├── .gitignore
├── LICENSE
├── README.md
├── SECURITY.md
└── UsernamePasswordSecondFactor
├── README.md
├── UsernamePasswordSecondFactor.sln
└── UsernamePasswordSecondFactor
├── Constants.cs
├── LsaLogonUserHelper.cs
├── NativeMethods.cs
├── PasswordValidator.cs
├── Properties
└── AssemblyInfo.cs
├── ResourceHandler.cs
├── Resources
├── StringResources.Designer.cs
└── StringResources.resx
├── UsernamePasswordAdapter.cs
├── UsernamePasswordException.cs
├── UsernamePasswordMetadata.cs
├── UsernamePasswordPresentation.cs
└── UsernamePasswordSecondFactor.csproj
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.suo
8 | *.user
9 | *.userosscache
10 | *.sln.docstates
11 |
12 | # User-specific files (MonoDevelop/Xamarin Studio)
13 | *.userprefs
14 |
15 | # Build results
16 | [Dd]ebug/
17 | [Dd]ebugPublic/
18 | [Rr]elease/
19 | [Rr]eleases/
20 | x64/
21 | x86/
22 | bld/
23 | [Bb]in/
24 | [Oo]bj/
25 | [Ll]og/
26 |
27 | # Visual Studio 2015 cache/options directory
28 | .vs/
29 | # Uncomment if you have tasks that create the project's static files in wwwroot
30 | #wwwroot/
31 |
32 | # MSTest test Results
33 | [Tt]est[Rr]esult*/
34 | [Bb]uild[Ll]og.*
35 |
36 | # NUNIT
37 | *.VisualState.xml
38 | TestResult.xml
39 |
40 | # Build Results of an ATL Project
41 | [Dd]ebugPS/
42 | [Rr]eleasePS/
43 | dlldata.c
44 |
45 | # .NET Core
46 | project.lock.json
47 | project.fragment.lock.json
48 | artifacts/
49 | **/Properties/launchSettings.json
50 |
51 | *_i.c
52 | *_p.c
53 | *_i.h
54 | *.ilk
55 | *.meta
56 | *.obj
57 | *.pch
58 | *.pdb
59 | *.pgc
60 | *.pgd
61 | *.rsp
62 | *.sbr
63 | *.tlb
64 | *.tli
65 | *.tlh
66 | *.tmp
67 | *.tmp_proj
68 | *.log
69 | *.vspscc
70 | *.vssscc
71 | .builds
72 | *.pidb
73 | *.svclog
74 | *.scc
75 |
76 | # Chutzpah Test files
77 | _Chutzpah*
78 |
79 | # Visual C++ cache files
80 | ipch/
81 | *.aps
82 | *.ncb
83 | *.opendb
84 | *.opensdf
85 | *.sdf
86 | *.cachefile
87 | *.VC.db
88 | *.VC.VC.opendb
89 |
90 | # Visual Studio profiler
91 | *.psess
92 | *.vsp
93 | *.vspx
94 | *.sap
95 |
96 | # TFS 2012 Local Workspace
97 | $tf/
98 |
99 | # Guidance Automation Toolkit
100 | *.gpState
101 |
102 | # ReSharper is a .NET coding add-in
103 | _ReSharper*/
104 | *.[Rr]e[Ss]harper
105 | *.DotSettings.user
106 |
107 | # JustCode is a .NET coding add-in
108 | .JustCode
109 |
110 | # TeamCity is a build add-in
111 | _TeamCity*
112 |
113 | # DotCover is a Code Coverage Tool
114 | *.dotCover
115 |
116 | # Visual Studio code coverage results
117 | *.coverage
118 | *.coveragexml
119 |
120 | # NCrunch
121 | _NCrunch_*
122 | .*crunch*.local.xml
123 | nCrunchTemp_*
124 |
125 | # MightyMoose
126 | *.mm.*
127 | AutoTest.Net/
128 |
129 | # Web workbench (sass)
130 | .sass-cache/
131 |
132 | # Installshield output folder
133 | [Ee]xpress/
134 |
135 | # DocProject is a documentation generator add-in
136 | DocProject/buildhelp/
137 | DocProject/Help/*.HxT
138 | DocProject/Help/*.HxC
139 | DocProject/Help/*.hhc
140 | DocProject/Help/*.hhk
141 | DocProject/Help/*.hhp
142 | DocProject/Help/Html2
143 | DocProject/Help/html
144 |
145 | # Click-Once directory
146 | publish/
147 |
148 | # Publish Web Output
149 | *.[Pp]ublish.xml
150 | *.azurePubxml
151 | # TODO: Comment the next line if you want to checkin your web deploy settings
152 | # but database connection strings (with potential passwords) will be unencrypted
153 | *.pubxml
154 | *.publishproj
155 |
156 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
157 | # checkin your Azure Web App publish settings, but sensitive information contained
158 | # in these scripts will be unencrypted
159 | PublishScripts/
160 |
161 | # NuGet Packages
162 | *.nupkg
163 | # The packages folder can be ignored because of Package Restore
164 | **/packages/*
165 | # except build/, which is used as an MSBuild target.
166 | !**/packages/build/
167 | # Uncomment if necessary however generally it will be regenerated when needed
168 | #!**/packages/repositories.config
169 | # NuGet v3's project.json files produces more ignorable files
170 | *.nuget.props
171 | *.nuget.targets
172 |
173 | # Microsoft Azure Build Output
174 | csx/
175 | *.build.csdef
176 |
177 | # Microsoft Azure Emulator
178 | ecf/
179 | rcf/
180 |
181 | # Windows Store app package directories and files
182 | AppPackages/
183 | BundleArtifacts/
184 | Package.StoreAssociation.xml
185 | _pkginfo.txt
186 |
187 | # Visual Studio cache files
188 | # files ending in .cache can be ignored
189 | *.[Cc]ache
190 | # but keep track of directories ending in .cache
191 | !*.[Cc]ache/
192 |
193 | # Others
194 | ClientBin/
195 | ~$*
196 | *~
197 | *.dbmdl
198 | *.dbproj.schemaview
199 | *.jfm
200 | *.pfx
201 | *.publishsettings
202 | orleans.codegen.cs
203 |
204 | # Since there are multiple workflows, uncomment next line to ignore bower_components
205 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
206 | #bower_components/
207 |
208 | # RIA/Silverlight projects
209 | Generated_Code/
210 |
211 | # Backup & report files from converting an old project file
212 | # to a newer Visual Studio version. Backup files are not needed,
213 | # because we have git ;-)
214 | _UpgradeReport_Files/
215 | Backup*/
216 | UpgradeLog*.XML
217 | UpgradeLog*.htm
218 |
219 | # SQL Server files
220 | *.mdf
221 | *.ldf
222 | *.ndf
223 |
224 | # Business Intelligence projects
225 | *.rdl.data
226 | *.bim.layout
227 | *.bim_*.settings
228 |
229 | # Microsoft Fakes
230 | FakesAssemblies/
231 |
232 | # GhostDoc plugin setting file
233 | *.GhostDoc.xml
234 |
235 | # Node.js Tools for Visual Studio
236 | .ntvs_analysis.dat
237 | node_modules/
238 |
239 | # Typescript v1 declaration files
240 | typings/
241 |
242 | # Visual Studio 6 build log
243 | *.plg
244 |
245 | # Visual Studio 6 workspace options file
246 | *.opt
247 |
248 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
249 | *.vbw
250 |
251 | # Visual Studio LightSwitch build output
252 | **/*.HTMLClient/GeneratedArtifacts
253 | **/*.DesktopClient/GeneratedArtifacts
254 | **/*.DesktopClient/ModelManifest.xml
255 | **/*.Server/GeneratedArtifacts
256 | **/*.Server/ModelManifest.xml
257 | _Pvt_Extensions
258 |
259 | # Paket dependency manager
260 | .paket/paket.exe
261 | paket-files/
262 |
263 | # FAKE - F# Make
264 | .fake/
265 |
266 | # JetBrains Rider
267 | .idea/
268 | *.sln.iml
269 |
270 | # CodeRush
271 | .cr/
272 |
273 | # Python Tools for Visual Studio (PTVS)
274 | __pycache__/
275 | *.pyc
276 |
277 | # Cake - Uncomment if you are using it
278 | # tools/**
279 | # !tools/packages.config
280 |
281 | # Telerik's JustMock configuration file
282 | *.jmconfig
283 |
284 | # BizTalk build output
285 | *.btp.cs
286 | *.btm.cs
287 | *.odx.cs
288 | *.xsd.cs
289 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) Microsoft Corporation. All rights reserved.
