private static PasswordAuthentication GetSystemCreds(AuthScope authscope, Authenticator.RequestorType requestorType) { return(Authenticator.RequestPasswordAuthentication(authscope.GetHost(), null, authscope .GetPort(), "http", null, TranslateScheme(authscope.GetScheme()), null, requestorType )); }
public void TestTearDown() { if (AuthScope.HasCurrent) { AuthScope.Dispose(); } }
/// <summary> /// Find matching /// <see cref="Apache.Http.Auth.Credentials">credentials</see> /// for the given authentication scope. /// </summary> /// <param name="map">the credentials hash map</param> /// <param name="authscope"> /// the /// <see cref="Apache.Http.Auth.AuthScope">authentication scope</see> /// </param> /// <returns>the credentials</returns> private static Credentials MatchCredentials(IDictionary <AuthScope, Credentials> map , AuthScope authscope) { // see if we get a direct hit Credentials creds = map.Get(authscope); if (creds == null) { // Nope. // Do a full scan int bestMatchFactor = -1; AuthScope bestMatch = null; foreach (AuthScope current in map.Keys) { int factor = authscope.Match(current); if (factor > bestMatchFactor) { bestMatchFactor = factor; bestMatch = current; } } if (bestMatch != null) { creds = map.Get(bestMatch); } } return(creds); }
private void DoPreemptiveAuth(HttpHost host, AuthScheme authScheme, AuthState authState , CredentialsProvider credsProvider) { string schemeName = authScheme.GetSchemeName(); if (this.log.IsDebugEnabled()) { this.log.Debug("Re-using cached '" + schemeName + "' auth scheme for " + host); } AuthScope authScope = new AuthScope(host, AuthScope.AnyRealm, schemeName); Credentials creds = credsProvider.GetCredentials(authScope); if (creds != null) { if (Sharpen.Runtime.EqualsIgnoreCase("BASIC", authScheme.GetSchemeName())) { authState.SetState(AuthProtocolState.Challenged); } else { authState.SetState(AuthProtocolState.Success); } authState.Update(authScheme, creds); } else { this.log.Debug("No credentials for preemptive authentication"); } }
public virtual Credentials GetCredentials(AuthScope authscope) { Args.NotNull(authscope, "Auth scope"); Credentials localcreds = @internal.GetCredentials(authscope); if (localcreds != null) { return(localcreds); } if (authscope.GetHost() != null) { PasswordAuthentication systemcreds = GetSystemCreds(authscope, Authenticator.RequestorType .Server); if (systemcreds == null) { systemcreds = GetSystemCreds(authscope, Authenticator.RequestorType.Proxy); } if (systemcreds != null) { return(new UsernamePasswordCredentials(systemcreds.GetUserName(), new string(systemcreds .GetPassword()))); } } return(null); }
public static void ATAuthPartial(this HtmlHelper html, AuthScope scope, int minlevel, int maxlevel, string partialName) { if (CheckAuthorization(scope, minlevel, maxlevel, html.ViewContext.RouteData.Values)) { html.RenderPartial(partialName); } }
public void Empty() { var empty = new AuthScope(); Assert.True(empty.IsEmpty); Assert.True(AuthScope.Empty.IsEmpty); }
public async Task <ActionResult> InitData() { return(await RunActionAsync(async() => { var now = DateTime.Now; if (!await this._AuthScopeRepository.ExistAsync(null)) { var model = new AuthScope() { Name = "all", DisplayName = "全部权限", Description = "全部权限", Important = (int)YesOrNoEnum.是, Sort = 0, IsDefault = (int)YesOrNoEnum.是, ImageUrl = "http://images.qipeilong.cn/ico/logo.png?t=111", FontIcon = "fa fa-star" }; model.Init(); await this._AuthScopeRepository.AddAsync(model); } var client_id = this._IValidationDataProvider.GetClientID(this.X.context); var client_security = this._IValidationDataProvider.GetClientSecurity(this.X.context); if (!ValidateHelper.IsAllPlumpString(client_id, client_security)) { return Content("default client data is empty"); } if (!await this._AuthClientRepository.ExistAsync(x => x.UID == client_id && x.ClientSecretUID == client_security)) { await this._AuthClientRepository.DeleteWhereAsync(x => x.UID == client_id || x.ClientSecretUID == client_security); var official = new AuthClient() { UID = client_id, ClientName = "auth管理端", Description = "auth管理端", ClientUrl = "http://images.qipeilong.cn/ico/logo.png?t=111", LogoUrl = "http://images.qipeilong.cn/ico/logo.png?t=111", UserUID = "http://www.baidu.com/", ClientSecretUID = client_security, IsRemove = (int)YesOrNoEnum.否, IsActive = (int)YesOrNoEnum.是, CreateTime = now, UpdateTime = now }; await this._AuthClientRepository.AddAsync(official); } return Content("ok"); })); }
