TechnitiumSoftware · zach78954 · Jan 15, 2026 · Jan 17, 2026
diff --git a/DnsServerCore/Auth/AuthManager.cs b/DnsServerCore/Auth/AuthManager.cs
@@ -869,6 +869,21 @@ public UserSession CreateApiToken(string tokenName, string username, IPAddress r
             return session;
         }
 
+        public UserSession CreateSsoSession(User user, IPAddress remoteAddress, string userAgent)
+        {
+            if (user.Disabled)
+                throw new DnsWebServiceException("Account is suspended.");
+
+            UserSession session = new UserSession(UserSessionType.Standard, null, user, remoteAddress, userAgent);
+
+            if (!_sessions.TryAdd(session.Token, session))
+                throw new DnsWebServiceException("Error while creating session. Please try again.");
+
+            user.LoggedInFrom(remoteAddress);
+
+            return session;
+        }
+
         public UserSession DeleteSession(string token)
         {
             if (_sessions.TryRemove(token, out UserSession session))

diff --git a/DnsServerCore/Auth/User.cs b/DnsServerCore/Auth/User.cs
@@ -52,30 +52,24 @@ class User : IComparable<User>
         AuthenticatorKeyUri _totpKeyUri;
         bool _totpEnabled;
         bool _disabled;
+        bool _isSsoUser; // New field for SSO tracking
         int _sessionTimeoutSeconds = 30 * 60; //default 30 mins
 
         DateTime _previousSessionLoggedOn;
         IPAddress _previousSessionRemoteAddress;
         DateTime _recentSessionLoggedOn;
         IPAddress _recentSessionRemoteAddress;
 
-        readonly ConcurrentDictionary<string, Group> _memberOfGroups;
-
-        #endregion
-
-        #region constructor
-
-        public User(string displayName, string username, string password, int iterations = DEFAULT_ITERATIONS)
+        ConcurrentDictionary<string, Group> _memberOfGroups;
+        public User(string displayName, string username, string password, int iterations)
         {
-            Username = username;
             DisplayName = displayName;
-
+            Username = username;
             ChangePassword(password, iterations);
 
+            _memberOfGroups = new ConcurrentDictionary<string, Group>();
             _previousSessionRemoteAddress = IPAddress.Any;
             _recentSessionRemoteAddress = IPAddress.Any;
-
-            _memberOfGroups = new ConcurrentDictionary<string, Group>(1, 2);
         }
 
         public User(BinaryReader bR, IReadOnlyDictionary<string, Group> groups)
@@ -85,6 +79,7 @@ public User(BinaryReader bR, IReadOnlyDictionary<string, Group> groups)
             {
                 case 1:
                 case 2:
+                case 3: // Version 3 adds IsSsoUser
                     _displayName = bR.ReadShortString();
                     _username = bR.ReadShortString();
                     _passwordHashType = (UserPasswordHashType)bR.ReadByte();
@@ -102,6 +97,12 @@ public User(BinaryReader bR, IReadOnlyDictionary<string, Group> groups)
                     }
 
                     _disabled = bR.ReadBoolean();
+
+                    if (version >= 3)
+                    {
+                        _isSsoUser = bR.ReadBoolean();
+                    }
+
                     _sessionTimeoutSeconds = bR.ReadInt32();
 
                     _previousSessionLoggedOn = bR.ReadDateTime();
@@ -259,13 +260,13 @@ public bool IsMemberOfGroup(Group group)
 
         public void WriteTo(BinaryWriter bW)
         {
-            bW.Write((byte)2);
-            bW.WriteShortString(_displayName);
-            bW.WriteShortString(_username);
+            bW.Write((byte)3); // Bump version to 3
+            bW.WriteShortString(_displayName ?? "");
+            bW.WriteShortString(_username ?? "");
             bW.Write((byte)_passwordHashType);
             bW.Write(_iterations);
-            bW.WriteBuffer(_salt);
-            bW.WriteShortString(_passwordHash);
+            bW.WriteBuffer(_salt ?? Array.Empty<byte>());
+            bW.WriteShortString(_passwordHash ?? "");
 
             if (_totpKeyUri is null)
                 bW.Write("");
@@ -274,6 +275,7 @@ public void WriteTo(BinaryWriter bW)
 
             bW.Write(_totpEnabled);
             bW.Write(_disabled);
+            bW.Write(_isSsoUser); // Write IsSsoUser
             bW.Write(_sessionTimeoutSeconds);
 
             bW.Write(_previousSessionLoggedOn);
@@ -284,7 +286,7 @@ public void WriteTo(BinaryWriter bW)
             bW.Write(Convert.ToByte(_memberOfGroups.Count));
 
             foreach (KeyValuePair<string, Group> group in _memberOfGroups)
-                bW.WriteShortString(group.Value.Name.ToLowerInvariant());
+                bW.WriteShortString(group.Value.Name?.ToLowerInvariant() ?? "");
         }
 
         public override bool Equals(object obj)
@@ -417,6 +419,12 @@ public IPAddress RecentSessionRemoteAddress
         public ICollection<Group> MemberOfGroups
         { get { return _memberOfGroups.Values; } }
 
+        public bool IsSsoUser
+        {
+            get { return _isSsoUser; }
+            set { _isSsoUser = value; }
+        }
+
         #endregion
     }
 }
diff --git a/DnsServerCore/DnsServerCore.csproj b/DnsServerCore/DnsServerCore.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
@@ -27,25 +27,26 @@
 
 	<ItemGroup>
 		<Reference Include="TechnitiumLibrary">
-			<HintPath>..\..\TechnitiumLibrary\bin\TechnitiumLibrary.dll</HintPath>
+			<HintPath>..\TechnitiumLibrary\bin\TechnitiumLibrary.dll</HintPath>
 		</Reference>
 		<Reference Include="TechnitiumLibrary.ByteTree">
-			<HintPath>..\..\TechnitiumLibrary\bin\TechnitiumLibrary.ByteTree.dll</HintPath>
+			<HintPath>..\TechnitiumLibrary\bin\TechnitiumLibrary.ByteTree.dll</HintPath>
 		</Reference>
 		<Reference Include="TechnitiumLibrary.IO">
-			<HintPath>..\..\TechnitiumLibrary\bin\TechnitiumLibrary.IO.dll</HintPath>
+			<HintPath>..\TechnitiumLibrary\bin\TechnitiumLibrary.IO.dll</HintPath>
 		</Reference>
 		<Reference Include="TechnitiumLibrary.Net">
-			<HintPath>..\..\TechnitiumLibrary\bin\TechnitiumLibrary.Net.dll</HintPath>
+			<HintPath>..\TechnitiumLibrary\bin\TechnitiumLibrary.Net.dll</HintPath>
 		</Reference>
 		<Reference Include="TechnitiumLibrary.Security.OTP">
-			<HintPath>..\..\TechnitiumLibrary\bin\TechnitiumLibrary.Security.OTP.dll</HintPath>
+			<HintPath>..\TechnitiumLibrary\bin\TechnitiumLibrary.Security.OTP.dll</HintPath>
 		</Reference>
 	</ItemGroup>
 
 	<ItemGroup>
 		<PackageReference Include="BouncyCastle.Cryptography" Version="2.6.2" />
 		<PackageReference Include="QRCoder" Version="1.7.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.0" />
 	</ItemGroup>
 
 	<ItemGroup>
@@ -264,3 +265,4 @@
 	</ItemGroup>
 
 </Project>
+