Beispiel #1
0
        /// <summary>
        /// Summary description for Http
        /// </summary>
        /// <param name="domainID"></param>
        /// <param name="ctx"></param>
        static public Simias.Storage.Member GetMember(string domainID, HttpContext ctx)
        {
            Simias.Authentication.Session simiasSession;
            Simias.Authentication.Status  status;
            Simias.Storage.Domain         domain = null;
            Simias.Storage.Member         member = null;
            Store store = Store.GetStore();

            ctx.Response.Cache.SetCacheability(HttpCacheability.NoCache);

            //
            // Look for the special domain ID header in the request.  If the
            // header doesn't exist use the default domain
            //

            if ((domainID != null) && (domainID != String.Empty))
            {
                domain = store.GetDomain(domainID);
            }

            if (domain == null)
            {
                ctx.Response.StatusCode        = 500;
                ctx.Response.StatusDescription = "Invalid Domain";
                ctx.ApplicationInstance.CompleteRequest();
                return(null);
            }

            if (ctx.Session != null)
            {
                simiasSession = ctx.Session[sessionTag] as Simias.Authentication.Session;
                if (simiasSession != null)
                {
                    ctx.User = simiasSession.User;
                }

                if (ctx.User.Identity.IsAuthenticated == false)
                {
                    status = DomainProvider.Authenticate(domain, ctx);
                    if (status.statusCode != StatusCodes.Success &&
                        status.statusCode != StatusCodes.SuccessInGrace)
                    {
                        Simias.Authentication.Http.SetResponseHeaders(ctx, status);
                        if (ctx.Response.StatusCode == 401)
                        {
                            ctx.Response.AddHeader(
                                "WWW-Authenticate",
                                String.Concat("Basic realm=\"", domain.Name, "\""));
                        }

                        ctx.ApplicationInstance.CompleteRequest();
                        return(null);
                    }

                    // Authentication modules are required to set the member's
                    // userID on successful authentication - let's make sure
                    if (status.UserID == null || status.UserID == "")
                    {
                        ctx.Response.StatusCode        = 500;
                        ctx.Response.StatusDescription = "Unknown UserID";
                        ctx.ApplicationInstance.CompleteRequest();
                        return(null);
                    }

                    member = domain.GetMemberByID(status.UserID);
                    if (member == null)
                    {
                        ctx.Response.StatusCode        = 500;
                        ctx.Response.StatusDescription = "Unknown Member in Domain";
                        ctx.ApplicationInstance.CompleteRequest();
                        return(null);
                    }

                    if (status.statusCode == StatusCodes.SuccessInGrace ||
                        status.statusCode == StatusCodes.Success)
                    {
                        Simias.Authentication.Http.SetResponseHeaders(ctx, status);
                    }

                    simiasSession          = new Simias.Authentication.Session();
                    simiasSession.MemberID = member.UserID;
                    simiasSession.Requests++;
                    ctx.Session[sessionTag] = simiasSession;

                    // Setup a principal
                    simiasSession.User =
                        new GenericPrincipal(
                            new GenericIdentity(
                                member.UserID,
                                "Basic authentication"),
                            rolesArray);

                    ctx.User = simiasSession.User;
                    Thread.CurrentPrincipal = ctx.User;

                    // Set the last login time for the user.
                    SetLastLoginTime(domain, member);
                }
                else
                {
                    simiasSession.Requests++;
                    Thread.CurrentPrincipal = ctx.User;
                    member = domain.GetMemberByID(simiasSession.MemberID);
                }
            }
            else
            {
                // No session exists so "authenticate" every request
                status = DomainProvider.Authenticate(domain, ctx);
                if (status.statusCode != StatusCodes.Success &&
                    status.statusCode != StatusCodes.SuccessInGrace)
                {
                    Simias.Authentication.Http.SetResponseHeaders(ctx, status);
                    if (ctx.Response.StatusCode == 401)
                    {
                        ctx.Response.AddHeader(
                            "WWW-Authenticate",
                            String.Concat("Basic realm=\"", domain.Name, "\""));
                    }

                    ctx.ApplicationInstance.CompleteRequest();
                    return(null);
                }

                // Authentication modules are required to set the member's
                // userID on successful authentication - let's make sure
                if (status.UserID == null || status.UserID == "")
                {
                    ctx.Response.StatusCode        = 500;
                    ctx.Response.StatusDescription = "Unknown UserID-2";
                    ctx.ApplicationInstance.CompleteRequest();
                    return(null);
                }

                member = domain.GetMemberByID(status.UserID);
                if (member == null)
                {
                    ctx.Response.StatusCode        = 500;
                    ctx.Response.StatusDescription = "Unknown Member in Domain-2";
                    ctx.ApplicationInstance.CompleteRequest();
                    return(null);
                }

                // Setup a principal
                ctx.User =
                    new GenericPrincipal(
                        new GenericIdentity(
                            member.UserID,
                            "Basic authentication"),
                        rolesArray);

                Thread.CurrentPrincipal = ctx.User;

                // Set the last login time for the user.
                SetLastLoginTime(domain, member);
            }

            return(member);
        }