Propagate error message from RADIUS server to RD Web

Through the RADIUS Reply-Message attribute.
This commit is contained in:
Jakob Aarøe Dam 2015-04-30 14:29:11 +02:00
parent 258b3f5663
commit 66902b2f34
3 changed files with 54 additions and 14 deletions

View file

@ -185,14 +185,14 @@ Public Class RDSHandler
Dim ldapResult = Authenticate() Dim ldapResult = Authenticate()
If RDSFactor.EnableOTP Then If RDSFactor.EnableOTP Then
TwoFactorChallenge() TwoFactorChallenge(ldapResult)
Exit Sub Exit Sub
Else Else
Accept() Accept()
End If End If
Catch ex As Exception Catch ex As Exception
RDSFactor.LogDebug(mPacket, "Authentication failed. Sending reject. Error: " & ex.Message) RDSFactor.LogDebug(mPacket, "Authentication failed. Sending reject. Error: " & ex.Message)
mPacket.RejectAccessRequest() mPacket.RejectAccessRequest(ex.Message)
End Try End Try
End Sub End Sub
@ -230,7 +230,7 @@ Public Class RDSHandler
End If End If
End Sub End Sub
Private Sub TwoFactorChallenge() Private Sub TwoFactorChallenge(ldapResult As SearchResult)
Dim challangeCode = RDSFactor.GenerateCode Dim challangeCode = RDSFactor.GenerateCode
Dim authToken = System.Guid.NewGuid.ToString Dim authToken = System.Guid.NewGuid.ToString
Dim clientIP = mPacket.EndPoint.Address.ToString Dim clientIP = mPacket.EndPoint.Address.ToString
@ -247,11 +247,13 @@ Public Class RDSHandler
encryptedChallangeResults(mUsername) = encryptedChallangeResult encryptedChallangeResults(mUsername) = encryptedChallangeResult
If mUseSMSFactor Then If mUseSMSFactor Then
RDSFactor.LogDebug(mPacket, "TODO: Send SMS") Dim mobile = LdapGetNumber(ldapResult)
RDSFactor.SendSMS(mobile, challangeCode)
End If End If
If mUseEmailFactor Then If mUseEmailFactor Then
RDSFactor.LogDebug(mPacket, "TODO: Send Email") Dim email = LdapGetEmail(ldapResult)
RDSFactor.SendEmail(email, challangeCode)
End If End If
Dim attributes As New RADIUSAttributes Dim attributes As New RADIUSAttributes
@ -283,7 +285,7 @@ Public Class RDSHandler
search.PropertiesToLoad.Add("distinguishedName") search.PropertiesToLoad.Add("distinguishedName")
If RDSFactor.EnableOTP = True Then If RDSFactor.EnableOTP = True Then
search.PropertiesToLoad.Add(RDSFactor.ADField) search.PropertiesToLoad.Add(RDSFactor.ADMobileField)
search.PropertiesToLoad.Add(RDSFactor.ADMailField) search.PropertiesToLoad.Add(RDSFactor.ADMailField)
End If End If
@ -298,19 +300,26 @@ Public Class RDSHandler
End Function End Function
Private Function LdapGetNumber(result As SearchResult) As String Private Function LdapGetNumber(result As SearchResult) As String
Dim mobile = result.Properties(RDSFactor.ADField)(0) If Not result.Properties.Contains(RDSFactor.ADMobileField) Then
Throw New MissingLdapField(RDSFactor.ADMobileField, mUsername)
End If
Dim mobile = result.Properties(RDSFactor.ADMobileField)(0)
mobile = Replace(mobile, "+", "") mobile = Replace(mobile, "+", "")
If mobile.Trim.Length = 0 Then If mobile.Trim.Length = 0 Then
RDSFactor.LogDebug(mPacket, "Unable to find correct phone number for user " & mUsername) RDSFactor.LogDebug(mPacket, "Unable to find correct phone number for user " & mUsername)
Throw New MissingNumber(mUsername)
End If End If
Return mobile Return mobile
End Function End Function
Private Function LdapGetEmail(result As SearchResult) As String Private Function LdapGetEmail(result As SearchResult) As String
If Not result.Properties.Contains(RDSFactor.ADMailField) Then
Throw New MissingLdapField(RDSFactor.ADMailField, mUsername)
End If
Dim email = result.Properties(RDSFactor.ADMailField)(0) Dim email = result.Properties(RDSFactor.ADMailField)(0)
If InStr(email, "@") = 0 Then If InStr(email, "@") = 0 Then
RDSFactor.LogDebug(mPacket, "Unable to find correct email for user " & mUsername) RDSFactor.LogDebug(mPacket, "Unable to find correct email for user " & mUsername)
Throw New MissingEmail(mUsername)
End If End If
Return email Return email
End Function End Function

View file

@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="../Site.xsl"?> <?xml-stylesheet type="text/xsl" href="../Site.xsl"?>
<?xml-stylesheet type="text/css" href="../RenderFail.css"?> <?xml-stylesheet type="text/css" href="../RenderFail.css"?>
<% @Page Language="C#" Debug="false" ResponseEncoding="utf-8" ContentType="text/xml" %>
<% @Page Language="C#" Debug="true" ResponseEncoding="utf-8" ContentType="text/xml" %>
<% @Import Namespace="System " %> <% @Import Namespace="System " %>
<% @Import Namespace="System.Security" %> <% @Import Namespace="System.Security" %>
<% @Import Namespace="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication" %> <% @Import Namespace="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication" %>
@ -67,6 +68,7 @@
public bool bSessionExpired = false; public bool bSessionExpired = false;
public string strPrivateModeTimeout = "240"; public string strPrivateModeTimeout = "240";
public string strPublicModeTimeout = "20"; public string strPublicModeTimeout = "20";
public string message;
public WorkspaceInfo objWorkspaceInfo = null; public WorkspaceInfo objWorkspaceInfo = null;
@ -103,6 +105,11 @@
void Page_Load(object sender, EventArgs e) void Page_Load(object sender, EventArgs e)
{ {
if (Session["Message"] != null) {
message = (string)Session["Message"];
Session["Message"] = null;
}
if (!Page.IsPostBack) if (!Page.IsPostBack)
{ {
Session["UserPass"] = ""; Session["UserPass"] = "";
@ -343,7 +350,7 @@
onload="onLoginPageLoad(event)" onload="onLoginPageLoad(event)"
onunload="onPageUnload(event)"/> onunload="onPageUnload(event)"/>
<HTMLMainContent> <HTMLMainContent>
<form id="FrmLogin" name="FrmLogin" action="login.aspx<%=SecurityElement.Escape(strReturnUrl)%>" method="post" onsubmit="return onLoginFormSubmit()"> <form id="FrmLogin" name="FrmLogin" action="login.aspx<%=SecurityElement.Escape(strReturnUrl)%>" method="post" onsubmit="return onLoginFormSubmit()">
<input type="hidden" name="WorkSpaceID" value="<%=SecurityElement.Escape(strWorkSpaceID)%>"/> <input type="hidden" name="WorkSpaceID" value="<%=SecurityElement.Escape(strWorkSpaceID)%>"/>
@ -430,6 +437,20 @@
</td> </td>
</tr> </tr>
<% if (message != null){ %>
<tr>
<td>
<table>
<tr>
<td height="20">&#160;</td>
</tr>
<tr>
<td><span class="wrng"><%=message%></span></td>
</tr>
</table>
</td>
</tr>
<% } %>
<% <%
strErrorMessageRowStyle = "style=\"display:none\""; strErrorMessageRowStyle = "style=\"display:none\"";

View file

@ -60,19 +60,29 @@ public partial class SMSToken : System.Web.UI.Page
onRadiusAccept(response); onRadiusAccept(response);
} }
else { else {
Session["UserPass"] = ""; onRadiusReject(response);
Session["DomainUserName"] = "";
SafeRedirect("logoff.aspx?Error=LoginSMSFailed");
} }
} }
void onRadiusReject(RADIUSPacket response) {
if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage)){
// Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error
// message, when they could just put the message in the session
String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["Message"] = message;
}
Session["UserPass"] = "";
Session["DomainUserName"] = "";
SafeRedirect("logoff.aspx");
}
void onRadiusChallange(RADIUSPacket response){ void onRadiusChallange(RADIUSPacket response){
RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State); RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
Session["State"] = state; Session["State"] = state;
} }
void onRadiusAccept(RADIUSPacket response){ void onRadiusAccept(RADIUSPacket response){
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).GetString(); string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["SESSIONGUID"] = sessionGuid; Session["SESSIONGUID"] = sessionGuid;
HttpCookie myCookie = new HttpCookie("RadiusSessionId"); HttpCookie myCookie = new HttpCookie("RadiusSessionId");