/// <summary> /// Creates the identity. /// </summary> /// <param name="userPrincipal">The user principal.</param> /// <returns></returns> public ClaimsIdentity CreateIdentity(ActiveDirectoryUser userPrincipal) { var identity = new ClaimsIdentity("ApplicationCookie", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Windows")); identity.AddClaim(new Claim(ClaimTypes.Name, userPrincipal.SamAccountName)); //identity.AddClaim(new Claim(ClaimTypes.Email, userPrincipal.EmailAddress)); //identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.Name + " " + userPrincipal.MiddleName + " " + userPrincipal.Surname)); //identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userPrincipal.SamAccountName)); identity.AddClaim(new Claim("DisplayName", userPrincipal.DisplayName)); if (!string.IsNullOrEmpty(userPrincipal.EmailAddress)) { identity.AddClaim(new Claim(ClaimTypes.Email, userPrincipal.EmailAddress)); } //TODO: Ir buscar os roles ao AD IList <string> roles = this.GetRoles(userPrincipal); foreach (var role in roles) { identity.AddClaim(new Claim(ClaimTypes.Role, role)); } return(identity); }
/// <summary> /// Adds information to the response environment that will cause the appropriate authentication /// middleware to grant a claims-based identity to the recipient of the response. /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <returns></returns> public AuthenticationResult SignIn(string username, string password) { // authenticates against your Domain AD //ContextType authenticationType = ContextType.Domain; bool isAuthenticated = false; ActiveDirectoryUser userPrincipal = null; string[] tokens = username.Split('\\'); if (tokens.Length == 2) { var repo = new ActiveDirectoryReadOnlyRepository(tokens[0], username, password); try { //isAuthenticated = repo.ValidateCredentials(tokens[1], password, ContextOptions.Negotiate); isAuthenticated = ValidateCredentials(tokens[1], password); if (isAuthenticated) { //userPrincipal = UserPrincipal.FindByIdentity(principalContext, username); userPrincipal = repo.GetUser(tokens[1]); } } catch (Exception) { isAuthenticated = false; userPrincipal = null; } } else { isAuthenticated = false; userPrincipal = null; } if (!isAuthenticated || userPrincipal == null) { return(new AuthenticationResult("Username or Password is not correct")); } if (userPrincipal.IsAccountLockedOut()) { // here can be a security related discussion weather it is worth // revealing this information return(new AuthenticationResult("Your account is locked.")); } if (userPrincipal.Enabled.HasValue && userPrincipal.Enabled.Value == false) { // here can be a security related discussion weather it is worth // revealing this information return(new AuthenticationResult("Your account is disabled")); } ClaimsIdentity identity = CreateIdentity(userPrincipal); authenticationManager.SignOut("ApplicationCookie"); authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true }, identity); return(new AuthenticationResult()); }
/// <summary> /// Gets and user with the supplied distinguished name /// </summary> /// <param name="distinguishedName">distinguished name</param> /// <returns></returns> public ActiveDirectoryUser GetUserByDistinguishedName(string distinguishedName) { ActiveDirectoryUser user = ActiveDirectoryUser.FindByIdentity(principalContext, IdentityType.DistinguishedName, distinguishedName); return(user); }
/// <summary> /// Gets an user with the supplied Sam Account Name /// </summary> /// <param name="samaccountname">samaccountname</param> /// /// <param name="identityType">samaccountname</param> /// <returns></returns> public ActiveDirectoryUser GetUser(string samaccountname, IdentityType identityType) { ActiveDirectoryUser user = ActiveDirectoryUser.FindByIdentity(principalContext, identityType, samaccountname); return(user); }