public bool Authenticate(ref String Email, String Password) { bool LDAPAuthSuccess = false; bool IsClassicAuth = AppSession.Parameters.LDAPUseOnly.Value == "false"; bool IsLDAPAuth = AppSession.Parameters.LDAPEnabled.Value == "true"; //LDAP Auth if (AppSession.Parameters.LDAPEnabled.Value == "true" && Email.IndexOf("@" + AppSession.Parameters.LDAPDomain.Value) > 0) { LDAPTools ldapTools = new LDAPTools(); ldapTools.UserName = Email; ldapTools.Password = Password; ldapTools.DirectoryPath = AppSession.Parameters.LDAPPath.Value; if (ldapTools.Authenticate()) { LDAPAuthSuccess = true; string memberName = ldapTools.MemberInfo.DisplayName; string memberAllGroups = ldapTools.GetGroups(); /////////////////////////////////////////////////////////////////////////////////////////////////////////// // The member email will be changed because the first part of e-mail can be different with user network id. /////////////////////////////////////////////////////////////////////////////////////////////////////////// Email = ldapTools.MemberInfo.Email; Member memberNew = Members.GetByEmail(Email); if (memberNew.MemberID <= 0) { memberNew.Name = memberName; memberNew.Email = Email; memberNew.Password = StringTool.RandomString(80); memberNew.IsBuiltIn = false; memberNew.Created = DateTime.UtcNow; memberNew.Save(); string Message = String.Format("LDAP member added: {0} {1}", memberName, Email); AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true); // Add signin/sign up domain. Domain _domain = Domains.GetByName(AppSession.SignUpDomain); if (_domain.DomainID > 0) { MemberDomain _memberDomain = new MemberDomain(); _memberDomain.DomainID = _domain.DomainID; _memberDomain.MemberID = memberNew.MemberID; _memberDomain.Save(); } // Create LDAP settings roles if (AppSession.Parameters.LDAPAddToRoles.Value != null && AppSession.Parameters.LDAPAddToRoles.Value.Length > 0) { string[] memberRoles = AppSession.Parameters.LDAPAddToRoles.Value.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries); foreach (string memberRole in memberRoles) { Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberRole); if (_role.RoleID > 0) { MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = _role.RoleID; _memberRole.Save(); } } } } // Create LDAP specific roles if (memberAllGroups != null && memberAllGroups.Length > 0 && AppSession.Parameters.LDAPAddRoleGroup.Value == "true") { string[] memberGroups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries); foreach (string memberGroup in memberGroups) { Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberGroup); if (_role.RoleID <= 0) { _role.Name = memberGroup; _role.Settings = "LDAP role reflection. Keep key word: [LDAP-Auto-Role] to be synchronized."; _role.BackColor = "6bbb54"; _role.ForeColor = "ffffff"; _role.Save(); string Message = String.Format("LDAP role added: {0}", _role.Name); AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true); } ; if (_role.RoleID > 0) { MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = _role.RoleID; _memberRole.Save(); } } } // Synchronize members roles with LDAP [LDAP-Auto-Role] key words. List <Role> _roles = Web.Admin.Logic.Collections.Roles.GetByMemberKeyWordInDescription(memberNew.MemberID, "[LDAP-Auto-Role]"); string[] _groups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries); foreach (Web.Admin.Logic.Objects.Role _role in _roles) { if (_groups != null && _groups.Length > 0) { if (_groups.Where(t => t.Trim().ToLower() == _role.Name.Trim().ToLower()).FirstOrDefault() == default(String)) { Web.Admin.Logic.Objects.Role removeRoleFromUser = Web.Admin.Logic.Collections.Roles.GetBy(_role.Name); MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = removeRoleFromUser.RoleID; _memberRole.Delete(); } } else { MemberRole _memberRole = new MemberRole(); _memberRole.MemberID = memberNew.MemberID; _memberRole.RoleID = _role.RoleID; _memberRole.Delete(); } } } } //Classic Auth Member member = Members.GetByEmail(Email); if (member.MemberID > 0) { if ((IsLDAPAuth && LDAPAuthSuccess) || (IsClassicAuth && Member.ComputePasswordHash(Password) == member.Password) ) { MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID); if (Attempt.AttemptID > 0) { Attempt.IsAttemptValid = 0; Attempt.Save(); } // Add signin/sign up domain. Domain _domain = Domains.GetByName(AppSession.SignUpDomain); if (_domain.DomainID > 0) { MemberDomain _memberDomain = new MemberDomain(); _memberDomain.DomainID = _domain.DomainID; _memberDomain.MemberID = member.MemberID; _memberDomain.Save(); } member.UpdateLoginTime(); return(true); } else { MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID); if (Attempt.MemberID <= 0) { Attempt.MemberID = member.MemberID; Attempt.AttemptType = MemberAttemptTypes.LoginPasswordFailed; Attempt.IsAttemptValid = 1; } if (Attempt.Attempts > 0) { Attempt.Attempts++; } else { Attempt.Attempts = 1; } Attempt.Save(); if (AppSession.Parameters.RulesPasswordFailedRoles.Value != null && AppSession.Parameters.RulesPasswordFailedRoles.Value.Length > 0 && !AppSession.IsMemberInAdminRole) { Parameter Param = AppSession.Parameters.RulesPasswordFailedAttempts; long value = -1; bool result = long.TryParse(Param.Value, out value); if (result && value > 0 && Attempt.Attempts >= value) { string[] RoleNames = AppSession.Parameters.RulesPasswordFailedRoles.Value.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries); foreach (String RoleName in RoleNames) { Role role = Web.Admin.Logic.Collections.Roles.GetBy(RoleName); if (role.RoleID > 0) { MemberRole memberrole = new MemberRole(); memberrole.MemberID = member.MemberID; memberrole.RoleID = role.RoleID; memberrole.Save(); } } } } return(false); } } else { return(false); } }