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # ADFS Authentication Adapters
2 |
3 | ## Overview
4 |
5 | This repository contains custom authentication adapters that you can use with ADFS. The following adapters are currently included:
6 |
7 | 1. __[UsernamePasswordSecondFactor](UsernamePasswordSecondFactor)__ - External authentication adapter for performing Username + Password
8 | authentication for MFA.
9 |
10 | ## Contributing
11 |
12 | This project welcomes contributions and suggestions. We encourage you to fork this project, include any authentication providers you find
13 | useful, and then do a pull request to master. If your providers work, we'll include them so everyone can benefit.
14 |
15 | Most contributions require you to agree to a
16 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
17 | the rights to use your contribution. For details, visit https://cla.microsoft.com.
18 |
19 | When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
20 | a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
21 | provided by the bot. You will only need to do this once across all repos using our CLA.
22 |
23 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
24 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
25 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
26 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | ## Security
4 |
5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
6 |
7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
8 |
9 | ## Reporting Security Issues
10 |
11 | **Please do not report security vulnerabilities through public GitHub issues.**
12 |
13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
14 |
15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
16 |
17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc).
18 |
19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
20 |
21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
22 | * Full paths of source file(s) related to the manifestation of the issue
23 | * The location of the affected source code (tag/branch/commit or direct URL)
24 | * Any special configuration required to reproduce the issue
25 | * Step-by-step instructions to reproduce the issue
26 | * Proof-of-concept or exploit code (if possible)
27 | * Impact of the issue, including how an attacker might exploit the issue
28 |
29 | This information will help us triage your report more quickly.
30 |
31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
32 |
33 | ## Preferred Languages
34 |
35 | We prefer all communications to be in English.
36 |
37 | ## Policy
38 |
39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
40 |
41 |
42 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/README.md:
--------------------------------------------------------------------------------
1 | # Username/Password MFA Authentication Adapters
2 |
3 | ## Overview
4 |
5 | This project enables you to create and register an additional authentication provider in AD FS so that users can sign on with another factor (such as Azure MFA) first, then be prompted for their password second.
6 |
7 | ## Why would I want this project?
8 |
9 | Enabling password as a secondary factor protects the account and password from attacks by making it more difficult to access the password prompt and try common passwords, for example.
10 |
11 | ## Requirements
12 |
13 | - An AD FS server running Windows Server 2012 R2 or 2016
14 | - A development box running Visual Studio. For detailed requirements for AD FS external adapters see “Setting up the development box” in [this blog](https://blogs.msdn.microsoft.com/jenfieldmsft/2014/03/24/build-your-own-external-authentication-provider-for-ad-fs-in-windows-server-2012-r2-walk-through-part-1/).
15 |
16 |
17 | ## Getting Started
18 |
19 | - Build the adapter using the process detailed under “Build the adapter” in [this blog](https://blogs.msdn.microsoft.com/jenfieldmsft/2014/03/24/build-your-own-external-authentication-provider-for-ad-fs-in-windows-server-2012-r2-walk-through-part-1/).
20 | - Copy the adapter dll to your test AD FS server and register it using the steps under “Register your provider in AD FS” in [this blog](https://blogs.msdn.microsoft.com/jenfieldmsft/2014/03/24/build-your-own-external-authentication-provider-for-ad-fs-in-windows-server-2012-r2-walk-through-part-1/).
21 |
22 | - Example powershell command line:
23 | ```
24 | PS C:\>$typeName = "UsernamePasswordSecondFactor. UsernamePasswordAdapter, MFAadapter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e675eb33c62805a0, processorArchitecture=MSIL”
25 | PS C:\>Register-AdfsAuthenticationProvider -TypeName $typeName -Name “MyMFAAdapter”
26 | PS C:\>net stop adfssrv
27 | PS C:\>net start adfssrv
28 | ```
29 |
30 | - Then create a policy that requires additional auth for sign on and give it a try. If you’re running AD FS 2012 R2, you can use the detailed steps in the blog to test.
31 |
32 |
33 |
34 | ## Contributing (Special Note)
35 |
36 | If you are contributing code, please be sure that you __remove any signing key__ from any code you
37 | put in a pull request. This project is public, and anyone on the Internet can see it.
38 |
39 | For the full Contributing details, please see __[the root README](../README.md)__.
40 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26430.15
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "UsernamePasswordSecondFactor", "UsernamePasswordSecondFactor\UsernamePasswordSecondFactor.csproj", "{CFB51980-393E-4212-BC77-9C266978BCF8}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {CFB51980-393E-4212-BC77-9C266978BCF8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {CFB51980-393E-4212-BC77-9C266978BCF8}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {CFB51980-393E-4212-BC77-9C266978BCF8}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {CFB51980-393E-4212-BC77-9C266978BCF8}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | EndGlobal
23 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/Constants.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | namespace UsernamePasswordSecondFactor
5 | {
6 | internal static class Constants
7 | {
8 |
9 | public const string UsernamePasswordMfa = "http://schemas.microsoft.com/ws/2012/12/authmethod/usernamepasswordMFA";
10 |
11 | public const string AuthenticationMethodClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod";
12 | public const string WindowsAccountNameClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname";
13 | public const string UpnClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn";
14 |
15 | public static class AuthContextKeys
16 | {
17 | public const string SessionId = "sessionid";
18 | public const string Identity = "id";
19 | }
20 |
21 | public static class DynamicContentLabels
22 | {
23 | public const string markerUserName = "%LoginPageUserName%";
24 | public const string markerOverallError = "%PageErrorOverall%";
25 | public const string markerActionUrl = "%PageActionUrl%";
26 | public const string markerPageIntroductionTitle = "%PageIntroductionTitle%";
27 | public const string markerPageIntroductionText = "%PageIntroductionText%";
28 | public const string markerPageTitle = "%PageTitle%";
29 | public const string markerSubmitButton = "%PageSubmitButtonLabel%";
30 | public const string markerChoiceSuccess = "%ChoiceSuccess%";
31 | public const string markerChoiceFail = "%ChoiceFail%";
32 | public const string markerUserChoice = "%UserChoice%";
33 | public const string markerLoginPageUsername = "%Username%";
34 | public const string markerLoginPagePasswordLabel = "%LoginPagePasswordLabel%";
35 |
36 | }
37 |
38 | public static class ResourceNames
39 | {
40 | public const string AdminFriendlyName = "AdminFriendlyName";
41 | public const string Description = "Description";
42 | public const string FriendlyName = "FriendlyName";
43 | public const string PageIntroductionTitle = "PageIntroductionTitle";
44 | public const string PageIntroductionText = "PageIntroductionText";
45 | public const string AuthPageTemplate = "AuthPage";
46 | public const string PageTitle = "PageTitle";
47 | public const string SubmitButtonLabel = "SubmitButtonLabel";
48 | public const string AuthenticationFailed = "AuthenticationFailed";
49 | public const string ErrorInvalidSessionId = "ErrorInvalidSessionId";
50 | public const string ErrorInvalidContext = "ErrorInvalidContext";
51 | public const string ErrorNoUserIdentity = "ErrorNoUserIdentity";
52 | public const string ErrorNoAnswerProvided = "ErrorNoAnswerProvided";
53 | public const string ErrorFailSelected = "ErrorFailSelected";
54 | public const string ChoiceSuccess = "ChoiceSuccess";
55 | public const string ChoiceFail = "ChoiceFail";
56 | public const string UserChoice = "UserChoice";
57 | public const string FailedLogin = "FailedLogin";
58 | }
59 |
60 | public static class PropertyNames
61 | {
62 | public const string UserSelection = "UserSelection";
63 | public const string AuthenticationMethod = "AuthMethod";
64 | public const string Password = "PasswordInput";
65 | public const string Username = "Username";
66 | }
67 |
68 | public static class Lcid
69 | {
70 | public const int Enus = 0x409; // for test only, proper localization should input parent locale, e.g. "en" in this case.
