public void Authenticate(IHttpRequestDescriptor request, IHttpResponseDescriptor response) { var identity = (Identity)IdentitySource.GetUserIdentity(request); request.User = new GenericPrincipal(identity, null); var token = identity.IsAuthenticated ? identity.Token : null; if (identity.IsAuthenticated) { if (OpLog.IsForDebug()) { OpLog.Debug(new { isauth = true, login = identity.Name, url = request.Uri.ToString() }.stringify()); } } else { if (null == identity.DisabledToken) { if (OpLog.IsForDebug()) { OpLog.Debug(new { isauth = false, login = identity.Name, url = request.Uri.ToString() }.stringify()); } } else { if (OpLog.IsForInfo()) { OpLog.Info(new { isauth = false, login = identity.Name, url = request.Uri.ToString(), disabledtoken = identity.DisabledToken }.stringify()); } } } TokenService.Store(response, request.Uri, token); }
private IIdentity AuthenticateWithValidToken(IHttpRequestDescriptor request, Token currentToken) { var currentExpire = currentToken.Expire.ToUniversalTime(); Token token; if (IsProlongable(request)) { token = TokenService.Prolongate(currentToken); } else { token = currentToken; } var resultExpire = token.Expire.ToUniversalTime(); if (Logg.IsForDebug()) { Logg.Debug( new { request = request.Uri.ToString(), token = "upgrade", from = currentExpire, to = resultExpire } .stringify()); } var result = BuildIdentity(token); return(result); }
private bool IsProlongable(IHttpRequestDescriptor request) { var path = request.Uri.AbsolutePath; if (path == "/isauth") return false; if (path == "/logout") return false; if (path == "/myinfo") return false; return true; }
private string ReadCookie(IHttpRequestDescriptor request) { var cookie = request.GetHeader("Cookie"); if (string.IsNullOrWhiteSpace(cookie)) { return(null); } var headerStart = cookie.IndexOf(CookieName); if (headerStart == -1) { return(string.Empty); } var eq = cookie.IndexOf('=', headerStart); if (eq == -1) { return(string.Empty); } if (eq == cookie.Length - 1) { return(string.Empty); } var finish = cookie.IndexOfAny(new[] { ',', ' ', ';' }, eq); if (finish == -1) { finish = cookie.Length; } var result = cookie.Substring(eq + 1, finish - (eq + 1)); return(Uri.UnescapeDataString(result)); }
public Token Create(IHttpRequestDescriptor request) { var result = new Token(); result.User = request.User.Identity.Name; var qid = request.User.Identity as Identity; if (null != qid) { if (null != qid.ImpersonationSource) { result.ImUser = qid.ImpersonationSource.Name; } } result.Created = DateTime.Now.ToUniversalTime(); result.IsAdmin = qid.IsAdmin; if (LeaseTime == -1) { result.Expire = DateTime.Today.AddDays(1).AddSeconds(-1).ToUniversalTime(); } else { result.Expire = DateTime.Now.AddMinutes(LeaseTime).ToUniversalTime(); } result.Metrics = GetMetrics(request); if (null != qid.ImpersonationSource) { result.ImUser = qid.ImpersonationSource.Name; } return(result); }
public IIdentity GetUserIdentity(IHttpRequestDescriptor request) { var name = AnyGuestName; var auth = AllowGuest; var isadmin = AnyGuestIsAdmin; var type = "guest"; var guest = true; if (IsLocal(request.LocalEndPoint)) { name = LocalGuestName; auth = AllowLocalGuest; isadmin = LocalGuestIsAdmin; type = "localguest"; } TrustedOrigin origin = null; if (!isadmin && (origin = GetTrust(request)) != null) { guest = false; auth = true; isadmin = true; type = "trusted"; name = origin.Name; } return(new Identity { Name = name, IsAuthenticated = auth, AuthenticationType = type, IsAdmin = isadmin, IsGuest = guest }); }
public AuthorizationReaction GetReaction(IHttpRequestDescriptor request) { if (request.User.Identity.IsAuthenticated) { return(new AuthorizationReaction { Process = true }); } var uri = request.Uri; if (IsProcessAble(uri)) { return(new AuthorizationReaction { Process = true }); } var redir = RedirectHtml(uri); if (null != redir) { return(redir); } return(new AuthorizationReaction { Error = new SecurityException("not authenticated") }); }
public string GetRedirectUrl(IHttpRequestDescriptor req) { foreach (var redirectSource in Redirectors) { var redirect = redirectSource.GetRedirectUrl(req); if (!string.IsNullOrWhiteSpace(redirect)) { return redirect; } } return null; }
public Token Extract(IHttpRequestDescriptor request) { var cookie = ReadCookie(request); if (string.IsNullOrWhiteSpace(cookie)) { return(null); } return(TokenEncryptor.Decrypt(cookie)); }
private string GetMetrics(IHttpRequestDescriptor request) { if (Clustered) { return((request.RemoteEndPoint.Address + "_" + request.UserAgent).GetMd5().Substring(0, 6)); } return((request.RemoteEndPoint.Address + "_" + request.LocalEndPoint.Address + "_" + request.UserAgent).GetMd5().Substring(0, 6)); }
