From 6d53580b148a0ea6117fee3b6d6eca143ec34195 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakob=20Aar=C3=B8e=20Dam?= <jakob.a.dam@gmail.com>
Date: Thu, 23 Apr 2015 12:40:27 +0200
Subject: [PATCH] Refactoring smstoken

---
 .../RDWeb/Pages/en-US/smstoken.apsx.cs        | 173 ++++++++++++++++++
 RDSFactorWeb/RDWeb/Pages/en-US/smstoken.aspx  | Bin 11831 -> 4362 bytes
 2 files changed, 173 insertions(+)
 create mode 100644 RDSFactorWeb/RDWeb/Pages/en-US/smstoken.apsx.cs

diff --git a/RDSFactorWeb/RDWeb/Pages/en-US/smstoken.apsx.cs b/RDSFactorWeb/RDWeb/Pages/en-US/smstoken.apsx.cs
new file mode 100644
index 0000000..0f5a359
--- /dev/null
+++ b/RDSFactorWeb/RDWeb/Pages/en-US/smstoken.apsx.cs
@@ -0,0 +1,173 @@
+using System;
+using System.IO;
+using System.Collections.Generic;
+using System.Web;
+using System.Web.UI;
+using System.Web.UI.WebControls;
+using System.Web.Helpers;
+using System.Configuration;
+
+using RADAR;
+
+public partial class SMSToken : System.Web.UI.Page
+{
+    String radiusServer; 
+    String radiusSecret;
+
+    //
+    // Localizable Text
+    //
+    public const string L_SmsToken_Text = "Enter SMS Token:";
+    public const string L_LogonFailureLabel_Text = "The user name or password that you entered is not valid. Try typing it again.";
+    public const string L_SubmitLabel_Text = "Submit";
+    public const string L_CancelLabel_Text = "Cancel";
+    //
+    // Page Variables
+    //
+
+    public string sHelpSourceServer, sLocalHelp, strWorksSpaceName;
+    public Uri baseUrl;
+
+    public SMSToken() {
+        radiusServer = ConfigurationManager.AppSettings["RadiusServer"];
+        radiusSecret = ConfigurationManager.AppSettings["RadiusSecret"];
+    }
+
+    public void btnSignIn_Click(object sender, EventArgs e){
+        String username = (string)Session["DomainUserName"];
+        RADIUSAttributes atts = new RADIUSAttributes();
+        RADIUSAttribute state = (RADIUSAttribute)Session["state"];
+        RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret);
+       
+        atts.Add(state);
+
+        String encryptedChallangeResult = Crypto.SHA256(username + SmsToken.Text + radiusSecret);
+        RADIUSPacket response = client.Authenticate(username, encryptedChallangeResult, atts);
+
+        onRadiusResponse(response);
+    }
+
+    public void btnCancel_Click(object sender, EventArgs e){
+        SafeRedirect("logoff.aspx");
+    }
+
+    void onRadiusResponse(RADIUSPacket response) {
+        if (response.Code == RadiusPacketCode.AccessChallenge) {
+            onRadiusChallange(response);
+        }
+        else if (response.Code == RadiusPacketCode.AccessAccept) {
+            onRadiusAccept(response);
+        }
+        else {
+            Session["UserPass"] = "";
+            Session["DomainUserName"] = "";
+            SafeRedirect("logoff.aspx?Error=LoginSMSFailed");
+        }
+    }
+
+    void onRadiusChallange(RADIUSPacket response){
+        RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
+        Session["State"] = state;
+    }
+
+    void onRadiusAccept(RADIUSPacket response){
+        string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).GetString();
+        Session["SESSIONGUID"] = sessionGuid;
+
+        HttpCookie myCookie = new HttpCookie("RadiusSessionId");
+        DateTime now = DateTime.Now;
+        myCookie.Value = sessionGuid;
+        myCookie.Expires = now.AddMinutes(480);
+        Response.Cookies.Add(myCookie);
+
+        Session["SMSTOKEN"] = "SMS_AUTH";
+        SafeRedirect("default.aspx");
+    }
+    
+    void SafeRedirect(string strRedirectUrl){
+        string strRedirectSafeUrl = null;
+
