Challange-Response: Follow the RFC spec

On Challange-Responses the result is sent back encrypted to the server. The shared RADIUS key is used for encryption. The State attribute necessary in challange request/responses is assigned a guid.
2025-06-12 15:34:31 +02:00 · 2015-04-21 12:52:04 +02:00 · 2015-04-21 12:52:04 +02:00 · 3d8463d7d8
commit 3d8463d7d8
parent 6ecba61ffd
10 changed files with 115 additions and 304 deletions
--- a/RDSFactorWeb/RDWeb/Pages/Bin/RADAR.dll
+++ b/RDSFactorWeb/RDWeb/Pages/Bin/RADAR.dll
--- a/RDSFactorWeb/RDWeb/Pages/Bin/RADAR.pdb
+++ b/RDSFactorWeb/RDWeb/Pages/Bin/RADAR.pdb
--- a/RDSFactorWeb/RDWeb/Pages/Web.config
+++ b/RDSFactorWeb/RDWeb/Pages/Web.config
@ -38,9 +38,9 @@
    <add key="ShowOptimizeExperience" value="true"/>
    <add key="OptimizeExperienceState" value="false"/>
    <add key="SmsToken" value="true"/>
-    <add key="RadiusServer" value="192.168.121.9"/>
+    <add key="RadiusServer" value="127.0.0.1"/>
    <add key="RadiusSecret" value="helloworld"/>
-    <add key="OTP" value="true"/>
+    <add key="OTP" value="false"/>
    <add key="EnableSMS" value="true"/>
    <add key="EnableMail" value="false"/>
  </appSettings>
@ -85,7 +85,11 @@
        </authorization>
      </personalization>
    </webParts>
-    <compilation targetFramework="4.5"/>
+    <compilation targetFramework="4.5" debug="true">
+      <assemblies>
+        <add assembly="System.Web.Helpers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
+      </assemblies>
+    </compilation>
    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
  </system.web>
  <system.webServer>
@ -94,12 +98,10 @@
      <add name="RDWAFormsAuthenticationModule" type="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormsAuthentication"/>
    </modules>
    <security>
-      
      <authentication>
        <windowsAuthentication enabled="false"/>
        <anonymousAuthentication enabled="true"/>
      </authentication>
-      
    </security>
    <httpRedirect enabled="false"/>
  </system.webServer>
--- a/RDSFactorWeb/RDWeb/Pages/en-US/smstoken.aspx
+++ b/RDSFactorWeb/RDWeb/Pages/en-US/smstoken.aspx
@ -2,7 +2,10 @@
 <?xml-stylesheet type="text/xsl" href="../Site.xsl"?>
 <?xml-stylesheet type="text/css" href="../RenderFail.css"?>
 <% @Page Language="C#" Debug="false" ResponseEncoding="utf-8" ContentType="text/xml" %>
+
 <% @Import Namespace="System" %>
+<% @Import Namespace="System.IO" %>
+<% @Import Namespace="System.Web.Helpers"  %>
 <% @Import Namespace="System.Threading" %>
 <% @Import Namespace="System.Security" %>
 <% @Import Namespace="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication" %>
@ -71,7 +74,8 @@

    void Page_Load(object sender, EventArgs e)
    {
-       
+        logit("pageload");
+        
        btnSignIn.Text = L_SubmitLabel_Text;
        btnCancel.Text = L_CancelLabel_Text;

@ -87,18 +91,25 @@
        RADIUSClient client = new RADIUSClient(RadiusServer, 1812, RadiusSecret);
        RADIUSAttributes atts = new RADIUSAttributes();
        client.Debug = Debug;
+        
        try {    
            VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic,(string)Session["Delivery"]);
            vsa.SetRADIUSAttribute(ref atts);

+            logit("AccessReqeust");
+            
            RADIUSPacket response = client.Authenticate(username, strPassword, atts);
                   
 	        if (response.Code == RadiusPacketCode.AccessChallenge) {
+                logit("Challange");
+                
 		        state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
                Session["State"] = state;      
            }
            // Access-Accept
            else if (response.Code == RadiusPacketCode.AccessAccept) {
+                logit("Accept");
+                
                string sessionGuid =  response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).GetString(); 
                Session["SESSIONGUID"] = sessionGuid;
                HttpCookie myCookie = new HttpCookie("RadiusSessionId");
@ -172,18 +183,26 @@

        Response.Redirect(strRedirectSafeUrl,false);       
    }
+        
+    public void logit(String message) { 
+        String path = "C:\\RDSFactor\\RDSFactorWeb\\RDWeb\\Pages\\log\\web.log";
+        message = DateTime.Now + ": " + message;
+        using (StreamWriter log = File.AppendText(path)) {
+            log.WriteLine(message);
+        }
+    }

    protected void btnSignIn_Click(object sender, EventArgs e)
    {
-
        username = (string)Session["DomainUserName"];  
        state = (RADIUSAttribute)Session["state"];
        
-        RADIUSClient myRadius = new RADIUSClient(RadiusServer, 1812, RadiusSecret);
+        RADIUSClient client = new RADIUSClient(RadiusServer, 1812, RadiusSecret);
        RADIUSAttributes atts = new RADIUSAttributes();

 		atts.Add(state);
-		RADIUSPacket response = myRadius.Authenticate(username, SmsToken.Text, atts);
+        String encryptedChallangeResult = Crypto.SHA256(username + SmsToken.Text + RadiusSecret);
+        RADIUSPacket response = client.Authenticate(username, encryptedChallangeResult, atts);

        if (response.Code == RadiusPacketCode.AccessAccept)
        {