public static Boolean CheckAndPunchTicket(HttpContext httpContext, String ServiceURL, String ticketKey, out ServiceUser t)
{
try
{
t = null;
String[] parts = ticketKey.Split(new char[] { '-' }, StringSplitOptions.RemoveEmptyEntries);
if (parts.Length != 4)
{
return false;
}
if (!String.Equals(parts[0], "TRUST"))
{
return false;
}
DateTime dateTimeCheck = DateTime.Now;
if (!DateTime.TryParseExact(parts[1], "MMddyyyyHHmmss", System.Globalization.DateTimeFormatInfo.CurrentInfo, System.Globalization.DateTimeStyles.None, out dateTimeCheck) ||
dateTimeCheck.AddMinutes(1.0) < DateTime.Now)
{
return false;
}
if (String.IsNullOrWhiteSpace(parts[2]) || parts[2].Length != 21)
{
return false;
}
if (!String.Equals(parts[3], "ticket"))
{
return false;
}
// load ticket from context cache
ServiceUser ticket = httpContext.Cache.Get(ticketKey) as ServiceUser;
if (ticket == null)
{
return false;
}
if (!String.Equals(ticket.serviceURL, ServiceURL))
{
return false;
}
// return ticket data
t = ticket;
return true;
}
finally
{
Conductor.PunchTicket(httpContext, ticketKey);
}
}
public static String IssueTicket(HttpContext httpContext, ServiceUser serviceUser)
{
// create 120 bit random data
Byte[] rdata = new Byte[15];
Random random = new Random(Convert.ToInt32(DateTime.Now.Ticks % Int32.MaxValue));
random.NextBytes(rdata);
// convert random data to an URL save token of 20 characters length
String TicketToken = HttpServerUtility.UrlTokenEncode(rdata);
// build the ticket Key
String TicketKey = "TRUST-" + DateTime.Now.ToString("MMddyyyyHHmmss") + "-" + TicketToken + "-ticket";
// store ticket in context cache
httpContext.Cache.Add(TicketKey, serviceUser, null, DateTime.Now.AddMinutes(1.0), Cache.NoSlidingExpiration, CacheItemPriority.Normal, null);
return TicketKey;
}
protected void Page_Load(Object sender, EventArgs e)
{
this.usernameValidation.Visible = false;
this.passphraseValidation.Visible = false;
this.LoginValidationSummary.Visible = false;
this.LoginValidationSummary.Text = String.Empty;
if (!String.Equals(this.Request.HttpMethod, "post", StringComparison.InvariantCultureIgnoreCase))
{ return; }
if (this.Page.IsPostBack)
{
if (!Regex.IsMatch(this.Request.Form["anonym"], "^[a-zA-Z.0-9]{5,20}$"))
{
this.usernameValidation.Visible = true;
this.LoginValidationSummary.Visible = true;
this.LoginValidationSummary.Text = "Username must be 5-20 alphanumeric characters.";
}
if (!Regex.IsMatch(this.Request.Form["plainText1"], "^[a-zA-Z.0-9]{3,7}$") ||
!Regex.IsMatch(this.Request.Form["plainText2"], "^[a-zA-Z.0-9]{3,7}$") ||
!Regex.IsMatch(this.Request.Form["plainText3"], "^[a-zA-Z.0-9]{3,7}$") ||
!Regex.IsMatch(this.Request.Form["plainText4"], "^[a-zA-Z.0-9]{3,7}$"))
{
this.passphraseValidation.Visible = true;
this.LoginValidationSummary.Visible = true;
this.LoginValidationSummary.Text += (!String.IsNullOrWhiteSpace(this.LoginValidationSummary.Text) ? "<br/>" : String.Empty) + "Each passphrase word must be 3-7 alphanumeric characters.";
}
if (!LoginValidationSummary.Visible)
{
if (UserAuthenticator.Authenticate(this.Request.Form["anonym"], this.Request.Form["plainText1"], this.Request.Form["plainText2"], this.Request.Form["plainText3"], this.Request.Form["plainText4"]))
{
this.TrustSignin(this.Request.Form["anonym"]);
}
else
{
this.LoginValidationSummary.Visible = true;
this.LoginValidationSummary.Text += (!String.IsNullOrWhiteSpace(this.LoginValidationSummary.Text) ? "<br/>" : String.Empty) + "Could not validate username and/or passphrase.";
}
}
}
if (System.Web.HttpContext.Current.User.Identity != null
&& System.Web.HttpContext.Current.User.Identity.IsAuthenticated
&& System.Web.HttpContext.Current.User.Identity.AuthenticationType == "Forms")
{
String upn = System.Web.HttpContext.Current.User.Identity.Name;
if (!String.IsNullOrWhiteSpace(upn))
{
String service = Request.QueryString["service"];
if (!String.IsNullOrWhiteSpace(service))
{
Uri serviceHostChecker = null;
Uri.TryCreate(service, UriKind.RelativeOrAbsolute, out serviceHostChecker);
if (serviceHostChecker != null
&& serviceHostChecker.IsAbsoluteUri
&& ServiceHosts.whiteList.Contains(serviceHostChecker.Host))
{
// as an aside, check sign out rules
ServiceUser _user = new ServiceUser(service, upn);
String ticketKey = Conductor.IssueTicket(this.Context, _user);
String returnServiceUrl = service + (!service.Contains('?') ? "?ticket=" + ticketKey : "&ticket=" + ticketKey);
this.Response.Redirect(returnServiceUrl, false);
this.Context.ApplicationInstance.CompleteRequest();
}
}
}
}
}
