public async Task <PasswordTestResult> TestPassword(string username, string password)
        {
            try
            {
                UserPrincipal up = await WindowsSamController.GetUserPrincipal(username);

                PasswordTestResultCode result = (PasswordTestResultCode)(int)FilterInterface.TestPassword(up.SamAccountName, up.DisplayName, password, false);
                if (result != PasswordTestResultCode.Approved)
                {
                    Logger.Warn($"User {username} attempted to set a password that was rejected by Lithnet Password Protection with the following code: {result}");
                }

                return(new PasswordTestResult(result));
            }
            catch (NotFoundException)
            {
                throw;
            }
            catch (Exception ex)
            {
                Logger.Error(ex, "An unexpected error occurred checking the password against the Lithnet Password Protection service");

                if (PasswordChangeConfigSection.Configuration.PasswordTesting.LppIgnoreErrors)
                {
                    return(new PasswordTestResult());
                }
                else
                {
                    return(new PasswordTestResult(PasswordTestResultCode.GeneralError));
                }
            }
        }
Пример #2
0
        /// <summary>
        /// Connect to the Security Account Manager service and retrieve the user principal
        /// structure for a given username or user email address.
        /// </summary>
        /// <param name="userOrEmail">User login name or account email address</param>
        /// <returns>User Principal data structure if found</returns>
        public static async Task <UserPrincipal> GetUserPrincipal(string userOrEmail)
        {
            ContextOptions options = ContextOptions.Negotiate | ContextOptions.Sealing | ContextOptions.Signing;

            if (ConfigurationManager.AppSettings["ad-bind-force-ssl"] == "1")
            {
                options = ContextOptions.Negotiate | ContextOptions.SecureSocketLayer;
            }

            using (PrincipalContext context = new PrincipalContext(ContextType.Domain, null, null, options))
            {
                // Try to retrieve the user principal data from the security account manager
                UserPrincipal userItem = null;

                if (userOrEmail.IndexOf('@') >= 0)
                {
                    return(await WindowsSamController.GetUserPrincipalByUpn(userOrEmail, context) ??
                           await GetUserPrincipalByEmail(userOrEmail, context) ??
                           throw new NotFoundException());
                }
                else
                {
                    userItem = await Task.Run(() => UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userOrEmail));
                }

                // If we couldn't find a matching account, throw an error to the calling routine
                if (userItem == null)
                {
                    throw new NotFoundException();
                }

                // Otherwise, return the principal structure located
                return(userItem);
            }
        }