mirror of
https://github.com/jakobadam/RDSFactor.git
synced 2025-07-23 18:15:55 +02:00
Propagate error message from RADIUS server to RD Web
Through the RADIUS Reply-Message attribute.
This commit is contained in:
parent
258b3f5663
commit
66902b2f34
3 changed files with 54 additions and 14 deletions
|
@ -185,14 +185,14 @@ Public Class RDSHandler
|
||||||
Dim ldapResult = Authenticate()
|
Dim ldapResult = Authenticate()
|
||||||
|
|
||||||
If RDSFactor.EnableOTP Then
|
If RDSFactor.EnableOTP Then
|
||||||
TwoFactorChallenge()
|
TwoFactorChallenge(ldapResult)
|
||||||
Exit Sub
|
Exit Sub
|
||||||
Else
|
Else
|
||||||
Accept()
|
Accept()
|
||||||
End If
|
End If
|
||||||
Catch ex As Exception
|
Catch ex As Exception
|
||||||
RDSFactor.LogDebug(mPacket, "Authentication failed. Sending reject. Error: " & ex.Message)
|
RDSFactor.LogDebug(mPacket, "Authentication failed. Sending reject. Error: " & ex.Message)
|
||||||
mPacket.RejectAccessRequest()
|
mPacket.RejectAccessRequest(ex.Message)
|
||||||
End Try
|
End Try
|
||||||
End Sub
|
End Sub
|
||||||
|
|
||||||
|
@ -230,7 +230,7 @@ Public Class RDSHandler
|
||||||
End If
|
End If
|
||||||
End Sub
|
End Sub
|
||||||
|
|
||||||
Private Sub TwoFactorChallenge()
|
Private Sub TwoFactorChallenge(ldapResult As SearchResult)
|
||||||
Dim challangeCode = RDSFactor.GenerateCode
|
Dim challangeCode = RDSFactor.GenerateCode
|
||||||
Dim authToken = System.Guid.NewGuid.ToString
|
Dim authToken = System.Guid.NewGuid.ToString
|
||||||
Dim clientIP = mPacket.EndPoint.Address.ToString
|
Dim clientIP = mPacket.EndPoint.Address.ToString
|
||||||
|
@ -247,11 +247,13 @@ Public Class RDSHandler
|
||||||
encryptedChallangeResults(mUsername) = encryptedChallangeResult
|
encryptedChallangeResults(mUsername) = encryptedChallangeResult
|
||||||
|
|
||||||
If mUseSMSFactor Then
|
If mUseSMSFactor Then
|
||||||
RDSFactor.LogDebug(mPacket, "TODO: Send SMS")
|
Dim mobile = LdapGetNumber(ldapResult)
|
||||||
|
RDSFactor.SendSMS(mobile, challangeCode)
|
||||||
End If
|
End If
|
||||||
|
|
||||||
If mUseEmailFactor Then
|
If mUseEmailFactor Then
|
||||||
RDSFactor.LogDebug(mPacket, "TODO: Send Email")
|
Dim email = LdapGetEmail(ldapResult)
|
||||||
|
RDSFactor.SendEmail(email, challangeCode)
|
||||||
End If
|
End If
|
||||||
|
|
||||||
Dim attributes As New RADIUSAttributes
|
Dim attributes As New RADIUSAttributes
|
||||||
|
@ -283,7 +285,7 @@ Public Class RDSHandler
|
||||||
|
|
||||||
search.PropertiesToLoad.Add("distinguishedName")
|
search.PropertiesToLoad.Add("distinguishedName")
|
||||||
If RDSFactor.EnableOTP = True Then
|
If RDSFactor.EnableOTP = True Then
|
||||||
search.PropertiesToLoad.Add(RDSFactor.ADField)
|
search.PropertiesToLoad.Add(RDSFactor.ADMobileField)
|
||||||
search.PropertiesToLoad.Add(RDSFactor.ADMailField)
|
search.PropertiesToLoad.Add(RDSFactor.ADMailField)
|
||||||
End If
|
End If
|
||||||
|
|
||||||
|
@ -298,19 +300,26 @@ Public Class RDSHandler
|
||||||
End Function
|
End Function
|
||||||
|
|
||||||
Private Function LdapGetNumber(result As SearchResult) As String
|
Private Function LdapGetNumber(result As SearchResult) As String
|
||||||
Dim mobile = result.Properties(RDSFactor.ADField)(0)
