protected override void SaveSharePointContext(SharePointContext spContext, HttpContextBase httpContext)
 {
     httpContext.Session[SPContextKey] = spContext as SharePointHighTrustContext;
 }
        protected override void SaveSharePointContext(SharePointContext spContext, HttpContextBase httpContext)
        {
            SharePointAcsContext spAcsContext = spContext as SharePointAcsContext;

            if (spAcsContext != null)
            {
                HttpCookie spCacheKeyCookie = new HttpCookie(SPCacheKeyKey)
                {
                    Value = spAcsContext.CacheKey,
                    Secure = true,
                    HttpOnly = true
                };

                httpContext.Response.AppendCookie(spCacheKeyCookie);
            }

            httpContext.Session[SPContextKey] = spAcsContext;
        }
        protected override bool ValidateSharePointContext(SharePointContext spContext, HttpContextBase httpContext)
        {
            SharePointHighTrustContext spHighTrustContext = spContext as SharePointHighTrustContext;

            if (spHighTrustContext != null)
            {
                Uri spHostUrl = SharePointContext.GetSPHostUrl(httpContext.Request);
                WindowsIdentity logonUserIdentity = httpContext.Request.LogonUserIdentity;

                return spHostUrl == spHighTrustContext.SPHostUrl &&
                       logonUserIdentity != null &&
                       logonUserIdentity.IsAuthenticated &&
                       !logonUserIdentity.IsGuest &&
                       logonUserIdentity.User == spHighTrustContext.LogonUserIdentity.User;
            }

            return false;
        }
 /// <summary>
 /// Saves the specified SharePointContext instance associated with the specified HTTP context.
 /// <c>null</c> is accepted for clearing the SharePointContext instance associated with the HTTP context.
 /// </summary>
 /// <param name="spContext">The SharePointContext instance to be saved, or <c>null</c>.</param>
 /// <param name="httpContext">The HTTP context.</param>
 protected abstract void SaveSharePointContext(SharePointContext spContext, HttpContextBase httpContext);
        protected override bool ValidateSharePointContext(SharePointContext spContext, HttpContextBase httpContext)
        {
            SharePointAcsContext spAcsContext = spContext as SharePointAcsContext;

            if (spAcsContext != null)
            {
                Uri spHostUrl = SharePointContext.GetSPHostUrl(httpContext.Request);
                string contextToken = TokenHelper.GetContextTokenFromRequest(httpContext.Request);
                HttpCookie spCacheKeyCookie = httpContext.Request.Cookies[SPCacheKeyKey];
                string spCacheKey = spCacheKeyCookie != null ? spCacheKeyCookie.Value : null;

                return spHostUrl == spAcsContext.SPHostUrl &&
                       !string.IsNullOrEmpty(spAcsContext.CacheKey) &&
                       spCacheKey == spAcsContext.CacheKey &&
                       !string.IsNullOrEmpty(spAcsContext.ContextToken) &&
                       (string.IsNullOrEmpty(contextToken) || contextToken == spAcsContext.ContextToken);
            }