+        if (!String.IsNullOrEmpty(strRedirectUrl)){
+            Uri redirectUri = new Uri(GetRealRequestUri(), strRedirectUrl);
+
+            if (redirectUri.Authority.Equals(Request.Url.Authority) && redirectUri.Scheme.Equals(Request.Url.Scheme)){
+                strRedirectSafeUrl = redirectUri.AbsoluteUri;
+            }
+        }
+
+        if (strRedirectSafeUrl == null){
+            strRedirectSafeUrl = "default.aspx";
+        }
+
+        Response.Redirect(strRedirectSafeUrl, false);
+    }
+
+    public static Uri GetRealRequestUri(HttpRequest request){
+        if (String.IsNullOrEmpty(request.Headers["Host"]))
+            return request.Url;
+
+        UriBuilder ub = new UriBuilder(request.Url);
+        string[] realHost = request.Headers["Host"].Split(':');
+        string host = realHost[0];
+        ub.Host = host;
+        string portString = realHost.Length > 1 ? realHost[1] : "";
+        int port;
+        if (int.TryParse(portString, out port))
+            ub.Port = port;
+        return ub.Uri;
+    }
+
+    public static Uri GetRealRequestUri()
+    {
+        if ((HttpContext.Current == null) || (HttpContext.Current.Request == null))
+            throw new ApplicationException("Cannot get current request.");
+        return GetRealRequestUri(HttpContext.Current.Request);
+    }
+
+    void Page_PreInit(object Sender, EventArgs e){
+        // Deny requests with "additional path information"
+        if (Request.PathInfo.Length != 0)
+        {
+           Response.StatusCode = 404;
+           Response.End();
+        }
+
+        // gives us https://<machine>/rdweb/pages/<lang>/
+	    baseUrl = new Uri(new Uri(GetRealRequestUri(), Request.FilePath), ".");
+        sLocalHelp = ConfigurationManager.AppSettings["LocalHelp"];
+        if ((sLocalHelp != null) && (sLocalHelp == "true")){
+            sHelpSourceServer = "./rap-help.htm";
+        }
+        else{
+            sHelpSourceServer = "http://go.microsoft.com/fwlink/?LinkId=141038";
+        }
+    }
+
+    void Page_Load(object sender, EventArgs e){
+        btnSignIn.Text = L_SubmitLabel_Text;
+        btnCancel.Text = L_CancelLabel_Text;
+
+        if (Page.IsPostBack){
+            return;
+        }
+
+        String username = (string)Session["DomainUserName"];
+        String password = (string)Session["UserPass"];
+        deliveryLabel.Text = (string)Session["Delivery"];
+
+        RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret);
+        RADIUSAttributes atts = new RADIUSAttributes();
+        try{
+            VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, (string)Session["Delivery"]);
+            vsa.SetRADIUSAttribute(ref atts);
+            RADIUSPacket response = client.Authenticate(username, password, atts);
+            onRadiusResponse(response);
+        }
+        catch (Exception ex){
+            Session["UserPass"] = "";
+            Session["DomainUserName"] = "";
+
+            SafeRedirect("logoff.aspx?Error=LoginRadiusFailed");
+        }
+    }    
+}
\ No newline at end of file
diff --git a/RDSFactorWeb/RDWeb/Pages/en-US/smstoken.aspx b/RDSFactorWeb/RDWeb/Pages/en-US/smstoken.aspx
index 3f9da4f04f854f2149343d87430a9164e52396bb..3fd5a97760b344d20824dc21a80bcb5adb0f1ae2 100644
GIT binary patch
literal 4362
zcmcInYflqV5S`B^{)Y_)qaWA`#7DG%3N$t;VrY?%q%WYcv`x3w;*VF)nc3TYbaz_{
zhS0~}xo2k1%$a-p_fJ_4WG1)L7f*glSH==ZPlhs(J=u_L@#PiXJ**6*jprS#4&+)_
z&!r(1*^+m#IFNmLDo-TB+XB)=?tt9IryIO>@!ivBBYY<Q1n)Dvmhc+DlAdl5LszbJ
z-G~2@)Zvqs{@m)J-rDdM<aj%SrvdUL7Zqv3cORbJ4(Hi&-9)?}<r}Q7Ved%|pUBQM
ze8L<L<(Yaqf<+4}#@z(yQ#@hD^ccuUSr72}ID_jc7`O_#_JGL>krTc)z;YI&tSa$6
zsltvG7%P*3a$A=ZFxvpq55=J+ahZ8Vv$h%q=nhuW+4;zAgeS9*74F*%s~=~jihay!
