internal AuthenticationInternalResult Authenticate(HttpContext httpContext) { if (authenticators.Length <= 0) { return(null); } IAuthenticatorMethodCache cache = httpContext.RequestServices.GetRequiredService <IAuthenticatorMethodCache>(); foreach (Type authenticator in authenticators) { if (AuthenticationHelper.IsValidAuthenticator(cache, authenticator, out AuthenticatorMetadata metadata)) { AuthenticationInternalResult result = AuthenticationHelper.ExecuteAuthenticator(httpContext, metadata); if (result != null) { return(result); } } } return(null); }
// if casResult == null, the url does not contain ticket private static void CheckRequestUrl(HttpContext httpContext, out AuthenticationInternalResult casResult) { HttpRequest request = httpContext.Request; ICASOption option = httpContext.RequestServices.GetRequiredService <ICASOption>(); IQueryCollection query = request.Query; string rawurl = request.GetDisplayUrl(); if (query.TryGetValue("ticket", out StringValues ticketValue)) { string ticket = ticketValue.ToArray()[0]; string url = request.GetDisplayUrl(); // remove ticket url = Regex.Replace(url, @"ticket\=[^\&]+\&?", ""); while (url[url.Length - 1] == '&' || url[url.Length - 1] == '?') { url = url.Substring(0, url.Length - 1); } string querystr = request.QueryString.Value; querystr = Regex.Replace(querystr, @"ticket\=[^\&]+\&?", ""); while (querystr.Length > 0 && (querystr[querystr.Length - 1] == '&' || querystr[querystr.Length - 1] == '?')) { querystr = querystr.Substring(0, querystr.Length - 1); } string url_not_escaped = url; url = url.EscapeAll(); string target = $"{option.ValidateUrl}?service={url}&ticket={ticket}"; request.QueryString = new QueryString(querystr); // validate // if true, set session try { HttpClient client = new HttpClient(); HttpRequestMessage validateRequest = new HttpRequestMessage() { Method = HttpMethod.Get, RequestUri = new Uri(target) }; validateRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(option.ResponseAccept)); using (HttpResponseMessage response = client.SendAsync(validateRequest).GetAwaiter().GetResult()) { if (response.StatusCode == System.Net.HttpStatusCode.OK) { string message = response.Content.ReadAsStringAsync().GetAwaiter().GetResult(); Type handlerType = option.ResponseHandler; ICASResponseHandler handler = (ICASResponseHandler)ActivatorUtilities.CreateInstance(httpContext.RequestServices, handlerType); IUser user = handler.Invoke(httpContext, message, url_not_escaped, out string redirect_url); if (redirect_url != null) { casResult = new AuthenticationInternalResult(false, redirect_url, null, null); return; } if (user == null) { casResult = new AuthenticationInternalResult(true, null, null, null); return; } else { lock (CASLocker) { if (casAuthenticatorData == null) { IAuthenticatorMethodCache cache = httpContext.RequestServices.GetRequiredService <IAuthenticatorMethodCache>(); casAuthenticatorData = cache.Get(typeof(CASAuthenticator)); } } casResult = new AuthenticationInternalResult(false, null, user, casAuthenticatorData); return; } } } } catch { casResult = null; } } casResult = null; }
private static AuthenticationInternalResult Authenticate(HttpContext httpContext, AuthenticationRequiredAttribute authAttribute, ICustomAttributeProvider attributeProvider) { CustomAuthenticatorsAttribute[] customAuthenticators = null; if (attributeProvider is TypeInfo controllerType) { customAuthenticators = GetCustomAuthenticators(controllerType); } else { customAuthenticators = attributeProvider.GetAttributes <CustomAuthenticatorsAttribute>(false); } AuthenticationInternalResult result = null; bool scanInherit = attributeProvider is TypeInfo; switch (authAttribute.Policy) { case AuthenticationPolicy.NoAuthentication: return(new AuthenticationInternalResult(true, null, null, null)); case AuthenticationPolicy.All: { if (customAuthenticators.Length > 0) { Dictionary <CustomAuthenticatorExecutionPolicy, List <CustomAuthenticatorsAttribute> > authenticatorsGroups = GroupHelper.GroupBy(customAuthenticators, ag => ag.ExecutionPolicy); result = TryAuthenticate(authenticatorsGroups, CustomAuthenticatorExecutionPolicy.BeforeCAS); if (result != null) { return(result); } result = ExecuteCAS(httpContext); if (result != null) { return(result); } result = TryAuthenticate(authenticatorsGroups, CustomAuthenticatorExecutionPolicy.AfterCAS); if (result != null) { return(result); } } else { result = ExecuteCAS(httpContext); if (result != null) { return(result); } } } break; case AuthenticationPolicy.CASOnly: { result = ExecuteCAS(httpContext); if (result != null) { return(result); } } break; case AuthenticationPolicy.DeclaredOnly: { if (customAuthenticators.Length > 0) { Dictionary <CustomAuthenticatorExecutionPolicy, List <CustomAuthenticatorsAttribute> > authenticatorsGroups = GroupHelper.GroupBy(customAuthenticators, ag => ag.ExecutionPolicy); result = TryAuthenticate(authenticatorsGroups, CustomAuthenticatorExecutionPolicy.BeforeCAS); if (result != null) { return(result); } result = TryAuthenticate(authenticatorsGroups, CustomAuthenticatorExecutionPolicy.AfterCAS); if (result != null) { return(result); } } } break; } return(null); AuthenticationInternalResult TryAuthenticate(Dictionary <CustomAuthenticatorExecutionPolicy, List <CustomAuthenticatorsAttribute> > groups, CustomAuthenticatorExecutionPolicy policy) { AuthenticationInternalResult tryResult; if (groups.TryGetValue(policy, out List <CustomAuthenticatorsAttribute> group)) { foreach (CustomAuthenticatorsAttribute auths in group) { tryResult = auths.Authenticate(httpContext); if (tryResult != null) { return(tryResult); } } return(null); } else { return(null); } } }
public void OnAuthorization(AuthorizationFilterContext context) { HttpContext httpContext = context.HttpContext; AuthenticationInternalResult authresult = AuthenticationHelper.Authenticate(context); if (authresult != null) { if (authresult.IsRredirect) { context.Result = new RedirectResult(authresult.RedirectUrl, true); return; } else if (authresult.KeepUnauthenticated) { IAuthenticationResult unauthenticatedResult = AuthenticationResult.Unauthenticated(); AuthenticationHelper.SaveAuthenticationResult(httpContext, unauthenticatedResult); return; } else { IAuthenticationResult authenticationResult = AuthenticationResult.Authenticated(authresult.Authenticator.Type, authresult.User); AuthenticationHelper.SaveAuthenticationResult(httpContext, authenticationResult); return; } } switch (FailedAction) { case AuthenticationFailedAction.KeepUnauthenticated: { IAuthenticationResult unauthenticatedResult = AuthenticationResult.Unauthenticated(); AuthenticationHelper.SaveAuthenticationResult(httpContext, unauthenticatedResult); return; } case AuthenticationFailedAction.RedirectCAS: context.Result = new HttpCASRedirectResult(); return; case AuthenticationFailedAction.Return403: context.Result = new HttpAuthenticationForbiddenResult(); return; case AuthenticationFailedAction.CustomHandler: { List <Type> customAuthenticators = null; AuthenticationFailedHandlerAttribute[] handlers = null; switch (context.ActionDescriptor) { case ControllerActionDescriptor controllerActionDescriptor: customAuthenticators = GetCustomAuthenticators(controllerActionDescriptor); handlers = GetCustomHandlers(controllerActionDescriptor); break; case CompiledPageActionDescriptor compiledPageActionDescriptor: customAuthenticators = GetCustomAuthenticators(compiledPageActionDescriptor); handlers = GetCustomHandlers(compiledPageActionDescriptor); break; default: throw new Exception($"not handled with action descriptor of type {context.ActionDescriptor.GetType().Name}"); } if (handlers != null && handlers.Length > 0) { IActionResult actionResult = AuthenticationHelper.ExecuteHandler(handlers[0].Handler, handlers[0].ConstructParameters, httpContext, Policy, customAuthenticators.ToArray()); if (actionResult != null) { context.Result = actionResult; return; } else { // not handled throw new Exception($"not handled"); } } } return; } }