Example #1
0
        /// <summary>
        /// Attempts to authenticate requests subsequent to the initial authentication
        /// request (handled by ProcessTicketValidation).  This method looks for a 
        /// FormsAuthenticationCookie containing a FormsAuthenticationTicket and attempts
        /// to confirms its validitiy.  It either contains the CAS service ticket or a 
        /// reference to a CasAuthenticationTicket stored in the ServiceTicketManager 
        /// (if configured).  If it succeeds, the context.User and Thread.CurrentPrincipal 
        /// are set with a ICasPrincipal and the current request is considered 
        /// authenticated.  Otherwise, the current request is effectively anonymous.
        /// </summary>
        public void ProcessRequestAuthentication(HttpContextBase httpContext) {
            // Look for a valid FormsAuthenticationTicket encrypted in a cookie.
            CasAuthenticationTicket casTicket = null;
            FormsAuthenticationTicket formsAuthenticationTicket = GetFormsAuthenticationTicket(httpContext);
            if (formsAuthenticationTicket != null) {
                ICasPrincipal principal;
                if (_casServices.ServiceTicketManager != null) {
                    string serviceTicket = formsAuthenticationTicket.UserData;
                    casTicket = _casServices.ServiceTicketManager.GetTicket(serviceTicket);
                    if (casTicket != null) {
                        IAssertion assertion = casTicket.Assertion;

                        if (!_casServices.ServiceTicketManager.VerifyClientTicket(casTicket)) {
                            Logger.Warning("CasAuthenticationTicket failed verification: {0}", casTicket);

                            // Deletes the invalid FormsAuthentication cookie from the client.
                            ClearAuthCookie(httpContext);
                            _casServices.ServiceTicketManager.RevokeTicket(serviceTicket);

                            // Don't give this request a User/Principal.  Remove it if it was created
                            // by the underlying FormsAuthenticationModule or another module.
                            principal = null;
                        }
                        else {
                            if (_casServices.ProxyTicketManager != null && 
                                !string.IsNullOrEmpty(casTicket.ProxyGrantingTicketIou) && 
                                string.IsNullOrEmpty(casTicket.ProxyGrantingTicket)) {

                                string proxyGrantingTicket = _casServices.ProxyTicketManager.GetProxyGrantingTicket(casTicket.ProxyGrantingTicketIou);
                                if (!string.IsNullOrEmpty(proxyGrantingTicket)) {
                                    casTicket.ProxyGrantingTicket = proxyGrantingTicket;
                                }
                            }

                            principal = new CasPrincipal(assertion);
                        }
                    }
                    else {
                        if (httpContext.User != null &&
                            httpContext.User.Identity is FormsIdentity &&
                            _authenticationService.GetAuthenticatedUser() != null) {
                            return;
                        }

                        // This didn't resolve to a ticket in the TicketStore.  Revoke it.
                        ClearAuthCookie(httpContext);
                        Logger.Debug("Revoking ticket {0}", serviceTicket);
                        _casServices.ServiceTicketManager.RevokeTicket(serviceTicket);

                        // Don't give this request a User/Principal.  Remove it if it was created
                        // by the underlying FormsAuthenticationModule or another module.
                        principal = null;
                    }
                }
                else {
                    principal = new CasPrincipal(new Assertion(formsAuthenticationTicket.Name));
                }

                httpContext.User = principal;
                Thread.CurrentPrincipal = principal;

                if (principal == null) {
                    // Remove the cookie from the client
                    ClearAuthCookie(httpContext);
                }
                else {
                    // Extend the expiration of the cookie if FormsAuthentication is configured to do so.
                    if (FormsAuthentication.SlidingExpiration) {
                        FormsAuthenticationTicket newTicket = FormsAuthentication.RenewTicketIfOld(formsAuthenticationTicket);
                        if (newTicket != null && newTicket != formsAuthenticationTicket) {
                            SetAuthCookie(httpContext, newTicket);
                            if (_casServices.ServiceTicketManager != null) {
                                _casServices.ServiceTicketManager.UpdateTicketExpiration(casTicket, newTicket.Expiration);
                            }
                        }
                    }
                }
            }
        }
 public string GetId(CasPrincipal user) {
     return user.Identity.Name;
 }