zjJ=+G#jaZ*GtVa2H0(MeCw3QWahx&`$?SbGeC#-VB%}*O)k2P6@ZMK`sSV@P<-2~I
zb)dG<0alT_wPQX(rP@FlBDNtqWP*qrz#fB9Dz%B&>1zyi(~=eN(XmtH*2fbn(-h68
zRxR%F(F6Q;E1zIH(e7cd5u>T^?7($v_P?Tz$78*CCP#9C93qYKIW@t*7ILBDSckr<
zf)(9U#^TjE#wvT%^yWjMf$~7ry_ln%D~b<qEvyf*hs<?_&wKJxRkEQ|()qWU=^`ql
z*BVe|4gZ`wgOtwA+U+f)+EyVCwjGVWq7|#*`L*sRADlDngNa%&TlNB9H$v4qM820{
z*VNwNJo}}{tUf2%uDlLUgO+->8OaqpBiJ`Rc(${Hy=F6to;>ZnJ}jvJ4*sm`qTRIT
zx|<Nm^<?fYVn#d8$RfVpfp5+}Ms^dju%i+0%X7@;ZFz%lACP$otDPJ)TXnu%#hf3<
zoLi4Scb^$+9(vqnUG^P+kIAo#i|@<0PTP|AWdCgArjXSsREO1u9cc=z$t6_ClP5Z%
zE_Jf;zQFlgT(5XEF8alY-l_)HLrQjgGKZ}GNJnH*asG_t{XDbJP}U60RWY}yjWh?Q
zq&_sn8w@QtVaQ1pY8&aq;pt5+byRmn`uBj*li#o=(hl@Z{HCG|q1YiRFai>9Zf3(X
z<_cEEe|GfQT21G_I_pX8rE%=L**NXwMNs53>1DBk#r<#UUYs<`J1prpncZR(%XOF+
ziJN&@n9gfi`-=U@n`}$FDC$Mddro*eJ?>&Q%gz~Z-rwxA2%G!91Cd?G`-t@zZ{0ix
zcsow^S+p~+!sKW5Iqvdy?^fgJJmu-~S=GS%?*K6|;v(Oi@l;U!BwT$q6!XuU@)&c$
z{f=19`eSoTo}w7z%tT$%LX-o{ExQSDDlLzbw}bdhb2po~2cnz;?NGUG<5vrNY0=wd
z%z}IPS1PF4>Ny>vuKX2D6)ex`VHw4Jr88nSj5<%r_fbF=M)9Px36yoK+6`}25Akn%
Zv*$S1TxXaDUG!X8<?c+o^e+NK`UfnxWS;;4

literal 11831
zcmc&)ZFAeU9e=&u?K`0Cxs|UDWhZHux{@=;b`ss}#AnIri#X?_C`jT=kt_gOR?~g5
zz1T<ESJ>|lfX|d7x4WC}Y)S<1e|`k;pMU+k_wr#8vU@IM5J!FIz}<HkkNkKNM6<qg
zJ$n7*h4b?0FMrnao=CL{xtw#Zm|7*g?<oGDx(_mR*j(^w-*MgUFi_m3S6^D@OIccW
z#iI!que~62X+SUDVSl^yW}KaS(JaN6zH{=m!%q1)1#MF=l-yxgTqbcO`B_eMs-_^C
zoy3viks6igT!79UFave~day`hq1Zcb0T7-K=);v%d|~Enn&A%KZ!zg-K6c;oFoA3x
zrtxlsIf4W|68jdQhulv^pjMlvUIe~~Wjs~xh>JxKdEt<Y`@rYYy-depAm_m4UP1(3
