70 lines
2.9 KiB
C#
70 lines
2.9 KiB
C#
//------------------------------------------------------------
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
//------------------------------------------------------------
|
|
|
|
namespace System.IdentityModel.Selectors
|
|
{
|
|
using System.Collections.ObjectModel;
|
|
using System.ComponentModel;
|
|
using System.IdentityModel.Claims;
|
|
using System.IdentityModel.Policy;
|
|
using System.IdentityModel.Tokens;
|
|
using System.Runtime.InteropServices;
|
|
using System.Security;
|
|
using System.Security.Principal;
|
|
|
|
public class WindowsUserNameSecurityTokenAuthenticator : UserNameSecurityTokenAuthenticator
|
|
{
|
|
bool includeWindowsGroups;
|
|
|
|
public WindowsUserNameSecurityTokenAuthenticator()
|
|
: this(WindowsClaimSet.DefaultIncludeWindowsGroups)
|
|
{
|
|
}
|
|
|
|
public WindowsUserNameSecurityTokenAuthenticator(bool includeWindowsGroups)
|
|
{
|
|
this.includeWindowsGroups = includeWindowsGroups;
|
|
}
|
|
|
|
protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateUserNamePasswordCore(string userName, string password)
|
|
{
|
|
string domain = null;
|
|
string[] strings = userName.Split('\\');
|
|
if (strings.Length != 1)
|
|
{
|
|
if (strings.Length != 2 || string.IsNullOrEmpty(strings[0]))
|
|
{
|
|
// Only support one slash and domain cannot be empty (consistent with windowslogon).
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.IncorrectUserNameFormat));
|
|
}
|
|
|
|
// This is the downlevel case - domain\userName
|
|
userName = strings[1];
|
|
domain = strings[0];
|
|
}
|
|
|
|
const uint LOGON32_PROVIDER_DEFAULT = 0;
|
|
const uint LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
|
|
SafeCloseHandle tokenHandle = null;
|
|
try
|
|
{
|
|
if (!NativeMethods.LogonUser(userName, domain, password, LOGON32_LOGON_NETWORK_CLEARTEXT, LOGON32_PROVIDER_DEFAULT, out tokenHandle))
|
|
{
|
|
int error = Marshal.GetLastWin32Error();
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenValidationException(SR.GetString(SR.FailLogonUser, userName), new Win32Exception(error)));
|
|
}
|
|
|
|
WindowsIdentity windowsIdentity = new WindowsIdentity(tokenHandle.DangerousGetHandle(), SecurityUtils.AuthTypeBasic);
|
|
WindowsClaimSet claimSet = new WindowsClaimSet(windowsIdentity, SecurityUtils.AuthTypeBasic, this.includeWindowsGroups, false);
|
|
return SecurityUtils.CreateAuthorizationPolicies(claimSet, claimSet.ExpirationTime);
|
|
}
|
|
finally
|
|
{
|
|
if (tokenHandle != null)
|
|
tokenHandle.Close();
|
|
}
|
|
}
|
|
}
|
|
}
|