Пример #1
0
        public UserCreateOrUpdateResult ValidateCredentials(string username, string password)
        {
            if (!configurationStore.GetIsEnabled() ||
                !configurationStore.GetAllowFormsAuthenticationForDomainUsers())
            {
                return(new UserCreateOrUpdateResult("Directory services forms authentication is not enabled"));
            }

            if (username == null)
            {
                throw new ArgumentNullException(nameof(username));
            }

            log.Verbose($"Validating credentials provided for '{username}'...");

            string domain;

            credentialNormalizer.NormalizeCredentials(username, out username, out domain);

            using (var context = contextProvider.GetContext(domain))
            {
                var principal = UserPrincipal.FindByIdentity(context, username);

                if (principal == null)
                {
                    var searchedContext = domain ?? context.Name ?? context.ConnectedServer;
                    log.Info($"A principal identifiable by '{username}' was not found in '{searchedContext}'");
                    return(new UserCreateOrUpdateResult($"Username not found"));
                }

                var hToken = IntPtr.Zero;
                try
                {
                    var logon = domain == null ? principal.UserPrincipalName : username;
                    log.Verbose($"Calling LogonUser(\"{logon}\", \"{domain}\", ...)");

                    if (!LogonUser(logon, domain, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, out hToken))
                    {
                        var error = new Win32Exception();
                        log.Warn(error, $"Principal '{logon}' (Domain: '{domain}') could not be logged on via WIN32: 0x{error.NativeErrorCode:X8}.");

                        return(new UserCreateOrUpdateResult("Active directory login error"));
                    }
                }
                finally
                {
                    if (hToken != IntPtr.Zero)
                    {
                        CloseHandle(hToken);
                    }
                }

                log.Verbose($"Credentials for '{username}' validated, mapped to principal '{principal.UserPrincipalName ?? ("(NTAccount)" + principal.Name)}'");

                return(GetOrCreateUser(principal, username, domain));
            }
        }
        public IList <ExternalSecurityGroup> FindGroups(string name)
        {
            if (!configurationStore.GetAreSecurityGroupsEnabled())
            {
                return(new List <ExternalSecurityGroup>());
            }

            var    results = new List <ExternalSecurityGroup>();
            string domain;
            string username;

            credentialNormalizer.NormalizeCredentials(name, out username, out domain);
            using (var context = contextProvider.GetContext(domain))
            {
                var searcher = new PrincipalSearcher();
                searcher.QueryFilter = new GroupPrincipal(context)
                {
                    Name = name + "*"
                };

                var iterGroup = searcher.FindAll().GetEnumerator();
                using (iterGroup)
                {
                    while (iterGroup.MoveNext())
                    {
                        try
                        {
                            var p = iterGroup.Current as GroupPrincipal;
                            if (p == null || !(p.IsSecurityGroup ?? false))
                            {
                                continue;
                            }

                            results.Add(new ExternalSecurityGroup {
                                Id = p.Sid.ToString(), DisplayName = p.Name
                            });
                        }
                        catch (NoMatchingPrincipalException)
                        {
                        }
                    }
                }
            }

            return(results.OrderBy(o => o.DisplayName).ToList());
        }