CSOIreland
diff --git a/‎rls/API.Library.dll
4.5 KB b/‎rls/API.Library.dll
4.5 KB
diff --git a/‎rls/API.Library.dll.config
Lines changed: 246 additions & 244 deletions b/‎rls/API.Library.dll.config
Lines changed: 246 additions & 244 deletions
diff --git a/‎rls/API.Library.pdb
10 KB b/‎rls/API.Library.pdb
10 KB
diff --git a/‎src/API.Library/API.Library.csproj
Lines changed: 1 addition & 0 deletions b/‎src/API.Library/API.Library.csproj
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/API.Library/App.config
Lines changed: 246 additions & 244 deletions b/‎src/API.Library/App.config
Lines changed: 246 additions & 244 deletions
diff --git a/‎src/API.Library/Entities/API.Common.cs
Lines changed: 17 additions & 7 deletions b/‎src/API.Library/Entities/API.Common.cs
Lines changed: 17 additions & 7 deletions
diff --git a/‎src/API.Library/Entities/API.JSONRPC.cs
Lines changed: 49 additions & 7 deletions b/‎src/API.Library/Entities/API.JSONRPC.cs
Lines changed: 49 additions & 7 deletions
diff --git a/‎src/API.Library/Entities/API.Map.cs
Lines changed: 4 additions & 2 deletions b/‎src/API.Library/Entities/API.Map.cs
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/API.Library/Entities/API.RESTful.cs
Lines changed: 52 additions & 6 deletions b/‎src/API.Library/Entities/API.RESTful.cs
Lines changed: 52 additions & 6 deletions
diff --git a/‎src/API.Library/Entities/ActiveDirectory.cs
Lines changed: 19 additions & 2 deletions b/‎src/API.Library/Entities/ActiveDirectory.cs
Lines changed: 19 additions & 2 deletions
@@ -117,6 +117,7 @@
     <Compile Include="Entities\Performance.cs" />
     <Compile Include="Entities\Performance.ADO.cs" />
     <Compile Include="Entities\ReCAPTCHA.cs" />
+    <Compile Include="Entities\TwoFA.cs" />
     <Compile Include="Entities\Utility.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="Properties\Resources.Designer.cs">
 
@@ -95,6 +95,10 @@ public class Common
         /// HTTP POST Request
         /// </summary>
         internal string httpPOST = null;
+        /// <summary>
+        /// Session cookie
+        /// </summary>
+        public static string SessionCookieName = ConfigurationManager.AppSettings["API_SESSION_COOKIE"];
 
         /// <summary>
         /// Authenticate the user in the context
@@ -236,13 +240,13 @@ public class Common
             if (string.IsNullOrEmpty(NetworkUsername))
             {
                 Log.Instance.Fatal("Undefined Network Username");
-                return null;
+                return false;
             }
 
             if (String.IsNullOrEmpty(API_AD_DOMAIN))
             {
                 Log.Instance.Fatal("Undefined AD Domain");
-                return null;
+                return false;
             }
 
             // Query AD
@@ -265,15 +269,15 @@ public class Common
                 if (UserPrincipal == null)
                 {
                     Log.Instance.Fatal("Undefined User Principal against AD");
-                    return null;
+                    return false;
                 }
                 return true;
             }
             catch (Exception e)
             {
                 Log.Instance.Fatal("Unable to connect/query AD");
                 Log.Instance.Fatal(e);
-                return null;
+                return false;
             }
         }
 
@@ -284,7 +288,7 @@ public class Common
         {
             // Override userPrincipal for security
             UserPrincipal = null;
-            return true;
+            return null;
         }
 
         /// <summary>
@@ -316,17 +320,23 @@ public class Common
 
                     // Query AD and get the logged username
                     UserPrincipal = API_UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, NetworkUsername);
+                    if (UserPrincipal == null)
+                    {
+                        Log.Instance.Fatal("Undefined User Principal against AD");
+                        return false;
+                    }
+
                     return true;
                 }
                 catch (Exception e)
                 {
                     Log.Instance.Fatal("Unable to connect/query AD");
                     Log.Instance.Fatal(e);
-                    return null;
+                    return false;
                 }
             }
 
-            return true;
+            return null;
         }
 
         /// <summary>
 
@@ -38,6 +38,7 @@ public class JSONRPC : Common, IHttpHandler, IRequiresSessionState
         /// Mask parametrs 
         /// </summary>
         private static List<string> API_JSONRPC_MASK_PARAMETERS = (ConfigurationManager.AppSettings["API_JSONRPC_MASK_PARAMETERS"]).Split(',').ToList<string>();
+
         #endregion
 