z=)R7{;y6`v2rTeD1zY%Ef!+k?>iG2d%1nStq%VR*v9O|Skw%{COHj@QG{^AicC#lt
zNu`Px!LQyp<ZJ|6%tp*pDghqZ`Rz%(NW5r8s=lRZtk0aEV{u2;6Q=?)aegARsDVF^
zeJ@-K-G|vJmg5*M<S4%5QI6mY_9xizV#xISLqb6aYU|G9Ssanwr-Gk*V;<%JMsv<m
zu+AdT&0@h4Ps(L1CQQve#a3|&R|O6}VS!{(tk^xsow#fyR^*?=d!U#%^Mc4-gMFBe
z7lEqcHSg9eIPoH%ht&n<-I@i3V~+wA7V<w6A{K}2I?~EhF`EQ33B47&I%RMjcI-nf
zS}!d^D}Y`e<nlU>SQ_z%g!>92;RK(}J;`Dp-a=B+VuPp>!SBh^As;oT-xOq~B3`gD
zr<axztngzj^i{Z8C%+OQPjf;(1bkTq9z<+Fs)`Uf&mNL67EtRlP;(H#*;zCvsZLnt
z*A%>_!7LTp6`^I45vcJZ{J|ucO#L~-FU{l@v^~pdy9~Jp0174&#yZ}VWIz<fDT4d<
zM7eA*H4u!zVcigH$|ZwJ$Gni`9!m^rn&J7{eg*R;2u%T;$WyV<j5NGZr+^Qh2uKLB
zI-F1>^D`#|7;RM-FdV4#DqapLVOhUx%zc$A1s`soHjd+vjma<hM7t<rhE6$qY<y|`
z@FI{4Px*7}y)83dA)4JahbbO~`~eZXIrfG}Tm*h|V3=x;$gs3?MG0r9LmEYUF7}wz
zQH<VKS6qvLjbRGcBFqLvaPKJ?mkFDATqF8W&|Etqlf>Eyr||;Or+t`W8-=#^QANQN
zLq_42rYl%%Dh+E8M8!=mya-Ac?s1X~xgzhDAD!|7=aa=$1Lg~O<zs-+f*hEkFR`*i
zN*i1cj}=5XPPHr{(VUC>IG8Z9=i5uc2T`Cp@%SHzFHGv{XOEpxTsjsr$@s1T{5g|=
z$xWz!q7@VT7kHSGCWJWNWD-!$_Cka*#FQYKBA=TyZlKWOV9GjIW}$nDX#>o1&v`V%
zim&=?-y)=`KuQn$$x1ADs63U*lX$`*uIKyDtvKt`&Z0?Yw>0+88Vj@F9^oOCY_3!y
z54+vo!t+s$@T0DnEcv)g@mO|yR0$j*+5d?USW^Y!h%Xt8x05~JaCODK(6UA&yL(9N
zT0-t?_%AVwSB~qHsVe+pE8XW_lq;U7BAIqdkRZn>4Z~gb%{Q$4zK?=KiIh9LYo*L&
z-FHEk<93CYJek9L-MLz1DV9(}s`Q`_M<rbRsw%G?EJ+@MpT+JXFBAQE(VZ^CAiC?m
zJjegRq<`@IVE@^R7Oc5S3yVHSHrdLY4b2ScX9fpwNZFK$D#|Ii8LMa*%%VYrGFBIE
z=ePBmrDSTDZHkd%cD-Q1>;gLJkNnXc$jex&SDt^jTeE&Rn@U9%!ie~i<O@hyFoV)M
zCcf+rk%r)v9~~0}vtU{=AWY3-XxmC!L*rPJiOoI>%(@mk$QW)S=OO$}tTftUmCkRv
