public LoginCredentials()
{
Password = new Password();
RecoveryQuestion = new RecoveryQuestion();
Provider = new Provider();
}
public ActionResult ValidateUser()
{
PswMigrationResponse pswMigrationRsp = new PswMigrationResponse();
LdapServiceModel ldapServiceModel = null;
CustomUser oktaUser = null;
string username = null;
string password = null;
username = Request["username"];
password = Request["password"];
ldapServiceModel = new LdapServiceModel();
ldapServiceModel.ldapServer = appSettings["ldap.server"];
ldapServiceModel.ldapPort = appSettings["ldap.port"];
ldapServiceModel.baseDn = appSettings["ldap.baseDn"];
//use received username and password to bind with LDAP
//if password is valid, set password in Okta
try
{
//check username in Okta and password status
oktaUser = _oktaUserMgmt.GetCustomUser(username);
}
catch (OktaException)
{
//trap error, handle User is null
}
if (oktaUser != null)
{
if (string.IsNullOrEmpty(oktaUser.Profile.IsPasswordInOkta) || oktaUser.Profile.IsPasswordInOkta == "false")
{
//check user credentials in LDAP
bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, password, ldapServiceModel);
if (rspIsAuthenticated)
{
//set password in Okta
bool rspSetPsw = _oktaUserMgmt.SetUserPassword(oktaUser.Id, password);
if (rspSetPsw)
{
//update attribute in user profile when set password successful
oktaUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser);
if (rspPartialUpdate)
{
pswMigrationRsp.status = "set password in Okta successful";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.status = "set password in Okta successful";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
else
{
//update attribute in user profile when set password fails
oktaUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser);
if (rspPartialUpdate)
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
else
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
}
else
{
//arrive here is user creds not validated in Ldap
pswMigrationRsp.status = "LDAP validation failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
//no work required
pswMigrationRsp.status = oktaUser.Status;
pswMigrationRsp.isPasswordInOkta = "true";
}
//build response
pswMigrationRsp.oktaId = oktaUser.Id;
pswMigrationRsp.login = oktaUser.Profile.Login;
}
else
{
//arrive here if user not found in Okta
//check user credentials and get profile from LDAP
CustomUser rspCustomUser = _credAuthentication.IsCreated(username, password, ldapServiceModel);
if (rspCustomUser != null)
{
rspCustomUser.Profile.Login = username + _userdomain;
Okta.Core.Models.Password pswd = new Okta.Core.Models.Password();
pswd.Value = password;
rspCustomUser.Credentials.Password = pswd;
//create Okta user with password
rspAddCustomUser = _oktaUserMgmt.AddCustomUser(rspCustomUser);
if (rspAddCustomUser != null)
{
Uri rspUri = new Uri("https://tbd.com");
bool rspActivate = _oktaUserMgmt.ActivateUser(rspAddCustomUser, out rspUri);
if (rspActivate)
{
rspCustomUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(rspAddCustomUser);
if (rspPartialUpdate)
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "Created in Okta";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "Created in Okta";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json"));
}
public LoginCredentials()
{
Password = new Password();
RecoveryQuestion = new RecoveryQuestion();
Provider = new Provider();
}