/// <devdoc>
/// <para>Pre-authenticates a request.</para>
/// </devdoc>
public static Authorization PreAuthenticate(WebRequest request, ICredentials credentials)
{
GlobalLog.Print("AuthenticationManager::PreAuthenticate() request:" + ValidationHelper.HashString(request) + " credentials:" + ValidationHelper.HashString(credentials));
if (request == null)
{
throw new ArgumentNullException("request");
}
if (credentials == null)
{
return(null);
}
HttpWebRequest httpWebRequest = request as HttpWebRequest;
IAuthenticationModule authenticationModule;
if (httpWebRequest == null)
{
return(null);
}
//
// PrefixLookup is thread-safe
//
string moduleName = s_ModuleBinding.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as string;
GlobalLog.Print("AuthenticationManager::PreAuthenticate() s_ModuleBinding.Lookup returns:" + ValidationHelper.ToString(moduleName));
if (moduleName == null)
{
return(null);
}
authenticationModule = findModule(moduleName);
if (authenticationModule == null)
{
// The module could have been unregistered
// No preauthentication is possible
return(null);
}
// Otherwise invoke the PreAuthenticate method
// we're guaranteed that CanPreAuthenticate is true because we check before calling BindModule()
Authorization authorization = authenticationModule.PreAuthenticate(request, credentials);
if (authorization != null && !authorization.Complete && httpWebRequest != null)
{
httpWebRequest.CurrentAuthenticationState.Module = authenticationModule;
}
GlobalLog.Print("AuthenticationManager::PreAuthenticate() IAuthenticationModule.PreAuthenticate() returned authorization:" + ValidationHelper.HashString(authorization));
return(authorization);
}
/// <include file='doc\AuthenticationManager.uex' path='docs/doc[@for="AuthenticationManager.PreAuthenticate"]/*' />
/// <devdoc>
/// <para>Pre-authenticates a request.</para>
/// </devdoc>
public static Authorization PreAuthenticate(WebRequest request, ICredentials credentials)
{
GlobalLog.Print("AuthenticationManager::PreAuthenticate() request:" + ValidationHelper.HashString(request) + " credentials:" + ValidationHelper.HashString(credentials));
if (request == null)
{
throw new ArgumentNullException("request");
}
if (credentials == null)
{
return(null);
}
//
// PrefixLookup is thread-safe
//
string moduleName = s_ModuleBinding.Lookup(((HttpWebRequest)request).ChallengedUri.AbsoluteUri) as string;
GlobalLog.Print("AuthenticationManager::PreAuthenticate() s_ModuleBinding.Lookup returns:" + ValidationHelper.ToString(moduleName));
if (moduleName == null)
{
return(null);
}
IAuthenticationModule module = findModule(moduleName);
if (module == null)
{
// The module could have been unregistered
// No preauthentication is possible
return(null);
}
else
{
// Otherwise invoke the PreAuthenticate method
HttpWebRequest httpWebRequest = request as HttpWebRequest;
if (httpWebRequest != null)
{
httpWebRequest.CurrentAuthenticationState.Module = module;
}
Authorization authorization = module.PreAuthenticate(request, credentials);
GlobalLog.Print("AuthenticationManager::PreAuthenticate() IAuthenticationModule.PreAuthenticate() returned authorization:" + ValidationHelper.HashString(authorization));
return(authorization);
}
}
public static Authorization PreAuthenticate(WebRequest request, ICredentials credentials)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
if (credentials == null)
{
return(null);
}
HttpWebRequest request2 = request as HttpWebRequest;
if (request2 == null)
{
return(null);
}
string authenticationType = s_ModuleBinding.Lookup(request2.ChallengedUri.AbsoluteUri) as string;
if (authenticationType == null)
{
return(null);
}
IAuthenticationModule module = findModule(authenticationType);
if (module == null)
{
return(null);
}
if (request2.ChallengedUri.Scheme == Uri.UriSchemeHttps)
{
ChannelBinding cachedChannelBinding = request2.ServicePoint.CachedChannelBinding as ChannelBinding;
if (cachedChannelBinding != null)
{
request2.CurrentAuthenticationState.TransportContext = new CachedTransportContext(cachedChannelBinding);
}
}
Authorization authorization = module.PreAuthenticate(request, credentials);
if (((authorization != null) && !authorization.Complete) && (request2 != null))
{
request2.CurrentAuthenticationState.Module = module;
}
return(authorization);
}
public Authorization PreAuthenticate(WebRequest webRequest, ICredentials credentials)
{
GlobalLog.Print("DigestClient::PreAuthenticate()");
#if XP_WDIGEST
if (ComNetOS.IsPostWin2K)
{
return(XPDigestClient.PreAuthenticate(webRequest, credentials));
}
#endif // #if XP_WDIGEST
GlobalLog.Assert(credentials != null, "DigestClient::PreAuthenticate() credentials==null", "");
if (credentials == null || credentials is SystemNetworkCredential)
{
return(null);
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
GlobalLog.Assert(httpWebRequest != null, "DigestClient::PreAuthenticate() httpWebRequest==null", "");
if (httpWebRequest == null)
{
return(null);
}
HttpDigestChallenge storedHDC = (HttpDigestChallenge)challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri);
if (storedHDC == null)
{
return(null);
}
HttpDigestChallenge modifiedHDC = storedHDC.CopyAndIncrementNonce();
modifiedHDC.HostName = httpWebRequest.ChallengedUri.Host;
modifiedHDC.Method = httpWebRequest.CurrentMethod;
// Consider:
// I have also tried PathAndQuery against both IIS 5.0 and IIS 6.0 servers.