zl>%Ne&5{&N5IYG21S95~hw;1eNT(cI_t?RUgQxI28=xsfmc6YO7bWu)!dDq+9y4Vn
zco_6<MyY<5NG%wmismy3r+7ubJ|MEjVu+$Jm<E21gxyQeqF*zkQ+-c;q-%5Y-UcC;
znI`<e<02i^`0t=w)*_(kRf4TsnDQ54jHAb?_y$3(E-}C_VZ2CW!ZyU<&dRRT*zrzg
zrzi{x)7#5wA>g%-4Z!r4+$DqWnmo|ADmU2aooh%xnR{V~?7|xkMUX6)dJ@7s0%J+3
zG=V<AtYbfYm&iSoc5?K&DkapSUI#*|{FOD${I^yfWiQ@_Cihc4!}$a(8k=>ws;o=S
zPh@qwwo!RPTqm{xr4jm2V1AU)43JF{Gc(qR%U~`3+d@a0K=dX>_0ea4K!jI330Jnd
z-X*aQb*Tu4tyv_IP>A(xI2^ox_vU(VYJ^*m)1vgZNKGekd>3%GSlKToP81`Zyspy`
zc2G?o8ULry_b5Q?9K}oUo&9v*#mg4F88Y{S7p7!sC8=$ij&?49QDOnmxW|*p1==6Q
zW#{>e{Wfd6vi=GGAtog)>14>;78G*47>?fm{p_6<qJxcv+vDre+j4f!IL~oh@d=3Y
zk!B}+>ZPG_J()Z>d%BZ>)@o|28Mijy&t)&nX(<vD7<bxe$fwq`-`WM<lo#|OK*ZCj
zCikUo>iXxX7b0*?oe^(pT$dy|T;Q92Vj~M(a_8)U921F{@rQ<I<y3BFD4(`1Gj+)h
zw_(mC&ldiyUNnoO<Ghtcjqg)2%vy?I6Sttg%qn!TYMcmr5f92ep=}YQcvPpRYW?ju
z)@hmG+G;wVSSn%(xS9)i7}ewGz0i;A&LbCl$3Y23yHhh{C%qE`l)~2Ml|W`HtrlK3
z(3E-1qhv$yGM+3YMY~lNmx*tv4&R}we=p7!iCQ58n%?3q_G_`Z`_Xxe($V=;F6{xs
zGLua%+H8UkmAy)X5X)IQrqE$}8v8ECfJGU9w916@kDmbB3kfM!X7FpoxI-vHb-q3P
zwh4gEv!w>g$Nj7^CL}3#t<5-1D@8t=OlZ^Gh(%*JAhJI4h#jz(Ie8xsKC#1UbO@k(
zf>44>W{KA>b}cVGA$h03u*YaOihkFGOH^LsHAtvIvtq|MWSn8ijl(!Y)~xI1rQ(^E
zM?A7fL@H=_Qga$X!BkQuECqP0ZugauSj~`XXi8r7xmZp*ArHp}rVi!wJvW$6i{I<Y
zu1tP~8UjZWuOgtgB?K;&j4_=sxM#nlIB3Z?4!~nENNw(BI75HV7rYIK87Z+$B;Zqf
zQxgQuC`ql5dWHD0j6<YgG62l4Qka_pfvWr<skFhi!La~Sqp58TtL9s1fY8yWg0h*X
zo4|@(t=Ah!fTDllpZR7pg0^T=TMx}H9uBu?FBFNdBnUgEH;a(IPY!Qxu1=9yeQd&(
zzG54me(48w$@1m~uy1a#N8{p4IqO?Au*`Cq#lB+>0stO%yd;QJ(iV9Kq;PNXGi(j9