public void Single() { const string Expected = "email"; var scope = new AuthScope(Expected); Assert.Equal(1, scope.Count); Assert.Equal(Expected, scope); Assert.True(Expected == scope); Assert.False(Expected != scope); Assert.Equal(Expected, scope.StringValue); }
public async Task <IActionResult> SaveScope(AuthScope scope) { if (scope.Id == null) { scope.Id = Guid.NewGuid(); SqlHelper.Insert <AuthScope>(scope, connectionString); } else { SqlHelper.Update <AuthScope>(scope, connectionString); } return(Ok()); }
/// <summary> /// Shows the detail. /// </summary> /// <param name="authScopeId">The rest user identifier.</param> public void ShowDetail(int authScopeId) { var rockContext = new RockContext(); AuthScope authScope = null; var isNew = authScopeId.Equals(0); if (!isNew) { authScope = new AuthScopeService(rockContext).Get(authScopeId); lTitle.Text = ActionTitle.Edit("Scope").FormatAsHtmlTitle(); } else { lTitle.Text = ActionTitle.Add("Scope").FormatAsHtmlTitle(); } if (authScope == null) { if (!isNew) { DisplayErrorMessage("The Auth Scope with the specified Id was found."); return; } authScope = new AuthScope { Id = 0, IsActive = true }; } hfRestUserId.Value = authScope.Id.ToString(); tbName.Text = authScope.Name; tbPublicName.Text = authScope.PublicName; cbActive.Checked = authScope.IsActive; nbEditModeMessage.Text = string.Empty; if (authScope.IsSystem) { tbName.Enabled = false; cbActive.Enabled = false; nbEditModeMessage.Text = EditModeMessage.System(Rock.Model.AuthScope.FriendlyTypeName); } var editAllowed = authScope.IsAuthorized(Authorization.EDIT, CurrentPerson); lbSave.Visible = editAllowed; }
public void Multiple() { const string Expected = "openid email profile"; AuthScope scope = Expected; Assert.Equal(3, scope.Count); Assert.Contains("openid", scope.Items); Assert.Contains("email", scope.Items); Assert.Contains("profile", scope.Items); var differentOrder = (AuthScope)"email openid profile"; Assert.Equal(scope, differentOrder); Assert.True(scope == differentOrder); Assert.False(differentOrder != scope); }
/// <exception cref="Apache.Http.HttpException"></exception> /// <exception cref="System.IO.IOException"></exception> public void Process(HttpWebRequest request, HttpContext context) { AuthState authState = (AuthState)context.GetAttribute(ClientContext.TargetAuthState ); CredentialsProvider credsProvider = (CredentialsProvider)context.GetAttribute(ClientContext .CredsProvider); HttpHost targetHost = (HttpHost)context.GetAttribute(ExecutionContext.HttpTargetHost ); if (authState.GetAuthScheme() == null) { AuthScope authScope = new AuthScope(targetHost.GetHostName(), targetHost.GetPort( )); authState.SetAuthScheme(new BasicScheme()); authState.SetCredentials(creds); } }
public static bool CheckAuthorization(HttpContext httpContext, Site site, CourseTerm courseTerm, AuthScope scope, int minLevel, int maxLevel) { AssessTrackDataRepository data = new AssessTrackDataRepository(); if (httpContext == null) { throw new ArgumentNullException("httpContext"); } IPrincipal user = httpContext.User; if (!user.Identity.IsAuthenticated) { return false; } //Get the user's profile and see if they have //the required access level Profile profile = data.GetLoggedInProfile(); switch (scope) { case AuthScope.Application: { if (profile.AccessLevel < minLevel || profile.AccessLevel > maxLevel) return false; break; } case AuthScope.Site: { SiteMember member = data.GetSiteMemberByMembershipID(site,profile.MembershipID); if (member == null || (member.AccessLevel < minLevel || member.AccessLevel > maxLevel)) return false; } break; case AuthScope.CourseTerm: { CourseTermMember member = data.GetCourseTermMemberByMembershipID(courseTerm, profile.MembershipID); if (member == null || (member.AccessLevel < minLevel || member.AccessLevel > maxLevel)) return false; } break; default: //TODO Do some logging here maybe? return false; } return true; }
