private void Server_Authentication(object sender, AuthenticationEventArgs e)
{
if (e.UserName != Config.UserName)
{
e.Reject();
return;
}
if (e.Key != null)
{
// test that the actual key is one of the expected keys
var keys = UserPublicKeys;
if (keys != null && keys.Contains(e.Key))
{
e.Accept(Server.Users[Config.UserName]);
}
else
{
e.Reject();
}
}
else
{
if (e.Password == Config.UserPassword)
{
e.Accept(Server.Users[Config.UserName]);
}
else
{
e.Reject();
}
}
}
private void FsUser_Authentication(object sender, AuthenticationEventArgs e)
{
/*
* https://www.rebex.net/file-server/features/events.aspx#authentication
*/
try
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
using (var scope = _factory.CreateScope())
{
var conf = scope.ServiceProvider.GetRequiredService <IConfiguration>();
var log = scope.ServiceProvider.GetRequiredService <ILogger>();
var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>();
var user = uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
.Where(x => x.IdentityAlias == e.UserName).ToLambda(),
new List <Expression <Func <tbl_User, object> > >()
{
x => x.tbl_PublicKey,
x => x.tbl_UserMount,
}).SingleOrDefault();
var admin = scope.ServiceProvider.GetRequiredService <IAdminService>();
var sts = scope.ServiceProvider.GetRequiredService <IStsService>();
if (e.Key != null)
{
Log.Information($"'{callPath}' '{e.UserName}' in-progress with public key");
if (UserHelper.ValidatePubKey(user.tbl_PublicKey.Where(x => x.Enabled).ToList(), e.Key) &&
admin.User_VerifyV1(user.IdentityId).Result)
{
Log.Information($"'{callPath}' '{e.UserName}' success with public key");
if (e.PartiallyAccepted ||
!user.RequirePassword)
{
/*
* an smb mount will not succeed without a user password or ambassador credential.
*/
if (user.FileSystemType == FileSystemTypes.SMB.ToString() &&
!user.tbl_UserMount.CredentialId.HasValue)
{
Log.Warning($"'{callPath}' '{e.UserName}' failure no credential to create {FileSystemTypes.SMB} filesystem");
e.Reject();
return;
}
var fs = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password);
var fsUser = new FileServerUser(e.UserName, e.Password);
fsUser.SetFileSystem(fs);
var fsNotify = fs.GetFileSystemNotifier();
fsNotify.CreatePreview += FsNotify_CreatePreview;
fsNotify.CreateCompleted += FsNotify_CreateCompleted;
fsNotify.DeletePreview += FsNotify_DeletePreview;
fsNotify.DeleteCompleted += FsNotify_DeleteCompleted;
e.Accept(fsUser);
return;
}
else
{
/*
* authenticate partially if another kind of credential has not been provided yet.
*/
e.AcceptPartially();
return;
}
}
else
{
Log.Warning($"'{callPath}' '{e.UserName}' failure with public key");
e.Reject();
return;
}
}
if (e.Password != null)
{
Log.Information($"'{callPath}' '{e.UserName}' in-progress with password");
try
{
var identity = admin.User_GetV1(user.IdentityId.ToString()).Result;
var auth = sts.ResourceOwner_GrantV2(
new ResourceOwnerV2()
{
issuer = conf["IdentityCredentials:IssuerName"],
client = conf["IdentityCredentials:AudienceName"],
grant_type = "password",
user = identity.UserName,
password = e.Password,
}).Result;
Log.Information($"'{callPath}' '{e.UserName}' success with password");
if (e.PartiallyAccepted ||
!user.RequirePublicKey)
{
var fs = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password);
var fsUser = new FileServerUser(e.UserName, e.Password);
fsUser.SetFileSystem(fs);
var fsNotify = fs.GetFileSystemNotifier();
fsNotify.CreatePreview += FsNotify_CreatePreview;
fsNotify.CreateCompleted += FsNotify_CreateCompleted;
fsNotify.DeletePreview += FsNotify_DeletePreview;
fsNotify.DeleteCompleted += FsNotify_DeleteCompleted;
e.Accept(fsUser);
return;
}
else
{
/*
* authenticate partially if another kind of credential has not been provided yet.
*/
e.AcceptPartially();
return;
}
}
catch (HttpRequestException)
{
Log.Warning($"'{callPath}' '{e.UserName}' failure with password");
e.Reject();
return;
}
}
Log.Warning($"'{callPath}' '{e.UserName}' denied");
e.Reject();
return;
}
}
catch (Exception ex)
{
Log.Error(ex.ToString());
}
}