/// <summary>
/// Gets the domain ID from the realm if it exists.
/// </summary>
/// <param name="context">HttpContext object.</param>
/// <returns>The domain ID if found, otherwise a null is returned.</returns>
private string GetDomainIDFromRealm(HttpContext context)
{
string domainID = null;
// Check for an authorization header.
string[] encodedCredentials = context.Request.Headers.GetValues("Authorization");
if ((encodedCredentials != null) && (encodedCredentials[0] != null))
{
// Make sure we are dealing with "Basic" credentials
if (encodedCredentials[0].StartsWith("Basic "))
{
// The authHeader after the basic signature is encoded
string authHeader = encodedCredentials[0].Remove(0, 6);
byte[] credential = System.Convert.FromBase64String(authHeader);
string decodedCredential = System.Text.Encoding.Default.GetString(credential, 0, credential.Length);
// Clients that newed up a NetCredential object with a URL
// come though on the authorization line in the following format:
// http://domain:port/simias10/service.asmx\username:password
int index = decodedCredential.LastIndexOf('\\');
if (index != -1)
{
string tempDomainID = decodedCredential.Substring(0, index);
if ((tempDomainID != null) && (StoreReference.GetDomain(tempDomainID) != null))
{
domainID = tempDomainID;
}
}
}
}
return(domainID);
}
/// <summary>
/// Tries to authenticate the current request if authorization headers are present.
/// </summary>
/// <param name="context">HttpContext that represents the request.</param>
private void VerifyPrincipalFromRequest(HttpContext context)
{
// See if this request requires authentication.
string webService = Path.GetFileName(context.Request.FilePath);
if (!unauthenticatedServices.ContainsKey(webService.ToLower()))
{
// See if this request method requires authentication.
string soapPath = context.Request.Headers["SOAPAction"];
string soapMethod = (soapPath != null) ? Path.GetFileName(soapPath.Trim(trimChars)) : null;
if (soapMethod == null)
{
// See if it was specified as a query parameter.
soapMethod = context.Request.QueryString["op"];
// If there is no operation query parameter, then use the entire query
// string as an index. This will allow the exception file to use
// something like Simias.asmx:?WSDL to allow WSDL download without credentials.
if (soapMethod == null)
{
soapMethod = context.Request.Url.Query;
}
}
log.Debug("In verify[rincipalfromrequest: soapmethod is {0}", soapMethod);
if ((soapMethod == null) ||
!unauthenticatedServices.ContainsKey(String.Format("{0}:{1}", webService, soapMethod).ToLower()))
{
// Check if the domain ID was specified in the basic realm.
string domainID = GetDomainIDFromRealm(context);
if (domainID == null)
{
// Get the Domain ID.
domainID = context.Request.Headers.Get(Http.DomainIDHeader);
if (domainID == null)
{
if (Store.IsEnterpriseServer)
{
// If this is an enterprise server use the default domain.
domainID = StoreReference.DefaultDomain;
}
else if (IsLocalAddress(context.Request.UserHostAddress) ||
IsLocalAddress(context.Request.Url.Host))
/*When connecting from storebrowser to a client, client is by default looking whether the request is coming from local machine or not. That's why it is failing. The above "OR" checking will allow requests from other machines too,
* but only after valid authentication credentials provided. This check leads to
* client to client communication, which has to be avoided.*/
{
// If this address is loopback, set the local domain in the HTTP context.
domainID = StoreReference.LocalDomain;
}
}
}
// Try and authenticate the request.
if (domainID != null)
{
if (Http.GetMember(domainID, context) != null)
{
// Set the session to never expire on the local web service.
if (context.Session != null)
{
if (domainID == StoreReference.LocalDomain)
{
// Set to a very long time.
context.Session.Timeout = 60 * 24 * 365;
}
else
{
// use the default session timeout
}
}
}
}
else
{
string realmID = (Store.IsEnterpriseServer) ? StoreReference.DefaultDomain : StoreReference.LocalDomain;
string realm = StoreReference.GetDomain((realmID != null) ? realmID : StoreReference.LocalDomain).Name;
context.Response.StatusCode = 401;
context.Response.StatusDescription = "Unauthorized";
context.Response.AddHeader("WWW-Authenticate", String.Concat("Basic realm=\"", realm, "\""));
context.ApplicationInstance.CompleteRequest();
}
}
}
}
