private async static Task Authenticate(string[] args)
{
RadiusClient rc = new RadiusClient(args[0], args[1]);
RadiusPacket authPacket = rc.Authenticate(args[2], args[3]);
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 1, UTF8Encoding.UTF8.GetBytes("Testing")));
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 2, new[] { (byte)7 }));
RadiusPacket receivedPacket = await rc.SendAndReceivePacket(authPacket);
if (receivedPacket == null)
{
throw new Exception("Can't contact remote radius server !");
}
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
Console.WriteLine("Accepted");
foreach (var attr in receivedPacket.Attributes)
{
Console.WriteLine(attr.Type.ToString() + " = " + attr.Value);
}
break;
case RadiusCode.ACCESS_CHALLENGE:
Console.WriteLine("Challenged");
break;
default:
Console.WriteLine("Rejected");
break;
}
}
static int Main()
{
var username = Environment.GetEnvironmentVariable("username");
var password = Environment.GetEnvironmentVariable("password");
if (String.IsNullOrEmpty(username) || String.IsNullOrEmpty(password))
{
Console.WriteLine("environment variables username or password undefined");
return(1);
}
if (Config.Settings == null)
{
Console.WriteLine("Config is empty/unreadable");
return(1);
}
if (Config.Settings.Servers == null || Config.Settings.Servers.Count == 0)
{
Console.WriteLine("No servers found in config");
return(1);
}
var res = Parallel.ForEach(Config.Settings.Servers.Cast <ServerElement>(), (server, state) =>
{
// Console.WriteLine("server.name = {0}, sharedsecret={1}, retries={2}, wait={3}, authport={4}", server.Name, server.sharedsecret, server.retries, server.wait, server.authport);
var rc = new RadiusClient(server.Name, server.sharedsecret, server.wait * 1000, server.authport);
try
{
var authPacket = rc.Authenticate(username, password);
if (Config.Settings.NAS_IDENTIFIER != null)
{
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_IDENTIFIER, Encoding.ASCII.GetBytes(Config.Settings.NAS_IDENTIFIER)));
}
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_PORT_TYPE, BitConverter.GetBytes((int)NasPortType.ASYNC)));
var receivedPacket = rc.SendAndReceivePacket(authPacket, server.retries).Result;
if (receivedPacket != null && receivedPacket.PacketType == RadiusCode.ACCESS_ACCEPT)
{
state.Stop();
}
}catch (Exception) {}
});
if (res.IsCompleted)
{
Console.WriteLine("Auth failed for: '{0}'", username);
return(1);
}
else
{
Console.WriteLine("Auth Ok");
return(0);
}
}
private static void Main(string[] args)
{
if (args.Length != 4)
{
ShowUsage();
return;
}
try
{
RadiusClient rc = new RadiusClient(args[0], args[1]);
RadiusPacket authPacket = rc.Authenticate(args[2], args[3]);
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 1, UTF8Encoding.UTF8.GetBytes("Testing")));
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 2, new[] { (byte)7 }));
RadiusPacket receivedPacket = rc.SendAndReceivePacket(authPacket).Result;
if (receivedPacket == null)
{
throw new Exception("Can't contact remote radius server !");
}
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
Console.WriteLine("Accepted");
foreach (var attr in receivedPacket.Attributes)
{
Console.WriteLine(attr.Type.ToString() + " = " + attr.Value);
}
break;
case RadiusCode.ACCESS_CHALLENGE:
Console.WriteLine("Challenged");
break;
default:
Console.WriteLine("Rejected");
break;
}
}
catch (Exception e)
{
Console.WriteLine("Error : " + e.Message);
}
Console.ReadLine();
}
/// <summary>
/// Called by AD FS to perform the actual authentication.
/// </summary>
/// <param name="context"></param>
/// <param name="proofData"></param>
/// <param name="request"></param>
/// <param name="claims"></param>
/// <returns> If the Authentication Adapter has successfully performed
/// the authentication a claim of type
/// http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod
/// is returned
/// </returns>
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims)
{
claims = null;
IAdapterPresentation result = null;
// Ensure the submitted form isn't empty.
if (proofData == null || proofData.Properties == null || !proofData.Properties.ContainsKey("pin"))
{
if (this.debugLogging)
{
Logging.LogMessage("Either proofData is null or does not contain required property");
}
throw new ExternalAuthenticationException(resMgr.GetString("Error_InvalidPIN", new System.Globalization.CultureInfo(context.Lcid)), context);
}
string pin = proofData.Properties["pin"].ToString();
string userName = this.identityClaim.Split('\\')[1];
// Construct RADIUS auth request.
var authPacket = radiusClient.Authenticate(userName, pin);
byte[] bIP = IPAddress.Parse(appConfig.NasAddress).GetAddressBytes();
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_IP_ADDRESS, bIP));
var receivedPacket = radiusClient.SendAndReceivePacket(authPacket).Result;
// Handle no response from RADIUS server.
if (receivedPacket == null)
{
if (this.debugLogging)
{
Logging.LogMessage("No response received from RADIUS server.");
}
throw new ExternalAuthenticationException(resMgr.GetString("Error_RADIUS_NULL", new System.Globalization.CultureInfo(context.Lcid)), context);
}
// Examine the different RADIUS responses
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp");
claims = new System.Security.Claims.Claim[] { claim };
break;
case RadiusCode.ACCESS_CHALLENGE:
// No way to cater for this. Fail.
