internal static HRESULT GetPassportIdentity(
string username,
string password,
out PassportIdentity passportIdentity)
{
return(Service.Instance.AuthenticatePassport(username, password, EPassportPolicyId.MBI_SSL, out passportIdentity));
}
/// ****************************************************************
/// protected Render
/// ----------------------------------------------------------------
/// <summary>
/// Renders the control.
/// </summary>
/// ****************************************************************
///
protected override void Render(HtmlTextWriter output)
{
if ((Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Windows) & (int)AuthenticationMode.Passport) != 0)
{
PassportIdentity passport = (PassportIdentity)Context.User.Identity;
//
// Display the Passport login image.
//
int timeWindow = Config.GetInt("Passport.TimeWindow", 14400);
bool secure = Request.IsSecureConnection;
string thisUrl = (Request.IsSecureConnection ? "https://" : "http://") +
Request.ServerVariables["SERVER_NAME"] +
Request.ServerVariables["SCRIPT_NAME"];
if (Utility.StringEmpty(ReturnUrl))
{
ReturnUrl = thisUrl;
}
//
// Update this to LogoTag2 when Passport .NET support is updated.
//
string html = passport.LogoTag(ReturnUrl, timeWindow, forceLogin, "", 0, secure, "", 0, false);
output.WriteLine(
" " +
html.Replace("<A ", "<A TARGET='_top' ") +
" ");
}
}
public IAOPResult Login(HttpContextBase ctx, string userName, string password, IDictionary options)
{
//去安全服务验证
var securityResult = SecurityHelper.SecurityValidate("SecurityCaptcha");
if (securityResult.ResultNo != 0) //验证码错误
{
return(securityResult);
}
//去Crowd认证
var svr = CrowdService.Current;
var result = svr.Authenticate(userName, password);
if (result.ResultNo != 0)
{
return(result);
}
var principal = result.ResultAttachObjectEx;
var user = principal;
var userResult = svr.GetUser(userName);
if (userResult.IsSuccess() && userResult.ResultAttachObjectEx != null)
{
user = userResult.ResultAttachObjectEx;
}
var now = DateTime.Now;
var identity = new PassportIdentity {
SessionToken = Guid.NewGuid().ToString("N"),
Name = user.Name, DisplayName = user.DisplayName,
IssueDate = now, Expiration = now + this.Setting.CookieTimeout
};
//缓存起来
this.SaveSessionToCache(identity);
var cookie = new HttpCookie(this.Setting.CookieName, identity.SessionToken)
{
HttpOnly = true,
Path = this.Setting.CookiePath,
Domain = this.Setting.CookieDomain
};
ctx.Response.AppendCookie(cookie);
ctx.User = new GenericPrincipal(identity, null);
return(AOPResult.Success());
}
// Constructors
public PassportAuthenticationEventArgs(PassportIdentity identity, System.Web.HttpContext context) {}
/// ****************************************************************
/// protected OnInit
/// ----------------------------------------------------------------
/// <summary>
/// Initializes the security control.
/// </summary>
/// ****************************************************************
///
protected override void OnInit(EventArgs e)
{
//
// Check to make sure config settings are fresh.
//
Config.CheckForUpdate();
//
// Check to see if the server has been manually stopped.
//
if (0 == Config.GetInt("Run", 1))
{
#if never
throw new UDDIException(
ErrorType.E_busy,
"UDDI Services are currently unavailable.");
#endif
throw new UDDIException(ErrorType.E_busy, "UDDI_ERROR_SERVICES_NOT_AVAILABLE");
}
int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Windows);
//
// TODO: This code should be simplified to simple if statements.
// It is obviously old code that needs to be updated.
//
if ((mode & (int)AuthenticationMode.Passport) != 0)
{
//
// SECURITY: Passport.TimeWindow should be the same
// timeout as API authentication.
//
passport = (PassportIdentity)Context.User.Identity;
timeWindow = Config.GetInt("Passport.TimeWindow", 14400);
string thisUrl = (Request.IsSecureConnection ? "https://" : "http://") +
Request.ServerVariables["SERVER_NAME"] +
Request.ServerVariables["SCRIPT_NAME"];
if (Utility.StringEmpty(ReturnUrl))
{
ReturnUrl = thisUrl;
}
//
// If the user just logged in, clean up the query string by redirecting
// to this page.
//
if (passport.GetFromNetworkServer)
{
Response.Redirect(thisUrl);
}
//
// Check to see if the current role is more that a passport user
// can do.
//
if (AdminRequired || CoordinatorRequired)
{
//
//Passport Users are not allowed in these areas.
//
#if never
throw new UDDIException(
ErrorType.E_unknownUser,
"Access denied.");
#endif
throw new UDDIException(
ErrorType.E_unknownUser,
"UDDI_ERROR_ACCESS_DENIED");
}
//
// Check to see if the user is authenticated.
//
if (!passport.GetIsAuthenticated(timeWindow, ForceLogin, false))
{
//
// If the user already has a ticket, force them to re-enter
// their password.