/// <summary> /// Saves the authentication scope. /// </summary> /// <param name="authScopeId">The authentication scope identifier.</param> private void SaveAuthScope(int authScopeId) { var isNew = authScopeId.Equals(0); var authScope = new AuthScope(); var editAllowed = authScope.IsAuthorized(Authorization.EDIT, CurrentPerson); if (!editAllowed) { DisplayErrorMessage("The current user is not authorized to make changes."); return; } var rockContext = new RockContext(); var authScopeService = new AuthScopeService(rockContext); if (isNew) { authScopeService.Add(authScope); } else { authScope = authScopeService.Get(authScopeId); } if (authScope == null) { DisplayErrorMessage("The Auth Scope with the specified Id was found."); return; } if (!authScope.IsSystem) { authScope.Name = tbName.Text; authScope.IsActive = cbActive.Checked; } authScope.PublicName = tbPublicName.Text; rockContext.SaveChanges(); }
public async Task <ActionResult> SaveScopeAction(AuthScope model) { return(await RunActionAsync(async() => { if (model == null) { return GetJsonRes("参数错误"); } if (ValidateHelper.IsPlumpString(model.UID)) { var res = await this._IAuthScopeService.UpdateScopeAsync(model); return GetJsonRes(res); } else { var res = await this._IAuthScopeService.AddScopeAsync(model); return GetJsonRes(res); } })); }
public static string ATAuthLink(this HtmlHelper html, string linkText, string before, string after, object routeValues, AuthScope scope, int minLevel, int maxLevel) { RouteValueDictionary routeValuesDict = new RouteValueDictionary(html.ViewContext.RouteData.Values); //routeValuesDict foreach (PropertyInfo prop in routeValues.GetType().GetProperties()) { string name = prop.Name; string val = prop.GetValue(routeValues, null).ToString(); routeValuesDict[name] = val; //html.ViewContext.RouteData.Values.Add(name,val); } if (CheckAuthorization(scope, minLevel, maxLevel, routeValuesDict)) { RouteValueDictionary newValues = new RouteValueDictionary(routeValues); if (newValues["controller"] == null) { newValues["controller"] = routeValuesDict["controller"]; } return before + HtmlHelper.GenerateRouteLink(html.ViewContext.RequestContext, html.RouteCollection, linkText, null, newValues, null) + after; } return ""; }
public virtual void SetCredentials(AuthScope authscope, Credentials credentials) { Args.NotNull(authscope, "Authentication scope"); credMap.Put(authscope, credentials); }
public virtual Credentials GetCredentials(AuthScope authscope) { Args.NotNull(authscope, "Authentication scope"); return(MatchCredentials(this.credMap, authscope)); }
public void Unsupported() { Assert.False(AuthScope.IsScopeSupported("nope", out var unsupported)); Assert.Equal("nope", unsupported); }
/// <exception cref="Apache.Http.Auth.MalformedChallengeException"></exception> public virtual Queue <AuthOption> Select(IDictionary <string, Header> challenges, HttpHost authhost, HttpResponse response, HttpContext context) { Args.NotNull(challenges, "Map of auth challenges"); Args.NotNull(authhost, "Host"); Args.NotNull(response, "HTTP response"); Args.NotNull(context, "HTTP context"); HttpClientContext clientContext = ((HttpClientContext)HttpClientContext.Adapt(context )); Queue <AuthOption> options = new List <AuthOption>(); Lookup <AuthSchemeProvider> registry = clientContext.GetAuthSchemeRegistry(); if (registry == null) { this.log.Debug("Auth scheme registry not set in the context"); return(options); } CredentialsProvider credsProvider = clientContext.GetCredentialsProvider(); if (credsProvider == null) { this.log.Debug("Credentials provider not set in the context"); return(options); } RequestConfig config = clientContext.GetRequestConfig(); ICollection <string> authPrefs = GetPreferredAuthSchemes(config); if (authPrefs == null) { authPrefs = DefaultSchemePriority; } if (this.log.IsDebugEnabled()) { this.log.Debug("Authentication schemes in the order of preference: " + authPrefs); } foreach (string id in authPrefs) { Header challenge = challenges.Get(id.ToLower(CultureInfo.InvariantCulture)); if (challenge != null) { AuthSchemeProvider authSchemeProvider = registry.Lookup(id); if (authSchemeProvider == null) { if (this.log.IsWarnEnabled()) { this.log.Warn("Authentication scheme " + id + " not supported"); } // Try again continue; } AuthScheme authScheme = authSchemeProvider.Create(context); authScheme.ProcessChallenge(challenge); AuthScope authScope = new AuthScope(authhost.GetHostName(), authhost.GetPort(), authScheme .GetRealm(), authScheme.GetSchemeName()); Credentials credentials = credsProvider.GetCredentials(authScope); if (credentials != null) { options.AddItem(new AuthOption(authScheme, credentials)); } } else { if (this.log.IsDebugEnabled()) { this.log.Debug("Challenge for " + id + " authentication scheme not available"); } } } // Try again return(options); }
//Will return false if routeData points to non-existant site or courseterm public static bool CheckAuthorization(AuthScope scope, int minLevel, int maxLevel, RouteValueDictionary routeData) { //RouteData routeData = RouteTable.Routes.GetRouteData(new HttpContextWrapper(HttpContext.Current)); AssessTrackDataRepository data = new AssessTrackDataRepository(); string siteShortName; Site site = null; string courseTermShortName; CourseTerm courseTerm = null; //HttpContext.Current. if (scope != AuthScope.Application) { //Try to get the site by shortName if (routeData["siteShortName"] != null) { siteShortName = routeData["siteShortName"].ToString(); site = data.GetSiteByShortName(siteShortName); } //if scope is Site, then {id} should refer to SiteID else if (scope != AuthScope.CourseTerm && routeData["id"] != null) { try { Guid siteID = new Guid(routeData["id"].ToString()); site = data.GetSiteByID(siteID); } catch { //Do nothing here //if this fails, site will be null and the following code will //return SiteNotFound } } if (site == null) { return false; } if (scope == AuthScope.CourseTerm) { //Try to get the site by shortName if (routeData["courseTermShortName"] != null) { courseTermShortName = routeData["courseTermShortName"].ToString(); courseTerm = data.GetCourseTermByShortName(site, courseTermShortName); } //if scope is CourseTerm, then {id} should refer to CourseTermID else if (routeData["id"].ToString() != null) { try { Guid courseTermID = new Guid(routeData["id"].ToString()); courseTerm = data.GetCourseTermByID(site, courseTermID); } catch { //Do nothing here //if this fails, courseTerm will be null and the following code will //return CourseTermNotFound } } if (courseTerm == null) { return false; } } } //Set up is complete, now check if the user is authorized if (CheckAuthorization(HttpContext.Current, site, courseTerm, scope, minLevel, maxLevel)) { return true; } else { return false; } }
static AuthConfig getStartConfig(AuthScope scope = null) { return(AuthConfig .Default(RuntimeEnvironment.Migration, "clientId", new Uri("test://redirect")) .WithScope(scope)); }
public static bool CheckAuthorization(this HtmlHelper html, int minlevel, int maxlevel, AuthScope scope) { return CheckAuthorization(scope, minlevel, maxlevel, html.ViewContext.RouteData.Values); }
public static string ATAuthLink(this HtmlHelper html, string linkText, object routeValues, AuthScope scope, int minLevel, int maxLevel) { return ATAuthLink(html, linkText, string.Empty, string.Empty, routeValues, scope, minLevel, maxLevel); }
public virtual void SetCredentials(AuthScope authscope, Credentials credentials) { @internal.SetCredentials(authscope, credentials); }