public async Task <ActionResult <DTO.LDAPAccountAuthenticationStatus> > PostAuthenticationAsync( [FromRoute] string serverProfile, [FromRoute] string catalogType, [FromQuery][ModelBinder(BinderType = typeof(Binders.OptionalQueryStringBinder))] string requestTag, [FromBody] DTO.LDAPAccountCredentials accountCredentials) { Logger.LogInformation($"Request path: {nameof(serverProfile)}={serverProfile}, {nameof(catalogType)}={catalogType}, {nameof(requestTag)}={requestTag}"); Logger.LogInformation("Request body: {@credentials}", accountCredentials.Clone()); var ldapClientConfig = GetLdapClientConfiguration(serverProfile.ToString(), IsGlobalCatalog(catalogType)); var accountAuthenticationStatus = new DTO.LDAPAccountAuthenticationStatus { DomainName = accountCredentials.DomainName, AccountName = accountCredentials.AccountName, RequestTag = requestTag }; var attributeFilter = new AttributeFilter(EntryAttribute.sAMAccountName, new FilterValue(accountCredentials.AccountName)); var ldapSearcher = await GetLdapSearcher(ldapClientConfig); var ldapSearchResult = await ldapSearcher.SearchEntriesAsync(attributeFilter, RequiredEntryAttributes.OnlyObjectSid, null); if (ldapSearchResult.Entries.Count() == 0) { if (ldapSearchResult.HasErrorInfo) { throw ldapSearchResult.ErrorObject; } else { accountAuthenticationStatus.IsAuthenticated = false; accountAuthenticationStatus.Message = $"The account name {accountCredentials.AccountName} could not be found, verify that the account name exists."; } } else { var authenticator = new LDAPHelper.Authenticator(ldapClientConfig.ServerSettings); var domainAccountName = $"{accountCredentials.DomainName}\\{accountCredentials.AccountName}"; var credentialToAuthenticate = new LDAPHelper.Credentials(domainAccountName, accountCredentials.AccountPassword); var isAuthenticated = await authenticator.AuthenticateAsync(credentialToAuthenticate); accountAuthenticationStatus.IsAuthenticated = isAuthenticated; accountAuthenticationStatus.Message = isAuthenticated ? "The credentials are valid." : "Wrong Domain or password."; } Logger.LogInformation("Response body: {@status}", accountAuthenticationStatus); return(Ok(accountAuthenticationStatus)); }
/// <summary> /// Get an instance of <see cref="LDAPHelper.ClientConfiguration"/> /// </summary> /// <param name="serverProfile">LDAP server profile ID.</param> /// <param name="useGlobalCatalog">Use or not the Global LDAP Catalog.</param> /// <returns></returns> protected LDAPHelper.ClientConfiguration GetLdapClientConfiguration(string serverProfile, bool useGlobalCatalog) { if (string.IsNullOrEmpty(serverProfile)) { throw new ArgumentNullException(nameof(serverProfile)); } var ldapServerProfile = this.ServerProfiles.Where(p => p.ProfileId.Equals(serverProfile, StringComparison.OrdinalIgnoreCase)).Single(); var connectionInfo = new LDAPHelper.ConnectionInfo(ldapServerProfile.Server, ldapServerProfile.GetPort(useGlobalCatalog), ldapServerProfile.GetUseSsl(useGlobalCatalog), ldapServerProfile.ConnectionTimeout); var credentials = new LDAPHelper.Credentials(ldapServerProfile.DomainAccountName, ldapServerProfile.DomainAccountPassword); var searchLimits = new LDAPHelper.SearchLimits(ldapServerProfile.GetBaseDN(useGlobalCatalog)); return(new LDAPHelper.ClientConfiguration(connectionInfo, credentials, searchLimits)); }