z5I_Ne_H1Yu51kwJ{2d~5w~@Iq*VW6gSHU|On<WHRM!CQf5i4^vprw>=EZm~e_3s|F
zb&)kuAhy{G>K#uiCurwXH|~Y9vM#1m>j#Uy0zIR$MNq6Zi$L!Gu`j1;&_nO8%T`Tn
zIl)-N!U?iiB{+r2`#V@Vs!z!4ga%@F`1bhe_dn#_C@ds9KQkK{-+f^x;jzu`I*N+U
zw-7T00#Q`ywA;D1%e4(#vA7u=$joKY@<0YT@Vr6Ywujxi0m}>4;nvMp!2^XBQ*!;$
zHY^JUUv9y&4rq(^E1&w9)+-OS>)Ng=`-S|rYPu>#L^bx8-J=w?H}2W4!T#?3=yqM(
zSET^Kar^G6M3oW3hLCA?Q-4RuTuWcx0RU^SYc2uMg%jkRV@f(UZP6BZD#E_g+vzuU
z%6E<&I}OL<cltI59W3d|*_rBDh)M)y=9%=pgm;>k0(J{1bl8v~TeIGtN4UpDu|WWg
z0QF6UUU4>zqx}n$hwUAP9yaqshO0M`>^pO_8NXaE-Q_bk7PIcbk3as{eV{pxT|h3`
zo1@_<{nqamTzUE+<q5iy;2u|G%)OT<wCCl}WdpheV{hsZ#GjZyr!rgh(<s12AMSMP
zFclrtA3@OPw*?Qy>HW@8uWP0hKGW;gi0h5x$*K-`ey|xT#tV>|y`;Xtp7#?C$(JXa
zGx;qin?v&Y<X*SL3D|@PkF>G%x`l8m3MLkMZ$}sB7dZN~>d>SXy!GgSjs=sx^I9y<
zX=B4-=BkT>!U5a$r1#Qvr7uY=gNd5=ooC<UlGYgaK)C2T_=-y(Gu++sp=T^)xSkOv
zbR<YOxG+q=$tCRX3Scc`mEEkNU-apz37hj^Hiz9j-FJ?@`TF38{hy%phV^yz+JaEC
zx&>ZMRc78MroPMt!6<)v4L-6_;>XJF;6))YK^!{9z_RK?-;>Y=Ugxz1*k7@@DU|X=
zs~U@`DyM87J$u-eJEUUwRs6sPr?`q{Zxca%A<ln{{|=%g#ZEU5Cv|IKGWZqY?&<fi
zhE&Bk%ESEvg*V6oL}UqkizYxoJ85gU!|S?=H4|NJrZogDFzos&&ZhdxX4o$39FTDq
z`fq?1-+DXdjcmUgf@;jsw;KC5j=lDC7{w94$@es=8f4@A@`X7p%i2_1?L7i`0obNp
zx{yfH%RZ2U4h%{hIE<2AJK;M=tg*1oWP2ubXhS4sZIr03CFE5y=nce6E?S%W1%+lR
zC<(rH(dKu^T<=%cgiaJfI9mYUM&@-UYay^jIOJ3M>{UCgIfZTbCHZvU(Sr{A5Xb=X
zM9|lFSFK;_!5Vri{klS}z0+v+Da^$RA~TwrTw3iVOC4+Dla5OTlMuH)fNik(NX|%f
zhCVI3ycKW2&7vQrOS8aX?<3u?_nmy1DMxY1meorcl9J}3ip^B94Qw{lu0vL?eVrCm
zRU6slCbgN3Xj+bZ&yawt^NFeEn@#v=1${8bI&`tV*Cl>|f?m;IuiLC$Q0v%o925Tw
D9C|Vv