public bool CheckCredentialServer(LdapServiceModel ldapServiceModel) { bool success = false; _ldapServer = ldapServiceModel.ldapServer; _ldapPort = ldapServiceModel.ldapPort; LdapDirectoryIdentifier ldapDirectoryIdentifier = new LdapDirectoryIdentifier(_ldapServer, Convert.ToInt16(_ldapPort), true, false); LdapConnection ldapConnection = new LdapConnection(ldapDirectoryIdentifier); try { ldapConnection.AuthType = AuthType.Anonymous; ldapConnection.AutoBind = false; ldapConnection.Timeout = new TimeSpan(0, 0, 0, 1); ldapConnection.Bind(); ldapConnection.Dispose(); success = true; } catch (LdapException) { success = false; } return(success); }
public CustomUser IsCreated(string username, string password, LdapServiceModel ldapServiceModel) { _ldapServer = ldapServiceModel.ldapServer; _ldapPort = ldapServiceModel.ldapPort; _baseDn = ldapServiceModel.baseDn; bool success = false; CustomUser customUser = null; //username must be user full domain name. build UID string string modUsername = "******" + username + _baseDn; //string tempPath = "LDAP://ldap.server.com:389/uid=admin,o=Users,dc=okta,dc=com"; _ldapPath = string.Format("LDAP://{0}:{1}", _ldapServer, _ldapPort); DirectoryEntry entry = new DirectoryEntry(_ldapPath, modUsername, password); entry.AuthenticationType = AuthenticationTypes.None; try { // Bind to the native AdsObject to force authentication. // if no exception, then login successful Object connected = entry.NativeObject; DirectorySearcher directorySearcher = new DirectorySearcher(entry); directorySearcher.Filter = "(uid=" + username + ")"; SearchResult result = directorySearcher.FindOne(); if (result != null) { User oktaUser = new User(); customUser = new CustomUser(oktaUser); string path = result.Path; customUser.Profile.LastName = (String)result.Properties["sn"][0]; customUser.Profile.FirstName = (String)result.Properties["givenname"][0]; customUser.Profile.Email = (String)result.Properties["mail"][0]; //success = true; } } catch (LdapException ldapException) { //add additional error handling if (ldapException.ErrorCode.Equals(LDAPError_InvalidCredentials)) { success = false; } success = false; } catch (Exception ex) { //add additional error handling success = false; } return(customUser); }
public MigrationController(ILogger <MigrationController> logger, IConfiguration config, ICredAuthentication ldap) { _logger = logger; _config = config; _credAuthentication = ldap; //the service is injected by the GL app, the parameters are passed in on the method call _ldapServiceModel = new LdapServiceModel(); _ldapServiceModel.ldapServer = _config.GetValue <string>("ldapSettings:ldapServer"); _ldapServiceModel.ldapPort = _config.GetValue <string>("ldapSettings:ldapPort"); _ldapServiceModel.baseDn = _config.GetValue <string>("ldapSettings:baseDn"); }
public bool IsAuthenticated(string username, string password, LdapServiceModel ldapServiceModel) { _ldapServer = ldapServiceModel.ldapServer; _ldapPort = ldapServiceModel.ldapPort; _baseDn = ldapServiceModel.baseDn; _ldapPath = string.Format("LDAP://{0}:{1}", _ldapServer, _ldapPort); bool success = false; //username must be user full domain name. build UID string string modUsername = "******" + username + _baseDn; try { LdapDirectoryIdentifier ldapDirectoryIdentifier = new LdapDirectoryIdentifier(_ldapServer, Convert.ToInt16(_ldapPort), true, false); LdapConnection ldapConnection = new LdapConnection(ldapDirectoryIdentifier); //LdapConnection ldapConnection = new LdapConnection(new LdapDirectoryIdentifier((_ldapServer + (":" + _ldapPort)))); //ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true); //ldapConnection.SessionOptions.SecureSocketLayer = true; ldapConnection.SessionOptions.ProtocolVersion = 3; ldapConnection.AuthType = AuthType.Basic; //ldapConnection.AuthType = AuthType.Negotiate;; ldapConnection.Timeout = new TimeSpan(0, 0, 10); ldapConnection.Credential = new NetworkCredential(modUsername, password); ldapConnection.Bind(); //if bind does not cause error then it is successful ldapConnection.Dispose(); //_logger.Debug("ldap successfully validated username " + username); success = true; } catch (LdapException ldapException) { //add additional error handling if (ldapException.ErrorCode.Equals(LDAPError_InvalidCredentials)) { success = false; } success = false; } catch (Exception ex) { //add additional error handling success = false; } return(success); }
public ActionResult ValidateUser() { PswMigrationResponse pswMigrationRsp = new PswMigrationResponse(); LdapServiceModel ldapServiceModel = null; CustomUser oktaUser = null; string username = null; string password = null; username = Request["username"]; password = Request["password"]; ldapServiceModel = new LdapServiceModel(); ldapServiceModel.ldapServer = appSettings["ldap.server"]; ldapServiceModel.ldapPort = appSettings["ldap.port"]; ldapServiceModel.baseDn = appSettings["ldap.baseDn"]; //use received username and password to bind with LDAP //if password is valid, set password in Okta try { //check username in Okta and password status oktaUser = _oktaUserMgmt.GetCustomUser(username); } catch (OktaException) { //trap error, handle User is null } if (oktaUser != null) { if (string.IsNullOrEmpty(oktaUser.Profile.IsPasswordInOkta) || oktaUser.Profile.IsPasswordInOkta == "false") { //check user credentials in LDAP bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, password, ldapServiceModel); if (rspIsAuthenticated) { //set password in Okta bool rspSetPsw = _oktaUserMgmt.SetUserPassword(oktaUser.Id, password); if (rspSetPsw) { //update attribute in user profile when set password successful oktaUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser); if (rspPartialUpdate) { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { //update attribute in user profile when set password fails oktaUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser); if (rspPartialUpdate) { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "false"; } else { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } } else { //arrive here is user creds not validated in Ldap pswMigrationRsp.status = "LDAP validation failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { //no work required pswMigrationRsp.status = oktaUser.Status; pswMigrationRsp.isPasswordInOkta = "true"; } //build response pswMigrationRsp.oktaId = oktaUser.Id; pswMigrationRsp.login = oktaUser.Profile.Login; } else { //arrive here if user not found in Okta //check user credentials and get profile from LDAP CustomUser rspCustomUser = _credAuthentication.IsCreated(username, password, ldapServiceModel); if (rspCustomUser != null) { rspCustomUser.Profile.Login = username + _userdomain; Okta.Core.Models.Password pswd = new Okta.Core.Models.Password(); pswd.Value = password; rspCustomUser.Credentials.Password = pswd; //create Okta user with password rspAddCustomUser = _oktaUserMgmt.AddCustomUser(rspCustomUser); if (rspAddCustomUser != null) { Uri rspUri = new Uri("https://tbd.com"); bool rspActivate = _oktaUserMgmt.ActivateUser(rspAddCustomUser, out rspUri); if (rspActivate) { rspCustomUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(rspAddCustomUser); if (rspPartialUpdate) { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json")); }