//TODO: Rename method accc to what it does
public LDAPUser AuthenticateUserWithLdap(UserCredential userCredential)
{
var ldapAuthentication = new LDAPAuthentication()
{
DomainName = ConfigurationManager.AppSettings["Domain"],
UserName = userCredential.Username,
Password = userCredential.Password
};
_logMessages.AppendFormat("Performing LDAP logon for user {0} with domain {1}", ldapAuthentication.UserName, ldapAuthentication.DomainName);
LDAPUser response = null;
try
{
response = _ldapAuthenticationService.IsAuthenticated(ldapAuthentication);
_logMessages.Append("Successfully invoked ldap service. Response received");
}
catch (Exception ex)
{
_logMessages.AppendFormat("An Error occurred invoking ldap authentication. Exception details {0}", ex.Message);
Elmah.ErrorLog.GetDefault(null).Log(new Elmah.Error(ex));
}
_logger.Info(_logMessages.ToString());
return(response);
}
public bool AuthenticateByUsername(string Username)
{
PersonLogin domainPersonLogin = null;
LDAPConfig objLDAPConfig = new LDAPConfig
{
IsConfigured = true,
IsAuthByPassword = true,
LDAPPath = "LDAP://JTINDIA.COM",
UserName = "******",
Password = "******",
ModifiedBy = 1,
ModifiedDate = new DateTime()
};
string userName = Username;
if (!string.IsNullOrWhiteSpace(userName))
{
// bool isValidLDAPUser = new LDAPAuthentication(objLDAPConfig.LDAPPath, objLDAPConfig.UserName, Encryption.DecryptText(objLDAPConfig.Password)).AuthenticateWithUserName(userName);
bool isValidLDAPUser = new LDAPAuthentication(objLDAPConfig.LDAPPath, objLDAPConfig.UserName, objLDAPConfig.Password).AuthenticateWithUserName(userName);
if (isValidLDAPUser)
{
domainPersonLogin = new PersonLogin
{
IsLDAPUser = true,
Password = "",
UserName = ""
};
}
}
return(true);
}
public LDAPUser IsAuthenticated(LDAPAuthentication ldapAuth)
{
return(_ldapAuthenticationRepository.AuthenticateUser(ldapAuth));
}
public LDAPUser AuthenticateUser(LDAPAuthentication ldapAuth)
{
//TODO: Cleanup to be undestandable and readable
_userDetails.AccountName = ldapAuth.UserName;
string domainAndUsername = string.Format(@"{0}\{1}", ldapAuth.DomainName, ldapAuth.UserName);
try
{
_logMessages.Append("LDAP Authentication. Performing binding.");
using (DirectoryEntry entry = new DirectoryEntry(ldapAuth.LDAPUrlPath, domainAndUsername, ldapAuth.Password))
{
_logMessages.AppendFormat("Directory bind to {0} for user {1} successfull.",
ldapAuth.LDAPUrlPath,
domainAndUsername);
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
using (DirectorySearcher search = new DirectorySearcher(entry))
{
search.Filter = "(SAMAccountName=" + ldapAuth.UserName + ")";
_logMessages.AppendFormat("Searching for the user with filter {0}.", search.Filter);
// Filter for properties to load. Not required, when loading all properties.
// For complete list, refer http://www.kouti.com/tables/userattributes.htm .
search.PropertiesToLoad.Add("givenName");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("displayName");
SearchResult result = search.FindOne();
if (null == result)
{
_logMessages.Append("Filter did not find any user Or user logon was unsuccessfull.");
_userDetails.LDAPAccessStatus = LDAPAccessStatus.UserLogonUnsuccessful;
}
else
{
_logMessages.Append("Trying to load givenname, sn and displayname from AD. Default status is set to user logon successfull.");
_userDetails.LDAPAccessStatus = LDAPAccessStatus.UserLogonSuccessful;
if (result.Properties.Contains("givenName") && result.Properties["givenName"].Count == 1)
{
_userDetails.FirstName = Convert.ToString(result.Properties["givenName"][0]);
}
if (result.Properties.Contains("sn") && result.Properties["sn"].Count == 1)
{
_userDetails.LastName = Convert.ToString(result.Properties["sn"][0]);
}
if (result.Properties.Contains("displayName") && result.Properties["displayName"].Count == 1)
{
_userDetails.DisplayName = Convert.ToString(result.Properties["displayName"][0]);
}
}
}
}
_logger.Info(_logMessages.ToString());
}
catch (DirectoryServicesCOMException exc)
{
_logMessages.AppendFormat("Directory service com exception occurred Exception message {0}.", exc.Message);
string errCodeHex = string.Empty;
try
{
// Unfortunately, the only place to get the LDAP bind error code is in the "data" field of the
// extended error message, which is in this format:
// 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
if (!string.IsNullOrEmpty(exc.ExtendedErrorMessage))
{
Match match = Regex.Match(exc.ExtendedErrorMessage, @" data (?<errCode>[0-9A-Fa-f]+),");
if (match.Success)
{
errCodeHex = match.Groups["errCode"].Value;
}
}
}
catch (NullReferenceException ex)
{
throw;
}
if (errCodeHex == "775")
{
_userDetails.LDAPAccessStatus = LDAPAccessStatus.UserAccountLocked;
}
else
{
_userDetails.LDAPAccessStatus = LDAPAccessStatus.UserLogonUnsuccessful;
}
}
catch (System.Runtime.InteropServices.COMException ex)
{
_logMessages.AppendFormat("Interop services com exception occurred Exception message {0}.", ex.Message);
_userDetails.LDAPAccessStatus = LDAPAccessStatus.UserLogonUnsuccessful;
}
catch (Exception ex)
{
_logMessages.AppendFormat("Exception occurred Exception message {0}.", ex.Message);
if (ex.Message.ToLower(System.Globalization.CultureInfo.InvariantCulture).Contains("unknown user name or bad password"))
{
_userDetails.LDAPAccessStatus = LDAPAccessStatus.UserLogonUnsuccessful;
}
//// Check for whether account is locked on not
//if (Convert.ToBoolean(entry.InvokeGet("IsAccountLocked")))
//{
// retValueUser.LDAPAccessStatus = LDAPAccessStatus.UserAccountLocked;
//}
_userDetails.LDAPAccessStatusMessage = "Error authenticating user: " + ex.Message;
}
_logger.Info(_logMessages.ToString());
return(_userDetails);
}
