public virtual IUser Authenticate(HttpContext httpContext, ICASOption option)
{
ISession session = httpContext.Session;
if (session == null)
{
return(null);
}
string displayName = session.GetString(option.SessionName);
if (displayName == null)
{
return(null);
}
ClaimsPrincipal userClaims = new ClaimsPrincipal();
ClaimsIdentity identity = new ClaimsIdentity(nameof(CASAuthenticator));
identity.AddClaim(new Claim("Name", displayName));
userClaims.AddIdentity(identity);
httpContext.User = userClaims;
IUser user = new User(displayName, userClaims);
return(user);
}
public void RemoveCASSession()
{
HttpContext context = httpContextAccessor.HttpContext;
IServiceProvider services = context.RequestServices;
ICASOption option = services.GetRequiredService <ICASOption>();
context.Session.Remove(option.SessionName);
}
public Task ExecuteResultAsync(ActionContext context)
{
HttpContext httpContext = context.HttpContext;
ICASOption option = httpContext.RequestServices.GetRequiredService <ICASOption>();
HttpRequest request = httpContext.Request;
string serviceTarget = request.GetDisplayUrl().EscapeAll();
string authenticationTarget = $"{option.RedirectUrl}?service={serviceTarget}";
httpContext.Response.Redirect(location: authenticationTarget, permanent: false);
return(Task.CompletedTask);
}
public IUser Invoke(HttpContext httpContext, string message, string actionUrl, out string redirectUrl)
{
ICASOption option = httpContext.RequestServices.GetRequiredService <ICASOption>();
string[] res = message.Split('\n');
if (res[0] == "yes")
{
httpContext.Session.SetString(option.SessionName, res[1]);
redirectUrl = actionUrl;
return(null);
}
else
{
httpContext.Session.Remove(option.SessionName);
redirectUrl = null;
return(null);
}
}
public Task ExecuteResultAsync(ActionContext context)
{
HttpContext httpContext = context.HttpContext;
ICASOption option = httpContext.RequestServices.GetRequiredService <ICASOption>();
HttpRequest request = httpContext.Request;
string serviceTarget = null;
if (targetOverride == null)
{
serviceTarget = request.GetDisplayUrl().EscapeAll();
}
else
{
serviceTarget = $"{request.Scheme}://{request.Host}{request.PathBase}{targetOverride}".EscapeAll();
}
string authenticationTarget = $"{option.LogoutUrl}?service={serviceTarget}";
httpContext.Response.Redirect(location: authenticationTarget, permanent: false);
return(Task.CompletedTask);
}
// if casResult == null, the url does not contain ticket
private static void CheckRequestUrl(HttpContext httpContext, out AuthenticationInternalResult casResult)
{
HttpRequest request = httpContext.Request;
ICASOption option = httpContext.RequestServices.GetRequiredService <ICASOption>();
IQueryCollection query = request.Query;
string rawurl = request.GetDisplayUrl();
if (query.TryGetValue("ticket", out StringValues ticketValue))
{
string ticket = ticketValue.ToArray()[0];
string url = request.GetDisplayUrl();
// remove ticket
url = Regex.Replace(url, @"ticket\=[^\&]+\&?", "");
while (url[url.Length - 1] == '&' || url[url.Length - 1] == '?')
{
url = url.Substring(0, url.Length - 1);
}
string querystr = request.QueryString.Value;
querystr = Regex.Replace(querystr, @"ticket\=[^\&]+\&?", "");
while (querystr.Length > 0 && (querystr[querystr.Length - 1] == '&' || querystr[querystr.Length - 1] == '?'))
{
querystr = querystr.Substring(0, querystr.Length - 1);
}
string url_not_escaped = url;
url = url.EscapeAll();
string target = $"{option.ValidateUrl}?service={url}&ticket={ticket}";
request.QueryString = new QueryString(querystr);
// validate
// if true, set session
try
{
HttpClient client = new HttpClient();
HttpRequestMessage validateRequest = new HttpRequestMessage()
{
Method = HttpMethod.Get,
RequestUri = new Uri(target)
};
validateRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(option.ResponseAccept));
using (HttpResponseMessage response = client.SendAsync(validateRequest).GetAwaiter().GetResult())
{
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
string message = response.Content.ReadAsStringAsync().GetAwaiter().GetResult();
Type handlerType = option.ResponseHandler;
ICASResponseHandler handler = (ICASResponseHandler)ActivatorUtilities.CreateInstance(httpContext.RequestServices, handlerType);
IUser user = handler.Invoke(httpContext, message, url_not_escaped, out string redirect_url);
if (redirect_url != null)
{
casResult = new AuthenticationInternalResult(false, redirect_url, null, null);
return;
}
if (user == null)
{
casResult = new AuthenticationInternalResult(true, null, null, null);
return;
}
else
{
lock (CASLocker)
{
if (casAuthenticatorData == null)
{
IAuthenticatorMethodCache cache = httpContext.RequestServices.GetRequiredService <IAuthenticatorMethodCache>();
casAuthenticatorData = cache.Get(typeof(CASAuthenticator));
}
}
casResult = new AuthenticationInternalResult(false, null, user, casAuthenticatorData);
return;
}
}
}
}
catch
{
casResult = null;
}
}
casResult = null;
}
public AuthenticationService(IHttpContextAccessor httpContextAccessor, ICASOption option, IAuthenticationResultAccessor accessor)
{
this.httpContextAccessor = httpContextAccessor;
this.option = option;
this.accessor = accessor;
}