71 | public const int Fr = 0xC; // for test only, no FR resources are embedded.
72 | }
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/LsaLogonUserHelper.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | using System;
5 | using System.ComponentModel;
6 | using System.Diagnostics;
7 | using System.Runtime.CompilerServices;
8 | using System.Runtime.InteropServices;
9 |
10 | namespace UsernamePasswordSecondFactor
11 | {
12 | public class LsaLogonUserHelper
13 | {
14 | internal static bool ValidateCredentials(string domain, string username, string password)
15 | {
16 | SafeHGlobalHandle pLogonInfo = null;
17 | try
18 | {
19 | int logonInfoSize;
20 | FillUserNamePasswordLogonInfoBuffer(domain, username, password, out logonInfoSize, out pLogonInfo);
21 | return GetLsaLogonUserHandle(username, pLogonInfo, logonInfoSize);
22 | }
23 | finally
24 | {
25 | pLogonInfo?.Close();
26 | }
27 |
28 | }
29 |
30 | private static bool GetLsaLogonUserHandle(string username, SafeHGlobalHandle pLogonInfo, int logonInfoSize)
31 | {
32 | if (null == pLogonInfo)
33 | {
34 | throw new ArgumentNullException("pLogonInfo");
35 | }
36 | int status;
37 | SafeHGlobalHandle pSourceName = null;
38 | SafeHGlobalHandle pPackageName = null;
39 | SafeLsaLogonProcessHandle logonHandle = null;
40 | SafeLsaReturnBufferHandle profileHandle = null;
41 | SafeCloseHandle tokenHandle = null;
42 |
43 | try
44 | {
45 | UNICODE_INTPTR_STRING sourceName = NativeMethods.ConvertByteStringToUnicodeIntPtrString(NativeMethods.LsaSourceName, out pSourceName);
46 | logonHandle = NativeMethods.RegisterProcess(sourceName);
47 |
48 | RuntimeHelpers.PrepareConstrainedRegions();
49 | //get packageId
50 | UNICODE_INTPTR_STRING packageName = NativeMethods.ConvertByteStringToUnicodeIntPtrString(NativeMethods.LsaNegotiateName, out pPackageName);
51 | uint packageId = 0;
52 | status = NativeMethods.LsaLookupAuthenticationPackage(logonHandle, ref packageName, out packageId);
53 | if (status < 0) // non-negative numbers indicate success
54 | {
55 | Trace.TraceError(string.Format("LsaLookupAuthenticationPackage failed for user {0} with status {1}", username, status));
56 | throw new Win32Exception(NativeMethods.LsaNtStatusToWinError(status));
57 | }
58 |
59 | //get Source context
60 | TOKEN_SOURCE sourceContext = new TOKEN_SOURCE();
61 | if (!NativeMethods.AllocateLocallyUniqueId(out sourceContext.SourceIdentifier))
62 | {
63 | int dwErrorCode = Marshal.GetLastWin32Error();
64 | Trace.TraceError(string.Format("AllocateLocallyUniqueId failed for user {0} with status {1}", username, dwErrorCode));
65 | throw new Win32Exception(dwErrorCode);
66 | }
67 | sourceContext.Name = new char[8];
68 | sourceContext.Name[0] = 'A'; sourceContext.Name[1] = 'D'; sourceContext.Name[2] = 'F'; sourceContext.Name[2] = 'S';
69 |
70 | //other parameters
71 | QUOTA_LIMITS quotas = new QUOTA_LIMITS();
72 | LUID logonId = new LUID();
73 | uint profileBufferLength;
74 | int subStatus = 0;
75 |
76 | // Call LsaLogonUser
77 | status = NativeMethods.LsaLogonUser(
78 | logonHandle,
79 | ref sourceName,
80 | SecurityLogonType.Network,
81 | packageId,
82 | pLogonInfo.DangerousGetHandle(),
83 | (uint)logonInfoSize,
84 | IntPtr.Zero,
85 | ref sourceContext,
86 | out profileHandle,
87 | out profileBufferLength,
88 | out logonId,
89 | out tokenHandle,
90 | out quotas,
91 | out subStatus
92 | );
93 |
94 |
95 | // LsaLogon has restriction (eg. password expired). SubStatus indicates the reason.
96 | if ((uint)status == NativeMethods.STATUS_ACCOUNT_RESTRICTION && subStatus < 0)
97 | {
98 | status = subStatus;
99 | Trace.TraceError(string.Format("Authentication failed for user {0} with account restriction error {1}", username, status));
100 | return false;
101 | }
102 | if (status < 0) // non-negative numbers indicate success
103 | {
104 | Trace.TraceError(string.Format("Authentication failed for user {0} with status {1}", username, status));
105 | return false;
106 | }
107 | if (subStatus < 0) // non-negative numbers indicate success
108 | {
109 | Trace.TraceError(string.Format("Authentication failed for user {0} with subStatus {1}", username, subStatus));
110 | return false;
111 | }
112 |
113 | return true;
114 | }
115 | finally
116 | {
117 | pSourceName?.Close();
118 | pPackageName?.Close();
119 | tokenHandle?.Close();
120 | profileHandle?.Close();
121 | }
122 | }
123 |
124 | private static void FillUserNamePasswordLogonInfoBuffer(string domain, string username, string password, out int logonInfoSize, out SafeHGlobalHandle pLogonInfo)
125 | {
126 | //LogonInfo
127 | logonInfoSize = 0;
128 | int domainLength = 0; int usernameLength = 0; int passwordLength = 0;
129 | byte[] domainBytes = null; byte[] userNameBytes = null; byte[] passwordBytes = null;
130 | IntPtr LogonDomainNamePtr = IntPtr.Zero;
131 | IntPtr UsernamePtr = IntPtr.Zero;
132 | IntPtr PasswordPtr = IntPtr.Zero;
133 |
134 | if (!String.IsNullOrEmpty(domain))
135 | {
136 | domainBytes = System.Text.Encoding.Unicode.GetBytes(domain);
137 | domainLength = domainBytes.Length;
138 | }
139 | if (!String.IsNullOrEmpty(username))
140 | {
141 | userNameBytes = System.Text.Encoding.Unicode.GetBytes(username);
142 | usernameLength = userNameBytes.Length;
143 | }
144 | if (!String.IsNullOrEmpty(password))
145 | {
146 | passwordBytes = System.Text.Encoding.Unicode.GetBytes(password);
147 | passwordLength = passwordBytes.Length;
148 | }
149 |
150 | logonInfoSize = checked(Marshal.SizeOf(typeof(INTERACTIVE_LOGON)) + usernameLength + passwordLength + domainLength);
151 | pLogonInfo = SafeHGlobalHandle.AllocHGlobal(logonInfoSize);
152 | unsafe
153 | {
154 | LogonDomainNamePtr = new IntPtr(pLogonInfo.DangerousGetHandle().ToInt64() + Marshal.SizeOf(typeof(INTERACTIVE_LOGON)));
155 | if (domainBytes != null)
156 | {
157 | Marshal.Copy(domainBytes, 0, LogonDomainNamePtr, domainLength);
158 | }
159 |
160 | UsernamePtr = new IntPtr(pLogonInfo.DangerousGetHandle().ToInt64() + Marshal.SizeOf(typeof(INTERACTIVE_LOGON)) + domainLength);
161 | if (userNameBytes != null)
162 | {
163 | Marshal.Copy(userNameBytes, 0, UsernamePtr, usernameLength);
164 | }
165 |
166 | PasswordPtr = new IntPtr(pLogonInfo.DangerousGetHandle().ToInt64() + Marshal.SizeOf(typeof(INTERACTIVE_LOGON)) + domainLength + usernameLength);
167 | if (passwordBytes != null)
168 | {
169 | Marshal.Copy(passwordBytes, 0, PasswordPtr, passwordLength);
170 | }
171 |
172 | INTERACTIVE_LOGON* pInfo = (INTERACTIVE_LOGON*)pLogonInfo.DangerousGetHandle().ToPointer();
173 | pInfo->MessageType = (int)KERB_LOGON_SUBMIT_TYPE.KerbInteractiveLogon;
174 | pInfo->LogonDomainName = new UNICODE_INTPTR_STRING(domainLength, domainLength + 1, LogonDomainNamePtr);
175 | pInfo->UserName = new UNICODE_INTPTR_STRING(usernameLength, usernameLength + 1, UsernamePtr);
176 | pInfo->Password = new UNICODE_INTPTR_STRING(passwordLength, passwordLength + 1, PasswordPtr);
177 | }
178 | }
179 |
180 | internal static void ExtractUsernamePassword(string identity, out string domain, out string username)
181 | {
182 | username = identity;
183 | domain = null;
184 | string[] strings = identity.Split('\\');
185 |
186 | // The UPN case is handled with domain = null and username = UPN.
