private bool HandleWindowsAuthentication(HttpActionContext actionContext) { var mgmtConfig = _configurationService.GetManagementServerConfiguration(); var windowsPrincipal = (WindowsPrincipal)actionContext.RequestContext.Principal; UserRoleEnum?roleToAssign = null; if (windowsPrincipal.IsInRole(_domainDetails.AdminDomainGroup)) { roleToAssign = UserRoleEnum.Admin; } else if (windowsPrincipal.IsInRole(_domainDetails.AnalystDomainGroup)) { roleToAssign = UserRoleEnum.Analyst; } if (roleToAssign == null) { Logger.Instance.Warn(string.Format("Blocked connection attempt by Windows account {0} not in Admin or Analyst group.", windowsPrincipal.Identity.Name), LoggerConsts.AccountLogInError); return(false); } var profile = _userProfileAccessor.GetUserProfile(windowsPrincipal.Identity.GetUserName()); if (profile == null) { if (!mgmtConfig.AutoCreateUsers) { Logger.Instance.Warn(string.Format("Windows account {0} is authorized but does not have profile.", windowsPrincipal.Identity.Name), LoggerConsts.AccountLogInError); return(false); } var userDetails = UserAndDomainHelper.GetUserPrincipal(windowsPrincipal.Identity.GetUserName(), GetActiveDirectoryCredentials()); var user = new UserProfile { FirstName = userDetails.GivenName, LastName = userDetails.Surname, UserName = windowsPrincipal.Identity.Name, Email = userDetails.EmailAddress, Role = roleToAssign.Value, UserType = UserType.Windows, ImageBase64 = null }; _userProfileAccessor.AddOrUpdateUserProfile(user); } else { if (profile.Role != roleToAssign.Value) { profile.Role = roleToAssign.Value; _userProfileAccessor.AddOrUpdateUserProfile(profile); } if (profile.IsDisabled) { Logger.Instance.Debug(string.Format("Blocked login attempt by disabled user {0}", profile.UserName), LoggerConsts.AccountLogInError); return(false); } } return(true); }