protected void Page_Load(object sender, EventArgs e) { string action = Request ["action"]; string referrer = Request ["referrer"] ?? (string)Session ["login_referrer"]; Session.Remove("login_referrer"); bool noOpenIdResponse = false; if (!string.IsNullOrEmpty(referrer)) { txtReferrer.Value = referrer; } if (!this.IsPostBack) { if (Request.UrlReferrer != null && string.IsNullOrEmpty(txtReferrer.Value)) { txtReferrer.Value = Request.UrlReferrer.AbsoluteUri; } } // can't refer back to itself if (txtReferrer.Value.Contains("Login.aspx")) { txtReferrer.Value = "index.aspx"; } cmdLoginOpenId.Visible = !string.IsNullOrEmpty(Configuration.OpenIdProvider); cmdLoginOauth.Visible = !string.IsNullOrEmpty(Configuration.OauthClientId); cmdLoginGitHubOauth.Visible = !string.IsNullOrEmpty(Configuration.GitHubOauthClientId); if (!Configuration.AllowPasswordLogin) { cmdLogin.Visible = Configuration.AllowPasswordLogin; txtPassword.Visible = Configuration.AllowPasswordLogin; txtUser.Visible = Configuration.AllowPasswordLogin; lblUser.Visible = Configuration.AllowPasswordLogin; lblPassword.Visible = Configuration.AllowPasswordLogin; } // If we have a provider of GitHub in the query string, // try to log in using our Oauth session state. if (cmdLoginGitHubOauth.Visible && Request.QueryString.GetValues("__provider__") != null && Request.QueryString.GetValues("__provider__")[0] == "github") { var authResult = GitHubAuthenticationHelper.VerifyAuthentication(); if (!authResult.IsSuccessful) { lblMessageOpenId.Text = "Failed to get user authenication from GitHub"; return; } var accessToken = authResult.GetAccessToken(); var userTeamList = GitHubAuthenticationHelper.GetUserTeams(accessToken); var gitHubOrgTeamList = new List <string[]> (); // We can't use select/group by with dynamic objects. // So instead, we put together the org and team list ourselves as a tuple. foreach (var userTeam in userTeamList) { var teamName = userTeam.name.ToString(); var orgName = userTeam.organization.login.ToString(); gitHubOrgTeamList.Add(new string[] { orgName, teamName }); } LoginResponse loginResponse = new LoginResponse(); using (DB db = new DB()) { try { DBLogin_Extensions.GitHubLogin(db, loginResponse, Utilities.GetExternalIP(Request), gitHubOrgTeamList, authResult.GetGitHubLogin()); } catch (Exception ex) { loginResponse.Exception = new WebServiceException(ex); } } if (loginResponse.Exception != null) { lblMessageOpenId.Text = loginResponse.Exception.Message; } else { Authentication.SetCookies(Response, loginResponse); Response.Redirect(txtReferrer.Value, false); } Session["github_token"] = accessToken; return; } // If "state" is in the query string callback, it's Google OAuth, so try to log in with that if (cmdLoginOauth.Visible && Request.QueryString.GetValues("state") != null) { var authResult = AuthenticationHelper.VerifyAuthentication(); if (!authResult.IsSuccessful) { lblMessageOpenId.Text = "Failed to get user authenication from Google"; return; } LoginResponse loginResponse = new LoginResponse(); using (DB db = new DB()) { try { DBLogin_Extensions.Login(db, loginResponse, authResult.GetEmail(), Utilities.GetExternalIP(Request)); } catch (Exception ex) { loginResponse.Exception = new WebServiceException(ex); } } if (loginResponse.Exception != null) { lblMessageOpenId.Text = loginResponse.Exception.Message; } else { Authentication.SetCookies(Response, loginResponse); Response.Redirect(txtReferrer.Value, false); } return; } if (cmdLoginOpenId.Visible) { OpenIdRelyingParty openid = new OpenIdRelyingParty(); var oidresponse = openid.GetResponse(); if (oidresponse != null) { switch (oidresponse.Status) { case AuthenticationStatus.Authenticated: // This is where you would look for any OpenID extension responses included // in the authentication