protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// PMC 07/16/2016 - IBM AppScan - This has been manually reviewed and passed as being safe
// Encrypted Token is validated. Any issues will cause the request to be returned as 401 Unauthorized
var tokenObject = new TokenObject();
var token = this.Context.Request.Headers[ApplicationCookieUtilities.TokenName];
if (!string.IsNullOrEmpty(token))
{
var progressSettings = DependencyResolver.Current.GetService <IProgressConfiguration>();
ApplicationCookieUtilities.TokenToObject(token, progressSettings.ApplicationEncryptKey, progressSettings.ApplicationEncryptIv, out tokenObject);
}
var callGuid = this.Context.Request.Headers[ApplicationCookieUtilities.CallGuidName];
var bearerToken = this.Context.Request.Headers[ApplicationCookieUtilities.BearerToken];
var serviceInterfacePrincipal = new ServiceInterfacePrincipal(tokenObject, this.Context.Request.Url.Host, this.Context.Request.UrlReferrer, new ProgressConfiguration().SSoEnabled ? Thread.CurrentPrincipal.Identity : new GenericIdentity(tokenObject.Oper), callGuid, bearerToken);
this.Context.User = serviceInterfacePrincipal;
}
private static void PopulateUserPrincipal(TokenObject tokenObject)
{
var serviceInterfacePrincipal = new ServiceInterfacePrincipal(tokenObject, null, null, new ProgressConfiguration().SSoEnabled ? Thread.CurrentPrincipal.Identity : new GenericIdentity(tokenObject.Oper), string.Empty, null);
HttpContext.Current.User = serviceInterfacePrincipal;
}