public ActionResult ValidateUser() { PswMigrationResponse pswMigrationRsp = new PswMigrationResponse(); LdapServiceModel ldapServiceModel = null; CustomUser oktaUser = null; string username = null; string password = null; username = Request["username"]; password = Request["password"]; ldapServiceModel = new LdapServiceModel(); ldapServiceModel.ldapServer = appSettings["ldap.server"]; ldapServiceModel.ldapPort = appSettings["ldap.port"]; ldapServiceModel.baseDn = appSettings["ldap.baseDn"]; //use received username and password to bind with LDAP //if password is valid, set password in Okta try { //check username in Okta and password status oktaUser = _oktaUserMgmt.GetCustomUser(username); } catch (OktaException) { //trap error, handle User is null } if (oktaUser != null) { if (string.IsNullOrEmpty(oktaUser.Profile.IsPasswordInOkta) || oktaUser.Profile.IsPasswordInOkta == "false") { //check user credentials in LDAP bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, password, ldapServiceModel); if (rspIsAuthenticated) { //set password in Okta bool rspSetPsw = _oktaUserMgmt.SetUserPassword(oktaUser.Id, password); if (rspSetPsw) { //update attribute in user profile when set password successful oktaUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser); if (rspPartialUpdate) { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { //update attribute in user profile when set password fails oktaUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser); if (rspPartialUpdate) { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "false"; } else { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } } else { //arrive here is user creds not validated in Ldap pswMigrationRsp.status = "LDAP validation failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { //no work required pswMigrationRsp.status = oktaUser.Status; pswMigrationRsp.isPasswordInOkta = "true"; } //build response pswMigrationRsp.oktaId = oktaUser.Id; pswMigrationRsp.login = oktaUser.Profile.Login; } else { //arrive here if user not found in Okta //check user credentials and get profile from LDAP CustomUser rspCustomUser = _credAuthentication.IsCreated(username, password, ldapServiceModel); if (rspCustomUser != null) { rspCustomUser.Profile.Login = username + _userdomain; Okta.Core.Models.Password pswd = new Okta.Core.Models.Password(); pswd.Value = password; rspCustomUser.Credentials.Password = pswd; //create Okta user with password rspAddCustomUser = _oktaUserMgmt.AddCustomUser(rspCustomUser); if (rspAddCustomUser != null) { Uri rspUri = new Uri("https://tbd.com"); bool rspActivate = _oktaUserMgmt.ActivateUser(rspAddCustomUser, out rspUri); if (rspActivate) { rspCustomUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(rspAddCustomUser); if (rspPartialUpdate) { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json")); }
public IActionResult ValidateUser(string psw, string username) { string temp = psw; PswMigrationResponse pswMigrationRsp = new PswMigrationResponse(); Okta.Sdk.IUser oktaUser = null; var client = new OktaClient(new OktaClientConfiguration { OktaDomain = _config.GetValue <string>("OktaWeb:OktaDomain"), Token = _config.GetValue <string>("OktaWeb:ApiToken") }); //use received username and password to bind with LDAP //if password is valid, set password in Okta try { //check username in Okta and password status oktaUser = (Okta.Sdk.User)client.Users.GetUserAsync(username).Result; } catch (OktaApiException ex) { //trap error, handle User is null var test = ex.ErrorCode; } catch (Exception e) { //trap error, handle User is null OktaApiException myExp = (OktaApiException)e.InnerException; var myErr = myExp.ErrorCode; } if (oktaUser != null) { //if user password already set, no furhter processing if (oktaUser.Profile["IsPasswordInOkta"] == null || oktaUser.Profile["IsPasswordInOkta"].ToString() == "false") { //check user credentials in LDAP bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, psw, _ldapServiceModel); if (rspIsAuthenticated) { //set password in Okta Okta.Sdk.PasswordCredential setPassword = new Okta.Sdk.PasswordCredential(); setPassword.Value = psw; oktaUser.Credentials.Password = setPassword; oktaUser.Profile["IsPasswordInOkta"] = "true"; Okta.Sdk.IUser rspPartialUpdate = oktaUser.UpdateAsync().Result; if (rspPartialUpdate != null) { if (rspPartialUpdate.PasswordChanged != null) { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { //arrive here is user creds not validated in Ldap pswMigrationRsp.status = "LDAP validation failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { //no work required pswMigrationRsp.status = oktaUser.Status; pswMigrationRsp.isPasswordInOkta = "true"; } //build response pswMigrationRsp.oktaId = oktaUser.Id; pswMigrationRsp.login = oktaUser.Profile.Login; } else { //arrive here if user not found in Okta //check user credentials and get profile from LDAP //Okta.Sdk.IUser rspOktaUser = null; CustomUser rspCustomUser = _credAuthentication.IsCreated(username, psw, _ldapServiceModel); if (rspCustomUser != null) { //create Okta user with password //dont auto activate, sincewe dont want email CreateUserWithPasswordOptions newUserOptions = new CreateUserWithPasswordOptions { // User profile object Profile = new UserProfile { Login = rspCustomUser.Email, FirstName = rspCustomUser.FirstName, LastName = rspCustomUser.LastName, Email = rspCustomUser.Email }, Password = psw, Activate = false, }; newUserOptions.Profile["IsPasswordInOkta"] = "true"; Okta.Sdk.IUser rspAddCustomUser = client.Users.CreateUserAsync(newUserOptions).Result; if (rspAddCustomUser != null) { var rspActivate = rspAddCustomUser.ActivateAsync(sendEmail: false).Result; if (rspActivate != null) { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "User NOT ACTIVE in Okta"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT found in External Source"; pswMigrationRsp.isPasswordInOkta = "false"; } } return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json")); // return this.Ok("Web Api unprotected endpoint, SUCCESS"); }