public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims) { claims = null; IAdapterPresentation result = null; string userName = proofData.Properties["upn"].ToString(); string pin = proofData.Properties["pin"].ToString(); string pollingEndpoint = proofData.Properties["pollingEndpoint"].ToString(); string windir = Environment.GetFolderPath(Environment.SpecialFolder.Windows); System.Configuration.ExeConfigurationFileMap fileMap = new System.Configuration.ExeConfigurationFileMap(); fileMap.ExeConfigFilename = windir + "\\ADFS\\OktaMFA-ADFS.dll.config"; System.Configuration.Configuration cfg = System.Configuration.ConfigurationManager.OpenMappedExeConfiguration(fileMap, System.Configuration.ConfigurationUserLevel.None); string oktaTenant = cfg.AppSettings.Settings["Tenant"].Value; string authToken = cfg.AppSettings.Settings["apiKey"].Value; string baseUrl = oktaTenant + "/api/v1/"; string pinSuccess = "no"; string verifyResult = "false"; HttpWebRequest upnRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userName); upnRequest.Headers.Add("Authorization", authToken); upnRequest.Method = "GET"; upnRequest.ContentType = "application/json"; var upnResponse = (HttpWebResponse)upnRequest.GetResponse(); var idReader = new StreamReader(upnResponse.GetResponseStream()); var id = idReader.ReadToEnd(); RootObject userProfile = JsonConvert.DeserializeObject <RootObject>(id); string userID = userProfile.id.ToString(); HttpWebRequest factorRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors"); factorRequest.Headers.Add("Authorization", authToken); factorRequest.Method = "GET"; factorRequest.ContentType = "application/json"; factorRequest.Accept = "application/json"; var factorResponse = (HttpWebResponse)factorRequest.GetResponse(); var factorReader = new StreamReader(factorResponse.GetResponseStream()); var factorList = factorReader.ReadToEnd(); RootObject[] factors = JsonConvert.DeserializeObject <RootObject[]>(factorList); string factorID = ""; foreach (RootObject factor in factors) { if (factor.provider == "OKTA" && factor.factorType == "push") { // string pushfactorID = factor.id; // HttpWebRequest pushRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + pushfactorID + "/verify"); // pushRequest.Headers.Add("Authorization", authToken); // pushRequest.Method = "POST"; // pushRequest.ContentType = "application/json"; // pushRequest.Accept = "application/json"; // pushRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"; // var pushResponse = (HttpWebResponse)pushRequest.GetResponse(); // var pushReader = new StreamReader(pushResponse.GetResponseStream()); // var pushStatus = pushReader.ReadToEnd(); // RootObject pushResult = JsonConvert.DeserializeObject<RootObject>(pushStatus); // string pollingEndpoint = pushResult._links.poll.href.ToString(); int attemptPoll = 1; while (verifyResult == "false" && attemptPoll <= 20 && pinSuccess == "no") { HttpWebRequest verifyRequest = (HttpWebRequest)WebRequest.Create(pollingEndpoint); verifyRequest.Headers.Add("Authorization", authToken); verifyRequest.Method = "GET"; verifyRequest.ContentType = "application/json"; verifyRequest.Accept = "application/json"; verifyRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"; var pushAnswer = (HttpWebResponse)verifyRequest.GetResponse(); var pushStatus2 = new StreamReader(pushAnswer.GetResponseStream()); var pushStatus3 = pushStatus2.ReadToEnd(); RootObject pushWait = JsonConvert.DeserializeObject <RootObject>(pushStatus3); if (pushWait.factorResult == "SUCCESS") { verifyResult = "true"; Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); claims = new Claim[] { claim }; return(result); } else { attemptPoll++; } } return(result); } if (factor.provider == "OKTA" && factor.factorType == "token:software:totp" && verifyResult == "false" && pin != "") { factorID = factor.id; HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify"); httprequest.Headers.Add("Authorization", authToken); httprequest.Method = "POST"; httprequest.ContentType = "application/json"; otpCode otpCode = new otpCode { passCode = pin }; string otpString = JsonConvert.SerializeObject(otpCode); using (var