// it didn't make a difference. PathAndQuery is a more complete piece of information
// investigate with Kevin Damour if WDigest.dll wants the quesry string or not.
modifiedHDC.Uri = httpWebRequest.Address.AbsolutePath;
modifiedHDC.ChallengedUri = httpWebRequest.ChallengedUri;
Authorization digestResponse = HttpDigest.Authenticate(modifiedHDC, credentials);
return(digestResponse);
}
/// <devdoc>
/// <para>Pre-authenticates a request.</para>
/// </devdoc>
public override Authorization PreAuthenticate(WebRequest request, ICredentials credentials)
{
GlobalLog.Print(
"AuthenticationManager::PreAuthenticate() request:"
+ ValidationHelper.HashString(request) + " credentials:" + ValidationHelper.HashString(credentials));
if (request == null)
{
throw new ArgumentNullException("request");
}
if (credentials == null)
{
return(null);
}
HttpWebRequest httpWebRequest = request as HttpWebRequest;
IAuthenticationModule authenticationModule;
if (httpWebRequest == null)
{
return(null);
}
//
// PrefixLookup is thread-safe
//
string moduleName = moduleBinding.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as string;
GlobalLog.Print(
"AuthenticationManager::PreAuthenticate() s_ModuleBinding.Lookup returns:"
+ ValidationHelper.ToString(moduleName));
if (moduleName == null)
{
return(null);
}
authenticationModule = findModule(moduleName);
if (authenticationModule == null)
{
// The module could have been unregistered. No preauthentication is possible.
return(null);
}
// Prepopulate the channel binding token so we can try preauth
// (but only for modules that actually need it!).
if (httpWebRequest.ChallengedUri.Scheme == Uri.UriSchemeHttps)
{
object binding = httpWebRequest.ServicePoint.CachedChannelBinding;
#if DEBUG
// The ModuleRequiresChannelBinding method is only compiled in DEBUG so the assert must be restricted
// to DEBUG as well.
// If the authentication module does CBT, we require that it also caches channel bindings.
System.Diagnostics.Debug.Assert(
!(binding == null && ModuleRequiresChannelBinding(authenticationModule)));
#endif
// can also be DBNull.Value, indicating "we previously succeeded without getting a CBT."
// (ie, unpatched SSP talking to a partially-hardened server)
ChannelBinding channelBinding = binding as ChannelBinding;
if (channelBinding != null)
{
httpWebRequest.CurrentAuthenticationState.TransportContext =
new CachedTransportContext(channelBinding);
}
}
// Otherwise invoke the PreAuthenticate method.
// We're guaranteed that CanPreAuthenticate is true because we check before calling BindModule().
Authorization authorization = authenticationModule.PreAuthenticate(request, credentials);
if (authorization != null && !authorization.Complete && httpWebRequest != null)
{
httpWebRequest.CurrentAuthenticationState.Module = authenticationModule;
}
GlobalLog.Print(
"AuthenticationManager::PreAuthenticate() "
+ "IAuthenticationModule.PreAuthenticate() returned authorization:"
+ ValidationHelper.HashString(authorization));
return(authorization);
}
private Authorization DoAuthenticate(string challenge, WebRequest webRequest, ICredentials credentials, bool preAuthenticate)
{
HttpDigestChallenge challenge2;
if (credentials == null)
{
return(null);
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
NetworkCredential credential = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
if (credential is SystemNetworkCredential)
{
if (WDigestAvailable)
{
return(this.XPDoAuthenticate(challenge, httpWebRequest, credentials, preAuthenticate));
}
return(null);
}
if (!preAuthenticate)
{
int startingPoint = AuthenticationManager.FindSubstringNotInQuotes(challenge, Signature);
if (startingPoint < 0)
{
return(null);
}
challenge2 = HttpDigest.Interpret(challenge, startingPoint, httpWebRequest);
}
else
{
challenge2 = challengeCache.Lookup(httpWebRequest.ChallengedUri.AbsoluteUri) as HttpDigestChallenge;
}
if (challenge2 == null)
{
return(null);
}
if (!CheckQOP(challenge2))
{
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.GetString("net_log_digest_qop_not_supported", new object[] { challenge2.QualityOfProtection }));
}
return(null);
}
if (preAuthenticate)
{
challenge2 = challenge2.CopyAndIncrementNonce();
challenge2.SetFromRequest(httpWebRequest);
}
if (credential == null)
{
return(null);
}
ICredentialPolicy credentialPolicy = AuthenticationManager.CredentialPolicy;
if ((credentialPolicy != null) && !credentialPolicy.ShouldSendCredential(httpWebRequest.ChallengedUri, httpWebRequest, credential, this))
{
return(null);
}
string computeSpn = httpWebRequest.CurrentAuthenticationState.GetComputeSpn(httpWebRequest);
ChannelBinding channelBinding = null;
if (httpWebRequest.CurrentAuthenticationState.TransportContext != null)
{
channelBinding = httpWebRequest.CurrentAuthenticationState.TransportContext.GetChannelBinding(ChannelBindingKind.Endpoint);
}
Authorization authorization = HttpDigest.Authenticate(challenge2, credential, computeSpn, channelBinding);
if ((!preAuthenticate && webRequest.PreAuthenticate) && (authorization != null))
{
string[] strArray = (challenge2.Domain == null) ? new string[] { httpWebRequest.ChallengedUri.GetParts(UriComponents.SchemeAndServer, UriFormat.UriEscaped) } : challenge2.Domain.Split(singleSpaceArray);
authorization.ProtectionRealm = (challenge2.Domain == null) ? null : strArray;
for (int i = 0; i < strArray.Length; i++)
{
challengeCache.Add(strArray[i], challenge2);
}
}
return(authorization);
}
