/// <summary>
/// Determines whether or not the response indicates that the user account is in "Next Token" mode.
/// </summary>
/// <param name="response">Response packet sent by the server.</param>
/// <returns>True if the user account is in "Next Token" mode; otherwise False.</returns>
/// <remarks>
/// <para>
/// A user's account can enter the "Next Token" mode after the user enters incorrect passwords for a few
/// times (3 times by default) and then enters the correct password. Note that repeatedly entering
/// incorrect passwords will disable the user account.
/// </para>
/// <para>NOTE: This method is specific to RSA RADIUS implementation.</para>
/// </remarks>
public bool IsUserInNextTokenMode(RadiusPacket response)
{
CheckDisposed();
if ((object)response == null)
{
throw new ArgumentNullException(nameof(response));
}
byte[] messageBytes = response.GetAttributeValue(AttributeType.ReplyMessage);
if ((object)messageBytes == null)
{
throw new ArgumentException("ReplyMessage attribute is not present", nameof(response));
}
// Unfortunately, the only way of determining whether or not a user account is in the
// "Next Token" mode is from the text present in the ReplyMessage attribute of the
// AccessChallenge response from server.
string messageString = RadiusPacket.Encoding.GetString(messageBytes, 0, messageBytes.Length);
return(messageString.ToLower().Contains(m_nextTokenModeMessage.ToLower()));
}