private void FileWebDAVModule_BasicAuthorization(object sender, BasicAuthorizationArgs e)
{
e.Authorized = false;
if (!String.IsNullOrEmpty(e.Realm))
{
if (!string.IsNullOrEmpty(e.UserName) && !string.IsNullOrEmpty(e.Password))
{
if (e.UserName.ToLower().Equals("root"))
{
e.Authorized = Common.Solution.CreateFromContext(e.Realm).SolutionPassword.Equals(e.Password);
if (e.Authorized)
{
CreateFileSystemFoldersIfNotExists(e.Realm);
VirtualDirectory vdir = new VirtualDirectory(_fileSystem, e.Realm) { UserName = e.UserName };
String solutionFolder = String.Format(@"{0}", e.Realm);
vdir.AddFolder("access", System.IO.Path.Combine(solutionFolder, "access"), "r");
vdir.AddFolder("filesystem", System.IO.Path.Combine(solutionFolder, "filesystem"), "r");
vdir.AddFolder("log", System.IO.Path.Combine(solutionFolder, "log"), "r");
vdir.AddFolder("resource", System.IO.Path.Combine(solutionFolder, "resource"), "r");
e.UserData = vdir;
}
return;
}
if (e.UserName.ToLower().Equals("admin"))
{
e.Authorized = Common.Solution.CreateFromContext(e.Realm).SolutionPassword.Equals(e.Password);
if (e.Authorized)
{
CreateFileSystemFoldersIfNotExists(e.Realm);
VirtualDirectory vdir = new VirtualDirectory(_fileSystem, e.Realm) { UserName = e.UserName };
String solutionFolder = String.Format(@"{0}\filesystem", e.Realm);
vdir.AddFolder("shared", String.Format(@"{0}\shared", solutionFolder), "rw");
vdir.AddFolder("private", String.Format(@"{0}\private", solutionFolder), "rw");
vdir.AddFolder("exchange", String.Format(@"{0}\exchange", solutionFolder), "rw");
vdir.AddVirtualFile("exchange.txt", String.Format(@"{0}\exchange", solutionFolder), new CatalogFile());
vdir.AddVirtualFile("private.txt", String.Format(@"{0}\private", solutionFolder), new CatalogFile());
vdir.AddVirtualFile("shared.txt", String.Format(@"{0}\shared", solutionFolder), new CatalogFile());
vdir.AddVirtualFile("log.txt", String.Format(@"{0}\log", solutionFolder), new CatalogFile());
e.UserData = vdir;
}
return;
}
//user
Guid userId;
if (System.Guid.TryParse(e.UserName, out userId))
{
e.Authorized = Common.Logon.UserExists(e.Realm, userId, e.Password);
if (e.Authorized)
{
CreateFileSystemFoldersIfNotExists(e.Realm);
VirtualDirectory vdir = new VirtualDirectory(_fileSystem, e.Realm) { UserName = e.UserName };
String solutionFolder = String.Format(@"{0}\filesystem", e.Realm);
if (!_fileSystem.DirectoryExists(String.Format(@"{0}\private\{1}", solutionFolder, e.UserName)))
_fileSystem.CreateSubDirectory(String.Format(@"{0}\private", solutionFolder), e.UserName);
if (!_fileSystem.DirectoryExists(String.Format(@"{0}\log\{1}", solutionFolder, e.UserName)))
_fileSystem.CreateSubDirectory(String.Format(@"{0}\log", solutionFolder), e.UserName);
vdir.AddFolder("shared", String.Format(@"{0}\shared", solutionFolder), "r");
vdir.AddFolder("private", String.Format(@"{0}\private\{1}", solutionFolder, e.UserName), "rw");
vdir.AddFolder("log", String.Format(@"{0}\log\{1}", solutionFolder, e.UserName), "rw");
if(Common.Logon.CheckIfFilterShared(e.Realm))
vdir.AddVirtualFile("shared.txt", String.Format(@"{0}\shared", solutionFolder), new CatalogFileFiltered(Common.Solution.CreateFromContext(e.Realm), userId));
else
vdir.AddVirtualFile("shared.txt", String.Format(@"{0}\shared", solutionFolder), new CatalogFile());
vdir.AddVirtualFile("private.txt", String.Format(@"{0}\private\{1}", solutionFolder, e.UserName), new CatalogFile());
vdir.AddVirtualFile("log.txt", String.Format(@"{0}\log\{1}", solutionFolder, e.UserName), new CatalogFile());
e.UserData = vdir;
}
}
}
}
}
/// <summary>
/// Raises the BasicAuthorization event
/// </summary>
private void OnBasicAuthorization(BasicAuthorizationArgs e)
{
if (this.BasicAuthorization != null)
this.BasicAuthorization(this, e);
}
private void FileWebDAVModule_BasicAuthorization(object sender, BasicAuthorizationArgs e)
{
//Just for an example... authorize request IF username and password are not ""
if (!string.IsNullOrEmpty(e.UserName) && !string.IsNullOrEmpty(e.Password))
e.Authorized = true;
}
private void context_AuthenticateRequest(object sender, EventArgs e)
{
bool _requestAuthorized = true;
var _httpApp = (HttpApplication)sender;
//Since we are processing all wildcards...