|
If Not result.Properties.Contains(RDSFactor.ADMobileField) Then
|
||||||
|
Throw New MissingLdapField(RDSFactor.ADMobileField, mUsername)
|
||||||
|
End If
|
||||||
|
Dim mobile = result.Properties(RDSFactor.ADMobileField)(0)
|
||||||
mobile = Replace(mobile, "+", "")
|
mobile = Replace(mobile, "+", "")
|
||||||
If mobile.Trim.Length = 0 Then
|
If mobile.Trim.Length = 0 Then
|
||||||
RDSFactor.LogDebug(mPacket, "Unable to find correct phone number for user " & mUsername)
|
RDSFactor.LogDebug(mPacket, "Unable to find correct phone number for user " & mUsername)
|
||||||
|
Throw New MissingNumber(mUsername)
|
||||||
End If
|
End If
|
||||||
Return mobile
|
Return mobile
|
||||||
End Function
|
End Function
|
||||||
|
|
||||||
Private Function LdapGetEmail(result As SearchResult) As String
|
Private Function LdapGetEmail(result As SearchResult) As String
|
||||||
|
If Not result.Properties.Contains(RDSFactor.ADMailField) Then
|
||||||
|
Throw New MissingLdapField(RDSFactor.ADMailField, mUsername)
|
||||||
|
End If
|
||||||
Dim email = result.Properties(RDSFactor.ADMailField)(0)
|
Dim email = result.Properties(RDSFactor.ADMailField)(0)
|
||||||
|
|
||||||
If InStr(email, "@") = 0 Then
|
If InStr(email, "@") = 0 Then
|
||||||
RDSFactor.LogDebug(mPacket, "Unable to find correct email for user " & mUsername)
|
RDSFactor.LogDebug(mPacket, "Unable to find correct email for user " & mUsername)
|
||||||
|
Throw New MissingEmail(mUsername)
|
||||||
End If
|
End If
|
||||||
Return email
|
Return email
|
||||||
End Function
|
End Function
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<?xml-stylesheet type="text/xsl" href="../Site.xsl"?>
|
<?xml-stylesheet type="text/xsl" href="../Site.xsl"?>
|
||||||
<?xml-stylesheet type="text/css" href="../RenderFail.css"?>
|
<?xml-stylesheet type="text/css" href="../RenderFail.css"?>
|
||||||
<% @Page Language="C#" Debug="false" ResponseEncoding="utf-8" ContentType="text/xml" %>
|
|
||||||
|
<% @Page Language="C#" Debug="true" ResponseEncoding="utf-8" ContentType="text/xml" %>
|
||||||
<% @Import Namespace="System " %>
|
<% @Import Namespace="System " %>
|
||||||
<% @Import Namespace="System.Security" %>
|
<% @Import Namespace="System.Security" %>
|
||||||
<% @Import Namespace="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication" %>
|
<% @Import Namespace="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication" %>
|
||||||
|
@ -67,6 +68,7 @@
|
||||||
public bool bSessionExpired = false;
|
public bool bSessionExpired = false;
|
||||||
public string strPrivateModeTimeout = "240";
|
public string strPrivateModeTimeout = "240";
|
||||||
public string strPublicModeTimeout = "20";
|
public string strPublicModeTimeout = "20";
|
||||||
|
public string message;
|
||||||
|
|
||||||
public WorkspaceInfo objWorkspaceInfo = null;
|
public WorkspaceInfo objWorkspaceInfo = null;
|
||||||
|
|
||||||
|
@ -103,6 +105,11 @@
|
||||||
|
|
||||||
void Page_Load(object sender, EventArgs e)
|
void Page_Load(object sender, EventArgs e)
|
||||||
{
|
{
|
||||||
|
if (Session["Message"] != null) {
|
||||||
|
message = (string)Session["Message"];
|
||||||
|
Session["Message"] = null;
