/// <devdoc> /// <para> /// Binds an authentication response to a request for pre-authentication. /// </para> /// </devdoc> // Create binding between an authorization response and the module // generating that response // This association is used for deciding which module to invoke // for preauthentication purposes public override void BindModule(Uri uri, Authorization response, IAuthenticationModule module) { GlobalLog.Assert( module.CanPreAuthenticate, "AuthenticationManager::BindModule()|module.CanPreAuthenticate == false"); if (response.ProtectionRealm != null) { // The authentication module specified which Uri prefixes // will be preauthenticated string[] prefix = response.ProtectionRealm; for (int k = 0; k < prefix.Length; k++) { // // PrefixLookup is thread-safe // moduleBinding.Add(prefix[k], module.AuthenticationType); } } else { // Otherwise use the default policy for "fabricating" // some protection realm generalizing the particular Uri string prefix = generalize(uri); // // PrefixLookup is thread-safe // moduleBinding.Add(prefix, module.AuthenticationType); } }
// Create binding between an authorization response and the module // generating that response // This association is used for deciding which module to invoke // for preauthentication purposes private static void createModuleBinding(WebRequest request, Authorization response, IAuthenticationModule module) { if (!module.CanPreAuthenticate) { return; } if (response.ProtectionRealm != null) { // The authentication module specified which Uri prefixes // will be preauthenticated string[] prefix = response.ProtectionRealm; for (int k = 0; k < prefix.Length; k++) { // // PrefixLookup is thread-safe // s_ModuleBinding.Add(prefix[k], module.AuthenticationType); } } else { // Otherwise use the default policy for "fabricating" // some protection realm generalizing the particular Uri // Consider: should this be ChallengedUri? string prefix = generalize(request.RequestUri); // // PrefixLookup is thread-safe // s_ModuleBinding.Add(prefix, module.AuthenticationType); } return; }
internal static void BindModule(Uri uri, Authorization response, IAuthenticationModule module) { if (response.ProtectionRealm != null) { string[] protectionRealm = response.ProtectionRealm; for (int i = 0; i < protectionRealm.Length; i++) { s_ModuleBinding.Add(protectionRealm[i], module.AuthenticationType); } } else { string prefix = generalize(uri); s_ModuleBinding.Add(prefix, module.AuthenticationType); } }
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials) { GlobalLog.Print("DigestClient::Authenticate(): " + challenge); #if XP_WDIGEST if (ComNetOS.IsPostWin2K) { return(XPDigestClient.Authenticate(challenge, webRequest, credentials)); } #endif // #if XP_WDIGEST GlobalLog.Assert(credentials != null, "DigestClient::Authenticate() credentials==null", ""); if (credentials == null || credentials is SystemNetworkCredential) { return(null); } HttpWebRequest httpWebRequest = webRequest as HttpWebRequest; GlobalLog.Assert(httpWebRequest != null, "DigestClient::Authenticate() httpWebRequest==null", ""); if (httpWebRequest == null || httpWebRequest.ChallengedUri == null) { // // there has been no challenge: // 1) the request never went on the wire // 2) somebody other than us is calling into AuthenticationManager // return(null); } int index = AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature); if (index < 0) { return(null); } string[] prefixes = null; string rootPath = httpWebRequest.ChallengedUri.Scheme + "://" + httpWebRequest.ChallengedUri.Host; HttpDigestChallenge digestChallenge = HttpDigest.Interpret(challenge, index, httpWebRequest); if (digestChallenge == null) { return(null); } if (digestChallenge.Domain == null) { challengeCache.Add(rootPath, digestChallenge); } else { prefixes = digestChallenge.Domain.Split(" ".ToCharArray()); for (int i = 0; i < prefixes.Length; i++) { challengeCache.Add(prefixes[i], digestChallenge); } } Authorization digestResponse = HttpDigest.Authenticate(digestChallenge, credentials); if (digestResponse != null) { if (prefixes == null) { digestResponse.ProtectionRealm = new string[1]; digestResponse.ProtectionRealm[0] = rootPath; } else { digestResponse.ProtectionRealm = prefixes; } } return(digestResponse); }
private Authorization DoAuthenticate(string challenge, WebRequest webRequest, ICredentials credentials, bool preAuthenticate) { HttpDigestChallenge challenge2; if (credentials == null) { return(null); } HttpWebRequest httpWebRequest = webRequest as HttpWebRequest; NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature); if (credential is SystemNetworkCredential) { if (WDigestAvailable) { return(this.XPDoAuthenticate(challenge, httpWebRequest, credentials, preAuthenticate)); } return(null); } if (!preAuthenticate) { int startingPoint = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature); if (startingPoint < 0) { return(null); } challenge2 = HttpDigest.Interpret(challenge, startingPoint, httpWebRequest); } else { challenge2 = challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as HttpDigestChallenge; } if (challenge2 == null) { return(null); } if (!CheckQOP(challenge2)) { if (Logging.On) { Logging.PrintError(Logging.Web, SR.GetString("net_log_digest_qop_not_supported", new object[] { challenge2.QualityOfProtection })); } return(null); } if (preAuthenticate) { challenge2 = challenge2.CopyAndIncrementNonce(); challenge2.SetFromRequest(httpWebRequest); } if (credential == null) { return(null); } ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy; if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this)) { return(null); } string computeSpn = httpWebRequest.CurrentAuthenticationState.GetComputeSpn(httpWebRequest); ChannelBinding channelBinding = null; if (httpWebRequest.CurrentAuthenticationState.TransportContext != null) { channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint); } Authorization authorization = HttpDigest.Authenticate(challenge2, credential, computeSpn, channelBinding); if ((!preAuthenticate && webRequest.PreAuthenticate) && (authorization != null)) { string[] strArray = (challenge2.Domain == null) ? new string[] { httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.UriEscaped) } : challenge2.Domain.Split(singleSpaceArray); authorization.ProtectionRealm = (challenge2.Domain == null) ? null : strArray; for (int i = 0; i < strArray.Length; i++) { challengeCache.Add(strArray[i], challenge2); } } return(authorization); }