streamWriter = new StreamWriter(httprequest.GetRequestStream())) { streamWriter.Write(otpString); } try { var httpResponse = (HttpWebResponse)httprequest.GetResponse(); if (httpResponse.StatusCode.ToString() == "OK" && pin != "") { pinSuccess = "yes"; Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); claims = new Claim[] { claim }; return(result); } // using (var streamReader = new StreamReader(httpResponse.GetResponseStream())) // { // var factorResult = streamReader.ReadToEnd(); // } } catch (WebException we) { var failResponse = we.Response as HttpWebResponse; if (failResponse == null) { throw; } result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false); } } } //HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify"); //httprequest.Headers.Add("Authorization", authToken); //httprequest.Method = "POST"; //httprequest.ContentType = "application/json"; //otpCode otpCode = new otpCode //{ passCode = pin }; //string otpString = JsonConvert.SerializeObject(otpCode); //using (var streamWriter = new StreamWriter(httprequest.GetRequestStream())) //{ // streamWriter.Write(otpString); //} //try //{ // var httpResponse = (HttpWebResponse)httprequest.GetResponse(); // if (httpResponse.StatusCode.ToString() == "OK") // { // System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); // claims = new System.Security.Claims.Claim[] { claim }; // } // using (var streamReader = new StreamReader(httpResponse.GetResponseStream())) // { // var factorResult = streamReader.ReadToEnd(); // } //} //catch (WebException we) //{ // var failResponse = we.Response as HttpWebResponse; // if (failResponse == null) // throw; // result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false); //} if (pinSuccess == "yes" || verifyResult == "true") { Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); claims = new Claim[] { claim }; return(result); } else { result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false); } return(result); }
public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, System.Net.HttpListenerRequest request, out System.Security.Claims.Claim[] claims ) { claims = null; IAdapterPresentation result = null; string userName = proofData.Properties["upn"].ToString(); string pin = proofData.Properties["pin"].ToString(); string pollingEndpoint = proofData.Properties["pollingEndpoint"].ToString(); string windir = Environment.GetFolderPath(Environment.SpecialFolder.Windows); System.Configuration.ExeConfigurationFileMap fileMap = new System.Configuration.ExeConfigurationFileMap(); fileMap.ExeConfigFilename = windir + "\\ADFS\\OktaMFA-ADFS.dll.config"; System.Configuration.Configuration cfg = System.Configuration.ConfigurationManager.OpenMappedExeConfiguration(fileMap, System.Configuration.ConfigurationUserLevel.None); string oktaTenant = cfg.AppSettings.Settings["Tenant"].Value; string authToken = cfg.AppSettings.Settings["apiKey"].Value; string baseUrl = oktaTenant + "/api/v1/"; string pinSuccess = "no"; string verifyResult = "false"; HttpWebRequest upnRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userName); upnRequest.Headers.Add("Authorization", authToken); upnRequest.Method = "GET"; upnRequest.ContentType = "application/json"; var upnResponse = (HttpWebResponse)upnRequest.GetResponse(); var idReader = new StreamReader(upnResponse.GetResponseStream()); var id = idReader.ReadToEnd(); RootObject userProfile = JsonConvert.DeserializeObject<RootObject>(id); string userID = userProfile.id.ToString(); HttpWebRequest factorRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors"); factorRequest.Headers.Add("Authorization", authToken); factorRequest.Method = "GET"; factorRequest.ContentType = "application/json"; factorRequest.Accept = "application/json"; var factorResponse = (HttpWebResponse)factorRequest.GetResponse(); var factorReader = new StreamReader(factorResponse.GetResponseStream()); var factorList = factorReader.ReadToEnd(); RootObject[] factors = JsonConvert.DeserializeObject<RootObject[]>(factorList); string factorID = ""; foreach (RootObject factor in factors) { if (factor.provider == "OKTA" && factor.factorType == "push") { // string pushfactorID = factor.id; // HttpWebRequest pushRequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + pushfactorID + "/verify"); // pushRequest.Headers.Add("Authorization", authToken); // pushRequest.Method = "POST"; // pushRequest.ContentType = "application/json"; // pushRequest.Accept = "application/json"; // pushRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"; // var pushResponse = (HttpWebResponse)pushRequest.GetResponse(); // var pushReader = new StreamReader(pushResponse.GetResponseStream()); // var pushStatus = pushReader.ReadToEnd(); // RootObject pushResult = JsonConvert.DeserializeObject<RootObject>(pushStatus); // string pollingEndpoint = pushResult._links.poll.href.ToString(); int attemptPoll = 1; while (verifyResult == "false" && attemptPoll <= 20 && pinSuccess == "no") { HttpWebRequest verifyRequest = (HttpWebRequest)WebRequest.Create(pollingEndpoint); verifyRequest.Headers.Add("Authorization", authToken); verifyRequest.Method = "GET"; verifyRequest.ContentType = "application/json"; verifyRequest.Accept = "application/json"; verifyRequest.UserAgent = "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"; var pushAnswer = (HttpWebResponse)verifyRequest.GetResponse(); var pushStatus2 = new StreamReader(pushAnswer.GetResponseStream()); var pushStatus3 = pushStatus2.ReadToEnd(); RootObject pushWait = JsonConvert.DeserializeObject<RootObject>(pushStatus3); if (pushWait.factorResult == "SUCCESS") { verifyResult = "true"; Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); claims = new Claim[] { claim }; return result; } else { attemptPoll++; } } return result; } if (factor.provider == "OKTA" && factor.factorType == "token:software:totp" && verifyResult == "false" && pin != "") { factorID = factor.id; HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify"); httprequest.Headers.Add("Authorization", authToken); httprequest.Method = "POST"; httprequest.ContentType = "application/json"; otpCode otpCode = new otpCode { passCode = pin }; string otpString = JsonConvert.SerializeObject(otpCode); using (var streamWriter = new StreamWriter(httprequest.GetRequestStream())) { streamWriter.Write(otpString); } try { var httpResponse = (HttpWebResponse)httprequest.GetResponse(); if (httpResponse.StatusCode.ToString() == "OK" && pin != "" ) { pinSuccess = "yes"; Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); claims = new Claim[] { claim }; return result; } // using (var streamReader = new StreamReader(httpResponse.GetResponseStream())) // { // var factorResult = streamReader.ReadToEnd(); // } } catch (WebException we) { var failResponse = we.Response as HttpWebResponse; if (failResponse == null) throw; result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false); } } } //HttpWebRequest httprequest = (HttpWebRequest)WebRequest.Create(baseUrl + "users/" + userID + "/factors/" + factorID + "/verify"); //httprequest.Headers.Add("Authorization", authToken); //httprequest.Method = "POST"; //httprequest.ContentType = "application/json"; //otpCode otpCode = new otpCode //{ passCode = pin }; //string otpString = JsonConvert.SerializeObject(otpCode); //using (var streamWriter = new StreamWriter(httprequest.GetRequestStream())) //{ // streamWriter.Write(otpString); //} //try //{ // var httpResponse = (HttpWebResponse)httprequest.GetResponse(); // if (httpResponse.StatusCode.ToString() == "OK") // { // System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); // claims = new System.Security.Claims.Claim[] { claim }; // } // using (var streamReader = new StreamReader(httpResponse.GetResponseStream())) // { // var factorResult = streamReader.ReadToEnd(); // } //} //catch (WebException we) //{ // var failResponse = we.Response as HttpWebResponse; // if (failResponse == null) // throw; // result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false); //} if (pinSuccess == "yes" || verifyResult == "true") { Claim claim = new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"); claims = new Claim[] { claim }; return result; } else { result = new AdapterPresentation("Authentication failed.", proofData.Properties["upn"].ToString(), false); } return result; }