| private Add ( string prefix, object value ) : void | ||
| prefix | string | |
| value | object | |
| return | void | |
/// <devdoc>
/// <para>
/// Binds an authentication response to a request for pre-authentication.
/// </para>
/// </devdoc>
// Create binding between an authorization response and the module
// generating that response
// This association is used for deciding which module to invoke
// for preauthentication purposes
public override void BindModule(Uri uri, Authorization response, IAuthenticationModule module)
{
GlobalLog.Assert(
module.CanPreAuthenticate,
"AuthenticationManager::BindModule()|module.CanPreAuthenticate == false");
if (response.ProtectionRealm != null)
{
// The authentication module specified which Uri prefixes
// will be preauthenticated
string[] prefix = response.ProtectionRealm;
for (int k = 0; k < prefix.Length; k++)
{
//
// PrefixLookup is thread-safe
//
moduleBinding.Add(prefix[k], module.AuthenticationType);
}
}
else
{
// Otherwise use the default policy for "fabricating"
// some protection realm generalizing the particular Uri
string prefix = generalize(uri);
//
// PrefixLookup is thread-safe
//
moduleBinding.Add(prefix, module.AuthenticationType);
}
}
// Create binding between an authorization response and the module
// generating that response
// This association is used for deciding which module to invoke
// for preauthentication purposes
private static void createModuleBinding(WebRequest request, Authorization response, IAuthenticationModule module)
{
if (!module.CanPreAuthenticate)
{
return;
}
if (response.ProtectionRealm != null)
{
// The authentication module specified which Uri prefixes
// will be preauthenticated
string[] prefix = response.ProtectionRealm;
for (int k = 0; k < prefix.Length; k++)
{
//
// PrefixLookup is thread-safe
//
s_ModuleBinding.Add(prefix[k], module.AuthenticationType);
}
}
else
{
// Otherwise use the default policy for "fabricating"
// some protection realm generalizing the particular Uri
// Consider: should this be ChallengedUri?
string prefix = generalize(request.RequestUri);
//
// PrefixLookup is thread-safe
//
s_ModuleBinding.Add(prefix, module.AuthenticationType);
}
return;
}
internal static void BindModule(Uri uri, Authorization response, IAuthenticationModule module)
{
if (response.ProtectionRealm != null)
{
string[] protectionRealm = response.ProtectionRealm;
for (int i = 0; i < protectionRealm.Length; i++)
{
s_ModuleBinding.Add(protectionRealm[i], module.AuthenticationType);
}
}
else
{
string prefix = generalize(uri);
s_ModuleBinding.Add(prefix, module.AuthenticationType);
}
}
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
{
GlobalLog.Print("DigestClient::Authenticate(): " + challenge);
#if XP_WDIGEST
if (ComNetOS.IsPostWin2K)
{
return(XPDigestClient.Authenticate(challenge, webRequest, credentials));
}
#endif // #if XP_WDIGEST
GlobalLog.Assert(credentials != null, "DigestClient::Authenticate() credentials==null", "");
if (credentials == null || credentials is SystemNetworkCredential)
{
return(null);
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
GlobalLog.Assert(httpWebRequest != null, "DigestClient::Authenticate() httpWebRequest==null", "");
if (httpWebRequest == null || httpWebRequest.ChallengedUri == null)
{
//
// there has been no challenge:
// 1) the request never went on the wire
// 2) somebody other than us is calling into AuthenticationManager
//
return(null);
}
int index = AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature);
if (index < 0)
{
return(null);
}
string[] prefixes = null;
string rootPath = httpWebRequest.ChallengedUri.Scheme + "://" + httpWebRequest.ChallengedUri.Host;
HttpDigestChallenge digestChallenge = HttpDigest.Interpret(challenge, index, httpWebRequest);
if (digestChallenge == null)
{
return(null);
}
if (digestChallenge.Domain == null)
{
challengeCache.Add(rootPath, digestChallenge);
}
else
{
prefixes = digestChallenge.Domain.Split(" ".ToCharArray());
for (int i = 0; i < prefixes.Length; i++)
{
challengeCache.Add(prefixes[i], digestChallenge);
}
}
Authorization digestResponse = HttpDigest.Authenticate(digestChallenge, credentials);
if (digestResponse != null)
{
if (prefixes == null)
{
digestResponse.ProtectionRealm = new string[1];
digestResponse.ProtectionRealm[0] = rootPath;
}
else
{
digestResponse.ProtectionRealm = prefixes;
}
}
return(digestResponse);
}
private Authorization DoAuthenticate(string challenge, WebRequest webRequest, ICredentials credentials, bool preAuthenticate)
{
HttpDigestChallenge challenge2;
if (credentials == null)
{
return(null);
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
if (credential is SystemNetworkCredential)
{
if (WDigestAvailable)
{
return(this.XPDoAuthenticate(challenge, httpWebRequest, credentials, preAuthenticate));
}
return(null);
}
if (!preAuthenticate)
{
int startingPoint = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);
if (startingPoint < 0)
{
return(null);
}
challenge2 = HttpDigest.Interpret(challenge, startingPoint, httpWebRequest);
}
else
{
challenge2 = challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as HttpDigestChallenge;
}
if (challenge2 == null)
{
return(null);
}
if (!CheckQOP(challenge2))
{
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.GetString("net_log_digest_qop_not_supported", new object[] { challenge2.QualityOfProtection }));
}
return(null);
}
if (preAuthenticate)
{
challenge2 = challenge2.CopyAndIncrementNonce();
challenge2.SetFromRequest(httpWebRequest);
}
if (credential == null)
{
return(null);
}
ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this))
{
return(null);
}
string computeSpn = httpWebRequest.CurrentAuthenticationState.GetComputeSpn(httpWebRequest);
ChannelBinding channelBinding = null;
if (httpWebRequest.CurrentAuthenticationState.TransportContext != null)
{
channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
}
Authorization authorization = HttpDigest.Authenticate(challenge2, credential, computeSpn, channelBinding);
if ((!preAuthenticate && webRequest.PreAuthenticate) && (authorization != null))
{
string[] strArray = (challenge2.Domain == null) ? new string[] { httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.UriEscaped) } : challenge2.Domain.Split(singleSpaceArray);
authorization.ProtectionRealm = (challenge2.Domain == null) ? null : strArray;
for (int i = 0; i < strArray.Length; i++)
{
challengeCache.Add(strArray[i], challenge2);
}
}
return(authorization);
}
