AuthenticationUserCreateOrUpdateResult GetOrCreateUser(UserPrincipal principal, string fallbackUsername, string fallbackDomain)
{
var username = objectNameNormalizer.ValidatedUserPrincipalName(principal, fallbackUsername, fallbackDomain);
var externalId = principal.SamAccountName;
if (!string.IsNullOrWhiteSpace(fallbackDomain))
{
externalId = fallbackDomain + @"\" + externalId;
}
var displayName = string.IsNullOrWhiteSpace(principal.DisplayName) ? principal.Name : principal.DisplayName;
var emailAddress = principal.EmailAddress;
if (string.IsNullOrWhiteSpace(externalId))
{
log.Error($"We couldn't find a valid external identity to use for the Active Directory user '{displayName}' with email address '{emailAddress}' for the Octopus User Account named '{username}'. Octopus uses the samAccountName (pre-Windows 2000 Logon Name) as the external identity for Active Directory users. Please make sure this user has a valid samAccountName and try again. Learn more about troubleshooting Active Directory authentication at http://g.octopushq.com/TroubleshootingAD");
}
return(new AuthenticationUserCreateOrUpdateResult(userStore.CreateOrUpdate(
username,
displayName,
emailAddress,
externalId,
null,
true,
null,
false,
new string[0])));
}
AuthenticationUserCreateResult GetOrCreateUser(UserPrincipal principal, string fallbackUsername, string fallbackDomain, CancellationToken cancellationToken)
{
var userPrincipalName = objectNameNormalizer.ValidatedUserPrincipalName(principal, fallbackUsername, fallbackDomain);
var samAccountName = principal.SamAccountName;
if (!string.IsNullOrWhiteSpace(fallbackDomain))
{
samAccountName = fallbackDomain + @"\" + samAccountName;
}
var displayName = string.IsNullOrWhiteSpace(principal.DisplayName) ? principal.Name : principal.DisplayName;
var emailAddress = principal.EmailAddress;
if (string.IsNullOrWhiteSpace(samAccountName))
{
log.Error($"We couldn't find a valid external identity to use for the Active Directory user '{displayName}' with email address '{emailAddress}' for the Octopus User Account named '{userPrincipalName}'. Octopus uses the samAccountName (pre-Windows 2000 Logon Name) as the external identity for Active Directory users. Please make sure this user has a valid samAccountName and try again. Learn more about troubleshooting Active Directory authentication at http://g.octopushq.com/TroubleshootingAD");
}
var authenticatingIdentity = NewIdentity(emailAddress, userPrincipalName, samAccountName, displayName);
var user = userStore.GetByIdentity(authenticatingIdentity);
if (user != null)
{
// if we haven't converted the old externalId into the new identity then set it up now
var identity = user.Identities.FirstOrDefault(p => p.IdentityProviderName == DirectoryServicesAuthentication.ProviderName);
if (identity == null)
{
return(new AuthenticationUserCreateResult(userStore.AddIdentity(user.Id, authenticatingIdentity, cancellationToken)));
}
identity.Claims[ClaimDescriptor.EmailClaimType].Value = emailAddress;
identity.Claims[IdentityCreator.UpnClaimType].Value = userPrincipalName;
identity.Claims[IdentityCreator.SamAccountNameClaimType].Value = samAccountName;
identity.Claims[ClaimDescriptor.DisplayNameClaimType].Value = displayName;
return(new AuthenticationUserCreateResult(userStore.UpdateIdentity(user.Id, identity, cancellationToken)));
}
if (!configurationStore.GetAllowAutoUserCreation())
{
return(new AuthenticationUserCreateResult("User could not be located and auto user creation is not enabled."));
}
var userCreateResult = userStore.Create(
userPrincipalName,
displayName,
emailAddress,
cancellationToken,
identities: new[] { authenticatingIdentity });
return(new AuthenticationUserCreateResult(userCreateResult));
}