/// <summary> /// Validates the signature of a response. /// </summary> /// <param name="response"></param> private Boolean Validate(RavenResponse response) { // find the public key corresponding to the key used by the // server to generate the response signature String key = String.Format("pubkey{0}", response.CertificateID); if (!this.certificates.ContainsKey(key)) { throw new RavenException("Couldn't find the public key needed to validate the response."); } X509Certificate2 cert = this.certificates[key]; // calculate a hash for the signature data: // 1. convert the signature data into bytes using the ASCII encoding // 2. calculate a SHA1 hash for the bytes SHA1Managed sha1 = new SHA1Managed(); ASCIIEncoding ascii = new ASCIIEncoding(); Byte[] asciiHash = sha1.ComputeHash(ascii.GetBytes(response.SignatureData)); // 3. validate this hash against the signature obtained from the response RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key; RSAPKCS1SignatureDeformatter def = new RSAPKCS1SignatureDeformatter(csp); def.SetHashAlgorithm("SHA1"); return(def.VerifySignature(asciiHash, response.Signature)); }
/// <summary> /// Attempts to load the user's identity from a cookie. /// </summary> /// <param name="context"></param> /// <returns>Returns true if the user is authenticated or false if not.</returns> public bool LoadIdentity(HttpContextBase context, RavenResponse response) { // try to find the authentication cookie //HttpCookie authCookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; //HttpCookie authCookie1 = context.Request.Cookies["__RequestVerificationToken"]; //HttpCookie authCookie2 = context.Request.Cookies["ASP.NET_SessionId"]; //HttpCookie authCookie3 = context.Request.Cookies["__RavenState"]; if (response != null) { // decrypt the contents //FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie1.Value); var ravenUser = new RavenPrincipal(new RavenIdentity(response.Principal)); //ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(new List<ClaimsIdentity>() //{ // ravenClaim //}); //IPrincipal principal = claimsPrincipal as IPrincipal; context.User = ravenUser; // there is an active session return(true); } // there is no active session return(false); }
public ExternalLoginInfo GetExternalLoginInfo(System.Web.HttpContextBase context, RavenCallbackCode ravenCallbackCode) { HttpRequestBase request = context.Request; HttpResponseBase response = context.Response; // if this is not a POST request, then we can look for a response if (!request.HttpMethod.Equals("POST")) { // try to get the response String wlsResponse = request.Params[WLS_RESPONSE_PARAM]; if (!String.IsNullOrWhiteSpace(wlsResponse)) { // parse the response data RavenResponse ravenResponse = new RavenResponse(wlsResponse); // if the server has indicated that authentication was successful, // validate the response signature and set an authentication cookie if (ravenResponse.Status == RavenStatus.OK) { if (!this.Validate(ravenResponse)) { throw new RavenException("Failed to validate response signature."); } // create a Forms authentication ticket and cookie //this.CreateTicket(response, ravenResponse); // redirect the user back to where they started //response.Redirect(ravenResponse.URL); //bool hasLocalAccount = OAuthWebSecurity.HasLocalAccount(WebSecurity.GetUserId(ravenResponse.Principal)); //if (hasLocalAccount || OAuthWebSecurity.GetAccountsFromUserName(ravenResponse.Principal).Count > 1) //{ if (ravenCallbackCode == RavenCallbackCode.Login) { this.LoadIdentity(context, ravenResponse); } return(GetExternalLoginInfo(context, ravenResponse)); //this.CreateTicket(response, ravenResponse); //} //return new AuthenticationResult(false, ProviderName, ravenResponse.Principal, ravenResponse.Principal, null); } else { return(null); } } } // At this point authe=orisation failed. Return null authorisation. return(null); }
/// <summary> /// Attempts to load the user's identity from a cookie. /// </summary> /// <param name="context"></param> /// <returns>Returns true if the user is authenticated or false if not.</returns> private ExternalLoginInfo GetExternalLoginInfo(HttpContextBase context, RavenResponse ravenResponse) { var loginInfo = new UserLoginInfo(ProviderName, ravenResponse.Principal); ClaimsIdentity claims = context.User.Identity as ClaimsIdentity; var externalLogin = new ExternalLoginInfo() { DefaultUserName = ravenResponse.Principal, Email = string.Empty, Login = loginInfo, ExternalIdentity = claims }; return(externalLogin); }
/// <summary> /// Generate a Forms authentication ticket for the current session. /// </summary> /// <param name="response"></param> /// <param name="ravenResponse"></param> private void CreateTicket(HttpResponseBase response, RavenResponse ravenResponse) { // generate a ticket for the Raven session FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, ravenResponse.Parameters["principal"], DateTime.Now, ravenResponse.Expires, false, ravenResponse.Principal); // encrypt it so that the client can't mess with its contents String encryptedTicket = FormsAuthentication.Encrypt(ticket); // put it in a cookie HttpCookie formsCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); response.Cookies.Add(formsCookie); }