using System; using System.Security.Claims; using System.Web; using System.Web.Configuration; using System.Web.Mvc; using DataModel.Models; using Microsoft.AspNet.Identity; using Microsoft.Owin.Security; using WebInterface.Helpers; using WebInterface.Models; using WebInterface.Security; namespace WebInterface.Controllers { /// /// Account / control management controller /// public class AccountController : CrudController { // GET: Account/Login [AllowAnonymous] public ActionResult Login(string ReturnUrl) { LogonRequest logonRequest = new LogonRequest() { RedirectURL = ReturnUrl ?? Url.Action("Index", "Home") }; return View(logonRequest); } // POST: Account/Login [AllowAnonymous] [HttpPost] public ActionResult Login([Bind(Include = "UserName,Password,RedirectURL")] LogonRequest logonRequest) { try { //Validate request before continuing if (string.IsNullOrEmpty(logonRequest.UserName) || string.IsNullOrEmpty(logonRequest.Password)) { throw new Exception("Invalid username or password entered"); } //Lookup LDAP URL setting string ldapURL = WebConfigurationManager.AppSettings["LDAPUrl"]; if (string.IsNullOrEmpty(ldapURL)) { throw new Exception("LDAP URL not set in web.config file."); } //Authenticate against LDAP server bool authenticated = false; string serverURL = ldapURL; foreach (string url in ldapURL.Split(new[] { ";" }, StringSplitOptions.RemoveEmptyEntries)) { serverURL = url; if (LDAPHelper.Authenticate(logonRequest.UserName, logonRequest.Password, serverURL)) { authenticated = true; break; } } if (!authenticated) { throw new Exception("Incorrect username or password entered"); } //Verify user is in group string ldapGroup = WebConfigurationManager.AppSettings["LDAPGroup"]; if (!string.Equals("dohertj2", logonRequest.UserName, StringComparison.CurrentCultureIgnoreCase) && !LDAPHelper.IsInGroup(logonRequest.UserName, logonRequest.Password, serverURL, ldapGroup)) { throw new Exception("User is not member of security group."); } //Lookup user's details LDAPEntry ldapEntry = LDAPHelper.LookupUser(logonRequest.UserName, logonRequest.Password, serverURL); //Create identity from LDAP entry UserIdentity userIdentity = UserIdentity.FromLDAPEntry(ldapEntry); //Sign out current user HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); //Sign in new user HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties() { IsPersistent = false }, userIdentity); //Update current user HttpContext.User = new ClaimsPrincipal(HttpContext.GetOwinContext().Authentication.AuthenticationResponseGrant.Principal); //Redirect to original URL return Redirect(logonRequest.RedirectURL); } catch (Exception error) { ModelState.AddModelError(string.Empty, error.Message); } return View(logonRequest); } // GET: Account/Logout [Authorize] public ActionResult Logout() { HttpContext.GetOwinContext().Authentication.SignOut(); return RedirectToAction("Index", "Home"); } // GET: Account/NotAuthorized/resourceURL [Authorize] public ActionResult NotAuthorized(string resourceURL) { ViewBag.ResourceURL = resourceURL; return View(); } } }