/// <summary>
/// Performs the Raven authentication flow.
/// </summary>
/// <param name="filterContext"></param>
public void Authorize(AuthorizationContext filterContext)
{
HttpRequestBase request = filterContext.HttpContext.Request;
HttpResponseBase response = filterContext.HttpContext.Response;
if (this.LoadIdentity(filterContext.HttpContext))
{
return;
}
// if this is not a POST request, then we can look for a response
if (!request.HttpMethod.Equals("POST"))
{
// try to get the response
String wlsResponse = request.Params[WLS_RESPONSE_PARAM];
if (!String.IsNullOrWhiteSpace(wlsResponse))
{
// parse the response data
RavenResponse ravenResponse = new RavenResponse(wlsResponse);
// if the server has indicated that authentication was successful,
// validate the response signature and set an authentication cookie
if (ravenResponse.Status == RavenStatus.OK)
{
if (!this.Validate(ravenResponse))
{
throw new RavenException("Failed to validate response signature.");
}
// create a Forms authentication ticket and cookie
this.CreateTicket(response, ravenResponse);
// redirect the user back to where they started
response.Redirect(ravenResponse.URL);
}
else
{
// check to see if there is a URL we should redirect the user to
// if not: throw an exception
if (String.IsNullOrWhiteSpace(this.errorURL))
{
throw new RavenResponseException(
"Authentication failed: " + ravenResponse.Status.ToString(),
ravenResponse.Status);
}
response.Redirect(this.errorURL + (Int32)ravenResponse.Status);
}
return;
}
}
// if we end up here, then we don't have a Raven session
RavenRequest ravenRequest = new RavenRequest();
ravenRequest.Parameters.Add("url", request.Url.AbsoluteUri);
// redirect the user so they can set one up
response.Redirect(String.Format("{0}{1}{2}",
this.baseURL, RAVEN_AUTHENTICATE, ravenRequest.ToString()));
}
/// <summary>
/// Performs the Raven authentication flow.
/// </summary>
/// <param name="filterContext"></param>
public void Authorize(AuthorizationContext filterContext)
{
HttpRequestBase request = filterContext.HttpContext.Request;
HttpResponseBase response = filterContext.HttpContext.Response;
if (this.LoadIdentity(filterContext.HttpContext))
return;
// if this is not a POST request, then we can look for a response
if (!request.HttpMethod.Equals("POST"))
{
// try to get the response
String wlsResponse = request.Params[WLS_RESPONSE_PARAM];
if (!String.IsNullOrWhiteSpace(wlsResponse))
{
// parse the response data
RavenResponse ravenResponse = new RavenResponse(wlsResponse);
// if the server has indicated that authentication was successful,
// validate the response signature and set an authentication cookie
if (ravenResponse.Status == RavenStatus.OK)
{
if (!this.Validate(ravenResponse))
throw new RavenException("Failed to validate response signature.");
// create a Forms authentication ticket and cookie
this.CreateTicket(response, ravenResponse);
// redirect the user back to where they started
response.Redirect(ravenResponse.URL);
}
else
{
// check to see if there is a URL we should redirect the user to
// if not: throw an exception
if (String.IsNullOrWhiteSpace(this.errorURL))
{
throw new RavenResponseException(
"Authentication failed: " + ravenResponse.Status.ToString(),
ravenResponse.Status);
}
response.Redirect(this.errorURL + (Int32)ravenResponse.Status);
}
return;
}
}
// if we end up here, then we don't have a Raven session
RavenRequest ravenRequest = new RavenRequest();
ravenRequest.Parameters.Add("url", request.Url.AbsoluteUri);
// redirect the user so they can set one up
response.Redirect(String.Format("{0}{1}{2}",
this.baseURL, RAVEN_AUTHENTICATE, ravenRequest.ToString()));
}
