webdav portal auth via ad

WebsitePanel/Sources/WebsitePanel.WebDav.Core/Security/Authentication/FormsAuthenticationService.cs

@@ -0,0 +1,74 @@
+using System;
+using System.DirectoryServices.AccountManagement;
+using System.Web;
+using System.Web.Script.Serialization;
+using System.Web.Security;
+using WebsitePanel.WebDav.Core.Interfaces.Security;
+using WebsitePanel.WebDav.Core.Security.Authentication.Principals;
+using WebsitePanel.WebDav.Core.Security.Cryptography;
+using WebsitePanel.WebDav.Core.Wsp.Framework;
+
+namespace WebsitePanel.WebDav.Core.Security.Authentication
+{
+    public class FormsAuthenticationService : IAuthenticationService
+    {
+        private readonly ICryptography _cryptography;
+        private readonly PrincipalContext _principalContext;
+
+        public FormsAuthenticationService(ICryptography cryptography)
+        {
+            _cryptography = cryptography;
+            _principalContext = new PrincipalContext(ContextType.Domain);
+        }
+
+        public WspPrincipal LogIn(string login, string password)
+        {
+            if (_principalContext.ValidateCredentials(login, password) == false)
+            {
+                return null;
+            }
+
+            var principal = new WspPrincipal(login);
+
+            var exchangeAccount = WSP.Services.ExchangeServer.GetAccountByAccountNameWithoutItemId(login);
+            var organization = WSP.Services.Organizations.GetOrganization(exchangeAccount.ItemId);
+
+            principal.AccountId = exchangeAccount.AccountId;
+            principal.ItemId = exchangeAccount.ItemId;
+            principal.OrganizationId = organization.OrganizationId;
+            principal.DisplayName = exchangeAccount.DisplayName;
+            principal.EncryptedPassword = _cryptography.Encrypt(password);
+
+            CreateAuthenticationTicket(principal);
+
+            HttpContext.Current.User = principal;
+
+            return principal;
+        }
+
+        public void CreateAuthenticationTicket(WspPrincipal principal)
+        {
+            var serializer = new JavaScriptSerializer();
+            string userData = serializer.Serialize(principal);
+
+            var authTicket = new FormsAuthenticationTicket(1, principal.Identity.Name, DateTime.Now, DateTime.Now.Add(FormsAuthentication.Timeout),
+                FormsAuthentication.SlidingExpiration, userData);
+
+            var encTicket = FormsAuthentication.Encrypt(authTicket);
+
+            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
+
+            if (FormsAuthentication.SlidingExpiration)
+            {
+                cookie.Expires = authTicket.Expiration;
+            }
+
+            HttpContext.Current.Response.Cookies.Add(cookie);
+        }
+
+        public void LogOut()
+        {
+            FormsAuthentication.SignOut();
+        }
+    }
+}

WebsitePanel/Sources/WebsitePanel.WebDav.Core/Security/Authentication/Principals/WspPrincipal.cs

@@ -0,0 +1,47 @@
+using System.Security.Principal;
+using System.Web.Script.Serialization;
+using System.Web.Security;
+using System.Xml.Serialization;
+
+namespace WebsitePanel.WebDav.Core.Security.Authentication.Principals
+{
+    public class WspPrincipal : IPrincipal
+    {
+        public int AccountId { get; set; }
+        public string OrganizationId { get; set; }
+        public int ItemId { get; set; }
+
+        public string Login { get; set; }
+        public string EncryptedPassword { get; set; }
+
+        public string DisplayName { get; set; }
+
+        public string UserName
+        {
+            get
+            {
+                return !string.IsNullOrEmpty(Login) ? Login.Split('@')[0] : string.Empty;
+            }
+        }
+
+        [XmlIgnore, ScriptIgnore]
+        public IIdentity Identity { get; private set; }
+
+        public WspPrincipal(string username)
+	    {
+		    Identity = new GenericIdentity(username);
+            Login = username;
+	    }
+
+        public WspPrincipal()
+        {
+        }
+
+        public bool IsInRole(string role)
+        {
+            return Identity.IsAuthenticated 
+                && !string.IsNullOrWhiteSpace(role) 
+                && Roles.IsUserInRole(Identity.Name, role);
+        }
+    }
+}

WebsitePanel/Sources/WebsitePanel.WebDav.Core/Security/Cryptography/CryptoUtils.cs