assertion. var fetch = oidresponse.GetExtension <FetchResponse> (); string email; email = fetch.Attributes [WellKnownAttributes.Contact.Email].Values [0]; WebServiceLogin login = new WebServiceLogin(); login.Password = Configuration.WebServicePassword; login.User = Configuration.Host; var response = Utils.LocalWebService.LoginOpenId(login, email, Utilities.GetExternalIP(Request)); if (response.Exception != null) { lblMessageOpenId.Text = response.Exception.Message; } else { Authentication.SetCookies(Response, response); Response.Redirect(txtReferrer.Value, false); return; } break; default: lblMessageOpenId.Text = "Could not login using OpenId: " + oidresponse.Status.ToString(); break; } } else { noOpenIdResponse = true; } } if (!string.IsNullOrEmpty(action) && action == "logout") { if (Request.Cookies ["cookie"] != null) { Utils.LocalWebService.Logout(Master.WebServiceLogin); Response.Cookies.Add(new HttpCookie("cookie", "")); Response.Cookies ["cookie"].Expires = DateTime.Now.AddYears(-20); Response.Cookies.Add(new HttpCookie("user", "")); Response.Cookies ["user"].Expires = DateTime.Now.AddYears(-20); Response.Cookies.Add(new HttpCookie("roles", "")); Response.Cookies ["roles"].Expires = DateTime.Now.AddYears(-20); } Response.Redirect(txtReferrer.Value, false); return; } var auto_openid_redirect = false; var auto = Request ["auto-redirect-openid"]; if (!string.IsNullOrEmpty(auto) && auto.ToUpperInvariant() == "TRUE") { auto_openid_redirect = true; } if (!Configuration.AllowPasswordLogin && string.IsNullOrEmpty(action) && Configuration.AllowAnonymousAccess && noOpenIdResponse) { auto_openid_redirect = true; } if (auto_openid_redirect) { cmdLoginOpenId_Click(null, null); } }
public static void Authenticate(string user_host_address, DB db, WebServiceLogin login, WebServiceResponse response, bool @readonly) { int person_id; DBLoginView view = null; log.DebugFormat("WebService.Authenticate (Ip4: {0}, UserHostAddress: {1}, User: {2}, Cookie: {3}, Password: {4}", login == null ? null : login.Ip4, user_host_address, login == null ? null : login.User, login == null ? null : login.Cookie, login == null ? null : login.Password); // Check if credentials were passed in if (login == null || string.IsNullOrEmpty(login.User) || (string.IsNullOrEmpty(login.Password) && string.IsNullOrEmpty(login.Cookie))) { VerifyAnonymousAllowed(); return; } string ip = !string.IsNullOrEmpty(login.Ip4) ? login.Ip4 : user_host_address; if (!string.IsNullOrEmpty(login.Password)) { DBLogin result = DBLogin_Extensions.LoginUser(db, login.User, login.Password, ip, @readonly); if (result != null) { if (@readonly) { person_id = result.person_id; } else { view = DBLoginView_Extensions.VerifyLogin(db, login.User, result.cookie, ip); if (view == null) { log.Debug("Invalid cookie"); VerifyAnonymousAllowed(); return; } person_id = view.person_id; } } else { log.Debug("Invalid user/password"); VerifyAnonymousAllowed(); return; } } else { view = DBLoginView_Extensions.VerifyLogin(db, login.User, login.Cookie, ip); if (view == null) { log.Debug("Invalid cookie"); VerifyAnonymousAllowed(); return; } person_id = view.person_id; log.DebugFormat("Verifying login, cookie: {0} user: {1} ip: {2}", login.Cookie, login.User, ip); } log.Debug("Valid credentials"); if (response == null) { return; } DBPerson person = DBPerson_Extensions.Create(db, person_id); LoginResponse login_response = response as LoginResponse; if (login_response != null) { login_response.Cookie = view != null ? view.cookie : null; login_response.FullName = person.fullname; login_response.ID = person_id; } response.UserName = person.login; response.UserRoles = person.Roles; log.DebugFormat("Authenticate2 Roles are: {0}", response.UserRoles == null ? "null" : string.Join(";", response.UserRoles)); }