Esempio n. 1
0
        /// <summary>
        /// EndRequest is used to trigger the appropriate redirection.  There are
        /// currently three scenarios that require special redirections.
        /// <list>
        ///     <item>
        ///         Request is unauthenticated and is being routed to the FormsLoginUrl
        ///         (typically caused by UrlAuthorizationModule).  This request needs to
        ///         be intercepted to change the 'ReturnUrl' parameter to 'serviceName'
        ///     </item>
        ///     <item>
        ///         Request contains a CAS ticket in the URL.  This request needs to be
        ///         redirected back to itself without the 'ticket' parameter in order to
        ///         avoid potential infinite automatic ticket validation loops for when
        ///         a the ticket in the URL has expired or was revoked and the Renew
        ///         configuration parameter is set.
        ///     </item>
        ///     <item>
        ///         Request is authenticated, but is not authorized to access the
        ///         requested resource (by UrlAuthorizationModule).  If the CAS is
        ///         configured with a NotAuthorizedUrl, the request is redirected to
        ///         that page.  Otherwise, it is redirected to the CAS login page with
        ///         a forced 'Renew' property (to prevent infinite redirect loops).
        ///     </item>
        /// </list>
        /// </summary>
        /// <param name="sender">The HttpApplication that sent the request</param>
        /// <param name="e">Not used</param>
        private static void OnEndRequest(object sender, EventArgs e)
        {
            HttpContext context = HttpContext.Current;
            HttpRequest request = context.Request;

            if (RequestEvaluator.GetRequestIsAppropriateForCasAuthentication())
            {
                logger.Debug("Starting EndRequest for " + request.RawUrl);

                if (RequestEvaluator.GetRequestRequiresGateway())
                {
                    logger.Info("  Performing Gateway Authentication");
                    CasAuthentication.GatewayAuthenticate(true);
                }
                else if (RequestEvaluator.GetUserDoesNotAllowSessionCookies())
                {
                    logger.Info("  Cookies not supported.  Redirecting to Cookies Required Page");
                    CasAuthentication.RedirectToCookiesRequiredPage();
                }
                else if (RequestEvaluator.GetRequestHasCasTicket())
                {
                    logger.Info("  Redirecting from login callback");
                    CasAuthentication.RedirectFromLoginCallback();
                }
                else if (RequestEvaluator.GetRequestHasGatewayParameter())
                {
                    logger.Info("  Redirecting from failed gateway callback");
                    CasAuthentication.RedirectFromFailedGatewayCallback();
                }
                else if (RequestEvaluator.GetRequestIsUnauthorized() && !String.IsNullOrEmpty(CasAuthentication.NotAuthorizedUrl))
                {
                    logger.Info("  Redirecting to Unauthorized Page");
                    CasAuthentication.RedirectToNotAuthorizedPage();
                }
                else if (RequestEvaluator.GetRequestIsUnauthorized())
                {
                    logger.Info("  Redirecting to CAS Login Page (Unauthorized without NotAuthorizedUrl defined)");
                    CasAuthentication.RedirectToLoginPage(true);
                }
                else if (RequestEvaluator.GetRequestIsUnAuthenticated())
                {
                    logger.Info("  Redirecting to CAS Login Page");
                    CasAuthentication.RedirectToLoginPage();
                }
                //Async post backs from UpdatePanels suppress the standard Forms Authentication redirect causing the above checks to fail.
                else if (RequestEvaluator.IsAsyncPostBackRequest() && !RequestEvaluator.CheckUrlAccessForCurrentPrincipal())
                {
                    context.Response.Redirect(UrlUtil.ConstructLoginRedirectUrl(false, CasAuthentication.Renew), false);
                }

                logger.Debug("Ending EndRequest for " + request.RawUrl);
            }
            else
            {
                logger.Debug("No EndRequest processing for " + request.RawUrl);
            }
        }