|
||||||
|
}
|
||||||
|
|
||||||
if (!Page.IsPostBack)
|
if (!Page.IsPostBack)
|
||||||
{
|
{
|
||||||
Session["UserPass"] = "";
|
Session["UserPass"] = "";
|
||||||
|
@ -343,7 +350,7 @@
|
||||||
onload="onLoginPageLoad(event)"
|
onload="onLoginPageLoad(event)"
|
||||||
onunload="onPageUnload(event)"/>
|
onunload="onPageUnload(event)"/>
|
||||||
<HTMLMainContent>
|
<HTMLMainContent>
|
||||||
|
|
||||||
<form id="FrmLogin" name="FrmLogin" action="login.aspx<%=SecurityElement.Escape(strReturnUrl)%>" method="post" onsubmit="return onLoginFormSubmit()">
|
<form id="FrmLogin" name="FrmLogin" action="login.aspx<%=SecurityElement.Escape(strReturnUrl)%>" method="post" onsubmit="return onLoginFormSubmit()">
|
||||||
|
|
||||||
<input type="hidden" name="WorkSpaceID" value="<%=SecurityElement.Escape(strWorkSpaceID)%>"/>
|
<input type="hidden" name="WorkSpaceID" value="<%=SecurityElement.Escape(strWorkSpaceID)%>"/>
|
||||||
|
@ -430,6 +437,20 @@
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
|
<% if (message != null){ %>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td height="20"> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><span class="wrng"><%=message%></span></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<% } %>
|
||||||
|
|
||||||
<%
|
<%
|
||||||
strErrorMessageRowStyle = "style=\"display:none\"";
|
strErrorMessageRowStyle = "style=\"display:none\"";
|
||||||
|
|
|
@ -60,19 +60,29 @@ public partial class SMSToken : System.Web.UI.Page
|
||||||
onRadiusAccept(response);
|
onRadiusAccept(response);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Session["UserPass"] = "";
|
onRadiusReject(response);
|
||||||
Session["DomainUserName"] = "";
|
|
||||||
SafeRedirect("logoff.aspx?Error=LoginSMSFailed");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void onRadiusReject(RADIUSPacket response) {
|
||||||
|
if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage)){
|
||||||
|
// Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error
|
||||||
|
// message, when they could just put the message in the session
|
||||||
|
String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
|
||||||
|
Session["Message"] = message;
|
||||||
|
}
|
||||||
|
Session["UserPass"] = "";
|
||||||
|
Session["DomainUserName"] = "";
|
||||||
|
SafeRedirect("logoff.aspx");
|
||||||
|
}
|
||||||
|
|
||||||
void onRadiusChallange(RADIUSPacket response){
|
void onRadiusChallange(RADIUSPacket response){
|
||||||
RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
|
RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
|
||||||
Session["State"] = state;
|
Session["State"] = state;
|
||||||
}
|
}
|
||||||
|
|
||||||
void onRadiusAccept(RADIUSPacket response){
|
void onRadiusAccept(RADIUSPacket response){
|
||||||
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).GetString();
|
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
|
||||||
Session["SESSIONGUID"] = sessionGuid;
|
Session["SESSIONGUID"] = sessionGuid;
|
||||||
|
|
||||||
HttpCookie myCookie = new HttpCookie("RadiusSessionId");
|
HttpCookie myCookie = new HttpCookie("RadiusSessionId");
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue