示例#1
0
        /// <summary>
        /// Authenticate request at LDAP/Active Directory Domain with user-name and password
        /// </summary>
        private async Task <PacketCode> ProcessLdapAuthentication(PendingRequest request, ClientConfiguration clientConfig)
        {
            var userName = request.RequestPacket.UserName;
            var password = request.RequestPacket.UserPassword;

            if (string.IsNullOrEmpty(userName))
            {
                _logger.Warning("Can't find User-Name in message id={id} from {host:l}:{port}", request.RequestPacket.Identifier, request.RemoteEndpoint.Address, request.RemoteEndpoint.Port);
                return(PacketCode.AccessReject);
            }

            if (string.IsNullOrEmpty(password))
            {
                _logger.Warning("Can't find User-Password in message id={id} from {host:l}:{port}", request.RequestPacket.Identifier, request.RemoteEndpoint.Address, request.RemoteEndpoint.Port);
                return(PacketCode.AccessReject);
            }

            LdapService _service;

            switch (clientConfig.FirstFactorAuthenticationSource)
            {
            case AuthenticationSource.ActiveDirectory:
                _service = new ActiveDirectoryService(_serviceConfiguration, _logger);
                break;

            case AuthenticationSource.Ldap:
                _service = new LdapService(_serviceConfiguration, _logger);
                break;

            default:
                throw new NotImplementedException(clientConfig.FirstFactorAuthenticationSource.ToString());
            }

            //check all hosts
            var ldapUriList = clientConfig.ActiveDirectoryDomain.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries);

            foreach (var ldapUri in ldapUriList)
            {
                var isValid = await _service.VerifyCredential(userName, password, ldapUri, request, clientConfig);

                if (isValid)
                {
                    return(PacketCode.AccessAccept);
                }
            }

            return(PacketCode.AccessReject);
        }