void Page_Load(object sender, EventArgs e)
{
login_required();
btnSignIn.Text = L_SubmitLabel_Text;
btnCancel.Text = L_CancelLabel_Text;
if (Page.IsPostBack)
{
return;
}
String deliveryMethod = (string)Session["Delivery"];
RADIUSAttributes atts = new RADIUSAttributes();
if (deliveryMethod != null)
{
deliveryLabel.Text = deliveryMethod;
VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, deliveryMethod);
vsa.SetRADIUSAttribute(ref atts);
}
RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret);
RADIUSPacket response = client.Authenticate(username, password, atts);
if (response == null)
{
Session["Message"] = "No response from RADIUS server";
logoff();
}
onRadiusResponse(response);
}
private void ProcessPacket(RADIUSPacket packet)
{
try
{
if (!packet.IsValid)
{
Logger.LogError("Packet is not valid. Discarding.");
return;
}
var handler = new RDSHandler(packet);
// If TSGW = "1" Then
// handler = New RDSHandler(packet)
// Else
// handler = New CitrixHandler(packet)
// End If
handler.ProcessRequest();
}
catch (Exception e)
{
Logger.LogError("Error processing packet:", e);
}
}
public RDSHandler(RADIUSPacket packet)
{
_packet = packet;
_username = CleanUsername(_packet.UserName);
_password = _packet.UserPassword;
foreach (var atts in _packet.Attributes.GetAllAttributes(RadiusAttributeType.VendorSpecific))
{
string value = atts.GetVendorSpecific().VendorValue;
switch (value.ToUpper())
{
case "LAUNCH":
_isAppLaunchRequest = true;
break;
case "TSGATEWAY":
_isGatewayRequest = true;
break;
case "SMS":
_useSmsFactor = true;
break;
case "EMAIL":
_useEmailFactor = true;
break;
}
}
}
void onRadiusAccept(RADIUSPacket response)
{
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["SESSIONGUID"] = sessionGuid;
HttpCookie myCookie = new HttpCookie("RadiusSessionId");
DateTime now = DateTime.Now;
myCookie.Value = sessionGuid;
myCookie.Expires = now.AddMinutes(480);
Response.Cookies.Add(myCookie);
TokenHelper.SetTwoFactorValidated(true);
string strReturnUrlPage = "";
if (Request.QueryString != null)
{
NameValueCollection objQueryString = Request.QueryString;
if (objQueryString["ReturnUrl"] != null)
{
strReturnUrlPage = objQueryString["ReturnUrl"];
}
}
SafeRedirect(strReturnUrlPage);
}
// Check validity of token (radius session id) by authenticating against
// the RADIUS server
//
// Called when clicking on applications
//
// Returns 401 if not valid
protected void Page_Load(object sender, EventArgs e)
{
username = (string)Session["DomainUserName"];
HttpCookie tokenCookie = Request.Cookies["RadiusSessionId"];
if (tokenCookie == null)
{
throw new HttpException(401, "Token required");
}
token = tokenCookie.Value;
VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, "LAUNCH");
RADIUSAttributes atts = new RADIUSAttributes();
vsa.SetRADIUSAttribute(ref atts);
try
{
RADIUSPacket response = radiusClient.Authenticate(username, token, atts);
if (response.Code == RadiusPacketCode.AccessAccept)
{
Response.Write("Ready to launch application. Granted access!");
}
else
{
throw new HttpException(401, "Token is no longer valid!");
}
}
catch (Exception ex)
{
throw new HttpException(500, "Exception! failure. " + ex.Message);
}
}
public static void LogDebug(RADIUSPacket packet, string message)
{
var fromAddress = packet.EndPoint.Address.ToString();
message = "[" + packet.UserName + " " + fromAddress + "] " + message;
LogDebug(message);
}
void onRadiusReject(RADIUSPacket response)
{
if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage))
{
// Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error
// message, when they could just put the message in the session
String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["Message"] = message;
}
logoff();
}
public void btnSignIn_Click(object sender, EventArgs e)
{
String username = (string)Session["DomainUserName"];
RADIUSAttributes atts = new RADIUSAttributes();
RADIUSAttribute state = (RADIUSAttribute)Session["state"];
RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret);
atts.Add(state);
String encryptedChallangeResult = Crypto.SHA256(username + SmsToken.Text + radiusSecret);
RADIUSPacket response = client.Authenticate(username, encryptedChallangeResult, atts);
onRadiusResponse(response);
}
void onRadiusResponse(RADIUSPacket response)
{
if (response.Code == RadiusPacketCode.AccessChallenge)
{
onRadiusChallenge(response);
}
else if (response.Code == RadiusPacketCode.AccessAccept)
{
onRadiusAccept(response);
}
else
{
onRadiusReject(response);
}
}
public void btnSignIn_Click(object sender, EventArgs e)
{
String username = (string)Session["DomainUserName"];
RADIUSAttributes atts = new RADIUSAttributes();
RADIUSAttribute state = (RADIUSAttribute)Session["state"];
RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret);
atts.Add(state);
// Careful to use lower case username in challenge encryption to match what server does.
