void Page_Load(object sender, EventArgs e) { login_required(); btnSignIn.Text = L_SubmitLabel_Text; btnCancel.Text = L_CancelLabel_Text; if (Page.IsPostBack) { return; } String deliveryMethod = (string)Session["Delivery"]; RADIUSAttributes atts = new RADIUSAttributes(); if (deliveryMethod != null) { deliveryLabel.Text = deliveryMethod; VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, deliveryMethod); vsa.SetRADIUSAttribute(ref atts); } RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret); RADIUSPacket response = client.Authenticate(username, password, atts); if (response == null) { Session["Message"] = "No response from RADIUS server"; logoff(); } onRadiusResponse(response); }
private void ProcessPacket(RADIUSPacket packet) { try { if (!packet.IsValid) { Logger.LogError("Packet is not valid. Discarding."); return; } var handler = new RDSHandler(packet); // If TSGW = "1" Then // handler = New RDSHandler(packet) // Else // handler = New CitrixHandler(packet) // End If handler.ProcessRequest(); } catch (Exception e) { Logger.LogError("Error processing packet:", e); } }
public RDSHandler(RADIUSPacket packet) { _packet = packet; _username = CleanUsername(_packet.UserName); _password = _packet.UserPassword; foreach (var atts in _packet.Attributes.GetAllAttributes(RadiusAttributeType.VendorSpecific)) { string value = atts.GetVendorSpecific().VendorValue; switch (value.ToUpper()) { case "LAUNCH": _isAppLaunchRequest = true; break; case "TSGATEWAY": _isGatewayRequest = true; break; case "SMS": _useSmsFactor = true; break; case "EMAIL": _useEmailFactor = true; break; } } }
void onRadiusAccept(RADIUSPacket response) { string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString(); Session["SESSIONGUID"] = sessionGuid; HttpCookie myCookie = new HttpCookie("RadiusSessionId"); DateTime now = DateTime.Now; myCookie.Value = sessionGuid; myCookie.Expires = now.AddMinutes(480); Response.Cookies.Add(myCookie); TokenHelper.SetTwoFactorValidated(true); string strReturnUrlPage = ""; if (Request.QueryString != null) { NameValueCollection objQueryString = Request.QueryString; if (objQueryString["ReturnUrl"] != null) { strReturnUrlPage = objQueryString["ReturnUrl"]; } } SafeRedirect(strReturnUrlPage); }
// Check validity of token (radius session id) by authenticating against // the RADIUS server // // Called when clicking on applications // // Returns 401 if not valid protected void Page_Load(object sender, EventArgs e) { username = (string)Session["DomainUserName"]; HttpCookie tokenCookie = Request.Cookies["RadiusSessionId"]; if (tokenCookie == null) { throw new HttpException(401, "Token required"); } token = tokenCookie.Value; VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, "LAUNCH"); RADIUSAttributes atts = new RADIUSAttributes(); vsa.SetRADIUSAttribute(ref atts); try { RADIUSPacket response = radiusClient.Authenticate(username, token, atts); if (response.Code == RadiusPacketCode.AccessAccept) { Response.Write("Ready to launch application. Granted access!"); } else { throw new HttpException(401, "Token is no longer valid!"); } } catch (Exception ex) { throw new HttpException(500, "Exception! failure. " + ex.Message); } }
public static void LogDebug(RADIUSPacket packet, string message) { var fromAddress = packet.EndPoint.Address.ToString(); message = "[" + packet.UserName + " " + fromAddress + "] " + message; LogDebug(message); }
void onRadiusReject(RADIUSPacket response) { if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage)) { // Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error // message, when they could just put the message in the session String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString(); Session["Message"] = message; } logoff(); }
public void btnSignIn_Click(object sender, EventArgs e) { String username = (string)Session["DomainUserName"]; RADIUSAttributes atts = new RADIUSAttributes(); RADIUSAttribute state = (RADIUSAttribute)Session["state"]; RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret); atts.Add(state); String encryptedChallangeResult = Crypto.SHA256(username + SmsToken.Text + radiusSecret); RADIUSPacket response = client.Authenticate(username, encryptedChallangeResult, atts); onRadiusResponse(response); }
void onRadiusResponse(RADIUSPacket response) { if (response.Code == RadiusPacketCode.AccessChallenge) { onRadiusChallenge(response); } else if (response.Code == RadiusPacketCode.AccessAccept) { onRadiusAccept(response); } else { onRadiusReject(response); } }
public void btnSignIn_Click(object sender, EventArgs e) { String username = (string)Session["DomainUserName"]; RADIUSAttributes atts = new RADIUSAttributes(); RADIUSAttribute state = (RADIUSAttribute)Session["state"]; RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret); atts.Add(state); // Careful to use lower case username in challenge encryption to match what server does. String encryptedChallengeResult = CryptoHelper.SHA256(username.ToLower() + SmsToken.Text + radiusSecret); RADIUSPacket response = client.Authenticate(username, encryptedChallengeResult, atts); onRadiusResponse(response); }
void onRadiusAccept(RADIUSPacket response) { string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString(); Session["SESSIONGUID"] = sessionGuid; HttpCookie myCookie = new HttpCookie("RadiusSessionId"); DateTime now = DateTime.Now; myCookie.Value = sessionGuid; myCookie.Expires = now.AddMinutes(480); Response.Cookies.Add(myCookie); Session["SMSTOKEN"] = "SMS_AUTH"; SafeRedirect("default.aspx"); }
// Check validity of token (radius session id) by authenticating against // the RADIUS server // // Called when clicking on applications // // Returns 401 if not valid protected void Page_Load(object sender, EventArgs e) { string username = (string)Session["DomainUserName"]; HttpCookie tokenCookie = Request.Cookies["RadiusSessionId"]; // This must not be cached - we rely on this page being called on every application // start attempt in order to open the launch window. Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetMaxAge(TimeSpan.Zero); if (tokenCookie == null) { throw new HttpException(401, "Token required"); } string token = tokenCookie.Value; VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, "LAUNCH"); RADIUSAttributes atts = new RADIUSAttributes(); vsa.SetRADIUSAttribute(ref atts); try { RADIUSPacket response = _radiusClient.Authenticate(username, token, atts); if (response.Code == RadiusPacketCode.AccessAccept) { Response.Write("Ready to launch application. Granted access!"); } else { throw new HttpException(401, "Token is no longer valid!"); } } catch (Exception ex) { throw new HttpException(500, "Exception! failure. " + ex.Message); } }
void onRadiusResponse(RADIUSPacket response) { if (response.Code == RadiusPacketCode.AccessChallenge) { onRadiusChallange(response); } else if (response.Code == RadiusPacketCode.AccessAccept) { onRadiusAccept(response); } else { onRadiusReject(response); } }
void onRadiusReject(RADIUSPacket response) { if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage)){ // Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error // message, when they could just put the message in the session String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString(); Session["Message"] = message; } logoff(); }
void onRadiusChallange(RADIUSPacket response) { RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State); Session["State"] = state; }
void onRadiusChallenge(RADIUSPacket response) { RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State); Session["State"] = state; }