public Ticket(int orderNumber)
: this()
{
this.orderNumber = orderNumber;
TicketValidator.Validate(this);
}
/// <summary>
/// Validates a ticket contained in the URL, presumably generated by
/// the CAS server after a successful authentication. The actual ticket
/// validation is performed by the configured TicketValidator
/// (i.e., CAS 1.0, CAS 2.0, SAML 1.0). If the validation succeeds, the
/// request is authenticated and a FormsAuthenticationCookie and
/// corresponding CasAuthenticationTicket are created for the purpose of
/// authenticating subsequent requests (see ProcessTicketValidation
/// method). If the validation fails, the authentication status remains
/// unchanged (generally the user is and remains anonymous).
/// </summary>
public void ProcessTicketValidation(HttpContextBase httpContext)
{
HttpApplication app = httpContext.ApplicationInstance;
HttpRequestBase request = httpContext.Request;
string ticket = request[_casServices.Settings.ArtifactParameterName];
try {
// Attempt to authenticate the ticket and resolve to an ICasPrincipal
var principal = TicketValidator.Validate(ticket);
// Save the ticket in the FormsAuthTicket. Encrypt the ticket and send it as a cookie.
var casTicket = new CasAuthenticationTicket(
ticket,
_urlUtil.RemoveCasArtifactsFromUrl(request.Url.AbsoluteUri),
request.UserHostAddress,
principal.Assertion,
principal.MaxAttributes,
_clock.UtcNow
);
if (_casServices.ProxyTicketManager != null && !string.IsNullOrEmpty(principal.ProxyGrantingTicket))
{
casTicket.ProxyGrantingTicketIou = principal.ProxyGrantingTicket;
casTicket.Proxies.AddRange(principal.Proxies);
string proxyGrantingTicket = _casServices.ProxyTicketManager.GetProxyGrantingTicket(casTicket.ProxyGrantingTicketIou);
if (!string.IsNullOrEmpty(proxyGrantingTicket))
{
casTicket.ProxyGrantingTicket = proxyGrantingTicket;
}
}
// TODO: Check the last 2 parameters. We want to take the from/to dates from the FormsAuthenticationTicket.
// However, we may need to do some clock drift correction.
FormsAuthenticationTicket formsAuthTicket = CreateFormsAuthenticationTicket(
principal.Identity.Name,
ticket,
null,
null);
SetAuthCookie(httpContext, formsAuthTicket);
// Also save the ticket in the server store (if configured)
if (_casServices.ServiceTicketManager != null)
{
_casServices.ServiceTicketManager.UpdateTicketExpiration(casTicket, formsAuthTicket.Expiration);
}
// Jump directly to EndRequest. Don't allow the Page and/or Handler to execute.
// EndRequest will redirect back without the ticket in the URL
app.CompleteRequest();
return;
}
catch (TicketValidationException e) {
// Leave principal null. This might not have been a CAS service ticket.
Logger.Error(e, "Ticket validation error: {0}", e);
}
}
private void Validation(TicketDTO ticket)
{
var validationResult = validator.Validate(ticket);
if (!validationResult.IsValid)
{
throw new Exception(validationResult.Errors.First().ToString());
}
}
public Product2Validator()
{
TicketValidator.Validate().Policy().ApplSignedState();
}
public Product3Validator()
{
TicketValidator.Validate().Policy().ApplSignedState().DistributionChannel();
}
