//
// What follows is the logic for selection of the authentication algorithm
// Enjoy boys and girls
//
// Bit 3 - Anonymous User
// Bit 2 - UDDI Authentication Mode
// Bit 1 - Windows Authentication Mode
// Bit 0 - Ticket Present
// |
// | Authentication Module Used
// 0000 X
// 0001 X
// 0010 Windows
// 0011 Exception ( UDDI authentication turned off )
// 0100 UDDI ( will fail authentication due to invalid credentials )
// 0101 UDDI
// 0110 Windows
// 0111 UDDI
// 1000 X
// 1001 X
// 1010 Exception UDDI authentication turned off
// 1011 Exception ""
// 1100 UDDI ( will fail authentication due to invalid credentials )
// 1101 UDDI
// 1110 UDDI ( will fail authentication due to invalid credentials )
// 1111 UDDI
//
//
// Reduction Work
//
// A - Anonymous User
// B - UDDI Authentication Mode
// C - Windows Authentication Mode
// D - Ticket Present
//
// Key
// e - throw exception invalid configuration
// x - invalid state
// w - windows authentication
// u - uddi authentication
//
// CD
// AB 00 01 11 10
// 00 x x e w
// 01 u u u w
// 11 u u u u
// 10 x x e e
//
// if( !A && C && !D )
// w - windows authentication
// else if( B )
// u - uddi authentication
// else
// throw exception
//
private void Authenticate(SoapMessage message)
{
Debug.Enter();
IAuthenticateable authenticate = (IAuthenticateable)message.GetInParameterValue(0);
//WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity;
IIdentity identity = HttpContext.Current.User.Identity;
int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both);
if (mode == (int)AuthenticationMode.Passport)
{
if (identity is PassportIdentity)
{
string ticket = authenticate.AuthInfo.Trim();
//
// Authentication the user using the attached passport ticket
//
PassportAuthenticator pa = new PassportAuthenticator();
pa.Authenticate(ticket, Config.GetInt("Security.TimeOut", 60));
}
else
{
throw new UDDIException(ErrorType.E_fatalError,
"UDDI_ERROR_FATALERROR_PASSPORTBADCONFIG");
}
Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Passport based authentication Identity is " + identity.Name);
}
else if (!((WindowsIdentity)identity).IsAnonymous &&
((mode & (int)AuthenticationMode.Windows) != 0) &&
Utility.StringEmpty(authenticate.AuthInfo))
{
/* 0X10 Case */
//
// Authenticate the user using the currently impersonated credentials
//
WindowsAuthenticator wa = new WindowsAuthenticator();
wa.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60));
Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Windows based authentication Identity is " + identity.Name);
}
else if ((mode & (int)AuthenticationMode.Uddi) != 0)
{
/* X1XX Case for leftovers */
//
// If windows authentication is turned off or the
Debug.Write(SeverityType.Info, CategoryType.Soap, "Anonymous user: using UDDI authentication");
//
// Authenticate the user using the authToken
//
UDDIAuthenticator ua = new UDDIAuthenticator();
ua.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60));
}
else
{
//
// Throw exception for the rest
//
throw new UDDIException(UDDI.ErrorType.E_unsupported,
"UDDI_ERROR_UNSUPPORTED_BADAUTHENTICATIONCONFIG");
}
//
// Check to make sure the authenticated user has publisher credentials
//
Debug.Verify(Context.User.IsPublisher,
"UDDI_ERROR_FATALERROR_USERNOPUBLISHERCRED",
UDDI.ErrorType.E_fatalError,
Context.User.ID);
//
// The server can be configured for automatic registration of publishers with credentials
//
if (!Context.User.IsRegistered)
{
if (1 == Config.GetInt("Security.AutoRegister", 0))
{
//
// Mark the user as verified.