187 | if (strings.Length != 1)
188 | {
189 | if (strings.Length != 2 || String.IsNullOrEmpty(strings[0]))
190 | {
191 | // Only support one slash and domain cannot be empty (consistent with windowslogon).
192 | throw new ArgumentOutOfRangeException("Username contains more than one slash or domain is empty.");
193 | }
194 |
195 | // This is the downlevel case - domain\userName
196 | username = strings[1];
197 | domain = strings[0];
198 | }
199 | }
200 | }
201 | }
202 |
203 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/NativeMethods.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | using System;
5 | using System.Runtime.ConstrainedExecution;
6 | using System.Runtime.InteropServices;
7 | using System.Security;
8 | using System.Text;
9 | using System.Runtime.CompilerServices;
10 | using System.ComponentModel;
11 | using Microsoft.Win32.SafeHandles;
12 |
13 | namespace UsernamePasswordSecondFactor
14 | {
15 | internal sealed class SafeLsaReturnBufferHandle : SafeHandleZeroOrMinusOneIsInvalid
16 | {
17 | private SafeLsaReturnBufferHandle() : base(true) { }
18 |
19 | // 0 is an Invalid Handle
20 | internal SafeLsaReturnBufferHandle(IntPtr handle)
21 | : base(true)
22 | {
23 | SetHandle(handle);
24 | }
25 |
26 | internal static SafeLsaReturnBufferHandle InvalidHandle
27 | {
28 | get { return new SafeLsaReturnBufferHandle(IntPtr.Zero); }
29 | }
30 |
31 | override protected bool ReleaseHandle()
32 | {
33 | // LsaFreeReturnBuffer returns an NTSTATUS
34 | return NativeMethods.LsaFreeReturnBuffer(handle) >= 0;
35 | }
36 | }
37 |
38 | internal sealed class SafeCloseHandle : SafeHandleZeroOrMinusOneIsInvalid
39 | {
40 | const string KERNEL32 = "kernel32.dll";
41 |
42 | private SafeCloseHandle()
43 | : base(true)
44 | {
45 | }
46 |
47 | internal SafeCloseHandle(IntPtr handle, bool ownsHandle)
48 | : base(ownsHandle)
49 | {
50 | SetHandle(handle);
51 | }
52 |
53 | protected override bool ReleaseHandle()
54 | {
55 | return CloseHandle(handle);
56 | }
57 |
58 | [DllImport(KERNEL32, ExactSpelling = true, SetLastError = true)]
59 | [SuppressUnmanagedCodeSecurity]
60 | [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
61 | [return: MarshalAs(UnmanagedType.Bool)]
62 | private extern static bool CloseHandle(IntPtr handle);
63 | }
64 |
65 | internal sealed class SafeLsaLogonProcessHandle : SafeHandleZeroOrMinusOneIsInvalid
66 | {
67 | private SafeLsaLogonProcessHandle() : base(true) { }
68 |
69 | // 0 is an Invalid Handle
70 | internal SafeLsaLogonProcessHandle(IntPtr handle)
71 | : base(true)
72 | {
73 | SetHandle(handle);
74 | }
75 |
76 | internal static SafeLsaLogonProcessHandle InvalidHandle
77 | {
78 | get { return new SafeLsaLogonProcessHandle(IntPtr.Zero); }
79 | }
80 |
81 | override protected bool ReleaseHandle()
82 | {
83 | // LsaDeregisterLogonProcess returns an NTSTATUS
84 | return NativeMethods.LsaDeregisterLogonProcess(handle) >= 0;
85 | }
86 | }
87 |
88 | internal sealed class SafeHGlobalHandle : SafeHandleZeroOrMinusOneIsInvalid
89 | {
90 | SafeHGlobalHandle() : base(true) { }
91 |
92 | // 0 is an Invalid Handle
93 | SafeHGlobalHandle(IntPtr handle)
94 | : base(true)
95 | {
96 | SetHandle(handle);
97 | }
98 |
99 | protected override bool ReleaseHandle()
100 | {
101 | Marshal.FreeHGlobal(handle);
102 | return true;
103 | }
104 |
105 | public static SafeHGlobalHandle InvalidHandle
106 | {
107 | get { return new SafeHGlobalHandle(IntPtr.Zero); }
108 | }
109 |
110 | public static SafeHGlobalHandle AllocHGlobal(string s)
111 | {
112 | byte[] bytes = new byte[checked((s.Length + 1) * 2)];
113 | Encoding.Unicode.GetBytes(s, 0, s.Length, bytes, 0);
114 | return AllocHGlobal(bytes);
115 | }
116 |
117 | public static SafeHGlobalHandle AllocHGlobal(byte[] bytes)
118 | {
119 | SafeHGlobalHandle result = AllocHGlobal(bytes.Length);
120 | Marshal.Copy(bytes, 0, result.DangerousGetHandle(), bytes.Length);
121 | return result;
122 | }
123 |
124 | public static SafeHGlobalHandle AllocHGlobal(uint cb)
125 | {
126 | // The cast could overflow to minus.
127 | // Unfortunately, Marshal.AllocHGlobal only takes int.
128 | return AllocHGlobal((int)cb);
129 | }
130 |
131 | public static SafeHGlobalHandle AllocHGlobal(int cb)
132 | {
133 | if (cb < 0)
134 | {
135 | throw new ArgumentOutOfRangeException("cb");
136 | }
137 |
138 | SafeHGlobalHandle result = new SafeHGlobalHandle();
139 |
140 | // CER
141 | RuntimeHelpers.PrepareConstrainedRegions();
142 | try { }
143 | finally
144 | {
145 | IntPtr ptr = Marshal.AllocHGlobal(cb);
146 | result.SetHandle(ptr);
147 | }
148 | return result;
149 | }
150 | }
151 |
152 | enum EXTENDED_NAME_FORMAT
153 | {
154 | NameUnknown = 0,
155 | NameFullyQualifiedDN = 1,
156 | NameSamCompatible = 2,
157 | NameDisplay = 3,
158 | NameUniqueId = 6,
159 | NameCanonical = 7,
160 | NameUserPrincipalName = 8,
161 | NameCanonicalEx = 9,
162 | NameServicePrincipalName = 10,
163 | NameDnsDomainName = 12
164 | }
165 |
166 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
167 | internal struct SID_AND_ATTRIBUTES
168 | {
169 | internal IntPtr Sid;
170 | internal uint Attributes;
171 | internal static readonly long SizeOf = (long)Marshal.SizeOf(typeof(SID_AND_ATTRIBUTES));
172 | }
173 |
174 | [StructLayout(LayoutKind.Sequential)]
175 | internal struct LUID
176 | {
177 | internal uint LowPart;
178 | internal uint HighPart;
179 | }
180 |
181 | [StructLayout(LayoutKind.Sequential)]
182 | internal struct LUID_AND_ATTRIBUTES
183 | {
184 | internal LUID Luid;
185 | internal uint Attributes;
186 | }
187 |
188 | [StructLayout(LayoutKind.Sequential)]
189 | internal struct TOKEN_PRIVILEGE
190 | {
191 | internal uint PrivilegeCount;
192 | internal LUID_AND_ATTRIBUTES Privilege;
193 |
194 | internal static readonly uint Size = (uint)Marshal.SizeOf(typeof(TOKEN_PRIVILEGE));
195 | }
196 |
197 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
198 | internal struct UNICODE_INTPTR_STRING
199 | {
200 | internal UNICODE_INTPTR_STRING(int length, int maximumLength, IntPtr buffer)
201 | {
202 | this.Length = (ushort)length;
203 | this.MaxLength = (ushort)maximumLength;
204 | this.Buffer = buffer;
205 | }
206 | internal ushort Length;
207 | internal ushort MaxLength;
208 | internal IntPtr Buffer;
209 | }
210 |
211 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
212 | internal struct INTERACTIVE_LOGON
213 | {
214 | internal int MessageType;
215 | internal UNICODE_INTPTR_STRING LogonDomainName;
216 | internal UNICODE_INTPTR_STRING UserName;
217 | internal UNICODE_INTPTR_STRING Password;
218 | }
219 |
220 |
221 | internal enum KERB_LOGON_SUBMIT_TYPE
222 | {
223 | KerbInteractiveLogon = 2,
224 | KerbSmartCardLogon = 6,
225 | KerbWorkstationUnlockLogon = 7,
226 | KerbSmartCardUnlockLogon = 8,
227 | KerbProxyLogon = 9,
228 | KerbTicketLogon = 10,
229 | KerbTicketUnlockLogon = 11,
230 | KerbS4ULogon = 12,
231 | KerbCertificateLogon = 13,
232 | KerbCertificateS4ULogon = 14,
233 | KerbCertificateUnlockLogon = 15,
234 | }
235 |
236 | internal enum MSV1_0_LOGON_SUBMIT_TYPE
237 | {
238 | MsV1_0InteractiveLogon = 2,
239 | MsV1_0Lm20Logon,
240 | MsV1_0NetworkLogon,
241 | MsV1_0SubAuthLogon
242 | }
243 |
244 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
245 | internal struct TOKEN_SOURCE
246 | {
247 | private const int TOKEN_SOURCE_LENGTH = 8;
248 |
