public override void ProcessMessage(SoapMessage message)
{
Debug.Enter();
#if DEBUG
string info = "log: " + data.log.ToString() +
"; https: " + data.https.ToString() +
"; validate: " + data.validate.ToString() +
"; performance: " + data.performance.ToString() +
"; authenticate: " + data.authenticate.ToString() +
"; transaction: " + data.transaction.ToString() +
"; messageType: " + data.messageType;
Debug.Write(SeverityType.Info, CategoryType.Soap, info);
#endif
try
{
switch (message.Stage)
{
//
// First Event
//
case SoapMessageStage.BeforeDeserialize:
//
// Initialize our context.
//
Context.Current.Initialize();
Config.CheckForUpdate();
//
// TODO: Since we are using DispositionReport.ThrowFinal() I don't think this is
// needed anymore.
//
//
// Check to make sure the authenticated user has user credentials
//
Debug.Verify("1" != HttpContext.Current.Request.ServerVariables["Exception"],
"UDDI_ERROR_FATALERROR_VERSIONCHECKERROR",
UDDI.ErrorType.E_fatalError);
Debug.Write(SeverityType.Info, CategoryType.Soap, "URL: " + message.Url);
Debug.Write(SeverityType.Info, CategoryType.Soap, "SOAPAction: " + HttpContext.Current.Request.Headers["SOAPAction"]);
string contentType = HttpContext.Current.Request.ContentType.ToLower();
bool validEncoding = (contentType.IndexOf("charset=\"utf-8\"") >= 0) ||
(contentType.IndexOf("charset=utf-8") >= 0);
Debug.Verify(validEncoding, "UDDI_ERROR_UNSUPPORTED_CONTENTTYPEHEADERMISSING", ErrorType.E_unsupported);
if (data.performance)
{
PublishMethodBegin(message);
}
if (data.https)
{
CheckForHttps(message);
}
//
// Validation has been moved into the other SOAP extension
//
// if( data.validate )
// Validate( message );
break;
//
// Second Event
//
case SoapMessageStage.AfterDeserialize:
ConnectionManager.Open(data.transaction, data.transaction);
if (data.certificate)
{
CheckCertificate(message);
}
if (data.authenticate)
{
Authenticate(message);
}
else if (0 != (Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both)
& (int)AuthenticationMode.AuthenticatedRead))
{
//
// Authenticated reads are turned on and this is a read request
// Make sure the caller is authenticated using Windows and is at least a user
//
WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsAuthenticator wa = new WindowsAuthenticator();
wa.Authenticate("", 0 /* not used */);
Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Windows based authentication Identity is " + identity.Name);
//
// Check to make sure the authenticated user has user credentials
//
Debug.Verify(Context.User.IsUser,
"UDDI_ERROR_FATALERROR_NOUSERCREDS",
UDDI.ErrorType.E_fatalError,
Context.User.ID);
}
break;
//
// Third Event
//
case SoapMessageStage.BeforeSerialize:
break;
//
// Last Event
//
case SoapMessageStage.AfterSerialize:
//
// Cleanup the connection and commit the database activity
//
if (data.transaction &&
(null != (object)ConnectionManager.GetConnection()) &&
(null != (object)ConnectionManager.GetTransaction()))
{
if (null == (object)message.Exception)
{
ConnectionManager.Commit();
}
else
{
ConnectionManager.Abort();
}
}
ConnectionManager.Close();
try
{
if (data.performance)
{
PublishMethodEnd(message);
}
}
catch
{
Debug.OperatorMessage(
SeverityType.Warning,
CategoryType.None,
OperatorMessageType.UnableToPublishCounter,
"An error occurred while trying to publish a performance counter, the system will continue");
}
break;
default:
throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_FATALERROR_UNKNOWNEXTSTAGE");
}
}
catch (Exception e)
{
DispositionReport.Throw(e);
}
Debug.Leave();
}
//
// What follows is the logic for selection of the authentication algorithm
// Enjoy boys and girls
//
// Bit 3 - Anonymous User
// Bit 2 - UDDI Authentication Mode
// Bit 1 - Windows Authentication Mode
// Bit 0 - Ticket Present
// |
// | Authentication Module Used
// 0000 X
// 0001 X
// 0010 Windows
// 0011 Exception ( UDDI authentication turned off )
