MultifactorLab · KotikovAlexander · Jan 14, 2026 · Jan 21, 2026 · Jan 21, 2026 · Jan 28, 2026
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Cache/IAuthenticatedClientCache.cs b/src/Multifactor.Radius.Adapter.v2.Application/Cache/IAuthenticatedClientCache.cs
@@ -0,0 +1,7 @@
+namespace Multifactor.Radius.Adapter.v2.Application.Cache;
+
+public interface IAuthenticatedClientCache
+{
+    void SetCache(string? callingStationId, string userName, string clientName, TimeSpan lifetime);
+    bool TryHitCache(string? callingStationId, string userName, string clientName, TimeSpan lifetime);
+}
diff --git a/...dapter.v2/Services/Cache/ICacheService.cs → ...ter.v2.Application/Cache/ICacheService.cs b/...dapter.v2/Services/Cache/ICacheService.cs → ...ter.v2.Application/Cache/ICacheService.cs
@@ -1,9 +1,9 @@
-namespace Multifactor.Radius.Adapter.v2.Services.Cache;
+namespace Multifactor.Radius.Adapter.v2.Application.Cache;
 
 public interface ICacheService
 {
+    //TODO разделить на несколько
     void Set<T>(string key, T value, DateTimeOffset expirationDate);
-    void Set<T>(string key, T value);
     bool TryGetValue<T>(string key, out T? value);
     void Remove(string key);
 }
diff --git a/...s.Adapter.v2/Core/ApplicationVariables.cs → ...figuration/Models/ApplicationVariables.cs b/...s.Adapter.v2/Core/ApplicationVariables.cs → ...figuration/Models/ApplicationVariables.cs
@@ -1,4 +1,4 @@
-namespace Multifactor.Radius.Adapter.v2.Core
+namespace Multifactor.Radius.Adapter.v2.Application.Configuration.Models
 {
     public class ApplicationVariables
     {

diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/IClientConfiguration.cs b/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/IClientConfiguration.cs
@@ -0,0 +1,36 @@
+using System.Net;
+using Multifactor.Radius.Adapter.v2.Application.Core.Models;
+using Multifactor.Radius.Adapter.v2.Application.Core.Models.Enum;
+using NetTools;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Configuration.Models;
+
+public interface IClientConfiguration
+{
+    public string Name { get; }
+
+    public string MultifactorNasIdentifier { get; }
+    public string MultifactorSharedSecret { get; }
+    public IReadOnlyList<string> SignUpGroups { get; }
+    public bool BypassSecondFactorWhenApiUnreachable { get; }
+    public AuthenticationSource FirstFactorAuthenticationSource { get; }
+    public IPEndPoint AdapterClientEndpoint { get; }
+
+    public IReadOnlyList<IPAddress?> RadiusClientIps { get; }
+    public string RadiusClientNasIdentifier { get; }
+    public string RadiusSharedSecret { get; }
+    public IReadOnlyList<IPEndPoint> NpsServerEndpoints { get; }
+    public TimeSpan NpsServerTimeout { get; }
+
+    public Privacy Privacy { get; }
+
+    public PreAuthMode? PreAuthenticationMethod { get; }
+    public TimeSpan AuthenticationCacheLifetime { get; }
+    public CredentialDelay? InvalidCredentialDelay { get; }
+    public string? CallingStationIdAttribute { get; } //TODO not used
+    public IReadOnlyList<IPAddressRange> IpWhiteList { get; }
+
+    public IReadOnlyList<ILdapServerConfiguration>? LdapServers { get; }
+    public IReadOnlyDictionary<string, IReadOnlyList<IRadiusReplyAttribute>>? ReplyAttributes { get; }
+}
+
diff --git a/...ultifactor.Radius.Adapter.v2.Application/Configuration/Models/ILdapServerConfiguration.cs b/...ultifactor.Radius.Adapter.v2.Application/Configuration/Models/ILdapServerConfiguration.cs
@@ -0,0 +1,27 @@
+using Multifactor.Core.Ldap.Name;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Configuration.Models;
+
+public interface ILdapServerConfiguration
+{
+    public string ConnectionString { get; }
+    public string Username { get; }
+    public string Password { get; }
+    public int BindTimeoutSeconds{ get; }
+    public IReadOnlyList<DistinguishedName> AccessGroups { get; }
+    public IReadOnlyList<DistinguishedName> SecondFaGroups { get; }
+    public IReadOnlyList<DistinguishedName> SecondFaBypassGroups { get; }
+    public bool LoadNestedGroups { get; }
+    public IReadOnlyList<DistinguishedName> NestedGroupsBaseDns { get; }
+    public IReadOnlyList<DistinguishedName> AuthenticationCacheGroups { get; }
+    public IReadOnlyList<string> PhoneAttributes { get; }
+    public string IdentityAttribute { get; }
+    public bool RequiresUpn { get; }
+    public bool TrustedDomainsEnabled { get; }
+    public bool AlternativeSuffixesEnabled { get; }
+    public IReadOnlyList<string> IncludedDomains { get; }//TODO not used
+    public IReadOnlyList<string> ExcludedDomains { get; }//TODO not used
+    public IReadOnlyList<string> IncludedSuffixes { get; }
+    public IReadOnlyList<string> ExcludedSuffixes { get; }
+    public IReadOnlyList<string> BypassSecondFactorWhenApiUnreachableGroups { get; }
+}
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/IRadiusReplyAttribute.cs b/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/IRadiusReplyAttribute.cs
@@ -0,0 +1,12 @@
+namespace Multifactor.Radius.Adapter.v2.Application.Configuration.Models;
+
+public interface IRadiusReplyAttribute
+{
+    public string Name { get; }
+    public object Value { get; }
+    public IReadOnlyList<string> UserGroupCondition { get; }
+    public IReadOnlyList<string> UserNameCondition { get; }
+    public bool Sufficient { get; }
+    public bool IsMemberOf => Name?.ToLower() == "memberof";
+    public bool FromLdap => !string.IsNullOrWhiteSpace(Name);
+}
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/IRootConfiguration.cs b/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/IRootConfiguration.cs
@@ -0,0 +1,24 @@
+using System.Net;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Configuration.Models;
+
+public interface IRootConfiguration
+{
+    IReadOnlyList<Uri> MultifactorApiUrls { get; }
+    string? MultifactorApiProxy { get; }
+    TimeSpan MultifactorApiTimeout { get; }
+    IPEndPoint? AdapterServerEndpoint { get; }
+    string LoggingLevel { get; }
+    string? LoggingFormat { get; }
+    bool SyslogUseTls { get; }
+    string? SyslogServer { get; }
+    string? SyslogFormat { get; }
+    string? SyslogFacility { get; }
+    string SyslogAppName { get; }
+    string? SyslogFramer { get; }
+    string? SyslogOutputTemplate { get; }
+
+    string? ConsoleLogOutputTemplate { get; }
+    string? FileLogOutputTemplate { get; }
+    int LogFileMaxSizeBytes { get; }
+}
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/ServiceConfiguration.cs b/src/Multifactor.Radius.Adapter.v2.Application/Configuration/Models/ServiceConfiguration.cs
@@ -0,0 +1,22 @@
+using System.Net;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Configuration.Models;
+
+public class ServiceConfiguration
+{
+    public required IRootConfiguration RootConfiguration { get; init; }
+    public required IReadOnlyList<IClientConfiguration> ClientsConfigurations  { get; init; }
+    public IClientConfiguration? GetClientConfiguration(string nasIdentifier) => ClientsConfigurations.FirstOrDefault(config => config.RadiusClientNasIdentifier == nasIdentifier);
+    public IClientConfiguration? GetClientConfiguration(IPAddress ip)
+    {
+        if (SingleClientMode)
+        {
+            return ClientsConfigurations.FirstOrDefault();
+        }
+
+        return ClientsConfigurations.FirstOrDefault(config =>
+            config.RadiusClientIps != null && config.RadiusClientIps.Any() && config.RadiusClientIps.Contains(ip));
+
+    }
+    public bool SingleClientMode { get; init; }
+}
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Core/Models/CredentialDelay.cs b/src/Multifactor.Radius.Adapter.v2.Application/Core/Models/CredentialDelay.cs
@@ -0,0 +1,4 @@
+namespace Multifactor.Radius.Adapter.v2.Application.Core.Models
+{
+    public record CredentialDelay(int Min, int Max);
+}
diff --git a/...pter.v2/Core/Auth/AuthenticationSource.cs → .../Core/Models/Enum/AuthenticationSource.cs b/...pter.v2/Core/Auth/AuthenticationSource.cs → .../Core/Models/Enum/AuthenticationSource.cs
@@ -1,4 +1,4 @@
-namespace Multifactor.Radius.Adapter.v2.Core.Auth
+namespace Multifactor.Radius.Adapter.v2.Application.Core.Models.Enum
 {
     [Flags]
     public enum AuthenticationSource