result = new AdapterPresentation(resMgr.GetString("Error_RADIUS_ACCESS_CHALLENGE", new System.Globalization.CultureInfo(context.Lcid)), false);
break;
case RadiusCode.ACCESS_REJECT:
result = new AdapterPresentation(resMgr.GetString("Error_InvalidPIN", new System.Globalization.CultureInfo(context.Lcid)), false);
break;
default:
result = new AdapterPresentation(resMgr.GetString("Error_RADIUS_OTHER", new System.Globalization.CultureInfo(context.Lcid)), false);
break;
}
if (this.debugLogging)
{
Logging.LogMessage(
"Processed authentication response." + Environment.NewLine +
"Packet Type: " + receivedPacket.PacketType.ToString() + Environment.NewLine +
"User: " + this.identityClaim);
}
return(result);
}
public static string AuthenticateRadius(string strHostName, uint nPort, string strSharedSecret, string strUserName, string strPassword, string strStateAttribut)
{
//strStateAttribut = "30-34-30-61-33-66-39-34-2D-65-39-39-36-2D-34-32-38-62-2D-38-32-65-63-2D-30-63-64-32-63-32-64-66-36-35-31-31";
//strStateAttribut = "040a3f94-e996-428b-82ec-0cd2c2df6511";
RadiusClient rc = new RadiusClient(strHostName, strSharedSecret, authPort: nPort);
RadiusPacket authPacket = rc.Authenticate(strUserName, strPassword);
if (strStateAttribut != "")
{
//string buffer = String.Join("", strStateAttribut.Split('-'));
byte[] data = Encoding.UTF8.GetBytes(strStateAttribut);
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.STATE, data));
}
else
{
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 1, UTF8Encoding.UTF8.GetBytes("Testing")));
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 2, new[] { (byte)7 }));
}
RadiusPacket receivedPacket = rc.SendAndReceivePacket(authPacket);
if (receivedPacket == null)
{
throw new SmartException(9901, "Can't contact remote radius server !");
}
StringBuilder sbDebug = new StringBuilder();
StringBuilder sbRetour = new StringBuilder();
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
sbRetour.Append("2#");
sbDebug.AppendLine("Access-Accept");
foreach (var attr in receivedPacket.Attributes)
{
sbDebug.AppendLine(attr.Type.ToString() + " = " + attr.Value);
}
break;
case RadiusCode.ACCESS_CHALLENGE:
sbRetour.Append("11#");
sbDebug.AppendLine("Access-Challenge");
foreach (var attr in receivedPacket.Attributes)
{
sbDebug.AppendLine(attr.Type.ToString() + " = " + attr.Value);
if (attr.Type == RadiusAttributeType.STATE)
{
sbRetour.Append(attr.Value);
}
}
break;
case RadiusCode.ACCESS_REJECT:
sbRetour.Append("3#");
sbDebug.AppendLine("Access-Reject");
if (!rc.VerifyAuthenticator(authPacket, receivedPacket))
{
sbDebug.AppendLine("Authenticator check failed: Check your secret");
}
break;
default:
sbRetour.Append("0#");
sbDebug.AppendLine("Rejected");
break;
}
//return sbDebug.ToString();
return(sbRetour.ToString());
}
/// <summary>
/// Entry point
/// </summary>
/// <returns></returns>
public static int Main()
{
_defaultLogFolder = Settings.Default.LogFolder;
if (string.IsNullOrEmpty(_defaultLogFolder))
{
return(5);
}
InitLogger();
var username = Environment.GetEnvironmentVariable("username");
var password = Environment.GetEnvironmentVariable("password");
if (string.IsNullOrEmpty(username))
{
Log.ErrorLog.WriteLine("environment variable 'username' is undefined undefined");
return(1);
}
if (string.IsNullOrEmpty(password))
{
Log.ErrorLog.WriteLine("environment variable 'password' is undefined undefined");
return(1);
}
if (Config.Settings == null)
{
Log.ErrorLog.WriteLine("Config is empty/unreadable");
return(2);
}
if (Config.Settings.Servers == null || Config.Settings.Servers.Count == 0)
{
Log.ErrorLog.WriteLine("No servers found in config");
return(3);
}
var res = Parallel.ForEach(Config.Settings.Servers.Cast <ServerElement>(), (server, state) =>
{
Log.InformationLog.WriteLine(string.Format("server name = {0} , retries = {1}, wait = {2}, autport = {3}",
server.Name, server.retries, server.wait, server.authport));
var rc = new RadiusClient(server.Name, server.sharedsecret, server.wait * 1000, server.authport);
Log.InformationLog.WriteLine("Radius client initializated");
try
{
var authPacket = rc.Authenticate(username, password);
if (Config.Settings.NAS_IDENTIFIER != null)
{
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_IDENTIFIER, Encoding.ASCII.GetBytes(Config.Settings.NAS_IDENTIFIER)));
}
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_PORT_TYPE, BitConverter.GetBytes((int)NasPortType.ASYNC)));
var receivedPacket = rc.SendAndReceivePacket(authPacket, server.retries).Result;
if (receivedPacket != null && receivedPacket.PacketType == RadiusCode.ACCESS_ACCEPT)
{
state.Stop();
}
}
catch (Exception ex)
{
Log.ErrorLog.WriteLine(ex);
}
});
if (res.IsCompleted)
{
//On a parcouru tous les srveurs et on n'a rien trouvé
Log.ErrorLog.WriteLine(string.Format("Authentication failed for: {0}", username));
return(4);
}
else
{
Log.SuccessLog.WriteLine(string.Format("Authentication success for user {0}", username));
return(0);
}
}