> public AuthenticationResult SignIn(string username, string password) { // authenticates against your Domain AD //ContextType authenticationType = ContextType.Domain; bool isAuthenticated = false; ActiveDirectoryUser userPrincipal = null; string[] tokens = username.Split('\\'); if (tokens.Length == 2) { var repo = new ActiveDirectoryReadOnlyRepository(tokens[0], username, password); try { //isAuthenticated = repo.ValidateCredentials(tokens[1], password, ContextOptions.Negotiate); isAuthenticated = ValidateCredentials(tokens[1], password); if (isAuthenticated) { //userPrincipal = UserPrincipal.FindByIdentity(principalContext, username); userPrincipal = repo.GetUser(tokens[1]); } } catch (Exception) { isAuthenticated = false; userPrincipal = null; } } else { isAuthenticated = false; userPrincipal = null; } if (!isAuthenticated || userPrincipal == null) { return(new AuthenticationResult("Username or Password is not correct")); } if (userPrincipal.IsAccountLockedOut()) { // here can be a security related discussion weather it is worth // revealing this information return(new AuthenticationResult("Your account is locked.")); } if (userPrincipal.Enabled.HasValue && userPrincipal.Enabled.Value == false) { // here can be a security related discussion weather it is worth // revealing this information return(new AuthenticationResult("Your account is disabled")); } ClaimsIdentity identity = CreateIdentity(userPrincipal); authenticationManager.SignOut("ApplicationCookie"); authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true }, identity); return(new AuthenticationResult()); }