From 25ca8289cdcd3c683b55a6d2817f3d134cf86239 Mon Sep 17 00:00:00 2001 From: Jhonatan Pelaez Date: Wed, 25 Oct 2023 09:05:37 -0500 Subject: [PATCH] se agrega LDap --- BackApiGateway.sln | 7 + LdapLoginLib/LdapLoginLib.csproj | 14 ++ LdapLoginLib/LdapUser.cs | 103 ++++++++++++++ LdapLoginLib/LoginLib.cs | 133 ++++++++++++++++++ .../MsUsuarios/Controllers/AuthController.cs | 40 +++++- .../MsUsuarios/MSAdminUsuarios.csproj | 1 + 6 files changed, 291 insertions(+), 7 deletions(-) create mode 100644 LdapLoginLib/LdapLoginLib.csproj create mode 100644 LdapLoginLib/LdapUser.cs create mode 100644 LdapLoginLib/LoginLib.cs diff --git a/BackApiGateway.sln b/BackApiGateway.sln index c426519..7f79220 100644 --- a/BackApiGateway.sln +++ b/BackApiGateway.sln @@ -17,6 +17,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "MSAdminUsuarios", "Microser EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IntegradorBE", "Microservicios\IntegradorBE\IntegradorBE.csproj", "{E3B575F9-4A18-43E6-A542-7CC29B086752}" EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LdapLoginLib", "LdapLoginLib\LdapLoginLib.csproj", "{6E864339-08B2-4C2F-909C-FCF0392E3F6D}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -39,6 +41,10 @@ Global {E3B575F9-4A18-43E6-A542-7CC29B086752}.Debug|Any CPU.Build.0 = Debug|Any CPU {E3B575F9-4A18-43E6-A542-7CC29B086752}.Release|Any CPU.ActiveCfg = Release|Any CPU {E3B575F9-4A18-43E6-A542-7CC29B086752}.Release|Any CPU.Build.0 = Release|Any CPU + {6E864339-08B2-4C2F-909C-FCF0392E3F6D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {6E864339-08B2-4C2F-909C-FCF0392E3F6D}.Debug|Any CPU.Build.0 = Debug|Any CPU + {6E864339-08B2-4C2F-909C-FCF0392E3F6D}.Release|Any CPU.ActiveCfg = Release|Any CPU + {6E864339-08B2-4C2F-909C-FCF0392E3F6D}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -48,6 +54,7 @@ Global {76522272-9D28-4168-8296-AFC933D22650} = {F491CF9B-9CF8-4F3B-BBD7-A282F7DC1D6D} {D0B80363-4C96-413F-8C82-48FCF2CD7F57} = {A449A86B-39E4-4EEB-B7C6-B6B12A0CBD2E} {E3B575F9-4A18-43E6-A542-7CC29B086752} = {A449A86B-39E4-4EEB-B7C6-B6B12A0CBD2E} + {6E864339-08B2-4C2F-909C-FCF0392E3F6D} = {F491CF9B-9CF8-4F3B-BBD7-A282F7DC1D6D} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {EC576D5A-ADE3-40CC-BF55-7E52E6F18AC4} diff --git a/LdapLoginLib/LdapLoginLib.csproj b/LdapLoginLib/LdapLoginLib.csproj new file mode 100644 index 0000000..4c2dabd --- /dev/null +++ b/LdapLoginLib/LdapLoginLib.csproj @@ -0,0 +1,14 @@ + + + + net6.0 + enable + enable + + + + + + + + diff --git a/LdapLoginLib/LdapUser.cs b/LdapLoginLib/LdapUser.cs new file mode 100644 index 0000000..c5a4fde --- /dev/null +++ b/LdapLoginLib/LdapUser.cs @@ -0,0 +1,103 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +namespace LdapLoginLib +{ + public class LdapUser + { + /// + /// The unique identifier for the user (mandatory). + /// Example: "jdoe" + /// + public string Uid { get; set; } + + /// + /// The common name of the user. + /// Example: "John Doe" + /// + public string? Cn { get; set; } + + /// + /// The user's given name. + /// Example: "John" + /// + public string? GivenName { get; set; } + + /// + /// The user's surname. + /// Example: "Doe" + /// + public string? Sn { get; set; } + + /// + /// The user's email address. + /// Example: "jdoe@example.com" + /// + public string? Mail { get; set; } + + /// + /// The status of the user's internet account. + /// Example: "Active" + /// + public string? InetUserStatus { get; set; } + + /// + /// The organization the user belongs to. + /// Example: "Acme Inc.", currently "Sede" + /// + public string? O { get; set; } + + /// + /// The status of the user's account as boolean. + /// Example: true or false + /// + public bool? IsActive { get; set; } = null; + + } + + + /******************************************** + * * + * Discared / not in used * + * * + ******************************************** + + /// + /// The user's password. + /// Example: "P@ssw0rd" + /// + public string? UserPassword { get; set; } + + /// + /// The type of employee (e.g., full-time, part-time). + /// Example: "Full-Time", currently numbers + /// + public string? EmployeeType { get; set; } + + /// + /// The business category of the user. + /// Example: "Sales" + /// + public string? BusinessCategory { get; set; } + + /// + /// The employee's unique identification number. + /// Example: "E12345" + /// + public string? EmployeeNumber { get; set; } + + /// + /// The license information for the user. + /// Example: "Licensed for Software X, Y, and Z" + /// + public string? NsLicensedFor { get; set; } + + + ******************************************** + * * + ********************************************/ + +} diff --git a/LdapLoginLib/LoginLib.cs b/LdapLoginLib/LoginLib.cs new file mode 100644 index 0000000..6f9035f --- /dev/null +++ b/LdapLoginLib/LoginLib.cs @@ -0,0 +1,133 @@ +using System.DirectoryServices.Protocols; + +namespace LdapLoginLib +{ + public class LoginLib + { + private const string _ldapServer = "10.31.3.13"; + private const int _ldapPort = 389; + + private const string _ldapDn = "ou=People,o=unal.edu.co"; //uid=pdocente, + //string ldapPassword = "TJBjzn64"; + + + + public static bool Login(string uid, string password, string ldapDn = _ldapDn) + { + + using (LdapConnection ldapConnection = new($"{_ldapServer}:{_ldapPort}")) + { + try + { + string ldapUserDn = $"uid={uid},{_ldapDn}"; + + // Set LDAP connection options + ldapConnection.SessionOptions.SecureSocketLayer = false; + ldapConnection.AuthType = AuthType.Basic; + ldapConnection.Credential = new System.Net.NetworkCredential(ldapUserDn, password); + + // Attempt to bind (authenticate) the user + ldapConnection.Bind(); + + return _userIsActive(ldapConnection, ldapUserDn); + } + catch (LdapException ldapEx) + { + //Console.WriteLine($"Authentication failed: {ldapEx.Message}"); + throw new Exception(_getErrorMessage(ldapEx.ErrorCode, ldapEx.Message)); + } + catch (Exception ex) + { + //Console.WriteLine($"An error occurred: {ex.Message}"); + throw new Exception($"Ocurrió un error: {ex.Message}"); + } + + } + } + + private static bool _userIsActive(LdapConnection ldapConnection, string ldapUserDn) + { + //ldapUserDn = $"uid=acbuitragoc,{_ldapDn}"; + SearchRequest searchRequest = new( + ldapUserDn, + "(objectClass=*)", + SearchScope.Base, + "InetUserStatus" + ); + + SearchResponse searchResponse = (SearchResponse)ldapConnection.SendRequest(searchRequest); + + if (searchResponse.Entries.Count > 0) + { + SearchResultEntry entry = searchResponse.Entries[0]; + + string? inetUserStatus = entry.Attributes["inetUserStatus"][0].ToString(); + + if (inetUserStatus != null) + { + return inetUserStatus.ToLower().Trim() == "active" ? true : false; + } + throw new Exception(); + } + else + { + throw new Exception($"Usuario o atributo no encontrado."); + } + } + + + private static LdapUser _getUserData(LdapConnection ldapConnection, string ldapUserDn, string[] attributesToReturn) + { + + return new LdapUser(); + + + //SearchRequest searchRequest = new( + // searchBase, + // ldapFilter, + // SearchScope.Subtree, + // attributesToReturn + //); + + //SearchResponse searchResponse = (SearchResponse)ldapConnection.SendRequest(searchRequest); + + + //if (searchResponse != null && searchResponse.Entries.Count > 0) + //{ + // SearchResultEntry entry = searchResponse.Entries[0]; + + // // Access and process user attributes here + // foreach (DirectoryAttribute attribute in entry.Attributes.Values) + // { + // string attributeName = attribute.Name; + // string[] attributeValues = (string[])attribute.GetValues(typeof(string)); + + // // Process or display attribute values as needed + // Console.WriteLine($"{attributeName}: {string.Join(", ", attributeValues)}"); + // } + //} + //else + //{ + // throw new Exception($"Usuario o atributos no encontrados."); + //} + } + + + private static string _getErrorMessage(int errorCode, string errorMessage) + { + // Map LDAP error codes to error messages + + switch (errorCode) + { + case 49: + return "Error de credenciales: nombre de usuario o contraseña incorrectos"; + case 52: + return "Error de autenticación: cuenta está deshabilitada"; + case 81: + return "Error de servidor: no disponible"; + default: + return errorMessage; + } + } + } +} \ No newline at end of file diff --git a/Microservicios/MsUsuarios/Controllers/AuthController.cs b/Microservicios/MsUsuarios/Controllers/AuthController.cs index 8053c10..e32e902 100644 --- a/Microservicios/MsUsuarios/Controllers/AuthController.cs +++ b/Microservicios/MsUsuarios/Controllers/AuthController.cs @@ -1,6 +1,8 @@ +using LdapLoginLib; using Microsoft.AspNetCore.Mvc; using Microsoft.IdentityModel.Tokens; using MSAdminUsuarios.Context; +using Newtonsoft.Json.Linq; using Security; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; @@ -29,16 +31,40 @@ namespace MSAdminUsuarios.Controllers if (login.TX_LOGINNAME_USUMS == null) return BadRequest("Es necesario ingresar un correo"); if (login.TX_PASSWORD_USUMS == null) return BadRequest("Es necesario ingresar una contrase�a"); - USUARIO? user = _context.USUARIOSMs.FirstOrDefault(u => u.TX_LOGINNAME_USUMS == login.TX_LOGINNAME_USUMS && u.TX_PASSWORD_USUMS == _encript.EncryptPwd(login.TX_PASSWORD_USUMS)); + USUARIO? userldap = _context.USUARIOSMs.FirstOrDefault(u => u.TX_LOGINNAME_USUMS == login.TX_LOGINNAME_USUMS); + if(userldap.BL_VIENELDAP_USUMS == 1) + { + bool boolldap = LoginLib.Login(login.TX_LOGINNAME_USUMS, login.TX_PASSWORD_USUMS); + if( boolldap == true) { + string token = Token(userldap); + return Ok(new + { + token = token, + user = userldap.TX_PKDOC_USUMS + }); + } + else + { + return BadRequest(); + } + }else if(userldap.BL_VIENELDAP_USUMS != 1) + { + USUARIO? user = _context.USUARIOSMs.FirstOrDefault(u => u.TX_LOGINNAME_USUMS == login.TX_LOGINNAME_USUMS && u.TX_PASSWORD_USUMS == _encript.EncryptPwd(login.TX_PASSWORD_USUMS)); - if (user == null) return BadRequest("Usuario o contrase�a incorrectos"); + if (user == null) return BadRequest("Usuario o contrase�a incorrectos"); - string token = Token(user); + string token = Token(user); + + return Ok(new + { + token = token, + user = user.TX_PKDOC_USUMS + }); + }else + { + return BadRequest("Error"); + } - return Ok(new { - token = token, - user = user.TX_PKDOC_USUMS - }); } catch (Exception e) { diff --git a/Microservicios/MsUsuarios/MSAdminUsuarios.csproj b/Microservicios/MsUsuarios/MSAdminUsuarios.csproj index f58f1e9..954aa91 100644 --- a/Microservicios/MsUsuarios/MSAdminUsuarios.csproj +++ b/Microservicios/MsUsuarios/MSAdminUsuarios.csproj @@ -22,6 +22,7 @@ +