Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Set-PSUAuthenticationMethod -Type "Form" -ScriptBlock {
- param(
- [PSCredential]$Credential
- )
- #
- # You can call whatever cmdlets you like to conduct authentication here.
- # Just make sure to return the $Result with the Success property set to $true
- #
- $Result = [Security.AuthenticationResult]::new()
- if ($Credential.UserName -eq 'Admin' -and $Credential.GetNetworkCredential().password -eq "PASSWORD")
- {
- #Maintain the out of box admin user
- $Result.UserName = 'Default Admin'
- $Result.Success = $true
- }
- else
- {
- # Get current domain using logged-on user's credentials - this validates their credential
- $CurrentDomain = "LDAP://DC=domain,DC=local" # Insert Your Domain Here
- $domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,($Credential.UserName),$Credential.GetNetworkCredential().password)
- if ($domain.name -eq $null)
- {
- #"Authentication failed for $($Credential.UserName)!"
- write-host "Authentication failed - please verify your username and password."
- $Result.UserName = ($Credential.UserName)
- $Result.Success = $false
- }
- else
- {
- write-host "Successfully authenticated with domain $($domain.name)"
- #"Authentication success for $($Credential.UserName)!"
- $groupMember = Get-ADGroupMember -Identity GROUPNAME -Recursive | select-object -ExpandProperty samaccountname
- if ($groupMember -contains $credential.UserName){
- $Result.UserName = ($Credential.UserName)
- $Result.Success = $true
- }
- else {
- $Result.UserName = ($Credential.UserName)
- $Result.Success = $false
- }
- }
- }
- $Result
- } -SaveTokens $false -UseTokenLifetime $false -GetClaimsFromUserInfoEndpoint $false
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement