Example #1
0
        public void Authenticate(IHttpRequestDescriptor request, IHttpResponseDescriptor response)
        {
            var identity = (Identity)IdentitySource.GetUserIdentity(request);

            request.User = new GenericPrincipal(identity, null);
            var token = identity.IsAuthenticated ? identity.Token : null;

            if (identity.IsAuthenticated)
            {
                if (OpLog.IsForDebug())
                {
                    OpLog.Debug(new { isauth = true, login = identity.Name, url = request.Uri.ToString() }.stringify());
                }
            }
            else
            {
                if (null == identity.DisabledToken)
                {
                    if (OpLog.IsForDebug())
                    {
                        OpLog.Debug(new { isauth = false, login = identity.Name, url = request.Uri.ToString() }.stringify());
                    }
                }
                else
                {
                    if (OpLog.IsForInfo())
                    {
                        OpLog.Info(new { isauth = false, login = identity.Name, url = request.Uri.ToString(), disabledtoken = identity.DisabledToken }.stringify());
                    }
                }
            }
            TokenService.Store(response, request.Uri, token);
        }
Example #2
0
        private IIdentity AuthenticateWithValidToken(IHttpRequestDescriptor request, Token currentToken)
        {
            var   currentExpire = currentToken.Expire.ToUniversalTime();
            Token token;

            if (IsProlongable(request))
            {
                token = TokenService.Prolongate(currentToken);
            }
            else
            {
                token = currentToken;
            }
            var resultExpire = token.Expire.ToUniversalTime();

            if (Logg.IsForDebug())
            {
                Logg.Debug(
                    new { request = request.Uri.ToString(), token = "upgrade", from = currentExpire, to = resultExpire }
                    .stringify());
            }
            var result = BuildIdentity(token);

            return(result);
        }
 private bool IsProlongable(IHttpRequestDescriptor request) {
     var path = request.Uri.AbsolutePath;
     if (path == "/isauth") return false;
     if (path == "/logout") return false;
     if (path == "/myinfo") return false;
     return true;
 }
Example #4
0
        private string ReadCookie(IHttpRequestDescriptor request)
        {
            var cookie = request.GetHeader("Cookie");

            if (string.IsNullOrWhiteSpace(cookie))
            {
                return(null);
            }
            var headerStart = cookie.IndexOf(CookieName);

            if (headerStart == -1)
            {
                return(string.Empty);
            }
            var eq = cookie.IndexOf('=', headerStart);

            if (eq == -1)
            {
                return(string.Empty);
            }
            if (eq == cookie.Length - 1)
            {
                return(string.Empty);
            }
            var finish = cookie.IndexOfAny(new[] { ',', ' ', ';' }, eq);

            if (finish == -1)
            {
                finish = cookie.Length;
            }
            var result = cookie.Substring(eq + 1, finish - (eq + 1));

            return(Uri.UnescapeDataString(result));
        }
Example #5
0
        public Token Create(IHttpRequestDescriptor request)
        {
            var result = new Token();

            result.User = request.User.Identity.Name;
            var qid = request.User.Identity as Identity;

            if (null != qid)
            {
                if (null != qid.ImpersonationSource)
                {
                    result.ImUser = qid.ImpersonationSource.Name;
                }
            }
            result.Created = DateTime.Now.ToUniversalTime();
            result.IsAdmin = qid.IsAdmin;
            if (LeaseTime == -1)
            {
                result.Expire = DateTime.Today.AddDays(1).AddSeconds(-1).ToUniversalTime();
            }
            else
            {
                result.Expire = DateTime.Now.AddMinutes(LeaseTime).ToUniversalTime();
            }
            result.Metrics = GetMetrics(request);
            if (null != qid.ImpersonationSource)
            {
                result.ImUser = qid.ImpersonationSource.Name;
            }
            return(result);
        }
Example #6
0
        public IIdentity GetUserIdentity(IHttpRequestDescriptor request)
        {
            var name    = AnyGuestName;
            var auth    = AllowGuest;
            var isadmin = AnyGuestIsAdmin;
            var type    = "guest";
            var guest   = true;

            if (IsLocal(request.LocalEndPoint))
            {
                name    = LocalGuestName;
                auth    = AllowLocalGuest;
                isadmin = LocalGuestIsAdmin;
                type    = "localguest";
            }
            TrustedOrigin origin = null;

            if (!isadmin && (origin = GetTrust(request)) != null)
            {
                guest   = false;
                auth    = true;
                isadmin = true;
                type    = "trusted";
                name    = origin.Name;
            }

            return(new Identity {
                Name = name,
                IsAuthenticated = auth,
                AuthenticationType = type,
                IsAdmin = isadmin,
                IsGuest = guest
            });
        }
        public AuthorizationReaction GetReaction(IHttpRequestDescriptor request)
        {
            if (request.User.Identity.IsAuthenticated)
            {
                return(new AuthorizationReaction {
                    Process = true
                });
            }
            var uri = request.Uri;

            if (IsProcessAble(uri))
            {
                return(new AuthorizationReaction {
                    Process = true
                });
            }
            var redir = RedirectHtml(uri);

            if (null != redir)
            {
                return(redir);
            }
            return(new AuthorizationReaction {
                Error = new SecurityException("not authenticated")
            });
        }
Example #8
0
 public string GetRedirectUrl(IHttpRequestDescriptor req) {
     foreach (var redirectSource in Redirectors) {
         var redirect = redirectSource.GetRedirectUrl(req);
         if (!string.IsNullOrWhiteSpace(redirect)) {
             return redirect;
         }
     }
     return null;
 }
Example #9
0
        public Token Extract(IHttpRequestDescriptor request)
        {
            var cookie = ReadCookie(request);

            if (string.IsNullOrWhiteSpace(cookie))
            {
                return(null);
            }
            return(TokenEncryptor.Decrypt(cookie));
        }
Example #10
0
 private string GetMetrics(IHttpRequestDescriptor request)
 {
     if (Clustered)
     {
         return((request.RemoteEndPoint.Address + "_" +
                 request.UserAgent).GetMd5().Substring(0, 6));
     }
     return((request.RemoteEndPoint.Address + "_" + request.LocalEndPoint.Address + "_" +
             request.UserAgent).GetMd5().Substring(0, 6));
 }
Example #11
0
 public string GetRedirectUrl(IHttpRequestDescriptor req)
 {
     foreach (var redirectSource in Redirectors)
     {
         var redirect = redirectSource.GetRedirectUrl(req);
         if (!string.IsNullOrWhiteSpace(redirect))
         {
             return(redirect);
         }
     }
     return(null);
 }
Example #12
0
 public IIdentity GetUserIdentity(IHttpRequestDescriptor request) {
     var currentToken = TokenService.Extract(request);
     if (Logg.IsForDebug()) {
         Logg.Debug(new {request = request.Uri.ToString(), action = "extract", token = currentToken}.stringify());
     }
     if (currentToken != null && TokenService.IsValid(request, currentToken)) {
         return AuthenticateWithValidToken(request, currentToken);
     }
     var result = (Identity)DefaultIdentitySource.GetUserIdentity(request);
     result.DisabledToken = currentToken;
     return result;
 }
 public AuthorizationReaction GetReaction(IHttpRequestDescriptor request) {
     if (request.User.Identity.IsAuthenticated) {
         return new AuthorizationReaction {Process = true};
     }
     var uri = request.Uri;
     if (IsProcessAble(uri)) {
         return new AuthorizationReaction {Process = true};
     }
     var redir = RedirectHtml(uri);
     if (null != redir) {
         return redir;
     }
     return new AuthorizationReaction {Error = new SecurityException("not authenticated")};
 }
Example #14
0
        public AuthorizationReaction Authorize(IHttpRequestDescriptor request)
        {
            var uri      = request.Uri;
            var identity = request.User.Identity;
            var rule     = Rules.Where(_ => _.IsMatch(uri)).OrderByDescending(_ => _.Idx).FirstOrDefault();
            AuthorizationReaction result;

