static SiemplifyAuthorizeAttribute() { var moduleSettings = _configurationService.GetModuleSettings(DomainDetails.MOUDLE_NAME); _domainDetails = new DomainDetails(moduleSettings); var adCredentials = GetActiveDirectoryCredentials(); try { if (_domainDetails.AdminDomainGroup.IsNotEmpty() && !UserAndDomainHelper.GroupExistsInDomain(_domainDetails.AdminDomainGroup, adCredentials)) { Logger.Instance.Warn( string.Format("Configuration error: Admin group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication", _domainDetails.AdminDomainGroup), LoggerConsts.AccountGeneral); } } catch (Exception ex) { Logger.Instance.Warn( string.Format("Configuration error: Admin group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication. Error: {1}", _domainDetails.AdminDomainGroup, ex.Message), LoggerConsts.AccountGeneral); } try { if (_domainDetails.AnalystDomainGroup.IsNotEmpty() && !UserAndDomainHelper.GroupExistsInDomain(_domainDetails.AnalystDomainGroup, adCredentials)) { Logger.Instance.Warn( string.Format("Configuration error: Analyst group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication", _domainDetails.AnalystDomainGroup), LoggerConsts.AccountGeneral); } } catch (Exception ex) { Logger.Instance.Warn( string.Format("Configuration error: Analyst group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication. Error: {1}", _domainDetails.AnalystDomainGroup, ex.Message), LoggerConsts.AccountGeneral); } }
private bool HandleWindowsAuthentication(HttpActionContext actionContext) { var mgmtConfig = _configurationService.GetManagementServerConfiguration(); var windowsPrincipal = (WindowsPrincipal)actionContext.RequestContext.Principal; UserRoleEnum?roleToAssign = null; if (windowsPrincipal.IsInRole(_domainDetails.AdminDomainGroup)) { roleToAssign = UserRoleEnum.Admin; } else if (windowsPrincipal.IsInRole(_domainDetails.AnalystDomainGroup)) { roleToAssign = UserRoleEnum.Analyst; } if (roleToAssign == null) { Logger.Instance.Warn(string.Format("Blocked connection attempt by Windows account {0} not in Admin or Analyst group.", windowsPrincipal.Identity.Name), LoggerConsts.AccountLogInError); return(false); } var profile = _userProfileAccessor.GetUserProfile(windowsPrincipal.Identity.GetUserName()); if (profile == null) { if (!mgmtConfig.AutoCreateUsers) { Logger.Instance.Warn(string.Format("Windows account {0} is authorized but does not have profile.", windowsPrincipal.Identity.Name), LoggerConsts.AccountLogInError); return(false); } var userDetails = UserAndDomainHelper.GetUserPrincipal(windowsPrincipal.Identity.GetUserName(), GetActiveDirectoryCredentials()); var user = new UserProfile { FirstName = userDetails.GivenName, LastName = userDetails.Surname, UserName = windowsPrincipal.Identity.Name, Email = userDetails.EmailAddress, Role = roleToAssign.Value, UserType = UserType.Windows, ImageBase64 = null }; _userProfileAccessor.AddOrUpdateUserProfile(user); } else { if (profile.Role != roleToAssign.Value) { profile.Role = roleToAssign.Value; _userProfileAccessor.AddOrUpdateUserProfile(profile); } if (profile.IsDisabled) { Logger.Instance.Debug(string.Format("Blocked login attempt by disabled user {0}", profile.UserName), LoggerConsts.AccountLogInError); return(false); } } return(true); }