            return false;
        }
 /// <summary>
 /// Validates if the given SharePointContext can be used with the specified HTTP context.
 /// </summary>
 /// <param name="spContext">The SharePointContext.</param>
 /// <param name="httpContext">The HTTP context.</param>
 /// <returns>True if the given SharePointContext can be used with the specified HTTP context.</returns>
 protected abstract bool ValidateSharePointContext(SharePointContext spContext, HttpContextBase httpContext);
Beispiel #7
0
 protected override void SaveSharePointContext(SharePointContext spContext, HttpContextBase httpContext)
 {
     httpContext.Session[SPContextKey] = spContext as SharePointHighTrustContext;
 }
Beispiel #8
0
 /// <summary>
 /// Saves the specified SharePointContext instance associated with the specified HTTP context.
 /// <c>null</c> is accepted for clearing the SharePointContext instance associated with the HTTP context.
 /// </summary>
 /// <param name="spContext">The SharePointContext instance to be saved, or <c>null</c>.</param>
 /// <param name="httpContext">The HTTP context.</param>
 protected abstract void SaveSharePointContext(SharePointContext spContext, HttpContextBase httpContext);
Beispiel #9
0
 /// <summary>
 /// Validates if the given SharePointContext can be used with the specified HTTP context.
 /// </summary>
 /// <param name="spContext">The SharePointContext.</param>
 /// <param name="httpContext">The HTTP context.</param>
 /// <returns>True if the given SharePointContext can be used with the specified HTTP context.</returns>
 protected abstract bool ValidateSharePointContext(SharePointContext spContext, HttpContextBase httpContext);
Beispiel #10
0
        /// <summary>
        /// Checks if it is necessary to redirect to SharePoint for user to authenticate.
        /// </summary>
        /// <param name="httpContext">The HTTP context.</param>
        /// <param name="redirectUrl">The redirect url to SharePoint if the status is ShouldRedirect. <c>Null</c> if the status is Ok or CanNotRedirect.</param>
        /// <returns>Redirection status.</returns>
        public static RedirectionStatus CheckRedirectionStatus(HttpContextBase httpContext, out Uri redirectUrl)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
            }

            redirectUrl = null;
            bool contextTokenExpired = false;

            try
            {
                if (SharePointContextProvider.Current.GetSharePointContext(httpContext) != null)
                {
                    return(RedirectionStatus.Ok);
                }
            }
            catch (SecurityTokenExpiredException)
            {
                contextTokenExpired = true;
            }

            const string SPHasRedirectedToSharePointKey = "SPHasRedirectedToSharePoint";

            if (!string.IsNullOrEmpty(httpContext.Request.QueryString[SPHasRedirectedToSharePointKey]) && !contextTokenExpired)
            {
                return(RedirectionStatus.CanNotRedirect);
            }

            Uri spHostUrl = SharePointContext.GetSPHostUrl(httpContext.Request);

            if (spHostUrl == null)
            {
                return(RedirectionStatus.CanNotRedirect);
            }

            if (StringComparer.OrdinalIgnoreCase.Equals(httpContext.Request.HttpMethod, "POST"))
            {
                return(RedirectionStatus.CanNotRedirect);
            }

            Uri requestUrl = httpContext.Request.Url;

            var queryNameValueCollection = HttpUtility.ParseQueryString(requestUrl.Query);

            // Removes the values that are included in {StandardTokens}, as {StandardTokens} will be inserted at the beginning of the query string.
            queryNameValueCollection.Remove(SharePointContext.SPHostUrlKey);
            queryNameValueCollection.Remove(SharePointContext.SPAppWebUrlKey);
            queryNameValueCollection.Remove(SharePointContext.SPLanguageKey);
            queryNameValueCollection.Remove(SharePointContext.SPClientTagKey);
            queryNameValueCollection.Remove(SharePointContext.SPProductNumberKey);

            // Adds SPHasRedirectedToSharePoint=1.
            queryNameValueCollection.Add(SPHasRedirectedToSharePointKey, "1");

            UriBuilder returnUrlBuilder = new UriBuilder(requestUrl);

            returnUrlBuilder.Query = queryNameValueCollection.ToString();

            // Inserts StandardTokens.
            const string StandardTokens  = "{StandardTokens}";
            string       returnUrlString = returnUrlBuilder.Uri.AbsoluteUri;

            returnUrlString = returnUrlString.Insert(returnUrlString.IndexOf("?") + 1, StandardTokens + "&");

            // Constructs redirect url.
            string redirectUrlString = TokenHelper.GetAppContextTokenRequestUrl(spHostUrl.AbsoluteUri, Uri.EscapeDataString(returnUrlString));

            redirectUrl = new Uri(redirectUrlString, UriKind.Absolute);

            return(RedirectionStatus.ShouldRedirect);
        }