            if (!identity.IsAuthenticated)
            {
                if (null != rule && rule.IsForNotAuth)
                {
                    result = rule.GetNotAuth(request);
                }
                else
                {
                    result = NotAuth.GetReaction(request);
                }
            }
            else
            {
                if (null == rule)
                {
                    result = AuthorizationReaction.Allow;
                }
                else if (!rule.CheckRole)
                {
                    result = AuthorizationReaction.Allow;
                }
                else if (Roles.IsInRole(request.User.Identity, rule.Role))
                {
                    result = AuthorizationReaction.Allow;
                }
                else
                {
                    return(AuthorizationReaction.Deny);
                }
            }

            if (result.Process && null != Redirector && string.IsNullOrWhiteSpace(result.Redirect))
            {
                var redirect = Redirector.GetRedirectUrl(request);
                if (!string.IsNullOrWhiteSpace(redirect))
                {
                    result = new AuthorizationReaction {
                        Redirect = redirect
                    };
                }
            }
            return(result);
        }
Example #15
0
        public bool IsValid(IHttpRequestDescriptor request, Token token)
        {
            if (token.Expire < DateTime.Now.ToUniversalTime())
            {
                return(false);
            }
            var metrics = GetMetrics(request);

            if (metrics != token.Metrics)
            {
                return(false);
            }
            return(true);
        }
Example #16
0
 public AuthorizationReaction GetNotAuth(IHttpRequestDescriptor request)
 {
     if (ProcessNotAuth)
     {
         return(AuthorizationReaction.Allow);
     }
     if (DenyNotAuth)
     {
         return(AuthorizationReaction.Deny);
     }
     return(new AuthorizationReaction {
         Redirect = RedirectNotAuthUrl + "?referer=" + request.Uri.AbsolutePath
     });
 }
Example #17
0
        public IIdentity GetUserIdentity(IHttpRequestDescriptor request)
        {
            var currentToken = TokenService.Extract(request);

            if (Logg.IsForDebug())
            {
                Logg.Debug(new { request = request.Uri.ToString(), action = "extract", token = currentToken }.stringify());
            }
            if (currentToken != null && TokenService.IsValid(request, currentToken))
            {
                return(AuthenticateWithValidToken(request, currentToken));
            }
            var result = (Identity)DefaultIdentitySource.GetUserIdentity(request);

            result.DisabledToken = currentToken;
            return(result);
        }
Example #18
0
 private IIdentity AuthenticateWithValidToken(IHttpRequestDescriptor request, Token currentToken) {
     var currentExpire = currentToken.Expire.ToUniversalTime();
     Token token;
     if (IsProlongable(request)) {
         token = TokenService.Prolongate(currentToken);
     }
     else {
         token = currentToken;
     }
     var resultExpire = token.Expire.ToUniversalTime();
     if (Logg.IsForDebug()) {
         Logg.Debug(
             new {request = request.Uri.ToString(), token = "upgrade", from = currentExpire, to = resultExpire}
                 .stringify());
     }
     var result = BuildIdentity(token);
     return result;
 }
Example #19
0
        private bool IsProlongable(IHttpRequestDescriptor request)
        {
            var path = request.Uri.AbsolutePath;

            if (path == "/isauth")
            {
                return(false);
            }
            if (path == "/logout")
            {
                return(false);
            }
            if (path == "/myinfo")
            {
                return(false);
            }
            return(true);
        }
Example #20
0
 public AuthorizationReaction GetNotAuth(IHttpRequestDescriptor request) {
     if (ProcessNotAuth) return AuthorizationReaction.Allow;
     if (DenyNotAuth) return AuthorizationReaction.Deny;
     return new AuthorizationReaction {Redirect = RedirectNotAuthUrl + "?referer=" + request.Uri.AbsolutePath};
 }
Example #21
0
 public static RequestParameters Create(IHttpRequestDescriptor request)
 {
     return(Create(new WebContext {
         Request = request
     }));
 }
Example #22
0
        private TrustedOrigin GetTrust(IHttpRequestDescriptor request)
        {
            var origin = request.GetHeader("Origin") ?? "";

            return(TrustedOrigins.FirstOrDefault(_ => _.IsMatch(request.RemoteEndPoint, request.LocalEndPoint, origin)));
        }