Пример #1
0
        private string CheckAuthenticated(string domain, string username, string passwd)
        {
            Logger.Info(_logMsg.Clear().SetPrefixMsg("Check Authenticated").Add("Domain", domain).Add("Username", username).ToInputLogString());

            DirectorySearcher search            = null;
            string            domainAndUsername = domain + @"\" + username.ToLower().NullSafeTrim();

            _entry = new DirectoryEntry(_path, domainAndUsername, passwd);

            // Check user lock
            string rootDomain            = WebConfig.GetLdapDomain();
            string rootUsername          = WebConfig.GetLdapUsername();
            string rootPassword          = WebConfig.GetLdapPassword();
            string rootDomainAndUsername = rootDomain + @"\" + rootUsername;

            try
            {
                // Bind to the native AdsObject to force authentication.
                //object obj = entry.NativeObject;

                // Find cn and userAccountControl filter by SAMAccountName
                search        = new DirectorySearcher(_entry);
                search.Filter = string.Format("(SAMAccountName={0})", username);
                search.PropertiesToLoad.Add("cn");
                search.PropertiesToLoad.Add("description");
                search.PropertiesToLoad.Add("mail");
                search.PropertiesToLoad.Add("userAccountControl");
                SearchResult result = search.FindOne();

                if (null == result)
                {
                    return("NO_RESULT");
                }

                // Update the new path to the user in the directory.
                _path     = result.Path;
                _filterCn = (string)result.Properties["cn"][0];

                // Check employeeId (in description parameter)
                if (result.Properties["description"].Count != 0)
                {
                    _employeeId = (string)result.Properties["description"][0];
                }
                else
                {
                    _employeeId = string.Empty;
                }

                // Check email (in mail parameter)
                if (result.Properties["mail"].Count != 0)
                {
                    _email = (string)result.Properties["mail"][0];
                }
                else
                {
                    _email = string.Empty;
                }

                Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Domain", domain).Add("Username", username)
                            .Add("Path", _path).Add("CN", _filterCn).Add("EmployeeID", _employeeId).Add("Email", _email).ToSuccessLogString());

                return("SUCCESS");
            }
            catch (Exception ex)
            {
                Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Domain", domain)
                            .Add("Username", username).Add("Error Message", ex.Message).ToFailLogString());

                DirectorySearcher ds        = null;
                DirectoryEntry    rootEntry = null;

                try
                {
                    rootEntry      = new DirectoryEntry(_path, rootDomainAndUsername, rootPassword);
                    ds             = new DirectorySearcher(rootEntry);
                    ds.SearchScope = SearchScope.Subtree;
                    ds.Filter      = String.Format("(&(objectCategory=person)(anr={0}))", username);

                    Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication")
                                .Add("ds.Filter", string.Format("(&(objectCategory=person)(anr={0}))", username))
                                .ToOutputLogString());

                    SearchResultCollection src = ds.FindAll();
                    Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username)
                                .Add("src.Count", src.Count).ToOutputLogString());

                    Int64 lockoutTime = 0;

                    foreach (SearchResult sr in src)
                    {
                        if ((sr != null) && (sr.Properties["userAccountControl"].Count > 0))
                        {
                            ResultPropertyValueCollection uacCollection = sr.Properties["userAccountControl"];
                            Int32 userAccountControl = (Int32)uacCollection[0];
                            Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username)
                                        .Add("UserAccountControl", userAccountControl).ToOutputLogString());

                            if (sr.Properties["lockouttime"].Count > 0)
                            {
                                ResultPropertyValueCollection valueCollection = sr.Properties["lockouttime"];
                                lockoutTime = (Int64)valueCollection[0];
                            }

                            Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username)
                                        .Add("LockoutTime", lockoutTime).ToOutputLogString());

                            // Check userAccountControl
                            bool           enabledUser = true;
                            IList <string> uacDisabled = StringHelpers.ConvertStringToList(WebConfig.GetLdapUacDisabled());

                            for (int i = 0; i < uacDisabled.Count; i++)
                            {
                                if (userAccountControl == Int32.Parse(uacDisabled[i]))
                                {
                                    enabledUser = false;
                                }
                            }

                            Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username)
                                        .Add("AccountEnabled", enabledUser).ToOutputLogString());

                            if (!enabledUser)
                            {
                                return("ACCOUNTDISABLE");
                            }
                            else if (lockoutTime > 0)
                            {
                                return("LOCKOUT");
                            }
                        }
                    }
                }
                catch (InvalidOperationException exc)
                {
                    Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username).Add("Error Message", exc.Message).ToFailLogString());
                    Logger.Error("InvalidOperationException occur:\n", ex);
                    throw new CustomException(Resource.Msg_CannotConnectToAD);
                }
                catch (NotSupportedException exc)
                {
                    Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username).Add("Error Message", exc.Message).ToFailLogString());
                    Logger.Error("NotSupportedException occur:\n", ex);
                    throw new CustomException(Resource.Msg_CannotConnectToAD);
                }
                catch (Exception exc)
                {
                    Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username).Add("Error Message", exc.Message).ToFailLogString());
                    Logger.Error("Exception occur:\n", ex);
                    throw new CustomException(Resource.Msg_CannotConnectToAD);
                }
                finally
                {
                    if (ds != null)
                    {
                        ds.Dispose();
                        ds = null;
                    }
                    if (rootEntry != null)
                    {
                        rootEntry.Dispose();
                        rootEntry = null;
                    }
                }

                return("FAILED");
            }
            finally
            {
                if (search != null)
                {
                    search.Dispose();
                    search = null;
                }
            }
        }
Пример #2
0
 public string Login(string username, string passwd)
 {
     return(CheckAuthenticated(WebConfig.GetLdapDomain(), username, passwd));
 }