public UserCreateOrUpdateResult ValidateCredentials(string username, string password)
{
if (!configurationStore.GetIsEnabled() ||
!configurationStore.GetAllowFormsAuthenticationForDomainUsers())
{
return(new UserCreateOrUpdateResult("Directory services forms authentication is not enabled"));
}
if (username == null)
{
throw new ArgumentNullException(nameof(username));
}
log.Verbose($"Validating credentials provided for '{username}'...");
string domain;
credentialNormalizer.NormalizeCredentials(username, out username, out domain);
using (var context = contextProvider.GetContext(domain))
{
var principal = UserPrincipal.FindByIdentity(context, username);
if (principal == null)
{
var searchedContext = domain ?? context.Name ?? context.ConnectedServer;
log.Info($"A principal identifiable by '{username}' was not found in '{searchedContext}'");
return(new UserCreateOrUpdateResult($"Username not found"));
}
var hToken = IntPtr.Zero;
try
{
var logon = domain == null ? principal.UserPrincipalName : username;
log.Verbose($"Calling LogonUser(\"{logon}\", \"{domain}\", ...)");
if (!LogonUser(logon, domain, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, out hToken))
{
var error = new Win32Exception();
log.Warn(error, $"Principal '{logon}' (Domain: '{domain}') could not be logged on via WIN32: 0x{error.NativeErrorCode:X8}.");
return(new UserCreateOrUpdateResult("Active directory login error"));
}
}
finally
{
if (hToken != IntPtr.Zero)
{
CloseHandle(hToken);
}
}
log.Verbose($"Credentials for '{username}' validated, mapped to principal '{principal.UserPrincipalName ?? ("(NTAccount)" + principal.Name)}'");
return(GetOrCreateUser(principal, username, domain));
}
}
public IList <ExternalSecurityGroup> FindGroups(string name)
{
if (!configurationStore.GetAreSecurityGroupsEnabled())
{
return(new List <ExternalSecurityGroup>());
}
var results = new List <ExternalSecurityGroup>();
string domain;
string username;
credentialNormalizer.NormalizeCredentials(name, out username, out domain);
using (var context = contextProvider.GetContext(domain))
{
var searcher = new PrincipalSearcher();
searcher.QueryFilter = new GroupPrincipal(context)
{
Name = name + "*"
};
var iterGroup = searcher.FindAll().GetEnumerator();
using (iterGroup)
{
while (iterGroup.MoveNext())
{
try
{
var p = iterGroup.Current as GroupPrincipal;
if (p == null || !(p.IsSecurityGroup ?? false))
{
continue;
}
results.Add(new ExternalSecurityGroup {
Id = p.Sid.ToString(), DisplayName = p.Name
});
}
catch (NoMatchingPrincipalException)
{
}
}
}
}
return(results.OrderBy(o => o.DisplayName).ToList());
}