public string GetRedirectUrl(IHttpRequestDescriptor req) { foreach (var redirectSource in Redirectors) { var redirect = redirectSource.GetRedirectUrl(req); if (!string.IsNullOrWhiteSpace(redirect)) { return(redirect); } } return(null); }
public IIdentity GetUserIdentity(IHttpRequestDescriptor request) { var currentToken = TokenService.Extract(request); if (Logg.IsForDebug()) { Logg.Debug(new {request = request.Uri.ToString(), action = "extract", token = currentToken}.stringify()); } if (currentToken != null && TokenService.IsValid(request, currentToken)) { return AuthenticateWithValidToken(request, currentToken); } var result = (Identity)DefaultIdentitySource.GetUserIdentity(request); result.DisabledToken = currentToken; return result; }
public AuthorizationReaction GetReaction(IHttpRequestDescriptor request) { if (request.User.Identity.IsAuthenticated) { return new AuthorizationReaction {Process = true}; } var uri = request.Uri; if (IsProcessAble(uri)) { return new AuthorizationReaction {Process = true}; } var redir = RedirectHtml(uri); if (null != redir) { return redir; } return new AuthorizationReaction {Error = new SecurityException("not authenticated")}; }
public AuthorizationReaction Authorize(IHttpRequestDescriptor request) { var uri = request.Uri; var identity = request.User.Identity; var rule = Rules.Where(_ => _.IsMatch(uri)).OrderByDescending(_ => _.Idx).FirstOrDefault(); AuthorizationReaction result; if (!identity.IsAuthenticated) { if (null != rule && rule.IsForNotAuth) { result = rule.GetNotAuth(request); } else { result = NotAuth.GetReaction(request); } } else { if (null == rule) { result = AuthorizationReaction.Allow; } else if (!rule.CheckRole) { result = AuthorizationReaction.Allow; } else if (Roles.IsInRole(request.User.Identity, rule.Role)) { result = AuthorizationReaction.Allow; } else { return(AuthorizationReaction.Deny); } } if (result.Process && null != Redirector && string.IsNullOrWhiteSpace(result.Redirect)) { var redirect = Redirector.GetRedirectUrl(request); if (!string.IsNullOrWhiteSpace(redirect)) { result = new AuthorizationReaction { Redirect = redirect }; } } return(result); }
public bool IsValid(IHttpRequestDescriptor request, Token token) { if (token.Expire < DateTime.Now.ToUniversalTime()) { return(false); } var metrics = GetMetrics(request); if (metrics != token.Metrics) { return(false); } return(true); }
public AuthorizationReaction GetNotAuth(IHttpRequestDescriptor request) { if (ProcessNotAuth) { return(AuthorizationReaction.Allow); } if (DenyNotAuth) { return(AuthorizationReaction.Deny); } return(new AuthorizationReaction { Redirect = RedirectNotAuthUrl + "?referer=" + request.Uri.AbsolutePath }); }
public IIdentity GetUserIdentity(IHttpRequestDescriptor request) { var currentToken = TokenService.Extract(request); if (Logg.IsForDebug()) { Logg.Debug(new { request = request.Uri.ToString(), action = "extract", token = currentToken }.stringify()); } if (currentToken != null && TokenService.IsValid(request, currentToken)) { return(AuthenticateWithValidToken(request, currentToken)); } var result = (Identity)DefaultIdentitySource.GetUserIdentity(request); result.DisabledToken = currentToken; return(result); }
private IIdentity AuthenticateWithValidToken(IHttpRequestDescriptor request, Token currentToken) { var currentExpire = currentToken.Expire.ToUniversalTime(); Token token; if (IsProlongable(request)) { token = TokenService.Prolongate(currentToken); } else { token = currentToken; } var resultExpire = token.Expire.ToUniversalTime(); if (Logg.IsForDebug()) { Logg.Debug( new {request = request.Uri.ToString(), token = "upgrade", from = currentExpire, to = resultExpire} .stringify()); } var result = BuildIdentity(token); return result; }
private bool IsProlongable(IHttpRequestDescriptor request) { var path = request.Uri.AbsolutePath; if (path == "/isauth") { return(false); } if (path == "/logout") { return(false); } if (path == "/myinfo") { return(false); } return(true); }
public AuthorizationReaction GetNotAuth(IHttpRequestDescriptor request) { if (ProcessNotAuth) return AuthorizationReaction.Allow; if (DenyNotAuth) return AuthorizationReaction.Deny; return new AuthorizationReaction {Redirect = RedirectNotAuthUrl + "?referer=" + request.Uri.AbsolutePath}; }
public static RequestParameters Create(IHttpRequestDescriptor request) { return(Create(new WebContext { Request = request })); }
private TrustedOrigin GetTrust(IHttpRequestDescriptor request) { var origin = request.GetHeader("Origin") ?? ""; return(TrustedOrigins.FirstOrDefault(_ => _.IsMatch(request.RemoteEndPoint, request.LocalEndPoint, origin))); }