public async Task <ActionResult <DTO.LDAPAccountAuthenticationStatus> > PostAuthenticationAsync(
[FromRoute] string serverProfile,
[FromRoute] string catalogType,
[FromQuery][ModelBinder(BinderType = typeof(Binders.OptionalQueryStringBinder))] string requestTag,
[FromBody] DTO.LDAPAccountCredentials accountCredentials)
{
Logger.LogInformation($"Request path: {nameof(serverProfile)}={serverProfile}, {nameof(catalogType)}={catalogType}, {nameof(requestTag)}={requestTag}");
Logger.LogInformation("Request body: {@credentials}", accountCredentials.Clone());
var ldapClientConfig = GetLdapClientConfiguration(serverProfile.ToString(), IsGlobalCatalog(catalogType));
var accountAuthenticationStatus = new DTO.LDAPAccountAuthenticationStatus
{
DomainName = accountCredentials.DomainName,
AccountName = accountCredentials.AccountName,
RequestTag = requestTag
};
var attributeFilter = new AttributeFilter(EntryAttribute.sAMAccountName, new FilterValue(accountCredentials.AccountName));
var ldapSearcher = await GetLdapSearcher(ldapClientConfig);
var ldapSearchResult = await ldapSearcher.SearchEntriesAsync(attributeFilter, RequiredEntryAttributes.OnlyObjectSid, null);
if (ldapSearchResult.Entries.Count() == 0)
{
if (ldapSearchResult.HasErrorInfo)
{
throw ldapSearchResult.ErrorObject;
}
else
{
accountAuthenticationStatus.IsAuthenticated = false;
accountAuthenticationStatus.Message = $"The account name {accountCredentials.AccountName} could not be found, verify that the account name exists.";
}
}
else
{
var authenticator = new LDAPHelper.Authenticator(ldapClientConfig.ServerSettings);
var domainAccountName = $"{accountCredentials.DomainName}\\{accountCredentials.AccountName}";
var credentialToAuthenticate = new LDAPHelper.Credentials(domainAccountName, accountCredentials.AccountPassword);
var isAuthenticated = await authenticator.AuthenticateAsync(credentialToAuthenticate);
accountAuthenticationStatus.IsAuthenticated = isAuthenticated;
accountAuthenticationStatus.Message = isAuthenticated ? "The credentials are valid." : "Wrong Domain or password.";
}
Logger.LogInformation("Response body: {@status}", accountAuthenticationStatus);
return(Ok(accountAuthenticationStatus));
}
/// <summary>
/// Get an instance of <see cref="LDAPHelper.ClientConfiguration"/>
/// </summary>
/// <param name="serverProfile">LDAP server profile ID.</param>
/// <param name="useGlobalCatalog">Use or not the Global LDAP Catalog.</param>
/// <returns></returns>
protected LDAPHelper.ClientConfiguration GetLdapClientConfiguration(string serverProfile, bool useGlobalCatalog)
{
if (string.IsNullOrEmpty(serverProfile))
{
throw new ArgumentNullException(nameof(serverProfile));
}
var ldapServerProfile = this.ServerProfiles.Where(p => p.ProfileId.Equals(serverProfile, StringComparison.OrdinalIgnoreCase)).Single();
var connectionInfo = new LDAPHelper.ConnectionInfo(ldapServerProfile.Server, ldapServerProfile.GetPort(useGlobalCatalog), ldapServerProfile.GetUseSsl(useGlobalCatalog), ldapServerProfile.ConnectionTimeout);
var credentials = new LDAPHelper.Credentials(ldapServerProfile.DomainAccountName, ldapServerProfile.DomainAccountPassword);
var searchLimits = new LDAPHelper.SearchLimits(ldapServerProfile.GetBaseDN(useGlobalCatalog));
return(new LDAPHelper.ClientConfiguration(connectionInfo, credentials, searchLimits));
}
