private void Application_AuthenticateRequest(object sender, EventArgs e)
{
SSOHelper.Authenticate();
if (!((SSOHelper.MembershipProvider.AllowAnonymousAccessToImages && IsImage()) || (SSOHelper.MembershipProvider.AllowAnonymousAccessToScripts && IsScript())))
{
SSOModule module = SSOModule.FindByURL(HttpContext.Current.Request.Url);
if (module == null)
{
if (SSOHelper.MembershipProvider.AlwaysAuthenticate && (SSOHelper.CurrentIdentity == null || SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Inexistent))
{
SSOHelper.RedirectToSSOPage("Login.aspx", HttpContext.Current.Request.Url.ToString());
}
else
{
if (SSOHelper.CurrentIdentity == null || SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Inexistent)
{
HttpContext.Current.User = null;
}
else
if (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod)
{
SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity);
}
}
}
else
{
// Check if it needs to authenticate
if (SSOHelper.MembershipProvider.AlwaysAuthenticate || module.IsProtected)
{
if (SSOHelper.CurrentIdentity == null)
{
SSOHelper.RedirectToSSOPage("Login.aspx", HttpContext.Current.Request.Url.ToString());
}
else
{
switch (SSOHelper.CurrentIdentity.State)
{
case SSOIdentitySessionState.Ok:
if (RequireAccess(module))
{
// Access allowed --> Update timeout
if (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod)
{
SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity);
}
}
else
{
SSOHelper.RedirectToErrorPage(403, 0, null);
}
break;
case SSOIdentitySessionState.Locked:
SSOHelper.RedirectToSSOPage("LockSession.aspx", HttpContext.Current.Request.Url.ToString());
break;
case SSOIdentitySessionState.Inexistent:
SSOHelper.RedirectToSSOPage("Login.aspx?timeout=1", HttpContext.Current.Request.Url.ToString());
break;
case SSOIdentitySessionState.SecurityError:
SSOHelper.RedirectToErrorPage(403, 4, null);
break;
}
}
}
else
{
// Access allowed --> Update timeout
if (SSOHelper.CurrentIdentity != null && SSOHelper.CurrentIdentity.State == SSOIdentitySessionState.Ok && (!IsWebMethod() || SSOHelper.MembershipProvider.UpdateTimeoutOnWebMethod))
{
SSOHelper.MembershipProvider.UpdateTimeout(SSOHelper.CurrentIdentity);
}
}
}
}
}
public override void InitializeRequest(System.Web.HttpContext context)
{
SSOHelper.Authenticate();
}