mirror of
https://github.com/jakobadam/RDSFactor.git
synced 2025-06-10 14:34:32 +02:00
173 lines
No EOL
5.8 KiB
C#
173 lines
No EOL
5.8 KiB
C#
using System;
|
|
using System.IO;
|
|
using System.Collections.Generic;
|
|
using System.Web;
|
|
using System.Web.UI;
|
|
using System.Web.UI.WebControls;
|
|
using System.Web.Helpers;
|
|
using System.Configuration;
|
|
|
|
using RADAR;
|
|
|
|
public partial class SMSToken : System.Web.UI.Page
|
|
{
|
|
String radiusServer;
|
|
String radiusSecret;
|
|
|
|
//
|
|
// Localizable Text
|
|
//
|
|
public const string L_SmsToken_Text = "Enter SMS Token:";
|
|
public const string L_LogonFailureLabel_Text = "The user name or password that you entered is not valid. Try typing it again.";
|
|
public const string L_SubmitLabel_Text = "Submit";
|
|
public const string L_CancelLabel_Text = "Cancel";
|
|
|
|
//
|
|
// Page Variables
|
|
//
|
|
public string sHelpSourceServer, sLocalHelp, strWorksSpaceName;
|
|
public Uri baseUrl;
|
|
|
|
public SMSToken() {
|
|
radiusServer = ConfigurationManager.AppSettings["RadiusServer"];
|
|
radiusSecret = ConfigurationManager.AppSettings["RadiusSecret"];
|
|
}
|
|
|
|
public void btnSignIn_Click(object sender, EventArgs e){
|
|
String username = (string)Session["DomainUserName"];
|
|
RADIUSAttributes atts = new RADIUSAttributes();
|
|
RADIUSAttribute state = (RADIUSAttribute)Session["state"];
|
|
RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret);
|
|
|
|
atts.Add(state);
|
|
|
|
String encryptedChallangeResult = Crypto.SHA256(username + SmsToken.Text + radiusSecret);
|
|
RADIUSPacket response = client.Authenticate(username, encryptedChallangeResult, atts);
|
|
|
|
onRadiusResponse(response);
|
|
}
|
|
|
|
public void btnCancel_Click(object sender, EventArgs e){
|
|
SafeRedirect("logoff.aspx");
|
|
}
|
|
|
|
void onRadiusResponse(RADIUSPacket response) {
|
|
if (response.Code == RadiusPacketCode.AccessChallenge) {
|
|
onRadiusChallange(response);
|
|
}
|
|
else if (response.Code == RadiusPacketCode.AccessAccept) {
|
|
onRadiusAccept(response);
|
|
}
|
|
else {
|
|
Session["UserPass"] = "";
|
|
Session["DomainUserName"] = "";
|
|
SafeRedirect("logoff.aspx?Error=LoginSMSFailed");
|
|
}
|
|
}
|
|
|
|
void onRadiusChallange(RADIUSPacket response){
|
|
RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
|
|
Session["State"] = state;
|
|
}
|
|
|
|
void onRadiusAccept(RADIUSPacket response){
|
|
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).GetString();
|
|
Session["SESSIONGUID"] = sessionGuid;
|
|
|
|
HttpCookie myCookie = new HttpCookie("RadiusSessionId");
|
|
DateTime now = DateTime.Now;
|
|
myCookie.Value = sessionGuid;
|
|
myCookie.Expires = now.AddMinutes(480);
|
|
Response.Cookies.Add(myCookie);
|
|
|
|
Session["SMSTOKEN"] = "SMS_AUTH";
|
|
SafeRedirect("default.aspx");
|
|
}
|
|
|
|
void SafeRedirect(string strRedirectUrl){
|
|
string strRedirectSafeUrl = null;
|
|
|
|
if (!String.IsNullOrEmpty(strRedirectUrl)){
|
|
Uri redirectUri = new Uri(GetRealRequestUri(), strRedirectUrl);
|
|
|
|
if (redirectUri.Authority.Equals(Request.Url.Authority) && redirectUri.Scheme.Equals(Request.Url.Scheme)){
|
|
strRedirectSafeUrl = redirectUri.AbsoluteUri;
|
|
}
|
|
}
|
|
|
|
if (strRedirectSafeUrl == null){
|
|
strRedirectSafeUrl = "default.aspx";
|
|
}
|
|
|
|
Response.Redirect(strRedirectSafeUrl, false);
|
|
}
|
|
|
|
public static Uri GetRealRequestUri(HttpRequest request){
|
|
if (String.IsNullOrEmpty(request.Headers["Host"]))
|
|
return request.Url;
|
|
|
|
UriBuilder ub = new UriBuilder(request.Url);
|
|
string[] realHost = request.Headers["Host"].Split(':');
|
|
string host = realHost[0];
|
|
ub.Host = host;
|
|
string portString = realHost.Length > 1 ? realHost[1] : "";
|
|
int port;
|
|
if (int.TryParse(portString, out port))
|
|
ub.Port = port;
|
|
return ub.Uri;
|
|
}
|
|
|
|
public static Uri GetRealRequestUri()
|
|
{
|
|
if ((HttpContext.Current == null) || (HttpContext.Current.Request == null))
|
|
throw new ApplicationException("Cannot get current request.");
|
|
return GetRealRequestUri(HttpContext.Current.Request);
|
|
}
|
|
|
|
void Page_PreInit(object Sender, EventArgs e){
|
|
// Deny requests with "additional path information"
|
|
if (Request.PathInfo.Length != 0)
|
|
{
|
|
Response.StatusCode = 404;
|
|
Response.End();
|
|
}
|
|
|
|
// gives us https://<machine>/rdweb/pages/<lang>/
|
|
baseUrl = new Uri(new Uri(GetRealRequestUri(), Request.FilePath), ".");
|
|
sLocalHelp = ConfigurationManager.AppSettings["LocalHelp"];
|
|
if ((sLocalHelp != null) && (sLocalHelp == "true")){
|
|
sHelpSourceServer = "./rap-help.htm";
|
|
}
|
|
else{
|
|
sHelpSourceServer = "http://go.microsoft.com/fwlink/?LinkId=141038";
|
|
}
|
|
}
|
|
|
|
void Page_Load(object sender, EventArgs e){
|
|
btnSignIn.Text = L_SubmitLabel_Text;
|
|
btnCancel.Text = L_CancelLabel_Text;
|
|
|
|
if (Page.IsPostBack){
|
|
return;
|
|
}
|
|
|
|
String username = (string)Session["DomainUserName"];
|
|
String password = (string)Session["UserPass"];
|
|
deliveryLabel.Text = (string)Session["Delivery"];
|
|
|
|
RADIUSClient client = new RADIUSClient(radiusServer, 1812, radiusSecret);
|
|
RADIUSAttributes atts = new RADIUSAttributes();
|
|
try{
|
|
VendorSpecificAttribute vsa = new VendorSpecificAttribute(VendorSpecificType.Generic, (string)Session["Delivery"]);
|
|
vsa.SetRADIUSAttribute(ref atts);
|
|
RADIUSPacket response = client.Authenticate(username, password, atts);
|
|
onRadiusResponse(response);
|
|
}
|
|
catch (Exception ex){
|
|
Session["UserPass"] = "";
|
|
Session["DomainUserName"] = "";
|
|
|
|
SafeRedirect("logoff.aspx?Error=LoginRadiusFailed");
|
|
}
|
|
}
|
|
} |