249 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = TOKEN_SOURCE_LENGTH)]
250 | internal char[] Name;
251 | internal LUID SourceIdentifier;
252 | }
253 |
254 |
255 |
256 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
257 | internal struct QUOTA_LIMITS
258 | {
259 | internal IntPtr PagedPoolLimit;
260 | internal IntPtr NonPagedPoolLimit;
261 | internal IntPtr MinimumWorkingSetSize;
262 | internal IntPtr MaximumWorkingSetSize;
263 | internal IntPtr PagefileLimit;
264 | internal IntPtr TimeLimit;
265 | }
266 |
267 | internal enum SECURITY_IMPERSONATION_LEVEL
268 | {
269 | Anonymous = 0,
270 | Identification = 1,
271 | Impersonation = 2,
272 | Delegation = 3,
273 | }
274 |
275 | internal enum TokenType : int
276 | {
277 | TokenPrimary = 1,
278 | TokenImpersonation
279 | }
280 |
281 | internal enum SecurityLogonType : int
282 | {
283 | Interactive = 2,
284 | Network,
285 | Batch,
286 | Service,
287 | Proxy,
288 | Unlock
289 | }
290 |
291 | [SuppressUnmanagedCodeSecurity]
292 | static class NativeMethods
293 | {
294 | const string ADVAPI32 = "advapi32.dll";
295 | const string KERNEL32 = "kernel32.dll";
296 | const string SECUR32 = "secur32.dll";
297 |
298 | // From WinStatus.h
299 | internal const uint STATUS_ACCOUNT_RESTRICTION = 0xC000006E;
300 | internal const uint STATUS_NO_LOGON_SERVERS = 0xC000005E;
301 |
302 | static byte[] GetLsaName(string name)
303 | {
304 | return Encoding.ASCII.GetBytes(name);
305 | }
306 |
307 | internal static byte[] LsaSourceName = GetLsaName("ADFSUPAdapter");
308 | internal static byte[] LsaNegotiateName = GetLsaName("Negotiate");
309 |
310 | //For both Kerberos and MSV1_0, the values for MessageType (KerbInteractiveLogon, MsV1_0InteractiveLogon, KerbInteractiveProfile, MsV1_0InteractiveProfile)
311 | internal static int INTERACTIVE_LOGON_MESSAGETYPE = 2;
312 |
313 | internal const uint KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS = 0x2;
314 |
315 | // Error codes from WinError.h
316 | internal const int ERROR_ACCESS_DENIED = 0x5;
317 | internal const int ERROR_BAD_LENGTH = 0x18;
318 | internal const int ERROR_INSUFFICIENT_BUFFER = 0x7A;
319 |
320 | internal const uint SE_GROUP_ENABLED = 0x00000004;
321 | internal const uint SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010;
322 | internal const uint SE_GROUP_LOGON_ID = 0xC0000000;
323 |
324 |
325 | [DllImport(SECUR32, CharSet = CharSet.Auto, SetLastError = false)]
326 | internal static extern int LsaConnectUntrusted(
327 | [Out] out SafeLsaLogonProcessHandle lsaHandle
328 | );
329 |
330 | [DllImport(ADVAPI32, CharSet = CharSet.Unicode, SetLastError = false)]
331 | internal static extern int LsaNtStatusToWinError(
332 | [In] int status
333 | );
334 |
335 | [DllImport(SECUR32, CharSet = CharSet.Auto, SetLastError = false)]
336 | internal static extern int LsaLookupAuthenticationPackage(
337 | [In] SafeLsaLogonProcessHandle lsaHandle,
338 | [In] ref UNICODE_INTPTR_STRING packageName,
339 | [Out] out uint authenticationPackage
340 | );
341 |
342 | [DllImport(ADVAPI32, CharSet = CharSet.Unicode, SetLastError = true)]
343 | [return: MarshalAs(UnmanagedType.Bool)]
344 | internal static extern bool AllocateLocallyUniqueId(
345 | [Out] out LUID Luid
346 | );
347 |
348 | [DllImport(SECUR32, SetLastError = false)]
349 | [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
350 | internal static extern int LsaFreeReturnBuffer(
351 | IntPtr handle
352 | );
353 |
354 | [DllImport(SECUR32, CharSet = CharSet.Auto, SetLastError = false)]
355 | internal static extern int LsaLogonUser(
356 | [In] SafeLsaLogonProcessHandle LsaHandle,
357 | [In] ref UNICODE_INTPTR_STRING OriginName,
358 | [In] SecurityLogonType LogonType,
359 | [In] uint AuthenticationPackage,
360 | [In] IntPtr AuthenticationInformation,
361 | [In] uint AuthenticationInformationLength,
362 | [In] IntPtr LocalGroups,
363 | [In] ref TOKEN_SOURCE SourceContext,
364 | [Out] out SafeLsaReturnBufferHandle ProfileBuffer,
365 | [Out] out uint ProfileBufferLength,
366 | [Out] out LUID LogonId,
367 | [Out] out SafeCloseHandle Token,
368 | [Out] out QUOTA_LIMITS Quotas,
369 | [Out] out int SubStatus
370 | );
371 |
372 | [DllImport(SECUR32, CharSet = CharSet.Auto, SetLastError = false)]
373 | [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
374 | internal static extern int LsaDeregisterLogonProcess(
375 | [In] IntPtr handle
376 | );
377 |
378 | internal static SafeLsaLogonProcessHandle RegisterProcess(UNICODE_INTPTR_STRING sourceName)
379 | {
380 | int status;
381 |
382 | RuntimeHelpers.PrepareConstrainedRegions();
383 |
384 | SafeLsaLogonProcessHandle logonHandle = null;
385 | status = NativeMethods.LsaConnectUntrusted(out logonHandle);
386 |
387 | // non-negative numbers indicate success
388 | if (status < 0)
389 | {
390 | //throw DiagnosticUtil.ExceptionUtil.ThrowHelperError( new Win32Exception( NativeMethods.LsaNtStatusToWinError( status ) ) );
391 | throw new Win32Exception(NativeMethods.LsaNtStatusToWinError(status));
392 | }
393 |
394 | return logonHandle;
395 | }
396 |
397 | //callers should delete the allocated memory by closing SafeHGlobalHandle pHandle
398 | internal static UNICODE_INTPTR_STRING ConvertByteStringToUnicodeIntPtrString(byte[] byteString, out SafeHGlobalHandle pHandle)
399 | {
400 | pHandle = SafeHGlobalHandle.AllocHGlobal(byteString.Length + 1);
401 | Marshal.Copy(byteString, 0, pHandle.DangerousGetHandle(), byteString.Length);
402 | return new UNICODE_INTPTR_STRING(byteString.Length, byteString.Length + 1, pHandle.DangerousGetHandle());
403 | }
404 | }
405 | }
406 |
407 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/PasswordValidator.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | using System;
5 |
6 | namespace UsernamePasswordSecondFactor
7 | {
8 | public class PasswordValidator
9 | {
10 | public static bool Validate(string username, string password)
11 | {
12 | string domain = null;
13 | LsaLogonUserHelper.ExtractUsernamePassword(username, out domain, out username);
14 | return LsaLogonUserHelper.ValidateCredentials(domain, username, password);
15 | }
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("UsernamePasswordSecondFactor")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("UsernamePasswordSecondFactor")]
13 | [assembly: AssemblyCopyright("Copyright © 2017")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("cfb51980-393e-4212-bc77-9c266978bcf8")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/ResourceHandler.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | using System;
5 | using System.Globalization;
6 | using UsernamePasswordSecondFactor.Resources;
7 |
8 | namespace UsernamePasswordSecondFactor
9 | {
10 | internal static class ResourceHandler
11 | {
12 | public static string GetResource(string resourceName, int lcid)
13 | {
14 | if (String.IsNullOrEmpty(resourceName))
15 | {
16 | throw new ArgumentNullException("resourceName");
17 | }
18 |
19 | return StringResources.ResourceManager.GetString(resourceName, new CultureInfo(lcid));
20 | }
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/Resources/StringResources.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace UsernamePasswordSecondFactor.Resources {
12 | using System;
13 |
14 |
15 | ///
16 | /// A strongly-typed resource class, for looking up localized strings, etc.