         #region Methods
@@ -81,15 +82,30 @@ public void ProcessRequest(HttpContext context)
                     ParseError(ref context, JSONRPC_Request.id, error);
                 }
 
-                // Authenticate and append credentials
-                if (Authenticate(ref context) == false)
+                // Get Session Cookie
+                HttpCookie sessionCookie = null;
+                if (!String.IsNullOrEmpty(SessionCookieName))
                 {
-                    JSONRPC_Error error = new JSONRPC_Error { code = -32002 };
-                    ParseError(ref context, JSONRPC_Request.id, error);
+                    sessionCookie = context.Request.Cookies[SessionCookieName];
+                }
+
+                JSONRPC_Output result = null;
+
+                bool? isAuthenticated = Authenticate(ref context);
+                switch (isAuthenticated)
+                {
+                    case null: //Anonymous authentication
+                        result = GetResult(ref context, JSONRPC_Request, sessionCookie);
+                        break;
+                    case true: //Windows Authentication
+                        result = GetResult(ref context, JSONRPC_Request, null);
+                        break;
+                    case false: //Error
+                        JSONRPC_Error error = new JSONRPC_Error { code = -32002 };
+                        ParseError(ref context, JSONRPC_Request.id, error);
+                        break;
                 }
 
-                // Get results from the relevant method with the params
-                JSONRPC_Output result = GetResult(ref context, JSONRPC_Request);
                 if (result == null)
                 {
                     JSONRPC_Error error = new JSONRPC_Error { code = -32603 };
@@ -102,6 +118,22 @@ public void ProcessRequest(HttpContext context)
                 }
                 else
                 {
+                    // Set the Session Cookie if requested
+                    if (!String.IsNullOrEmpty(SessionCookieName) && result.sessionCookie != null && result.sessionCookie.Name.Equals(SessionCookieName))
+                    {
+                        // No expiry time allowed in the future
+                        if (result.sessionCookie.Expires > DateTime.Now)
+                        {
+                            result.sessionCookie.Expires = default;
+                        }
+
+                        result.sessionCookie.Secure = true;
+                        result.sessionCookie.Domain = null;
+                        result.sessionCookie.HttpOnly = true;
+                        result.sessionCookie.SameSite = SameSiteMode.Strict;
+                        context.Response.Cookies.Add(result.sessionCookie);
+                    }
+
                     // Check if the result.data is already a JSON type casted as: new JRaw(data); 
                     var jsonRaw = result.data as JRaw;
                     if (jsonRaw != null)
@@ -352,7 +384,7 @@ private static MethodInfo MapMethod(JSONRPC_Request JSONRPC_Request)
         /// </summary>
         /// <param name="JSONRPC_Request"></param>
         /// <returns></returns>
-        private dynamic GetResult(ref HttpContext context, JSONRPC_Request JSONRPC_Request)
+        private dynamic GetResult(ref HttpContext context, JSONRPC_Request JSONRPC_Request, HttpCookie sessionCookie = null)
         {
             // Set the API object
             JSONRPC_API apiRequest = new JSONRPC_API();
@@ -363,6 +395,7 @@ private dynamic GetResult(ref HttpContext context, JSONRPC_Request JSONRPC_Reque
             apiRequest.userAgent = Utility.GetUserAgent();
             apiRequest.httpGET = httpGET;
             apiRequest.httpPOST = httpPOST;
+            apiRequest.sessionCookie = sessionCookie;
 
             // Hide password from logs
             Log.Instance.Info("API Request: " + MaskParameters(Utility.JsonSerialize_IgnoreLoopingReference(apiRequest)));
@@ -455,6 +488,10 @@ public class JSONRPC_Output
         /// </summary>
         public dynamic error { get; set; }
 
+        /// <summary>
+        /// Session Cookie
+        /// </summary>
+        public HttpCookie sessionCookie { get; set; }
         #endregion
     }
 
@@ -522,6 +559,11 @@ public class JSONRPC_API
         /// POST request
         /// </summary>
         public string httpPOST { get; internal set; }
+
+        /// <summary>
+        /// Session Cookie
+        /// </summary>
+        public HttpCookie sessionCookie { get; internal set; }
         #endregion
     }
 
 
@@ -30,7 +30,8 @@ public static JSONRPC_API RESTful2JSONRPC_API(RESTful_API RestfulApi)
                 ipAddress = RestfulApi.ipAddress,
                 userAgent = RestfulApi.userAgent,
                 httpGET = RestfulApi.httpGET,
-                httpPOST = RestfulApi.httpPOST
+                httpPOST = RestfulApi.httpPOST,
+                sessionCookie = RestfulApi.sessionCookie
             };
         }
 