// 0100 UDDI ( will fail authentication due to invalid credentials )
// 0101 UDDI
// 0110 Windows
// 0111 UDDI
// 1000 X
// 1001 X
// 1010 Exception UDDI authentication turned off
// 1011 Exception ""
// 1100 UDDI ( will fail authentication due to invalid credentials )
// 1101 UDDI
// 1110 UDDI ( will fail authentication due to invalid credentials )
// 1111 UDDI
//
//
// Reduction Work
//
// A - Anonymous User
// B - UDDI Authentication Mode
// C - Windows Authentication Mode
// D - Ticket Present
//
// Key
// e - throw exception invalid configuration
// x - invalid state
// w - windows authentication
// u - uddi authentication
//
// CD
// AB 00 01 11 10
// 00 x x e w
// 01 u u u w
// 11 u u u u
// 10 x x e e
//
// if( !A && C && !D )
// w - windows authentication
// else if( B )
// u - uddi authentication
// else
// throw exception
//
private void Authenticate(SoapMessage message)
{
Debug.Enter();
IAuthenticateable authenticate = (IAuthenticateable)message.GetInParameterValue(0);
//WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity;
IIdentity identity = HttpContext.Current.User.Identity;
int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both);
if (mode == (int)AuthenticationMode.Passport)
{
if (identity is PassportIdentity)
{
string ticket = authenticate.AuthInfo.Trim();
//
// Authentication the user using the attached passport ticket
//
PassportAuthenticator pa = new PassportAuthenticator();
pa.Authenticate(ticket, Config.GetInt("Security.TimeOut", 60));
}
else
{
throw new UDDIException(ErrorType.E_fatalError,
"UDDI_ERROR_FATALERROR_PASSPORTBADCONFIG");
}
Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Passport based authentication Identity is " + identity.Name);
}
else if (!((WindowsIdentity)identity).IsAnonymous &&
((mode & (int)AuthenticationMode.Windows) != 0) &&
Utility.StringEmpty(authenticate.AuthInfo))
{
/* 0X10 Case */
//
// Authenticate the user using the currently impersonated credentials
//
WindowsAuthenticator wa = new WindowsAuthenticator();
wa.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60));
Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Windows based authentication Identity is " + identity.Name);
}
else if ((mode & (int)AuthenticationMode.Uddi) != 0)
{
/* X1XX Case for leftovers */
//
// If windows authentication is turned off or the
Debug.Write(SeverityType.Info, CategoryType.Soap, "Anonymous user: using UDDI authentication");
//
// Authenticate the user using the authToken
//
UDDIAuthenticator ua = new UDDIAuthenticator();
ua.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60));
}
else
{
//
// Throw exception for the rest
//
throw new UDDIException(UDDI.ErrorType.E_unsupported,
"UDDI_ERROR_UNSUPPORTED_BADAUTHENTICATIONCONFIG");
}
//
// Check to make sure the authenticated user has publisher credentials
//
Debug.Verify(Context.User.IsPublisher,
"UDDI_ERROR_FATALERROR_USERNOPUBLISHERCRED",
UDDI.ErrorType.E_fatalError,
Context.User.ID);
//
// The server can be configured for automatic registration of publishers with credentials
//
if (!Context.User.IsRegistered)
{
if (1 == Config.GetInt("Security.AutoRegister", 0))
{
//
// Mark the user as verified.
//
Context.User.TrackPassport = false;
Context.User.Verified = true;
Context.User.Register();
}
else
{
throw new UDDIException(UDDI.ErrorType.E_unknownUser,
"UDDI_ERROR_UNKNOWNUSER_NOTREGISTERED");
}
}
Context.User.Login();
#if DEBUG
Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + System.Threading.Thread.CurrentPrincipal.Identity.Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsAdministrator = " + Context.User.IsAdministrator);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsCoordinator = " + Context.User.IsCoordinator);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsPublisher = " + Context.User.IsPublisher);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsUser = " + Context.User.IsUser);
#endif
Debug.Leave();
}