String encryptedChallengeResult = CryptoHelper.SHA256(username.ToLower() + SmsToken.Text + radiusSecret);
RADIUSPacket response = client.Authenticate(username, encryptedChallengeResult, atts);
onRadiusResponse(response);
}
void onRadiusAccept(RADIUSPacket response)
{
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["SESSIONGUID"] = sessionGuid;
HttpCookie myCookie = new HttpCookie("RadiusSessionId");
DateTime now = DateTime.Now;
myCookie.Value = sessionGuid;
myCookie.Expires = now.AddMinutes(480);
Response.Cookies.Add(myCookie);
Session["SMSTOKEN"] = "SMS_AUTH";
SafeRedirect("default.aspx");
}
// Check validity of token (radius session id) by authenticating against
// the RADIUS server
//
// Called when clicking on applications
//
// Returns 401 if not valid
protected void Page_Load(object sender, EventArgs e)
{
string username = (string)Session["DomainUserName"];
HttpCookie tokenCookie = Request.Cookies["RadiusSessionId"];
// This must not be cached - we rely on this page being called on every application
// start attempt in order to open the launch window.
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetMaxAge(TimeSpan.Zero);
if (tokenCookie == null)
{
throw new HttpException(401, "Token required");
}
string token = tokenCookie.Value;
VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, "LAUNCH");
RADIUSAttributes atts = new RADIUSAttributes();
vsa.SetRADIUSAttribute(ref atts);
try
{
RADIUSPacket response = _radiusClient.Authenticate(username, token, atts);
if (response.Code == RadiusPacketCode.AccessAccept)
{
Response.Write("Ready to launch application. Granted access!");
}
else
{
throw new HttpException(401, "Token is no longer valid!");
}
}
catch (Exception ex)
{
throw new HttpException(500, "Exception! failure. " + ex.Message);
}
}
void onRadiusResponse(RADIUSPacket response)
{
if (response.Code == RadiusPacketCode.AccessChallenge) {
onRadiusChallange(response);
}
else if (response.Code == RadiusPacketCode.AccessAccept) {
onRadiusAccept(response);
}
else {
onRadiusReject(response);
}
}
void onRadiusReject(RADIUSPacket response)
{
if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage)){
// Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error
// message, when they could just put the message in the session
String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["Message"] = message;
}
logoff();
}
void onRadiusChallange(RADIUSPacket response)
{
RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
Session["State"] = state;
}
void onRadiusAccept(RADIUSPacket response)
{
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["SESSIONGUID"] = sessionGuid;
HttpCookie myCookie = new HttpCookie("RadiusSessionId");
DateTime now = DateTime.Now;
myCookie.Value = sessionGuid;
myCookie.Expires = now.AddMinutes(480);
Response.Cookies.Add(myCookie);
Session["SMSTOKEN"] = "SMS_AUTH";
SafeRedirect("default.aspx");
}
void onRadiusChallenge(RADIUSPacket response)
{
RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
Session["State"] = state;
}