//
if (passport.HasTicket)
{
bool secure = Request.IsSecureConnection;
//
// Update this to AuthUrl2 when Passport .NET support is updated.
//
Response.Redirect(passport.AuthUrl(ReturnUrl, timeWindow, ForceLogin, "", 0, "", 0, secure));
}
//
// If login is required, redirect the user to the login page.
//
if (PublisherRequired)
{
Response.Redirect(LoginUrl + "?publish=true");
}
}
else
{
string userID = passport.HexPUID;
//
// Check to ensure that the passport UserID is not ""
// if it is, force them to retype thier password
//
// if( ""==userID )
// Response.Redirect( LoginUrl );
string email = (string)passport.GetProfileObject("PreferredEmail");
UDDI.Context.User.SetPublisherRole(userID);
if (PublisherRequired)
{
//
// SECURITY: Is Validate the same as IsRegistered?
// lucasm: no, Validate makes sure the registered publisher has validated
// the email address they have supplied. IsRegistered checks to see
// if we have added this uses to the publishers table.
//
int valid = Publisher.Validate(userID);
if (50013 == valid)
{
//
// Need to create a page that tells the
// user to click the link in the email
//
Response.Redirect(LoginUrl);
}
else if (0 != valid)
{
Response.Redirect(LoginUrl);
}
Publisher publisher = new Publisher();
publisher.Login(userID, email);
if (null == email)
{
email = publisher.Email;
}
//
// TODO: this REALLY should be merged with the PublisherInfo class
// in core!!
//
UDDI.Context.User.Name = publisher.Name;
UDDI.Context.User.BindingLimit = publisher.BindingLimit;
UDDI.Context.User.BusinessCount = publisher.BusinessCount;
UDDI.Context.User.BusinessLimit = publisher.BusinessLimit;
UDDI.Context.User.CompanyName = publisher.CompanyName;
UDDI.Context.User.IsoLangCode = publisher.IsoLangCode;
UDDI.Context.User.ServiceLimit = publisher.ServiceLimit;
UDDI.Context.User.TModelCount = publisher.TModelCount;
UDDI.Context.User.TModelLimit = publisher.TModelLimit;
}
//
// Save the credentials for the authenticated user.
//
UDDI.Context.User.ID = userID;
UDDI.Context.User.Email = email;
}
}
else
{
WindowsPrincipal principal = (WindowsPrincipal)HttpContext.Current.User;
UDDI.Context.User.SetRole(principal);
UDDI.Context.User.Name = principal.Identity.Name;
if (UserRequired && !UDDI.Context.User.IsUser && (mode & (int)AuthenticationMode.AuthenticatedRead) != 0 ||
PublisherRequired && !UDDI.Context.User.IsPublisher ||
CoordinatorRequired && !UDDI.Context.User.IsCoordinator ||
AdminRequired && !UDDI.Context.User.IsAdministrator)
{
#if never
throw new UDDIException(
ErrorType.E_unknownUser,
"Access denied.");
#endif
throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_ACCESS_DENIED");
}
if (PublisherRequired || CoordinatorRequired || AdminRequired)
{
if (!UDDI.Context.User.IsRegistered)
{
if (1 == Config.GetInt("Security.AutoRegister", 0))
{
UDDI.Context.User.TrackPassport = false;
UDDI.Context.User.Verified = true;
UDDI.Context.User.Register();
}
else
{
#if never
throw new UDDIException(UDDI.ErrorType.E_unknownUser,
"User login failed");
#endif
throw new UDDIException(UDDI.ErrorType.E_unknownUser, "UDDI_ERROR_USER_LOGIN_FAILED");
}
}
UDDI.Context.User.Login();
}
}
//
// SECURITY: put this in the Windows Authentication block... not available
// for Passport auth.
//
// If the user is a coordinator and they have a cookie indicating they are
// impersonating another user, setup the user info in the current UDDI
// context.
//
//
// 734292 - Make sure the user is an administrator if they are trying to impersonate the system.
//
if (true == ViewAsPublisher.IsValid())
{
UDDI.Context.User.ImpersonatorID = UDDI.Context.User.ID;
UDDI.Context.User.ID = ViewAsPublisher.GetPublisherID();
}
}
// Constructors
public PassportPrincipal(PassportIdentity identity, string[] roles) {}
// Constructors
public PassportAuthenticationEventArgs(PassportIdentity identity, System.Web.HttpContext context)
{
}
// Constructors
public PassportPrincipal(PassportIdentity identity, string[] roles)
{
}
public HRESULT AuthenticatePassport(string username, string password, EPassportPolicyId ePassportPolicyId, out PassportIdentity passportIdentity)
{
throw new NotImplementedException();
}
protected void SaveSessionToCache(PassportIdentity identity)
{
var key = "SessionToken:" + identity.SessionToken;
this.Cache[key, CacheDependency.Create(identity.Expiration)] = identity;
}
protected internal override PassportPrincipal CreatePrincipal(PassportIdentity identity)
{
return(new ManagementPrincipal(identity));
}
public ManagementPrincipal(PassportIdentity identity)
: base(identity)
{
}