//
Context.User.TrackPassport = false;
Context.User.Verified = true;
Context.User.Register();
}
else
{
throw new UDDIException(UDDI.ErrorType.E_unknownUser,
"UDDI_ERROR_UNKNOWNUSER_NOTREGISTERED");
}
}
Context.User.Login();
#if DEBUG
Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + System.Threading.Thread.CurrentPrincipal.Identity.Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsAdministrator = " + Context.User.IsAdministrator);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsCoordinator = " + Context.User.IsCoordinator);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsPublisher = " + Context.User.IsPublisher);
Debug.Write(SeverityType.Info, CategoryType.Soap, "IsUser = " + Context.User.IsUser);
#endif
Debug.Leave();
}
public override void ProcessMessage(SoapMessage message)
{
Debug.Enter();
#if DEBUG
string info = "log: " + data.log.ToString() +
"; https: " + data.https.ToString() +
"; validate: " + data.validate.ToString() +
"; performance: " + data.performance.ToString() +
"; authenticate: " + data.authenticate.ToString() +
"; transaction: " + data.transaction.ToString() +
"; messageType: " + data.messageType;
Debug.Write(SeverityType.Info, CategoryType.Soap, info);
#endif
try
{
switch (message.Stage)
{
//
// First Event
//
case SoapMessageStage.BeforeDeserialize:
//
// Initialize our context.
//
Context.Current.Initialize();
Config.CheckForUpdate();
//
// TODO: Since we are using DispositionReport.ThrowFinal() I don't think this is
// needed anymore.
//
//
// Check to make sure the authenticated user has user credentials
//
Debug.Verify("1" != HttpContext.Current.Request.ServerVariables["Exception"],
"UDDI_ERROR_FATALERROR_VERSIONCHECKERROR",
UDDI.ErrorType.E_fatalError);
Debug.Write(SeverityType.Info, CategoryType.Soap, "URL: " + message.Url);
Debug.Write(SeverityType.Info, CategoryType.Soap, "SOAPAction: " + HttpContext.Current.Request.Headers["SOAPAction"]);
string contentType = HttpContext.Current.Request.ContentType.ToLower();
bool validEncoding = (contentType.IndexOf("charset=\"utf-8\"") >= 0) ||
(contentType.IndexOf("charset=utf-8") >= 0);
Debug.Verify(validEncoding, "UDDI_ERROR_UNSUPPORTED_CONTENTTYPEHEADERMISSING", ErrorType.E_unsupported);
if (data.performance)
{
PublishMethodBegin(message);
}
if (data.https)
{
CheckForHttps(message);
}
//
// Validation has been moved into the other SOAP extension
//
// if( data.validate )
// Validate( message );
break;
//
// Second Event
//
case SoapMessageStage.AfterDeserialize:
ConnectionManager.Open(data.transaction, data.transaction);
if (data.certificate)
{
CheckCertificate(message);
}
if (data.authenticate)
{
Authenticate(message);
}
else if (0 != (Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both)
& (int)AuthenticationMode.AuthenticatedRead))
{
//
// Authenticated reads are turned on and this is a read request
// Make sure the caller is authenticated using Windows and is at least a user
//
WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsAuthenticator wa = new WindowsAuthenticator();
wa.Authenticate("", 0 /* not used */);
Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Windows based authentication Identity is " + identity.Name);
//
// Check to make sure the authenticated user has user credentials
//
Debug.Verify(Context.User.IsUser,
"UDDI_ERROR_FATALERROR_NOUSERCREDS",
UDDI.ErrorType.E_fatalError,
Context.User.ID);
}
break;
//
// Third Event
//
case SoapMessageStage.BeforeSerialize:
break;
//
// Last Event
//
case SoapMessageStage.AfterSerialize:
//
// Cleanup the connection and commit the database activity
//
if (data.transaction &&
(null != (object)ConnectionManager.GetConnection()) &&
(null != (object)ConnectionManager.GetTransaction()))
{
if (null == (object)message.Exception)
{
ConnectionManager.Commit();
}
else
{
ConnectionManager.Abort();
}
}
ConnectionManager.Close();
try
{
if (data.performance)
{
PublishMethodEnd(message);
}
}
catch
{
Debug.OperatorMessage(
SeverityType.Warning,
CategoryType.None,
OperatorMessageType.UnableToPublishCounter,
"An error occurred while trying to publish a performance counter, the system will continue");
}
break;
default:
throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_FATALERROR_UNKNOWNEXTSTAGE");
}
}
catch (Exception e)
{
DispositionReport.Throw(e);
}
Debug.Leave();
}
public AuthToken GetAuthToken(GetAuthToken gat)
{
Debug.Enter();
AuthToken at = new AuthToken();
try
{
//
// XX-SECURITY: Review the value here in the case where we use
// XX-this with a web.config with Authentication set to None or Passport
//
//
// NOW: We now Get a Generic Identity. If the AuthenticationMode is AuthenticationMode.Passport (8),
// we make sure the Identity is a PassportIdentity, then we authenticate. If AuthenticationMode
// is Not set to AuthenticationMode.Passport, then process it as a WindowsIdentity.
//
//
IIdentity identity = HttpContext.Current.User.Identity;
int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both);
if (((int)AuthenticationMode.Passport) == mode)
{
if (identity is PassportIdentity)
{
Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Passport based authentication Identity is " + gat.UserID);
PassportAuthenticator pa = new PassportAuthenticator();
//
// Get a Passport ticket for this user.
//
if (!pa.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo))
{
// throw new UDDIException( ErrorType.E_unknownUser, "User failed authentication." ) ;
throw new UDDIException(ErrorType.E_unknownUser, "USER_FAILED_AUTHENTICATION");
}
//
// We need to extract the PUID from the ticket and put it into our Context.UserInfo.ID; a
// successfull call to Authenticate will do all of this.
//
if (!pa.Authenticate(at.AuthInfo, UDDI.Constants.Passport.TimeWindow))
{
throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_USER_FAILED_AUTHENTICATION");
}
//
// Make sure this Passport user has registered with our UDDI site as a publisher.
//
if (!Context.User.IsVerified)
{
// throw new UDDIException( ErrorType.E_unknownUser, "Not a valid publisher." ) ;
throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_NOT_A_VALID_PUBLISHER");
}
}
else
{
#if never
throw new UDDIException(ErrorType.E_fatalError,
"CONFIGURATION ERROR: Passport Identity Expected. \r\n" +
"You are currently running in Passport Authentication Mode. \r\n" +
"Check your web.config for the <authentication mode=\"Passport\" /> entry and try again.");
#endif
throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_PASSPORT_CONFIGURATION_ERROR");
}
}
//
// SECURITY: Check to make sure the password is blank too
//
else if (!((WindowsIdentity)identity).IsAnonymous &&
((mode & (int)AuthenticationMode.Windows) != 0) &&
Utility.StringEmpty(gat.UserID))
{
Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Windows based authentication Identity is " + identity.Name);
WindowsAuthenticator wa = new WindowsAuthenticator();
wa.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo);
}
else if ((mode & (int)AuthenticationMode.Uddi) != 0)
{
Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for UDDI based authentication");
UDDIAuthenticator ua = new UDDIAuthenticator();
ua.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo);
}
else
{
// throw new UDDIException( UDDI.ErrorType.E_unsupported,
//"The UDDI server is not configured to support the requested form of authentication." );
throw new UDDIException(UDDI.ErrorType.E_unsupported, "UDDI_ERROR_AUTHENTICATION_CONFIGURATION_ERROR");
}
Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + System.Threading.Thread.CurrentPrincipal.Identity.Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name);
//
// Check to make sure the authenticated user has publisher credentials
//
#if never
Debug.Verify(Context.User.IsPublisher,
"The user account " + Context.User.ID + " does not have publisher credentials",
UDDI.ErrorType.E_fatalError);
#endif
Debug.Verify(Context.User.IsPublisher,
"UDDI_ERROR_NO_PUBLISHER_CREDENTIALS",
UDDI.ErrorType.E_fatalError,
Context.User.ID);
Debug.Write(
SeverityType.Info,
CategoryType.Authorization,
"Authenticated user (userid = " + gat.UserID + " )");
}
catch (Exception e)
{
DispositionReport.Throw(e);
}
return(at);
}
