/// <summary>
/// Attempts to authenticate requests subsequent to the initial authentication
/// request (handled by ProcessTicketValidation). This method looks for a
/// FormsAuthenticationCookie containing a FormsAuthenticationTicket and attempts
/// to confirms its validitiy. It either contains the CAS service ticket or a
/// reference to a CasAuthenticationTicket stored in the ServiceTicketManager
/// (if configured). If it succeeds, the context.User and Thread.CurrentPrincipal
/// are set with a ICasPrincipal and the current request is considered
/// authenticated. Otherwise, the current request is effectively anonymous.
/// </summary>
public void ProcessRequestAuthentication(HttpContextBase httpContext) {
// Look for a valid FormsAuthenticationTicket encrypted in a cookie.
CasAuthenticationTicket casTicket = null;
FormsAuthenticationTicket formsAuthenticationTicket = GetFormsAuthenticationTicket(httpContext);
if (formsAuthenticationTicket != null) {
ICasPrincipal principal;
if (_casServices.ServiceTicketManager != null) {
string serviceTicket = formsAuthenticationTicket.UserData;
casTicket = _casServices.ServiceTicketManager.GetTicket(serviceTicket);
if (casTicket != null) {
IAssertion assertion = casTicket.Assertion;
if (!_casServices.ServiceTicketManager.VerifyClientTicket(casTicket)) {
Logger.Warning("CasAuthenticationTicket failed verification: {0}", casTicket);
// Deletes the invalid FormsAuthentication cookie from the client.
ClearAuthCookie(httpContext);
_casServices.ServiceTicketManager.RevokeTicket(serviceTicket);
// Don't give this request a User/Principal. Remove it if it was created
// by the underlying FormsAuthenticationModule or another module.
principal = null;
}
else {
if (_casServices.ProxyTicketManager != null &&
!string.IsNullOrEmpty(casTicket.ProxyGrantingTicketIou) &&
string.IsNullOrEmpty(casTicket.ProxyGrantingTicket)) {
string proxyGrantingTicket = _casServices.ProxyTicketManager.GetProxyGrantingTicket(casTicket.ProxyGrantingTicketIou);
if (!string.IsNullOrEmpty(proxyGrantingTicket)) {
casTicket.ProxyGrantingTicket = proxyGrantingTicket;
}
}
principal = new CasPrincipal(assertion);
}
}
else {
if (httpContext.User != null &&
httpContext.User.Identity is FormsIdentity &&
_authenticationService.GetAuthenticatedUser() != null) {
return;
}
// This didn't resolve to a ticket in the TicketStore. Revoke it.
ClearAuthCookie(httpContext);
Logger.Debug("Revoking ticket {0}", serviceTicket);
_casServices.ServiceTicketManager.RevokeTicket(serviceTicket);
// Don't give this request a User/Principal. Remove it if it was created
// by the underlying FormsAuthenticationModule or another module.
principal = null;
}
}
else {
principal = new CasPrincipal(new Assertion(formsAuthenticationTicket.Name));
}
httpContext.User = principal;
Thread.CurrentPrincipal = principal;
if (principal == null) {
// Remove the cookie from the client
ClearAuthCookie(httpContext);
}
else {
// Extend the expiration of the cookie if FormsAuthentication is configured to do so.
if (FormsAuthentication.SlidingExpiration) {
FormsAuthenticationTicket newTicket = FormsAuthentication.RenewTicketIfOld(formsAuthenticationTicket);
if (newTicket != null && newTicket != formsAuthenticationTicket) {
SetAuthCookie(httpContext, newTicket);
if (_casServices.ServiceTicketManager != null) {
_casServices.ServiceTicketManager.UpdateTicketExpiration(casTicket, newTicket.Expiration);
}
}
}
}
}
}
public string GetId(CasPrincipal user) {
return user.Identity.Name;
}