private void TokenAccess(string accessHeadAndPayload, TokenManager tokenManager, HttpContextBase context) { if (!string.IsNullOrWhiteSpace(accessHeadAndPayload)) { var authCookie = CookieHelper.GetCookie(context.Request, AccessSignatureCookieName); if (authCookie == null) { throw new UnauthorizedAccessException("Missing access cookie."); } var accessSignature = authCookie.Value; var tokenPrincipal = tokenManager.ValidateToken(accessHeadAndPayload + "." + accessSignature); if (tokenPrincipal == null) { throw new UnauthorizedAccessException("Invalid access token."); } var userName = tokenManager.GetPayLoadValue(accessHeadAndPayload.Split(Convert.ToChar("."))[1], "name"); PortalPrincipal portalPrincipal; using (AuthenticationHelper.GetSystemAccount()) { portalPrincipal = AuthenticationHelper.LoadPortalPrincipal(userName); } AssertUserHasNotLoggedOut(tokenManager, portalPrincipal, accessHeadAndPayload); using (AuthenticationHelper.GetSystemAccount()) { context.User = portalPrincipal; } } }
/// <summary> /// Tells if the user has been logged out. /// </summary> /// <param name="tokenManager">TokenManager instance.</param> /// <param name="userName">Name of the user to check.</param> /// <param name="tokenheadAndPayload">the token head and payload value got from the client.</param> /// <param name="portalPrincipal">Loaded PortalPrincipal of the user.</param> private bool UserHasLoggedOut(TokenManager tokenManager, string userName, string tokenheadAndPayload, out PortalPrincipal portalPrincipal) { using (AuthenticationHelper.GetSystemAccount()) { portalPrincipal = _logoutExecutor.LoadPortalPrincipalForLogout(userName); } return(UserHasLoggedOut(tokenManager, portalPrincipal, tokenheadAndPayload)); }
/// <summary> /// Checks whether the user has logged out previously. /// </summary> /// <param name="tokenManager">TokenManager instance</param> /// <param name="userName">name of the user to check</param> /// <param name="tokenheadAndPayload">the token head and payload value got from client</param> private void AssertUserHasNotLoggedOut(TokenManager tokenManager, string userName, string tokenheadAndPayload) { PortalPrincipal portalPrincipal; using (AuthenticationHelper.GetSystemAccount()) { portalPrincipal = _logoutExecutor.LoadPortalPrincipalForLogout(userName); } AssertUserHasNotLoggedOut(tokenManager, portalPrincipal, tokenheadAndPayload); }
public bool DispatchBasicAuthentication(HttpContextBase context, out bool anonymAuthenticated) { anonymAuthenticated = false; var authHeader = AuthenticationHelper.GetBasicAuthHeader(); if (authHeader == null || !authHeader.StartsWith("Basic ")) { return(false); } var base64Encoded = authHeader.Substring(6); // 6: length of "Basic " var bytes = Convert.FromBase64String(base64Encoded); string[] userPass = Encoding.UTF8.GetString(bytes).Split(":".ToCharArray()); if (userPass.Length != 2) { context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; return(true); } try { var username = userPass[0]; var password = userPass[1]; // Elevation: we need to load the user here, regardless of the current users permissions using (AuthenticationHelper.GetSystemAccount()) { if (AuthenticationHelper.IsUserValid(username, password)) { context.User = AuthenticationHelper.LoadUserPrincipal(username); } else { context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; } } } catch (Exception e) // logged { SnLog.WriteException(e); context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; } return(true); }
private void TokenLogout(string accessHeadAndPayload, TokenManager tokenManager, HttpContextBase context) { if (!String.IsNullOrWhiteSpace(accessHeadAndPayload)) { var authCookie = CookieHelper.GetCookie(context.Request, AccessSignatureCookieName); if (authCookie == null) { throw new UnauthorizedAccessException("Missing access cookie."); } var accessSignature = authCookie.Value; var principal = tokenManager.ValidateToken(accessHeadAndPayload + "." + accessSignature, false); if (principal == null) { throw new UnauthorizedAccessException("Invalid access token."); } bool.TryParse(AuthenticationHelper.GetRequestParameterValue(context, "ultimateLogout"), out var ultimateLogout); // ultimately log out only if the user has not been logged out already, if he has, just a local logout executes if (ultimateLogout || Configuration.Security.DefaultUltimateLogout) { ultimateLogout = !UserHasLoggedOut(tokenManager, principal.Identity.Name, accessHeadAndPayload, out var portalPrincipal); using (AuthenticationHelper.GetSystemAccount()) { context.User = portalPrincipal; } } _logoutExecutor?.Logout(ultimateLogout); CookieHelper.DeleteCookie(context.Response, AccessSignatureCookieName); CookieHelper.DeleteCookie(context.Response, AccessHeadAndPayloadCookieName); CookieHelper.DeleteCookie(context.Response, RefreshSignatureCookieName); context.Response.StatusCode = HttpResponseStatusCode.Ok; } }