diff --git a/...r.v2/Core/Auth/PreAuthMode/PreAuthMode.cs → ...plication/Core/Models/Enum/PreAuthMode.cs b/...r.v2/Core/Auth/PreAuthMode/PreAuthMode.cs → ...plication/Core/Models/Enum/PreAuthMode.cs
@@ -1,5 +1,6 @@
-namespace Multifactor.Radius.Adapter.v2.Core.Auth.PreAuthMode
+namespace Multifactor.Radius.Adapter.v2.Application.Core.Models.Enum
 {
+    [Flags]
     public enum PreAuthMode
     {
         /// <summary>

diff --git a/...MultifactorApi/PrivacyMode/PrivacyMode.cs → ...plication/Core/Models/Enum/PrivacyMode.cs b/...MultifactorApi/PrivacyMode/PrivacyMode.cs → ...plication/Core/Models/Enum/PrivacyMode.cs
@@ -2,11 +2,12 @@
 //Please see licence at 
 //https://github.com/MultifactorLab/multifactor-radius-adapter/blob/main/LICENSE.md
 
-namespace Multifactor.Radius.Adapter.v2.Core.MultifactorApi.PrivacyMode;
+namespace Multifactor.Radius.Adapter.v2.Application.Core.Models.Enum;
 
 /// <summary>
 /// User information disclosure mode
 /// </summary>
+[Flags]
 public enum PrivacyMode
 {
     /// <summary>

diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Core/Models/Privacy.cs b/src/Multifactor.Radius.Adapter.v2.Application/Core/Models/Privacy.cs
@@ -0,0 +1,6 @@
+using Multifactor.Radius.Adapter.v2.Application.Core.Models.Enum;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Core.Models
+{
+    public record Privacy(PrivacyMode PrivacyMode, string[] PrivacyFields);
+}
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Extensions/ApplicationExtensions.cs b/src/Multifactor.Radius.Adapter.v2.Application/Extensions/ApplicationExtensions.cs
@@ -0,0 +1,82 @@
+using System.Reflection;
+using Microsoft.Extensions.DependencyInjection;
+using Multifactor.Radius.Adapter.v2.Application.Configuration.Models;
+using Multifactor.Radius.Adapter.v2.Application.Features.Multifactor;
+using Multifactor.Radius.Adapter.v2.Application.Features.Pipeline;
+using Multifactor.Radius.Adapter.v2.Application.Features.Pipeline.AccessChallenge;
+using Multifactor.Radius.Adapter.v2.Application.Features.Pipeline.FirstFactor;
+using Multifactor.Radius.Adapter.v2.Application.Features.Pipeline.FirstFactor.BindNameFormat;
+using Multifactor.Radius.Adapter.v2.Application.Features.Pipeline.Interfaces;
+using Multifactor.Radius.Adapter.v2.Application.Features.Pipeline.Steps;
+using Multifactor.Radius.Adapter.v2.Application.Features.Radius.Services;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Extensions;
+
+public static class ApplicationExtensions
+{
+    public static void AddApplicationVariables(this IServiceCollection services)
+    {
+        var appVars = new ApplicationVariables
+        {
+            AppPath = Path.GetDirectoryName(AppDomain.CurrentDomain.BaseDirectory),
+            AppVersion = Assembly.GetExecutingAssembly().GetName().Version?.ToString(),
+            StartedAt = DateTime.Now
+        };
+        services.AddSingleton(appVars);
+    }
+
+    private static void AddLdapBindNameFormation(IServiceCollection services)
+    {
+        services.AddSingleton<ILdapBindNameFormatterProvider, LdapBindNameFormatterProvider>();
+        services.AddTransient<ILdapBindNameFormatter, ActiveDirectoryFormatter>();
+        services.AddTransient<ILdapBindNameFormatter, FreeIpaFormatter>();
+        services.AddTransient<ILdapBindNameFormatter, MultiDirectoryFormatter>();
+        services.AddTransient<ILdapBindNameFormatter, OpenLdapFormatter>();
+        services.AddTransient<ILdapBindNameFormatter, SambaFormatter>();
+    }
+
+    public static void AddFirstFactor(this IServiceCollection services)
+    {
+        services.AddSingleton<IFirstFactorProcessorProvider, FirstFactorProcessorProvider>();
+        services.AddTransient<IFirstFactorProcessor, LdapFirstFactorProcessor>();
+        services.AddTransient<IFirstFactorProcessor, RadiusFirstFactorProcessor>();
+        services.AddTransient<IFirstFactorProcessor, NoneFirstFactorProcessor>();
+    }
+
+    public static void AddChallenge(this IServiceCollection services)
+    {
+        services.AddTransient<IChallengeProcessor, SecondFactorChallengeProcessor>();
+        services.AddTransient<IChallengeProcessor, ChangePasswordChallengeProcessor>();
+        services.AddSingleton<IChallengeProcessorProvider, ChallengeProcessorProvider>();
+    }
+
+    public static void AddPipelines(this IServiceCollection services)
+    {
+        services.AddSingleton<IPipelineProvider, RadiusPipelineProvider>();
+        services.AddSingleton<IRadiusPipelineFactory, RadiusPipelineFactory>();
+    }    
+
+    public static void AddPipelineSteps(this IServiceCollection services)
+    {
+        services.AddTransient<StatusServerFilteringStep>();
+        services.AddTransient<AccessRequestFilteringStep>();
+        services.AddTransient<LdapSchemaLoadingStep>();
+        services.AddTransient<ProfileLoadingStep>();
+        services.AddTransient<AccessGroupsCheckingStep>();
+        services.AddTransient<AccessChallengeStep>();
+        services.AddTransient<FirstFactorStep>();
+        services.AddTransient<SecondFactorStep>();
+        services.AddTransient<PreAuthCheckStep>();
+        services.AddTransient<PreAuthPostCheck>();
+        services.AddTransient<UserGroupLoadingStep>();
+        services.AddTransient<UserNameValidationStep>();
+        services.AddTransient<IpWhiteListStep>();
+    }
+
+    public static void AddAppServices(this IServiceCollection services)
+    {
+        services.AddTransient<MultifactorApiService>();
+        services.AddTransient<IRadiusPacketProcessor, RadiusPacketProcessor>();
+        AddLdapBindNameFormation(services);
+    }
+}
diff --git a/...ltifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/ChangeUserPasswordRequest.cs b/...ltifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/ChangeUserPasswordRequest.cs
@@ -0,0 +1,12 @@
+using Multifactor.Core.Ldap.Name;
+using Multifactor.Core.Ldap.Schema;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Features.Ldap.Models;
+
+public class ChangeUserPasswordRequest
+{
+    public LdapConnectionData ConnectionData { get; set; }
+    public ILdapSchema LdapSchema { get; set; }
+    public DistinguishedName DistinguishedName  { get; set; }
+    public string NewPassword { get; set; }
+}
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/FindUserRequest.cs b/src/Multifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/FindUserRequest.cs
@@ -0,0 +1,15 @@
+using Multifactor.Core.Ldap.Attributes;
+using Multifactor.Core.Ldap.Name;
+using Multifactor.Core.Ldap.Schema;
+using Multifactor.Radius.Adapter.v2.Application.Features.Pipeline.Models;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Features.Ldap.Models;
+
+public class FindUserRequest
+{
+    public LdapConnectionData ConnectionData { get; set; }
+    public UserIdentity UserIdentity { get; set; }
+    public DistinguishedName SearchBase { get; set; }
+    public ILdapSchema LdapSchema { get; set; }
+    public LdapAttributeName[]? AttributeNames { get; set; }
+}
diff --git a/...dius.Adapter.v2/Core/Ldap/ILdapProfile.cs → ...tion/Features/Ldap/Models/ILdapProfile.cs b/...dius.Adapter.v2/Core/Ldap/ILdapProfile.cs → ...tion/Features/Ldap/Models/ILdapProfile.cs
@@ -1,12 +1,11 @@
 using Multifactor.Core.Ldap.Attributes;
 using Multifactor.Core.Ldap.Name;
 