17 | ///
18 | // This class was auto-generated by the StronglyTypedResourceBuilder
19 | // class via a tool like ResGen or Visual Studio.
20 | // To add or remove a member, edit your .ResX file then rerun ResGen
21 | // with the /str option, or rebuild your VS project.
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | internal class StringResources {
26 |
27 | private static global::System.Resources.ResourceManager resourceMan;
28 |
29 | private static global::System.Globalization.CultureInfo resourceCulture;
30 |
31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 | internal StringResources() {
33 | }
34 |
35 | ///
36 | /// Returns the cached ResourceManager instance used by this class.
37 | ///
38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
39 | internal static global::System.Resources.ResourceManager ResourceManager {
40 | get {
41 | if (object.ReferenceEquals(resourceMan, null)) {
42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("UsernamePasswordSecondFactor.Resources.StringResources", typeof(StringResources).Assembly);
43 | resourceMan = temp;
44 | }
45 | return resourceMan;
46 | }
47 | }
48 |
49 | ///
50 | /// Overrides the current thread's CurrentUICulture property for all
51 | /// resource lookups using this strongly typed resource class.
52 | ///
53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
54 | internal static global::System.Globalization.CultureInfo Culture {
55 | get {
56 | return resourceCulture;
57 | }
58 | set {
59 | resourceCulture = value;
60 | }
61 | }
62 |
63 | ///
64 | /// Looks up a localized string similar to Forms Authentication as Secondary Authentication.
65 | ///
66 | internal static string AdminFriendlyName {
67 | get {
68 | return ResourceManager.GetString("AdminFriendlyName", resourceCulture);
69 | }
70 | }
71 |
72 | ///
73 | /// Looks up a localized string similar to AuthenticationFailed.
74 | ///
75 | internal static string AuthenticationFailed {
76 | get {
77 | return ResourceManager.GetString("AuthenticationFailed", resourceCulture);
78 | }
79 | }
80 |
81 | ///
82 | /// Looks up a localized string similar to <div id="loginArea">
83 | /// <script type="text/javascript" language="JavaScript">
84 | /// //<![CDATA[
85 | ///
86 | /// function Login() {
87 | /// }
88 | ///
89 | /// Login.passwordInput = 'passwordInput';
90 | ///
91 | /// Login.initialize = function () {
92 | ///
93 | /// }();
94 | ///
95 | /// Login.submitLoginRequest = function () {
96 | ///
97 | /// console.log("Start");
98 | /// var password = document.getElementById(Login.passwordInput);
99 | ///
100 | /// if (!password.value) {
101 | /// return false;
102 | /// }
103 | /// con [rest of string was truncated]";.
104 | ///
105 | internal static string AuthPage {
106 | get {
107 | return ResourceManager.GetString("AuthPage", resourceCulture);
108 | }
109 | }
110 |
111 | ///
112 | /// Looks up a localized string similar to ChoiceFail.
113 | ///
114 | internal static string ChoiceFail {
115 | get {
116 | return ResourceManager.GetString("ChoiceFail", resourceCulture);
117 | }
118 | }
119 |
120 | ///
121 | /// Looks up a localized string similar to ChoiceSuccess.
122 | ///
123 | internal static string ChoiceSuccess {
124 | get {
125 | return ResourceManager.GetString("ChoiceSuccess", resourceCulture);
126 | }
127 | }
128 |
129 | ///
130 | /// Looks up a localized string similar to Forms Authentication as Secondary Authentication.
131 | ///
132 | internal static string Description {
133 | get {
134 | return ResourceManager.GetString("Description", resourceCulture);
135 | }
136 | }
137 |
138 | ///
139 | /// Looks up a localized string similar to ErrorFailSelected.
140 | ///
141 | internal static string ErrorFailSelected {
142 | get {
143 | return ResourceManager.GetString("ErrorFailSelected", resourceCulture);
144 | }
145 | }
146 |
147 | ///
148 | /// Looks up a localized string similar to ErrorInvalidContext.
149 | ///
150 | internal static string ErrorInvalidContext {
151 | get {
152 | return ResourceManager.GetString("ErrorInvalidContext", resourceCulture);
153 | }
154 | }
155 |
156 | ///
157 | /// Looks up a localized string similar to ErrorInvalidSessionId.
158 | ///
159 | internal static string ErrorInvalidSessionId {
160 | get {
161 | return ResourceManager.GetString("ErrorInvalidSessionId", resourceCulture);
162 | }
163 | }
164 |
165 | ///
166 | /// Looks up a localized string similar to ErrorNoAnswerProvided.
167 | ///
168 | internal static string ErrorNoAnswerProvided {
169 | get {
170 | return ResourceManager.GetString("ErrorNoAnswerProvided", resourceCulture);
171 | }
172 | }
173 |
174 | ///
175 | /// Looks up a localized string similar to ErrorNoUserIdentity.
176 | ///
177 | internal static string ErrorNoUserIdentity {
178 | get {
179 | return ResourceManager.GetString("ErrorNoUserIdentity", resourceCulture);
180 | }
181 | }
182 |
183 | ///
184 | /// Looks up a localized string similar to Incorrect password. Type the correct password, and try again..
185 | ///
186 | internal static string FailedLogin {
187 | get {
188 | return ResourceManager.GetString("FailedLogin", resourceCulture);
189 | }
190 | }
191 |
192 | ///
193 | /// Looks up a localized string similar to .
194 | ///
195 | internal static string PageIntroductionText {
196 | get {
197 | return ResourceManager.GetString("PageIntroductionText", resourceCulture);
198 | }
199 | }
200 |
201 | ///
202 | /// Looks up a localized string similar to Enter your password.
203 | ///
204 | internal static string PageIntroductionTitle {
205 | get {
206 | return ResourceManager.GetString("PageIntroductionTitle", resourceCulture);
207 | }
208 | }
209 |
210 | ///
211 | /// Looks up a localized string similar to PageTitle.
212 | ///
213 | internal static string PageTitle {
214 | get {
215 | return ResourceManager.GetString("PageTitle", resourceCulture);
216 | }
217 | }
218 |
219 | ///
220 | /// Looks up a localized string similar to Sign in.
221 | ///
222 | internal static string SubmitButtonLabel {
223 | get {
224 | return ResourceManager.GetString("SubmitButtonLabel", resourceCulture);
225 | }
226 | }
227 |
228 | ///
229 | /// Looks up a localized string similar to UserChoice.
