Step 6. Authenticating Users

In this step you will make server extension check users' passwords and check if their accounts are blocked.

1. Implement ICommonAuthentication interface. Right-click CMyFirst class in ClassView, select "Implement Interface..." from the context menu. Click "Add Typelib..." , click Browse and select tacradserver.tlb from /SDK subdirectory of ClearBox Server installation. Check ICommonAuthentication in the list of interfaces and click OK.

2. Find LogonStatus method declaration and change its return value to S_OK instead of E_NOTIMPL. We do not want to implement this method, but returning S_OK will not make server complain about errors in this method.

3. Find GetUserPassword method declaration and change it to the following code. Now we demonstrate how to use CDynamicAccessor instead of custom accessor class to bind data to column values.

STDMETHOD(GetUserPassword)(LONG tag, USERINFO * userInf, VARIANT_BOOL * clearTextPassword, 
	VARIANT_BOOL * caseSensitive, VARIANT_BOOL * ignorePassword, VARIANT_BOOL * userExist)
{
	if (userInf == NULL)
		return E_POINTER;
		
	if (clearTextPassword == NULL)
		return E_POINTER;
		
	if (caseSensitive == NULL)
		return E_POINTER;
		
	if (ignorePassword == NULL)
		return E_POINTER;
		
	if (userExist == NULL)
		return E_POINTER;

	USES_CONVERSION;
	*clearTextPassword=VARIANT_TRUE;
	*caseSensitive=VARIANT_TRUE;
	*ignorePassword=VARIANT_FALSE;
	*userExist=VARIANT_FALSE;

	CCommand<CDynamicAccessor> getPass;
	TCHAR sqlCommand[200];
	_stprintf(sqlCommand,
		_T("Select Password from Users where Name='%s'"),
		userInf->userName);
	HRESULT hRes=getPass.Open(m_DB.Session(),sqlCommand);

	if (FAILED(hRes))
		return hRes;

	hRes=getPass.MoveFirst();
	if (hRes!=S_OK)
		return S_OK;

	TCHAR* password=reinterpret_cast<TCHAR*>(
		getPass.GetValue(1));
	userInf->userPassword=SysAllocString(T2W(password));
	*userExist=VARIANT_TRUE;
			
	return S_OK;
}

4. Let's demonstrate how to check if user's account is disabled. It may be done in implementation of GetUserPassword method, but we will use IRADIUSAuthentication.

Implement IRADIUSAuthentication interface. Right-click CMyFirst class in ClassView, select "Implement Interface..." from the context menu. Click "Add Typelib...", click Browse and select tacradserver.tlb from /SDK subdirectory of ClearBox Server installation. Check IRADIUSAuthentication in the list of interfaces and click OK.

5. Find GetRejectResponseAttributes method declaration and make it return S_OK instead of E_NOTIMPL.

6. Find CanAuthenticate method declaration. This method implementation will look much like GetUserPassword implementation:

STDMETHOD(CanAuthenticate)(LONG tag, AUTHENTYPE authType, USERINFOLITE * userInf, 
	BSTR * explainString, RADAUTHENREPLY * AUTHENRESULT)
{
	if (explainString == NULL)
		return E_POINTER;
		
	if (AUTHENRESULT == NULL)
		return E_POINTER;

	*AUTHENRESULT=ACCESS_REJECT;

	CCommand<CDynamicAccessor> getEnable;
	TCHAR sqlCommand[200];
	_stprintf(sqlCommand,
		_T("Select Enabled from Users where Name='%s'"),
		userInf->userName);
	HRESULT hRes=getEnable.Open(m_DB.Session(),sqlCommand);

	if (FAILED(hRes))
		return hRes;

	hRes=getEnable.MoveFirst();
	if (hRes!=S_OK)
		return hRes;

	VARIANT_BOOL en;
	getEnable.GetValue(1,&en);

	if (en==VARIANT_FALSE)
		*explainString=SysAllocString(L"User account is disabled");
	else
		*AUTHENRESULT=ACCESS_ACCEPT;
	return S_OK;
}

Now server extension will reject all users authenticating via RADIUS and having Enabled field turned off in their accounts in the database.

Go to the next step.