PreConnectEx is used for full control over how a user connects. It can be used to:
•Connect a user to a specific host and/or port depending on the user's IP address or Windows security ID/Group
•Connect with a specific LUName/DeviceID depending on the IP Address or Windows Security ID/Group
•Interface with a Multi-factor authentication framework to ensure the connecting user is known and validated
•Manage SSH keys so that each user can have a specific SSH key utilized for environments requiring unique per-user keys
•Pass information to the PostConnectEx method using a Dictionary of parameters, which can make a Single-Signon easier to implement
/// <summary>
/// PreConnectEx is used to manage full details of a new connection. Especially useful if Windows Security and Active Directory are in play.
/// </summary>
/// <param name="context">Active HTTP Request- can use User.Identity to get WindowsIdentity</param>
/// <param name="hostName">Host name that will be connected to--can change</param>
/// <param name="luName">LUName or pattern to be used</param>
/// <param name="locationAddress">The location IP address to be passed--can be changed</param>
/// <param name="userName">User name passed-in with initialization--use context for Windows or AzureAD signins</param>
/// <param name="IPAddress">IP Address will be null--change to override the host name's configured address</param>
/// <param name="port">Telnet PORT -- passed as zero, change if different than default for host</param>
/// <param name="sessionType">Leave null for host default, options include ssh, tnvt, tn3270 and tn5250</param>
/// <param name="termType">Optional terminal type (like vt220 or viewpoint)</param>
/// <param name="SSHKey">If an SSH connection, set to the key otherwise the configured key will be used</param>
/// <param name="SSHPW">If and SSH connection and password is used set to the SSH password</param>
/// <param name="errorMessage">Set to error for if returning false</param>
/// <param name="connectInfo">Dictionary of values for use in-between the PreConnectEx and PostConnectEx methods</param>
/// <returns>true to continue, false to cancel connection</returns>
static public bool PreConnectEx(HttpContext context, ref string hostName, ref string luName, ref string locationAddress,
ref string userName, ref string IPAddress, ref int port, ref string sessionType, ref string termType,
ref string SSHKey, ref string SSHPW, ref string errorMessage, ref Dictionary<string, object> connectInfo)
{
HashSet<string> IPAddresses = null;
if (SecureUsers.TryGetValue(hostName, out IPAddresses))
{
if (!IPAddresses.Contains(locationAddress))
{
errorMessage = String.Format("Host {0} is secured by IP Address and the device you are using at {1} is not authorized...",
hostName, locationAddress);
return false;
}
}
return true;
}
The above example is part of a scheme that utilizes the user's IP address to verify access to particular host--the SecureUsers dictionary was initialized in the static constructor using a configuration text file.