230 | ///
231 | internal static string UserChoice {
232 | get {
233 | return ResourceManager.GetString("UserChoice", resourceCulture);
234 | }
235 | }
236 | }
237 | }
238 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/Resources/StringResources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | Forms Authentication as Secondary Authentication
122 |
123 |
124 | AuthenticationFailed
125 |
126 |
127 | <div id="loginArea">
128 | <script type="text/javascript" language="JavaScript">
129 | //<![CDATA[
130 |
131 | function Login() {
132 | }
133 |
134 | Login.passwordInput = 'passwordInput';
135 |
136 | Login.initialize = function () {
137 |
138 | }();
139 |
140 | Login.submitLoginRequest = function () {
141 |
142 | console.log("Start");
143 | var password = document.getElementById(Login.passwordInput);
144 |
145 | if (!password.value) {
146 | return false;
147 | }
148 | console.log("Pre-Submit");
149 | document.forms['loginForm'].submit();
150 | console.log("End");
151 | return false;
152 | };
153 |
154 | //]]>
155 | </script>
156 |
157 |
158 | <form method="post" id="loginForm" autocomplete="off" novalidate="novalidate" onKeyPress="if (event && event.keyCode == 13) Login.submitLoginRequest();" action="%PageActionUrl%" >
159 | <div id="error" class="fieldMargin error smallText">
160 | <label id="errorText" for="%LoginPageErrorCause%">%PageIntroductionText%</label>
161 | </div>
162 |
163 | <!-- These inputs are required by the presentation framework. Do not modify or remove -->
164 | <input id="authMethod" type="hidden" name="AuthMethod" value="%AuthMethod%"/>
165 | <input id="context" type="hidden" name="Context" value="%Context%"/>
166 | <!-- End inputs are required by the presentation framework. -->
167 |
168 | <div id="formsAuthenticationArea">
169 | <div id="identityBanner" class="text fullWidth">%Username%</div>
170 | <div id="passwordArea">
171 | <input id="passwordInput" name="PasswordInput" placeholder="Password" type="password" tabindex="2" class="text fullWidth"
172 | placeholder="%LoginPagePasswordLabel%" autocomplete="off"/>
173 | </div>
174 | <div id="submissionArea" class="submitMargin">
175 | <span id="submitButton" class="submit" tabindex="4"
176 | onKeyPress="if (event && event.keyCode == 32) Login.submitLoginRequest();"
177 | onclick="Login.submitLoginRequest();">%PageSubmitButtonLabel%</span>
178 | </div>
179 | </div>
180 | </form>
181 | </div>
182 |
183 |
184 | ChoiceFail
185 |
186 |
187 | ChoiceSuccess
188 |
189 |
190 | Forms Authentication as Secondary Authentication
191 |
192 |
193 | ErrorFailSelected
194 |
195 |
196 | ErrorInvalidContext
197 |
198 |
199 | ErrorInvalidSessionId
200 |
201 |
202 | ErrorNoAnswerProvided
203 |
204 |
205 | ErrorNoUserIdentity
206 |
207 |
208 | Incorrect password. Type the correct password, and try again.
209 |
210 |
211 |
212 |
213 |
214 | Enter your password
215 |
216 |
217 | PageTitle
218 |
219 |
220 | Sign in
221 |
222 |
223 | UserChoice
224 |
225 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/UsernamePasswordAdapter.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | using System;
5 | using System.Diagnostics;
6 | using System.IO;
7 | using System.Net;
8 | using Microsoft.IdentityServer.Web.Authentication.External;
9 | using Claim = System.Security.Claims.Claim;
10 |
11 | namespace UsernamePasswordSecondFactor
12 | {
13 | public class UsernamePasswordAdapter : IAuthenticationAdapter
14 | {
15 | protected IAdapterPresentationForm CreateAdapterPresentation(string username)
16 | {
17 | return new UsernamePasswordPresentation(username);
18 | }
19 |
20 | protected IAdapterPresentationForm CreateAdapterPresentationOnError(string username, ExternalAuthenticationException ex)
21 | {
22 | return new UsernamePasswordPresentation(username, ex);
23 | }
24 |
25 | #region IAuthenticationAdapter Members
26 |
27 | public IAuthenticationAdapterMetadata Metadata => new UsernamePasswordMetadata();
28 |
29 | public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListenerRequest request, IAuthenticationContext authContext)
30 | {
31 | if (null == identityClaim) throw new ArgumentNullException(nameof(identityClaim));
32 |
33 | if (null == authContext) throw new ArgumentNullException(nameof(authContext));
34 |
35 | if (String.IsNullOrEmpty(identityClaim.Value))
36 | {
37 | throw new InvalidDataException(ResourceHandler.GetResource(Constants.ResourceNames.ErrorNoUserIdentity, authContext.Lcid));
38 | }
39 |
40 | // save the current user ID in the encrypted blob.
41 | authContext.Data.Add(Constants.AuthContextKeys.Identity, identityClaim.Value);
42 |
43 | return CreateAdapterPresentation(identityClaim.Value);
44 | }
45 |
46 | public bool IsAvailableForUser(Claim identityClaim, IAuthenticationContext context)
47 | {
48 | return true;
49 | }
50 |
51 | public IAdapterPresentation OnError(HttpListenerRequest request, ExternalAuthenticationException ex)
52 | {
53 | if (ex == null)
54 | {
55 | throw new ArgumentNullException(nameof(ex));
56 | }
57 |
58 | return CreateAdapterPresentationOnError(String.Empty,ex);
59 | }
60 |
61 | public void OnAuthenticationPipelineLoad(IAuthenticationMethodConfigData configData)
62 | {
63 | }
64 |
65 | public void OnAuthenticationPipelineUnload()
66 | {
67 | }
68 |
69 | public IAdapterPresentation TryEndAuthentication(IAuthenticationContext authContext, IProofData proofData, HttpListenerRequest request, out Claim[] outgoingClaims)
70 | {
71 | if (null == authContext)
72 | {
73 | throw new ArgumentNullException(nameof(authContext));
74 | }
75 |
76 | outgoingClaims = new Claim[0];
77 |
78 | if (proofData?.Properties == null || !proofData.Properties.ContainsKey(Constants.PropertyNames.Password))
79 | {
80 | throw new ExternalAuthenticationException(ResourceHandler.GetResource(Constants.ResourceNames.ErrorNoAnswerProvided, authContext.Lcid), authContext);
81 | }
82 |
83 | if (!authContext.Data.ContainsKey(Constants.AuthContextKeys.Identity))
84 | {
85 | Trace.TraceError(string.Format("TryEndAuthentication Context does not contains userID."));
86 | throw new ArgumentOutOfRangeException(Constants.AuthContextKeys.Identity);
87 | }
88 |
89 | if (!authContext.Data.ContainsKey(Constants.AuthContextKeys.Identity))
90 | {
91 | throw new ArgumentNullException(Constants.AuthContextKeys.Identity);
92 | }
93 |
94 | string username = (string)authContext.Data[Constants.AuthContextKeys.Identity];
95 | string password = (string)proofData.Properties[Constants.PropertyNames.Password];
96 |
97 | try
98 | {
99 | if (PasswordValidator.Validate(username, password))
100 | {
101 | outgoingClaims = new Claim[]
102 | {
103 | new Claim(Constants.AuthenticationMethodClaimType, Constants.UsernamePasswordMfa)
104 | };
105 |
106 | // null == authentication succeeded.
107 | return null;
108 |
109 | }
110 | else
111 | {
112 | return CreateAdapterPresentationOnError(username, new UsernamePasswordValidationException("Authentication failed", authContext));
113 | }
114 | }
115 | catch (Exception ex)
116 | {
117 | throw new UsernamePasswordValidationException(string.Format("UsernamePasswordSecondFactor password validation failed due to exception {0} failed to validate password {0}", ex), ex, authContext);
118 | }
119 | }
120 | #endregion
121 | }
122 | }
123 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/UsernamePasswordException.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | using System;
5 | using Microsoft.IdentityServer.Web.Authentication.External;
6 |
7 | namespace UsernamePasswordSecondFactor
8 | {
9 | class UsernamePasswordException : ExternalAuthenticationException
10 | {
11 | protected UsernamePasswordException()
12 | { }
13 |
14 | public UsernamePasswordException(string message, IAuthenticationContext context) : base(message, context)
15 | {
16 | }
17 |
18 | public UsernamePasswordException(string message, Exception ex, IAuthenticationContext context) : base(message, ex, context)
19 | {
20 | }
21 | }
22 |
23 | class UsernamePasswordValidationException : UsernamePasswordException
24 | {
25 | private UsernamePasswordValidationException()
26 | { }
27 |
28 | public UsernamePasswordValidationException(string message, IAuthenticationContext context) : base(message, context)
29 | {
30 | }
31 | public UsernamePasswordValidationException(string message, Exception ex, IAuthenticationContext context) : base(message, ex, context)
32 | {
33 | }
34 |
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/UsernamePasswordMetadata.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------
2 | // Copyright (c) Microsoft Corporation. All rights reserved.
