/// <summary>
/// EndRequest is used to trigger the appropriate redirection. There are
/// currently three scenarios that require special redirections.
/// <list>
/// <item>
/// Request is unauthenticated and is being routed to the FormsLoginUrl
/// (typically caused by UrlAuthorizationModule). This request needs to
/// be intercepted to change the 'ReturnUrl' parameter to 'serviceName'
/// </item>
/// <item>
/// Request contains a CAS ticket in the URL. This request needs to be
/// redirected back to itself without the 'ticket' parameter in order to
/// avoid potential infinite automatic ticket validation loops for when
/// a the ticket in the URL has expired or was revoked and the Renew
/// configuration parameter is set.
/// </item>
/// <item>
/// Request is authenticated, but is not authorized to access the
/// requested resource (by UrlAuthorizationModule). If the CAS is
/// configured with a NotAuthorizedUrl, the request is redirected to
/// that page. Otherwise, it is redirected to the CAS login page with
/// a forced 'Renew' property (to prevent infinite redirect loops).
/// </item>
/// </list>
/// </summary>
/// <param name="sender">The HttpApplication that sent the request</param>
/// <param name="e">Not used</param>
private static void OnEndRequest(object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
HttpRequest request = context.Request;
if (RequestEvaluator.GetRequestIsAppropriateForCasAuthentication())
{
logger.Debug("Starting EndRequest for " + request.RawUrl);
if (RequestEvaluator.GetRequestRequiresGateway())
{
logger.Info(" Performing Gateway Authentication");
CasAuthentication.GatewayAuthenticate(true);
}
else if (RequestEvaluator.GetUserDoesNotAllowSessionCookies())
{
logger.Info(" Cookies not supported. Redirecting to Cookies Required Page");
CasAuthentication.RedirectToCookiesRequiredPage();
}
else if (RequestEvaluator.GetRequestHasCasTicket())
{
logger.Info(" Redirecting from login callback");
CasAuthentication.RedirectFromLoginCallback();
}
else if (RequestEvaluator.GetRequestHasGatewayParameter())
{
logger.Info(" Redirecting from failed gateway callback");
CasAuthentication.RedirectFromFailedGatewayCallback();
}
else if (RequestEvaluator.GetRequestIsUnauthorized() && !String.IsNullOrEmpty(CasAuthentication.NotAuthorizedUrl))
{
logger.Info(" Redirecting to Unauthorized Page");
CasAuthentication.RedirectToNotAuthorizedPage();
}
else if (RequestEvaluator.GetRequestIsUnauthorized())
{
logger.Info(" Redirecting to CAS Login Page (Unauthorized without NotAuthorizedUrl defined)");
CasAuthentication.RedirectToLoginPage(true);
}
else if (RequestEvaluator.GetRequestIsUnAuthenticated())
{
logger.Info(" Redirecting to CAS Login Page");
CasAuthentication.RedirectToLoginPage();
}
//Async post backs from UpdatePanels suppress the standard Forms Authentication redirect causing the above checks to fail.
else if (RequestEvaluator.IsAsyncPostBackRequest() && !RequestEvaluator.CheckUrlAccessForCurrentPrincipal())
{
context.Response.Redirect(UrlUtil.ConstructLoginRedirectUrl(false, CasAuthentication.Renew), false);
}
logger.Debug("Ending EndRequest for " + request.RawUrl);
}
else
{
logger.Debug("No EndRequest processing for " + request.RawUrl);
}
}