@@ -52,7 +53,8 @@ public static RESTful_API JSONRPC2RESTful_API(JSONRPC_API JsonRpcApi)
                 ipAddress = JsonRpcApi.ipAddress,
                 userAgent = JsonRpcApi.userAgent,
                 httpGET = JsonRpcApi.httpGET,
-                httpPOST = JsonRpcApi.httpPOST
+                httpPOST = JsonRpcApi.httpPOST,
+                sessionCookie = JsonRpcApi.sessionCookie
             };
         }
 
 
@@ -65,24 +65,60 @@ public void ProcessRequest(HttpContext context)
                     ParseError(ref context, HttpStatusCode.ServiceUnavailable, "System maintenance");
                 }
 
-                // Authenticate and append credentials
-                if (Authenticate(ref context) == false)
+                // Get Session Cookie
+                HttpCookie sessionCookie = null;
+                if (!String.IsNullOrEmpty(SessionCookieName))
                 {
-                    ParseError(ref context, HttpStatusCode.Unauthorized, "Invalid authentication");
+                    sessionCookie = context.Request.Cookies[SessionCookieName];
                 }
 
-                // Get results from the relevant method with the params
-                RESTful_Output result = GetResult(ref context);
+                RESTful_Output result = null;
+
+                bool? isAuthenticated = Authenticate(ref context);
+                switch (isAuthenticated)
+                {
+                    case null: //Anonymous authentication
+                        result = GetResult(ref context, sessionCookie);
+                        break;
+                    case true: //Windows Authentication
+                        result = GetResult(ref context);
+
+                        break;
+                    case false: //Error
+                        ParseError(ref context, HttpStatusCode.InternalServerError, "Internal Error");
+                        break;
+                }
+
+
 
                 if (result == null)
                 {
                     ParseError(ref context, HttpStatusCode.InternalServerError, "Internal Error");
                 }
+
+
                 else if (result.statusCode == HttpStatusCode.OK)
                 {
                     context.Response.StatusCode = (int)result.statusCode;
                     context.Response.ContentType = result.mimeType;
 
+                    // Set the Session Cookie if requested
+                    if (!String.IsNullOrEmpty(SessionCookieName) && result.sessionCookie != null && result.sessionCookie.Name.Equals(SessionCookieName))
+                    {
+                        // No expiry time allowed in the future
+                        if (result.sessionCookie.Expires > DateTime.Now)
+                        {
+                            result.sessionCookie.Expires = default;
+                        }
+
+                        result.sessionCookie.Secure = true;
+                        result.sessionCookie.Domain = null;
+                        result.sessionCookie.HttpOnly = true;
+                        result.sessionCookie.SameSite = SameSiteMode.Strict;
+                        context.Response.Cookies.Add(result.sessionCookie);
+                    }
+
+
                     if (!String.IsNullOrEmpty(result.fileName))
                     {
                         context.Response.AppendHeader("Content-Disposition", new ContentDisposition { Inline = true, FileName = result.fileName }.ToString());
@@ -276,7 +312,7 @@ private static MethodInfo MapMethod(List<string> requestParams)
         /// Invoke and return the results from the mapped method
         /// </summary>
         /// <returns></returns>
-        private dynamic GetResult(ref HttpContext context)
+        private dynamic GetResult(ref HttpContext context, HttpCookie sessionCookie = null)
         {
             // Set the API object
             RESTful_API apiRequest = new RESTful_API();
@@ -287,6 +323,7 @@ private dynamic GetResult(ref HttpContext context)
             apiRequest.userAgent = Utility.GetUserAgent();
             apiRequest.httpGET = httpGET;
             apiRequest.httpPOST = httpPOST;
+            apiRequest.sessionCookie = sessionCookie;
 
             // Hide password from logs
             Log.Instance.Info("API Request: " + Utility.JsonSerialize_IgnoreLoopingReference(apiRequest));
@@ -335,6 +372,11 @@ public class RESTful_Output
         /// RESTful filename (optional)
         /// </summary>
         public string fileName { get; set; }
+
+        /// <summary>
+        /// Session Cookie
+        /// </summary>
+        public HttpCookie sessionCookie { get; set; }
         #endregion
     }
 
@@ -379,6 +421,10 @@ public class RESTful_API
         /// </summary>
         public string httpPOST { get; internal set; }
 