3 | //------------------------------------------------------------
4 | // Copyright (c) Microsoft Corporation. All rights reserved.
5 | // Licensed under the MIT License.
6 |
7 | using Microsoft.IdentityServer.Web.Authentication.External;
8 | using System.Collections.Generic;
9 | using System.Globalization;
10 |
11 | namespace UsernamePasswordSecondFactor
12 | {
13 | public class UsernamePasswordMetadata : IAuthenticationAdapterMetadata
14 | {
15 | protected string GetMetadataResource(string resourceName, int lcid)
16 | {
17 | return ResourceHandler.GetResource(resourceName, lcid);
18 | }
19 |
20 | private readonly Dictionary _descriptions = new Dictionary();
21 | private readonly Dictionary _friendlyNames = new Dictionary();
22 |
23 | private readonly int[] _supportedLcids = new[] { Constants.Lcid.Enus, Constants.Lcid.Fr };
24 |
25 | public UsernamePasswordMetadata()
26 | {
27 | for (int index = 0; index < _supportedLcids.Length; index++)
28 | {
29 | int lcid = _supportedLcids[index];
30 | _descriptions.Add(lcid, GetMetadataResource(Constants.ResourceNames.Description, lcid));
31 | _friendlyNames.Add(lcid, GetMetadataResource(Constants.ResourceNames.FriendlyName, lcid));
32 | }
33 | }
34 |
35 | #region IAuthenticationHandlerMetadata Members
36 |
37 | public string AdminName
38 | {
39 | get { return GetMetadataResource(Constants.ResourceNames.AdminFriendlyName, CultureInfo.CurrentUICulture.LCID); }
40 | }
41 |
42 | public virtual string[] AuthenticationMethods
43 | {
44 | get { return new[] { Constants.UsernamePasswordMfa }; }
45 | }
46 |
47 | public Dictionary Descriptions
48 | {
49 | get { return _descriptions; }
50 | }
51 |
52 | public Dictionary FriendlyNames
53 | {
54 | get { return _friendlyNames; }
55 | }
56 |
57 | public string[] IdentityClaims
58 | {
59 | get { return new[] { Constants.UpnClaimType }; }
60 | }
61 |
62 | public bool RequiresIdentity
63 | {
64 | get { return true; }
65 | }
66 |
67 | public int[] AvailableLcids
68 | {
69 | get { return _supportedLcids; }
70 | }
71 |
72 | #endregion
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/UsernamePasswordPresentation.cs:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation. All rights reserved.
2 | // Licensed under the MIT License.
3 |
4 | using System;
5 | using System.Collections.Generic;
6 | using System.Globalization;
7 | using System.Text;
8 | using UsernamePasswordSecondFactor.Resources;
9 | using Microsoft.IdentityServer.Web.Authentication.External;
10 |
11 |
12 | namespace UsernamePasswordSecondFactor
13 | {
14 | internal class UsernamePasswordPresentation : IAdapterPresentationForm
15 | {
16 | private readonly ExternalAuthenticationException _ex = null;
17 |
18 | private readonly string _username = string.Empty;
19 |
20 | private readonly Dictionary _dynamicContents = new Dictionary()
21 | {
22 | {Constants.DynamicContentLabels.markerUserName, String.Empty},
23 | {Constants.DynamicContentLabels.markerOverallError, String.Empty},
24 | {Constants.DynamicContentLabels.markerActionUrl, String.Empty},
25 | {Constants.DynamicContentLabels.markerPageIntroductionTitle, String.Empty},
26 | {Constants.DynamicContentLabels.markerPageIntroductionText, String.Empty},
27 | {Constants.DynamicContentLabels.markerPageTitle, String.Empty},
28 | };
29 |
30 | public UsernamePasswordPresentation(string username)
31 | {
32 | _username = username;
33 | }
34 |
35 | public UsernamePasswordPresentation(string username, ExternalAuthenticationException ex) : this(username)
36 | {
37 | _ex = ex;
38 | }
39 |
40 | ///
41 | /// Replace template markers with explicitly given replacements.
42 | ///
43 | ///
44 | ///
45 | ///
46 | private static string Replace(string input, Dictionary replacements)
47 | {
48 | if (string.IsNullOrEmpty(input) || null == replacements)
49 | {
50 | return input;
51 | }
52 |
53 | // Use StringBuiler and allocate buffer 3 times larger
54 | StringBuilder sb = new StringBuilder(input, input.Length * 3);
55 | foreach (string key in replacements.Keys)
56 | {
57 | sb.Replace(key, replacements[key]);
58 | }
59 | return sb.ToString();
60 | }
61 |
62 | #region IAdapterPresentationForm Members
63 |
64 | public string GetFormHtml(int lcid)
65 | {
66 | var dynamicContents = new Dictionary(_dynamicContents)
67 | {
68 | [Constants.DynamicContentLabels.markerPageIntroductionTitle] =
69 | GetPresentationResource(Constants.ResourceNames.PageIntroductionTitle, lcid),
70 | [Constants.DynamicContentLabels.markerPageIntroductionText] =
71 | GetPresentationResource(Constants.ResourceNames.PageIntroductionText, lcid),
72 | [Constants.DynamicContentLabels.markerPageTitle] = GetPageTitle(lcid),
73 | [Constants.DynamicContentLabels.markerSubmitButton] =
74 | GetPresentationResource(Constants.ResourceNames.SubmitButtonLabel, lcid),
75 | [Constants.DynamicContentLabels.markerLoginPagePasswordLabel] = string.Empty
76 | };
77 |
78 | if (_ex != null)
79 | {
80 | dynamicContents[Constants.DynamicContentLabels.markerPageIntroductionText] = GetPresentationResource(Constants.ResourceNames.FailedLogin, lcid);
81 | }
82 |
83 | dynamicContents[Constants.DynamicContentLabels.markerLoginPageUsername] = _username;
84 |
85 | string authPageTemplate = ResourceHandler.GetResource(Constants.ResourceNames.AuthPageTemplate, lcid);
86 |
87 | return Replace(authPageTemplate, dynamicContents);
88 | }
89 |
90 | #endregion
91 |
92 | #region IAdapterPresentationIndirect Members
93 |
94 | public string GetFormPreRenderHtml(int lcid)
95 | {
96 | return null;
97 | }
98 |
99 | public string GetPageTitle(int lcid)
100 | {
101 | return GetPresentationResource(Constants.ResourceNames.PageTitle, lcid);
102 | }
103 |
104 | #endregion
105 |
106 | protected string GetPresentationResource(string resourceName, int lcid)
107 | {
108 | return ResourceHandler.GetResource(resourceName, lcid);
109 | }
110 | }
111 | }
112 |
113 |
--------------------------------------------------------------------------------
/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor/UsernamePasswordSecondFactor.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {CFB51980-393E-4212-BC77-9C266978BCF8}
8 | Library
9 | Properties
10 | UsernamePasswordSecondFactor
11 | UsernamePasswordSecondFactor
12 | v4.6
13 | 512
14 |
15 |
16 |
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 | true
25 |
26 |
27 | pdbonly
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 | true
34 |
35 |
36 | true
37 |
38 |
39 | false
40 |
41 |
42 | UPSecond.pfx
43 |
44 |
45 |
46 | ..\..\..\..\..\Desktop\ADFSBinaries\Microsoft.IdentityServer.Web.dll
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 | True
69 | True
70 | StringResources.resx
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 | ResXFileCodeGenerator
80 | StringResources.Designer.cs
81 |
82 |
83 |
84 |
85 |
86 |
87 |
--------------------------------------------------------------------------------