/// <summary>
/// The gateway calls this method to perform programmatic, custom authentication.
/// </summary>
/// <param name="username">The principal being authenticated.</param>
/// <param name="credentials">The credentials are passed as a dictionary to allow for extra properties to be passed in the future. For now, only a "password" property is sent.</param>
/// <returns>A principal object represents the security context of the user.</returns>
public IPrincipal Login(string username, IDictionary credentials)
{
if (_loginCommand != null)
{
IPrincipal principal = _loginCommand.DoAuthentication(username, credentials);
if (principal == null)
{
throw new SecurityException(__Res.GetString(__Res.Security_AccessNotAllowed));
}
this.Principal = principal;
System.Threading.Thread.CurrentPrincipal = principal;
// Attach the new principal object to the current Context object
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
return(principal);
}
else
{
if (log.IsErrorEnabled)
{
log.Error(__Res.GetString(__Res.Security_LoginMissing));
}
throw new UnauthorizedAccessException(__Res.GetString(__Res.Security_LoginMissing));
}
}
public override IPrincipal RestorePrincipal(ILoginCommand loginCommand)
{
IPrincipal currentPrincipal = null;
if ((HttpContext.Current != null) && HttpContext.Current.Request.IsAuthenticated)
{
if (!(HttpContext.Current.User.Identity is FormsIdentity))
{
return(HttpContext.Current.User);
}
FormsIdentity identity = HttpContext.Current.User.Identity as FormsIdentity;
if (!((identity.Ticket.UserData != null) && identity.Ticket.UserData.StartsWith("fluorineauthticket")))
{
return(HttpContext.Current.User);
}
}
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(GetFormsAuthCookieName());
if (cookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
if (ticket != null)
{
currentPrincipal = HttpContext.Current.Cache[ticket.UserData] as IPrincipal;
if ((currentPrincipal == null) && ((ticket.UserData != null) && ticket.UserData.StartsWith("fluorineauthticket")))
{
string[] strArray = ticket.UserData.Split(new char[] { '|' });
string username = strArray[2];
string password = strArray[3];
if (loginCommand == null)
{
throw new UnauthorizedAccessException(__Res.GetString("Security_LoginMissing"));
}
Hashtable credentials = new Hashtable(1);
credentials["password"] = password;
currentPrincipal = loginCommand.DoAuthentication(username, credentials);
if (currentPrincipal == null)
{
throw new UnauthorizedAccessException(__Res.GetString("Security_AuthenticationFailed"));
}
this.StorePrincipal(currentPrincipal, username, password);
}
}
else
{
currentPrincipal = Thread.CurrentPrincipal;
}
}
if (currentPrincipal != null)
{
this.User = currentPrincipal;
Thread.CurrentPrincipal = currentPrincipal;
}
return(currentPrincipal);
}
internal override IPrincipal RestorePrincipal(ILoginCommand loginCommand, string key)
{
IPrincipal principal = null;
if (key != null)
{
principal = HttpContext.Current.Cache[key] as IPrincipal;
if (principal == null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(key);
if (ticket == null)
{
throw new UnauthorizedAccessException(__Res.GetString("Security_AuthenticationFailed"));
}
string[] strArray = ticket.UserData.Split(new char[] { '|' });
string username = strArray[2];
string str2 = strArray[3];
if (loginCommand == null)
{
throw new UnauthorizedAccessException(__Res.GetString("Security_LoginMissing"));
}
Hashtable credentials = new Hashtable(1);
credentials["password"] = str2;
principal = loginCommand.DoAuthentication(username, credentials);
if (principal == null)
{
throw new UnauthorizedAccessException(__Res.GetString("Security_AuthenticationFailed"));
}
this.StorePrincipal(principal, key);
}
}
if (principal != null)
{
this.User = principal;
Thread.CurrentPrincipal = principal;
}
return(principal);
}
public override void Invoke(AMFContext context)
{
IPrincipal principal = null;
int num;
ErrorResponseBody body2;
MessageBroker messageBroker = this._endpoint.GetMessageBroker();
try
{
string str3;
AMFHeader header = context.AMFMessage.GetHeader("Credentials");
if ((header != null) && (header.Content != null))
{
string username = ((ASObject)header.Content)["userid"] as string;
string password = ((ASObject)header.Content)["password"] as string;
ASObject content = new ASObject();
content["name"] = "Credentials";
content["mustUnderstand"] = false;
content["data"] = null;
AMFHeader header2 = new AMFHeader("RequestPersistentHeader", true, content);
context.MessageOutput.AddHeader(header2);
ILoginCommand loginCommand = this._endpoint.GetMessageBroker().LoginCommand;
if (loginCommand == null)
{
throw new UnauthorizedAccessException(__Res.GetString("Security_LoginMissing"));
}
Hashtable credentials = new Hashtable(1);
credentials["password"] = password;
principal = loginCommand.DoAuthentication(username, credentials);
if (principal == null)
{
throw new UnauthorizedAccessException(__Res.GetString("Security_AccessNotAllowed"));
}
FluorineContext.Current.StorePrincipal(principal, username, password);
str3 = FluorineContext.Current.EncryptCredentials(this._endpoint, principal, username, password);
FluorineContext.Current.StorePrincipal(principal, str3);
ASObject obj3 = new ASObject();
obj3["name"] = "CredentialsId";
obj3["mustUnderstand"] = false;
obj3["data"] = str3;
AMFHeader header3 = new AMFHeader("RequestPersistentHeader", true, obj3);
context.MessageOutput.AddHeader(header3);
}
else
{
header = context.AMFMessage.GetHeader("CredentialsId");
if (header != null)
{
str3 = header.Content as string;
if (str3 != null)
{
FluorineContext.Current.RestorePrincipal(messageBroker.LoginCommand, str3);
}
}
else
{
principal = FluorineContext.Current.RestorePrincipal(messageBroker.LoginCommand);
}
}
}
catch (UnauthorizedAccessException exception)
{
for (num = 0; num < context.AMFMessage.BodyCount; num++)
{
body2 = new ErrorResponseBody(context.AMFMessage.GetBodyAt(num), exception);
context.MessageOutput.AddBody(body2);
}
}
catch (Exception exception2)
{
if ((log != null) && log.get_IsErrorEnabled())
{
log.Error(exception2.Message, exception2);
}
for (num = 0; num < context.AMFMessage.BodyCount; num++)
{
body2 = new ErrorResponseBody(context.AMFMessage.GetBodyAt(num), exception2);
context.MessageOutput.AddBody(body2);
}
}
FluorineContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}