public static ActionResult AuthenticateServiceAccountAction(Session session)
{
UserInfo serviceAccountInfo;
IPrincipal servicePrincipal;
string serviceAccount;
string servicePassword;
string[] splitServiceAccount;
string serviceDomain = string.Empty;
string serviceUser = string.Empty;
bool isSystemAccount;
bool isManagedServiceAccount;
bool isManagedServiceAccountValid;
session.Log("Begin AuthenticateServiceAccountAction");
serviceAccount = session["SERVICEACCOUNT"];
servicePassword = session["SERVICEPASSWORD"];
splitServiceAccount = serviceAccount.Split('\\');
switch (splitServiceAccount.Length)
{
case 1:
serviceDomain = UserInfo.CurrentUserID.Split('\\')[0];
serviceUser = splitServiceAccount[0];
break;
case 2:
serviceDomain = splitServiceAccount[0];
serviceUser = splitServiceAccount[1];
break;
}
isSystemAccount =
serviceAccount.Equals("LocalSystem", StringComparison.OrdinalIgnoreCase) ||
serviceAccount.StartsWith(@"NT AUTHORITY\", StringComparison.OrdinalIgnoreCase) ||
serviceAccount.StartsWith(@"NT SERVICE\", StringComparison.OrdinalIgnoreCase);
isManagedServiceAccount = serviceAccount.EndsWith("$", StringComparison.Ordinal);
if (isSystemAccount)
{
session["SERVICEPASSWORD"] = string.Empty;
session["SERVICEAUTHENTICATED"] = "yes";
}
else if (isManagedServiceAccount)
{
serviceAccountInfo = new UserInfo(serviceAccount);
isManagedServiceAccountValid = serviceAccountInfo.Exists &&
!serviceAccountInfo.AccountIsDisabled &&
!serviceAccountInfo.AccountIsLockedOut &&
serviceAccountInfo.GetUserPropertyValue("msDS-HostServiceAccountBL").Split(',')[0].Equals("CN=" + Environment.MachineName, StringComparison.CurrentCultureIgnoreCase);
if (isManagedServiceAccountValid)
{
session["SERVICEPASSWORD"] = string.Empty;
session["SERVICEAUTHENTICATED"] = "yes";
}
else
{
session["SERVICEAUTHENTICATED"] = null;
}
}
else
{
servicePrincipal = UserInfo.AuthenticateUser(serviceDomain, serviceUser, servicePassword);
if ((object)servicePrincipal != null && servicePrincipal.Identity.IsAuthenticated)
session["SERVICEAUTHENTICATED"] = "yes";
else
session["SERVICEAUTHENTICATED"] = null;
}
session.Log("End AuthenticateServiceAccountAction");
return ActionResult.Success;
}