public bool Authenticate(HttpApplication application, bool basicAuthenticated, bool anonymAuthenticated)
{
var context = AuthenticationHelper.GetContext(application); //HttpContext.Current;
var request = AuthenticationHelper.GetRequest(application);
bool headerMark, uriMark;
string actionHeader, uri, accessHeadAndPayload;
if (IsTokenAuthenticationRequested(request, out headerMark, out uriMark, out actionHeader, out uri, out accessHeadAndPayload))
{
if (basicAuthenticated && anonymAuthenticated)
{
SnLog.WriteException(new UnauthorizedAccessException("Invalid user."));
context.Response.StatusCode = HttpResponseStatusCode.Unauthorized;
context.Response.Flush();
if (application?.Context != null)
{
application.CompleteRequest();
}
}
else
{
TokenAuthenticate(basicAuthenticated, headerMark, uriMark, actionHeader, uri, accessHeadAndPayload, context, application);
}
return(true);
}
return(false);
}
public void OnAuthenticateRequest(object sender, EventArgs e)
{
var application = sender as HttpApplication;
var context = AuthenticationHelper.GetContext(sender); //HttpContext.Current;
var basicAuthenticated = DispatchBasicAuthentication(context, out var anonymAuthenticated);
var tokenAuthentication = new TokenAuthentication();
var tokenAuthenticated = tokenAuthentication.Authenticate(application, basicAuthenticated, anonymAuthenticated);
if (!tokenAuthenticated)
{
tokenAuthenticated = OAuthManager.Instance.Authenticate(application, tokenAuthentication);
}
// if it is a simple basic authentication case or authenticated with a token
if (basicAuthenticated || tokenAuthenticated)
{
return;
}
string authenticationType = null;
string repositoryPath = string.Empty;
// Get the current PortalContext
var currentPortalContext = PortalContext.Current;
if (currentPortalContext != null)
{
authenticationType = currentPortalContext.AuthenticationMode;
}
// default authentication mode
if (string.IsNullOrEmpty(authenticationType))
{
authenticationType = WebApplication.DefaultAuthenticationMode;
}
// if no site auth mode, no web.config default, then exception...
if (string.IsNullOrEmpty(authenticationType))
{
throw new ApplicationException(
"The engine could not determine the authentication mode for this request. This request does not belong to a site, and there was no default authentication mode set in the web.config.");
}
switch (authenticationType)
{
case "Windows":
EmulateWindowsAuthentication(application);
SetApplicationUser(application, authenticationType);
break;
case "Forms":
application.Context.User = null;
CallInternalOnEnter(sender, e);
SetApplicationUser(application, authenticationType);
break;
case "None":
// "None" authentication: set the Visitor Identity
application.Context.User = new PortalPrincipal(User.Visitor);
break;
default:
Site site = null;
var problemNode = Node.LoadNode(repositoryPath);
if (problemNode != null)
{
site = Site.GetSiteByNode(problemNode);
if (site != null)
{
authenticationType = site.GetAuthenticationType(application.Context.Request.Url);
}
}
var message = site == null
? string.Format(
HttpContext.GetGlobalResourceObject("Portal", "DefaultAuthenticationNotSupported") as string,
authenticationType)
: string.Format(
HttpContext.GetGlobalResourceObject("Portal", "AuthenticationNotSupportedOnSite") as string,
site.Name, authenticationType);
throw new NotSupportedException(message);
}
}
private void EmulateWindowsAuthentication(HttpApplication application)
{
WindowsIdentity identity = null;
if (HttpRuntime.UsingIntegratedPipeline)
{
WindowsPrincipal user = null;
var context = AuthenticationHelper.GetContext(application);
if (HttpRuntime.IsOnUNCShare && context.Request.IsAuthenticated)
{
user = new WindowsPrincipal(WindowsIdentity.GetCurrent());
}
else
{
user = application.Context.User as WindowsPrincipal;
}
if (user != null)
{
identity = user.Identity as WindowsIdentity;
}
}
else
{
HttpWorkerRequest workerRequest =
(HttpWorkerRequest)application.Context.GetType().GetProperty("WorkerRequest", BindingFlags.NonPublic | BindingFlags.Instance).GetGetMethod(true).Invoke(application.Context, null);
string logonUser = workerRequest.GetServerVariable("LOGON_USER");
string authType = workerRequest.GetServerVariable("AUTH_TYPE");
if (logonUser == null)
{
logonUser = string.Empty;
}
if (authType == null)
{
authType = string.Empty;
}
if (logonUser.Length == 0 && authType.Length == 0 || authType.ToLower() == "basic")
{
identity = WindowsIdentity.GetAnonymous();
}
else
{
identity = new WindowsIdentity(workerRequest.GetUserToken(), authType, System.Security.Principal.WindowsAccountType.Normal, true);
}
}
if (identity != null)
{
WindowsPrincipal wp = new WindowsPrincipal(identity);
object[] setPrincipalNoDemandParameters = new object[] { wp, false };
Type[] setPrincipalNoDemandParameterTypes = new Type[] { typeof(IPrincipal), typeof(bool) };
MethodInfo setPrincipalNoDemandMethodInfo = application.Context.GetType().GetMethod("SetPrincipalNoDemand", BindingFlags.Instance | BindingFlags.NonPublic, null, setPrincipalNoDemandParameterTypes, null);
setPrincipalNoDemandMethodInfo.Invoke(application.Context, setPrincipalNoDemandParameters);
}
// return 401 if user is not authenticated:
// - application.Context.User might be null for ContentStore GetTreeNodeAllChildren?... request
// - currentPortalUser.Id might be startupuserid or visitoruserid if browser did not send 'negotiate' auth header yet
// - currentPortalUser might be null if application.Context.User.Identity is null or not an IUser
IUser currentPortalUser = null;
if (application.Context.User != null)
{
currentPortalUser = application.Context.User.Identity as IUser;
}
if ((application.Context.User == null) || (currentPortalUser != null &&
(currentPortalUser.Id == Identifiers.StartupUserId ||
currentPortalUser.Id == Identifiers.VisitorUserId)))
{
if (!IsLocalAxdRequest())
{
AuthenticationHelper.DenyAccess(application);
}
}
}