-namespace Multifactor.Radius.Adapter.v2.Core.Ldap;
+namespace Multifactor.Radius.Adapter.v2.Application.Features.Ldap.Models;
 
 public interface ILdapProfile
 {
     DistinguishedName Dn { get; }
-    string? Upn { get; }
     string? Phone { get; }
     string? Email { get; }
     string? DisplayName { get; }

diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/LdapConnectionData.cs b/src/Multifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/LdapConnectionData.cs
@@ -0,0 +1,9 @@
+namespace Multifactor.Radius.Adapter.v2.Application.Features.Ldap.Models;
+
+public class LdapConnectionData
+{
+    public string ConnectionString { get; set; }
+    public string UserName { get; set; }
+    public string Password { get; set; }
+    public int BindTimeoutInSeconds { get; set; }
+}
diff --git a/...adius.Adapter.v2/Core/Ldap/LdapProfile.cs → ...ation/Features/Ldap/Models/LdapProfile.cs b/...adius.Adapter.v2/Core/Ldap/LdapProfile.cs → ...ation/Features/Ldap/Models/LdapProfile.cs
@@ -1,18 +1,17 @@
 using Multifactor.Core.Ldap.Attributes;
 using Multifactor.Core.Ldap.Entry;
-using Multifactor.Core.Ldap.LangFeatures;
 using Multifactor.Core.Ldap.Name;
 using Multifactor.Core.Ldap.Schema;
 
-namespace Multifactor.Radius.Adapter.v2.Core.Ldap;
+namespace Multifactor.Radius.Adapter.v2.Application.Features.Ldap.Models;
 
 public class LdapProfile : ILdapProfile
 {
     private readonly LdapEntry _ldapEntry;
 
     public LdapProfile(LdapEntry ldapEntry, ILdapSchema? schema = null)
     {
-        Throw.IfNull(ldapEntry, nameof(ldapEntry));
+        ArgumentNullException.ThrowIfNull(ldapEntry, nameof(ldapEntry));
         _ldapEntry = ldapEntry;
 
         MemberOf = _ldapEntry.Attributes["memberOf"]?.GetNotEmptyValues().Select(n => new DistinguishedName(n, schema)).ToList() ?? [];
@@ -26,9 +25,9 @@ public LdapProfile(LdapEntry ldapEntry, ILdapSchema? schema = null)
 
     public DistinguishedName Dn { get; }
     public string? Upn { get; }
-    public string? Phone { get; }
-    public string? Email { get; }
-    public string? DisplayName { get; }
+    public string? Phone { get; set; }
+    public string? Email { get; set; }
+    public string? DisplayName { get; set; }
     public IReadOnlyCollection<DistinguishedName> MemberOf { get; }
     public IReadOnlyCollection<LdapAttribute> Attributes { get; }
 }
diff --git a/src/Multifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/LoadUserGroupRequest.cs b/src/Multifactor.Radius.Adapter.v2.Application/Features/Ldap/Models/LoadUserGroupRequest.cs
@@ -0,0 +1,13 @@
+using Multifactor.Core.Ldap.Name;
+using Multifactor.Core.Ldap.Schema;
+
+namespace Multifactor.Radius.Adapter.v2.Application.Features.Ldap.Models;
+
+public class LoadUserGroupRequest
+{
+    public LdapConnectionData ConnectionData { get; set; }
+    public ILdapSchema LdapSchema { get; set; }
+    public DistinguishedName UserDN { get; set; }
+    public DistinguishedName? SearchBase { get; set; }
+    public int Limit { get; set; } = int.MaxValue;
+}