static SiemplifyAuthorizeAttribute()
{
var moduleSettings = _configurationService.GetModuleSettings(DomainDetails.MOUDLE_NAME);
_domainDetails = new DomainDetails(moduleSettings);
var adCredentials = GetActiveDirectoryCredentials();
try
{
if (_domainDetails.AdminDomainGroup.IsNotEmpty() &&
!UserAndDomainHelper.GroupExistsInDomain(_domainDetails.AdminDomainGroup, adCredentials))
{
Logger.Instance.Warn(
string.Format("Configuration error: Admin group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication",
_domainDetails.AdminDomainGroup), LoggerConsts.AccountGeneral);
}
}
catch (Exception ex)
{
Logger.Instance.Warn(
string.Format("Configuration error: Admin group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication. Error: {1}",
_domainDetails.AdminDomainGroup, ex.Message), LoggerConsts.AccountGeneral);
}
try
{
if (_domainDetails.AnalystDomainGroup.IsNotEmpty() &&
!UserAndDomainHelper.GroupExistsInDomain(_domainDetails.AnalystDomainGroup, adCredentials))
{
Logger.Instance.Warn(
string.Format("Configuration error: Analyst group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication",
_domainDetails.AnalystDomainGroup), LoggerConsts.AccountGeneral);
}
}
catch (Exception ex)
{
Logger.Instance.Warn(
string.Format("Configuration error: Analyst group \"{0}\" not found in domain. Users might have a problem logging with Windows authentication. Error: {1}",
_domainDetails.AnalystDomainGroup, ex.Message), LoggerConsts.AccountGeneral);
}
}
private bool HandleWindowsAuthentication(HttpActionContext actionContext)
{
var mgmtConfig = _configurationService.GetManagementServerConfiguration();
var windowsPrincipal = (WindowsPrincipal)actionContext.RequestContext.Principal;
UserRoleEnum?roleToAssign = null;
if (windowsPrincipal.IsInRole(_domainDetails.AdminDomainGroup))
{
roleToAssign = UserRoleEnum.Admin;
}
else if (windowsPrincipal.IsInRole(_domainDetails.AnalystDomainGroup))
{
roleToAssign = UserRoleEnum.Analyst;
}
if (roleToAssign == null)
{
Logger.Instance.Warn(string.Format("Blocked connection attempt by Windows account {0} not in Admin or Analyst group.", windowsPrincipal.Identity.Name),
LoggerConsts.AccountLogInError);
return(false);
}
var profile = _userProfileAccessor.GetUserProfile(windowsPrincipal.Identity.GetUserName());
if (profile == null)
{
if (!mgmtConfig.AutoCreateUsers)
{
Logger.Instance.Warn(string.Format("Windows account {0} is authorized but does not have profile.", windowsPrincipal.Identity.Name),
LoggerConsts.AccountLogInError);
return(false);
}
var userDetails = UserAndDomainHelper.GetUserPrincipal(windowsPrincipal.Identity.GetUserName(), GetActiveDirectoryCredentials());
var user = new UserProfile
{
FirstName = userDetails.GivenName,
LastName = userDetails.Surname,
UserName = windowsPrincipal.Identity.Name,
Email = userDetails.EmailAddress,
Role = roleToAssign.Value,
UserType = UserType.Windows,
ImageBase64 = null
};
_userProfileAccessor.AddOrUpdateUserProfile(user);
}
else
{
if (profile.Role != roleToAssign.Value)
{
profile.Role = roleToAssign.Value;
_userProfileAccessor.AddOrUpdateUserProfile(profile);
}
if (profile.IsDisabled)
{
Logger.Instance.Debug(string.Format("Blocked login attempt by disabled user {0}", profile.UserName), LoggerConsts.AccountLogInError);
return(false);
}
}
return(true);
}
