Example #1
0
        /// <summary>
        /// Tries to authenticate/elevate the <paramref name="session"/> with the <paramref name="authMessage"/>.
        /// </summary>
        /// <param name="session">Session attempting to authenticate.</param>
        /// <param name="authMessage">Auth message.</param>
        /// <returns>True if the session authenticated.</returns>
        public bool TryAuthenticate(IElevatableSession session, AuthenticationMessage authMessage)
        {
            Logger.DebugFormat("Authenticated requested for Session {0}.", session.ToString());

            //We reduce contention by only read locking for a short moment

            lockObj.EnterReadLock();
            try
            {
                //Check if this is a token we granted
                if (!authTokenMap.ContainsKey(session.UniqueAuthToken))
                {
                    Logger.WarnFormat("Session {0} tried to authenticate with Token {1} but that token was not issued.", session.ToString(), session.UniqueAuthToken);
                    return(false);
                }

                //Check if the session matches the token
                if (authTokenMap[session.UniqueAuthToken].Session != session)
                {
                    Logger.WarnFormat("Session {0} tried to authenticate with Token {1} but that token was not issued for that session. Was issued for {2}.", session.ToString(), session.UniqueAuthToken, authTokenMap[session.UniqueAuthToken].Session);
                    return(false);
                }
            }
            finally
            {
                lockObj.ExitReadLock();
            }

            bool result = HandleAuthentication(session.UniqueAuthToken.ToByteArray(), authMessage.SignedMessage);

            if (!result)
            {
                return(false);
            }

            AddAuthenticatedSession(session.UniqueAuthToken, session);

            return(true);
        }
Example #2
0
 /// <summary>
 /// Creates a new Auth request with the message used for authorization.
 /// </summary>
 /// <param name="message">Message to be used to determine authorization.</param>
 public AuthenticationRequest(AuthenticationMessage message)
 {
     Message = message;
 }