+        /// <summary>
+        /// Session Cookie
+        /// </summary>
+        public HttpCookie sessionCookie { get; internal set; }
         #endregion
     }
 }
@@ -1,7 +1,7 @@
 using System;
-using System.DirectoryServices.AccountManagement;
 using System.Collections.Generic;
 using System.Configuration;
+using System.DirectoryServices.AccountManagement;
 using System.Dynamic;
 using System.Linq;
 
@@ -146,8 +146,25 @@ public static bool IsAuthenticated(dynamic userPrincipal)
             else
                 return true;
         }
+
+        /// <summary>
+        /// Validate a Password against an AD account
+        /// </summary>
+        /// <param name="userPrincipal"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        public static bool IsPasswordValid(dynamic userPrincipal, string password)
+        {
+            bool isValid = false;
+            using (PrincipalContext pricipalContext = new PrincipalContext(ContextType.Domain, adDomain, String.IsNullOrEmpty(adPath) ? null : adPath, String.IsNullOrEmpty(adUsername) ? null : adUsername, String.IsNullOrEmpty(adPassword) ? null : adPassword))
+            {
+                // validate the credentials
+                isValid = pricipalContext.ValidateCredentials(userPrincipal, password);
+            }
+            return isValid;
+        }
         #endregion
 
     }
 
-}
+}
Original file line number	Diff line number	Diff line change
`@@ -95,6 +95,10 @@ public class Common`
`95`	`95`	`/// HTTP POST Request`
`96`	`96`	`/// </summary>`
`97`	`97`	`internal string httpPOST = null;`
	`98`	`+ /// <summary>`
	`99`	`+ /// Session cookie`
	`100`	`+ /// </summary>`
	`101`	`+ public static string SessionCookieName = ConfigurationManager.AppSettings["API_SESSION_COOKIE"];`
`98`	`102`
`99`	`103`	`/// <summary>`
`100`	`104`	`/// Authenticate the user in the context`
`@@ -236,13 +240,13 @@ public class Common`
`236`	`240`	`if (string.IsNullOrEmpty(NetworkUsername))`
`237`	`241`	`{`
`238`	`242`	`Log.Instance.Fatal("Undefined Network Username");`
`239`		`- return null;`
	`243`	`+ return false;`
`240`	`244`	`}`
`241`	`245`
`242`	`246`	`if (String.IsNullOrEmpty(API_AD_DOMAIN))`
`243`	`247`	`{`
`244`	`248`	`Log.Instance.Fatal("Undefined AD Domain");`
`245`		`- return null;`
	`249`	`+ return false;`
`246`	`250`	`}`
`247`	`251`
`248`	`252`	`// Query AD`
`@@ -265,15 +269,15 @@ public class Common`
`265`	`269`	`if (UserPrincipal == null)`
`266`	`270`	`{`
`267`	`271`	`Log.Instance.Fatal("Undefined User Principal against AD");`
`268`		`- return null;`
	`272`	`+ return false;`
`269`	`273`	`}`
`270`	`274`	`return true;`
`271`	`275`	`}`
`272`	`276`	`catch (Exception e)`
`273`	`277`	`{`
`274`	`278`	`Log.Instance.Fatal("Unable to connect/query AD");`
`275`	`279`	`Log.Instance.Fatal(e);`
`276`		`- return null;`
	`280`	`+ return false;`
`277`	`281`	`}`
`278`	`282`	`}`
`279`	`283`
`@@ -284,7 +288,7 @@ public class Common`
`284`	`288`	`{`
`285`	`289`	`// Override userPrincipal for security`
`286`	`290`	`UserPrincipal = null;`
`287`		`- return true;`
	`291`	`+ return null;`
`288`	`292`	`}`
`289`	`293`
`290`	`294`	`/// <summary>`
`@@ -316,17 +320,23 @@ public class Common`
`316`	`320`
`317`	`321`	`// Query AD and get the logged username`
`318`	`322`	`UserPrincipal = API_UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, NetworkUsername);`
	`323`	`+ if (UserPrincipal == null)`
	`324`	`+ {`
	`325`	`+ Log.Instance.Fatal("Undefined User Principal against AD");`
	`326`	`+ return false;`
	`327`	`+ }`
	`328`	`+`
`319`	`329`	`return true;`
`320`	`330`	`}`
`321`	`331`	`catch (Exception e)`
`322`	`332`	`{`
`323`	`333`	`Log.Instance.Fatal("Unable to connect/query AD");`
`324`	`334`	`Log.Instance.Fatal(e);`
`325`		`- return null;`
	`335`	`+ return false;`
`326`	`336`	`}`
`327`	`337`	`}`
`328`	`338`
`329`		`- return true;`
	`339`	`+ return null;`
`330`	`340`	`}`
`331`	`341`
`332`	`342`	`/// <summary>`