@@ -0,0 +1,195 @@
+using System;
+using System.Configuration;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+using Microsoft.Win32;
+
+namespace WebsitePanel.WebDav.Core.Security.Cryptography
+{
+    public class CryptoUtils : ICryptography
+    {
+        private string EnterpriseServerRegistryPath = "SOFTWARE\\WebsitePanel\\EnterpriseServer";
+
+        private string CryptoKey
+        {
+            get
+            {
+                string Key = ConfigurationManager.AppSettings["WebsitePanel.AltCryptoKey"];
+                string value = string.Empty;
+
+                if (!string.IsNullOrEmpty(Key))
+                {
+                    RegistryKey root = Registry.LocalMachine;
+                    RegistryKey rk = root.OpenSubKey(EnterpriseServerRegistryPath);
+                    if (rk != null)
+                    {
+                        value = (string)rk.GetValue(Key, null);
+                        rk.Close();
+                    }
+                }
+
+                if (!string.IsNullOrEmpty(value))
+                    return value;
+                else
+                    return ConfigurationManager.AppSettings["WebsitePanel.CryptoKey"];
+
+            }
+        }
+
+        private bool EncryptionEnabled
+        {
+            get
+            {
+                return (ConfigurationManager.AppSettings["WebsitePanel.EncryptionEnabled"] != null)
+                    ? Boolean.Parse(ConfigurationManager.AppSettings["WebsitePanel.EncryptionEnabled"]) : true;
+            }
+        }
+
+        public string Encrypt(string InputText)
+        {
+            string Password = CryptoKey;
+
+            if (!EncryptionEnabled)
+                return InputText;
+
+            if (InputText == null)
+                return InputText;
+
+            // We are now going to create an instance of the 
+            // Rihndael class.
+            RijndaelManaged RijndaelCipher = new RijndaelManaged();
+
+            // First we need to turn the input strings into a byte array.
+            byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);
+
+
+            // We are using salt to make it harder to guess our key
+            // using a dictionary attack.
+            byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
+
+
+            // The (Secret Key) will be generated from the specified 
+            // password and salt.
+            PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
+
+
+            // Create a encryptor from the existing SecretKey bytes.
+            // We use 32 bytes for the secret key 
+            // (the default Rijndael key length is 256 bit = 32 bytes) and
+            // then 16 bytes for the IV (initialization vector),
+            // (the default Rijndael IV length is 128 bit = 16 bytes)
+            ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
+
+
+            // Create a MemoryStream that is going to hold the encrypted bytes 
+            MemoryStream memoryStream = new MemoryStream();
+
+
+            // Create a CryptoStream through which we are going to be processing our data. 
+            // CryptoStreamMode.Write means that we are going to be writing data 
+            // to the stream and the output will be written in the MemoryStream
+            // we have provided. (always use write mode for encryption)
+            CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
+
+            // Start the encryption process.
+            cryptoStream.Write(PlainText, 0, PlainText.Length);
+
+
+            // Finish encrypting.
+            cryptoStream.FlushFinalBlock();
+
+            // Convert our encrypted data from a memoryStream into a byte array.
+            byte[] CipherBytes = memoryStream.ToArray();
+
+
+
+            // Close both streams.
+            memoryStream.Close();
+            cryptoStream.Close();
+
+
+
+            // Convert encrypted data into a base64-encoded string.
+            // A common mistake would be to use an Encoding class for that. 
+            // It does not work, because not all byte values can be
+            // represented by characters. We are going to be using Base64 encoding
+            // That is designed exactly for what we are trying to do. 
+            string EncryptedData = Convert.ToBase64String(CipherBytes);
+
+
+
+            // Return encrypted string.
+            return EncryptedData;
+        }
+
+        public string Decrypt(string InputText)
+        {
+            try
+            {
+                if (!EncryptionEnabled)
+                    return InputText;
+
+                if (InputText == null || InputText == "")
+                    return InputText;
+
+                string Password = CryptoKey;
+                RijndaelManaged RijndaelCipher = new RijndaelManaged();
+
+
+                byte[] EncryptedData = Convert.FromBase64String(InputText);
+                byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
+
+
+                PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
+
+                // Create a decryptor from the existing SecretKey bytes.
+                ICryptoTransform Decryptor = RijndaelCipher.CreateDecryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
+
+
+                MemoryStream memoryStream = new MemoryStream(EncryptedData);
+
+                // Create a CryptoStream. (always use Read mode for decryption).
+                CryptoStream cryptoStream = new CryptoStream(memoryStream, Decryptor, CryptoStreamMode.Read);
+
+
+                // Since at this point we don't know what the size of decrypted data
+                // will be, allocate the buffer long enough to hold EncryptedData;
+                // DecryptedData is never longer than EncryptedData.
+                byte[] PlainText = new byte[EncryptedData.Length];
+
+                // Start decrypting.
+                int DecryptedCount = cryptoStream.Read(PlainText, 0, PlainText.Length);
+
+
+                memoryStream.Close();
+                cryptoStream.Close();
+
+                // Convert decrypted data into a string. 
+                string DecryptedData = Encoding.Unicode.GetString(PlainText, 0, DecryptedCount);
+
+
+                // Return decrypted string.   
+                return DecryptedData;
+            }
+            catch
+            {
+                return "";
+            }
+        }
+
+        private string SHA1(string plainText)
+        {
+            // Convert plain text into a byte array.
+            byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
+
+            HashAlgorithm hash = new SHA1Managed(); ;
+
+            // Compute hash value of our plain text with appended salt.
+            byte[] hashBytes = hash.ComputeHash(plainTextBytes);
+
+            // Return the result.
+            return Convert.ToBase64String(hashBytes);
+        }
+    }
+}

WebsitePanel/Sources/WebsitePanel.WebDav.Core/Security/Cryptography/ICryptography.cs

@@ -0,0 +1,8 @@
+namespace WebsitePanel.WebDav.Core.Security.Cryptography
+{
+    public interface ICryptography
+    {
+        string Encrypt(string plainText);
+        string Decrypt(string encryptedText);
+    }
+}