// The web project will not load if we intercept its request.
// Therefore... if the User-Agent is the studio... do nothing
if (_httpApp.Request.Headers["User-Agent"] != null && !_httpApp.Request.Headers["User-Agent"].StartsWith("Microsoft-Visual-Studio.NET"))
{
//Check to see if the request needs to be authenticated
if (this.ModuleAuthentication != Authentication.None)
{
var _authArgs = new AuthenticationArgs(_httpApp.Request.Url, "", this.ModuleAuthentication);
var _authorizationArgs = new AuthorizationArgs(_authArgs);
//Fire the event
this.OnAuthenticateRequest(_authArgs);
if (_authArgs.ProcessAuthorization)
{
_httpApp.Context.Items["WebDAVModule_AuthArgs"] = _authArgs;
string _authStr = _httpApp.Request.Headers["Authorization"];
switch (this.ModuleAuthentication)
{
case Authentication.Basic:
//By default the request is not authorized
_requestAuthorized = false;
if (!string.IsNullOrEmpty(_authStr) && _authStr.StartsWith("Basic"))
{
byte[] _decodedBytes = Convert.FromBase64String(_authStr.Substring(6));
string[] _authInfo = System.Text.Encoding.ASCII.GetString(_decodedBytes).Split(':');
var _basicAuthArgs = new BasicAuthorizationArgs(_authInfo[0], _authInfo[1], _authArgs.Realm);
//Set the authorization username
_authorizationArgs.UserName = _basicAuthArgs.UserName;
//Fire the event
this.OnBasicAuthorization(_basicAuthArgs);
if (_basicAuthArgs.Authorized)
{
_requestAuthorized = true;
_httpApp.Context.User = new GenericPrincipal(new GenericIdentity(_basicAuthArgs.UserName, "Basic"), null);
}
_authorizationArgs.RequestAuthorized = _requestAuthorized;
//Fire the event
this.OnAuthorizationComplete(_authorizationArgs);
}
break;
case Authentication.Digest:
//By default the request is not authorized
_requestAuthorized = false;
if (!string.IsNullOrEmpty(_authStr) && _authStr.StartsWith("Digest"))
{
_authStr = _authStr.Substring(7);
var _authItems = new SortedList<string, string>();
foreach (string _authItem in _authStr.Split(','))
{
string[] _authItemArray = _authItem.Split('=');
string _authKey = _authItemArray[0].Trim(new char[] { ' ', '\"' });
string _authValue = _authItemArray[1].Trim(new char[] { ' ', '\"' });
_authItems[_authKey] = _authValue;
}
var _digestAuthArgs = new DigestAuthorizationArgs(_authItems["username"], _authItems["realm"]);
//Set the authorization username
_authorizationArgs.UserName = _digestAuthArgs.UserName;
//Fire the event
this.OnDigestAuthorization(_digestAuthArgs);
//Validate password
string _userInfo = String.Format("{0}:{1}:{2}", _authItems["username"], _authArgs.Realm, _digestAuthArgs.Password);
string _hashedUserInfo = GetMD5HashBinHex(_userInfo);
string _uriInfo = String.Format("{0}:{1}", _httpApp.Request.HttpMethod, _authItems["uri"]);
string _hashedUriInfo = GetMD5HashBinHex(_uriInfo);
string _nonceInfo = null;
if (_authItems.ContainsKey("qop"))
{
_nonceInfo = String.Format
(
"{0}:{1}:{2}:{3}:{4}:{5}",
new object[] {
_hashedUserInfo,
_authItems["nonce"],
_authItems["nc"],
_authItems["cnonce"],
_authItems["qop"],
_hashedUriInfo
}
);
}
else
{
_nonceInfo = String.Format
(
"{0}:{1}:{2}",
_hashedUserInfo,
_authItems["nonce"],
_hashedUriInfo
);
}
string _hashedNonceInfo = GetMD5HashBinHex(_nonceInfo);
bool _staleNonce = !this.IsValidNonce(_authItems["nonce"]);
_httpApp.Context.Items["WebDAVModule_DigestStaleNonce"] = _staleNonce;
if (_authItems["response"] == _hashedNonceInfo && !_staleNonce)
{
_requestAuthorized = true;
_httpApp.Context.User = new GenericPrincipal(new GenericIdentity(_digestAuthArgs.UserName, "Digest"), null);
}
_authorizationArgs.RequestAuthorized = _requestAuthorized;
//Fire the event
this.OnAuthorizationComplete(_authorizationArgs);
}
break;
}
}
}
if (!_requestAuthorized)
DenyAccess(_httpApp);
else
{
//Check to see if we should process the request
var _processRequestArgs = new DavProcessRequestArgs(_httpApp.Context, this.IsWebDAVRequest);
//Fire the event
this.OnProcessRequest(_processRequestArgs);
if (_processRequestArgs.ProcessRequest)
{
if (!string.IsNullOrEmpty(this.DebugFilePath))
WebDavProcessor.DebugFilePath = this.DebugFilePath;
this.WebDavProcessor.ProcessRequest(_httpApp);
}
//Fire the event
this.OnRequestProcessed();
}
}
}
