/// <summary> /// Raises the BasicAuthorization event /// </summary> private void OnBasicAuthorization(BasicAuthorizationArgs e) { if (BasicAuthorization != null) { BasicAuthorization(this, e); } }
private void context_AuthenticateRequest(object sender, EventArgs e) { bool _requestAuthorized = true; HttpApplication _httpApp = (HttpApplication)sender; //Since we are processing all wildcards... // The web project will not load if we intercept its request. // Therefore... if the User-Agent is the studio... do nothing if (_httpApp.Request.Headers["User-Agent"] != null && !_httpApp.Request.Headers["User-Agent"].StartsWith("Microsoft-Visual-Studio.NET")) { //Check to see if the request needs to be authenticated if (this.ModuleAuthentication != Authentication.None) { AuthenticationArgs _authArgs = new AuthenticationArgs(_httpApp.Request.Url, "", this.ModuleAuthentication); AuthorizationArgs _authorizationArgs = new AuthorizationArgs(_authArgs); //Fire the event this.OnAuthenticateRequest(_authArgs); if (_authArgs.ProcessAuthorization) { _httpApp.Context.Items["WebDAVModule_AuthArgs"] = _authArgs; string _authStr = _httpApp.Request.Headers["Authorization"]; switch (this.ModuleAuthentication) { case Authentication.Basic: //By default the request is not authorized _requestAuthorized = false; if (!string.IsNullOrEmpty(_authStr) && _authStr.StartsWith("Basic")) { byte[] _decodedBytes = Convert.FromBase64String(_authStr.Substring(6)); string[] _authInfo = System.Text.Encoding.ASCII.GetString(_decodedBytes).Split(':'); BasicAuthorizationArgs _basicAuthArgs = new BasicAuthorizationArgs(_authInfo[0], _authInfo[1], _authArgs.Realm); //Set the authorization username _authorizationArgs.UserName = _basicAuthArgs.UserName; //Fire the event this.OnBasicAuthorization(_basicAuthArgs); if (_basicAuthArgs.Authorized) { _requestAuthorized = true; _httpApp.Context.User = new GenericPrincipal(new GenericIdentity(_basicAuthArgs.UserName, "Basic"), null); } _authorizationArgs.RequestAuthorized = _requestAuthorized; //Fire the event this.OnAuthorizationComplete(_authorizationArgs); } break; case Authentication.Digest: //By default the request is not authorized _requestAuthorized = false; if (!string.IsNullOrEmpty(_authStr) && _authStr.StartsWith("Digest")) { _authStr = _authStr.Substring(7); SortedList <string, string> _authItems = new SortedList <string, string>(); foreach (string _authItem in _authStr.Split(',')) { string[] _authItemArray = _authItem.Split('='); string _authKey = _authItemArray[0].Trim(new char[] { ' ', '\"' }); string _authValue = _authItemArray[1].Trim(new char[] { ' ', '\"' }); _authItems[_authKey] = _authValue; } DigestAuthorizationArgs _digestAuthArgs = new DigestAuthorizationArgs(_authItems["username"], _authItems["realm"]); //Set the authorization username _authorizationArgs.UserName = _digestAuthArgs.UserName; //Fire the event this.OnDigestAuthorization(_digestAuthArgs); //Validate password string _userInfo = String.Format("{0}:{1}:{2}", _authItems["username"], _authArgs.Realm, _digestAuthArgs.Password); string _hashedUserInfo = GetMD5HashBinHex(_userInfo); string _uriInfo = String.Format("{0}:{1}", _httpApp.Request.HttpMethod, _authItems["uri"]); string _hashedUriInfo = GetMD5HashBinHex(_uriInfo); string _nonceInfo = null; if (_authItems.ContainsKey("qop")) { _nonceInfo = String.Format ( "{0}:{1}:{2}:{3}:{4}:{5}", new object[] { _hashedUserInfo, _authItems["nonce"], _authItems["nc"], _authItems["cnonce"], _authItems["qop"], _hashedUriInfo } ); } else { _nonceInfo = String.Format ( "{0}:{1}:{2}", _hashedUserInfo, _authItems["nonce"], _hashedUriInfo ); } string _hashedNonceInfo = GetMD5HashBinHex(_nonceInfo); bool _staleNonce = !this.IsValidNonce(_authItems["nonce"]); _httpApp.Context.Items["WebDAVModule_DigestStaleNonce"] = _staleNonce; if (_authItems["response"] == _hashedNonceInfo && !_staleNonce) { _requestAuthorized = true; _httpApp.Context.User = new GenericPrincipal(new GenericIdentity(_digestAuthArgs.UserName, "Digest"), null); } _authorizationArgs.RequestAuthorized = _requestAuthorized; //Fire the event this.OnAuthorizationComplete(_authorizationArgs); } break; } } } if (!_requestAuthorized) { DenyAccess(_httpApp); } else { //Check to see if we should process the request DavModuleProcessRequestArgs _processRequestArgs = new DavModuleProcessRequestArgs(_httpApp.Request.Url, this.IsWebDAVRequest); //Fire the event this.OnProcessRequest(_processRequestArgs); if (_processRequestArgs.ProcessRequest) { if (!string.IsNullOrEmpty(this.DebugFilePath)) { WebDavProcessor.DebugFilePath = this.DebugFilePath; } this.__webDavProcessor.ProcessRequest(_httpApp); } //Fire the event this.OnRequestProcessed(); } } }
private void FileWebDAVModule_BasicAuthorization(object sender, BasicAuthorizationArgs e) { e.Authorized = false; if (!String.IsNullOrEmpty(e.Realm)) { if (!string.IsNullOrEmpty(e.UserName) && !string.IsNullOrEmpty(e.Password)) { if (e.UserName.ToLower().Equals("root")) { e.Authorized = Common.Solution.CreateFromContext(e.Realm).SolutionPassword.Equals(e.Password); if (e.Authorized) { CreateFileSystemFoldersIfNotExists(e.Realm); VirtualDirectory vdir = new VirtualDirectory(_fileSystem, e.Realm) { UserName = e.UserName }; String solutionFolder = String.Format(@"{0}", e.Realm); vdir.AddFolder("access", System.IO.Path.Combine(solutionFolder, "access"), "r"); vdir.AddFolder("filesystem", System.IO.Path.Combine(solutionFolder, "filesystem"), "r"); vdir.AddFolder("log", System.IO.Path.Combine(solutionFolder, "log"), "r"); vdir.AddFolder("resource", System.IO.Path.Combine(solutionFolder, "resource"), "r"); e.UserData = vdir; } return; } if (e.UserName.ToLower().Equals("admin")) { e.Authorized = Common.Solution.CreateFromContext(e.Realm).SolutionPassword.Equals(e.Password); if (e.Authorized) { CreateFileSystemFoldersIfNotExists(e.Realm); VirtualDirectory vdir = new VirtualDirectory(_fileSystem, e.Realm) { UserName = e.UserName }; String solutionFolder = String.Format(@"{0}\filesystem", e.Realm); vdir.AddFolder("shared", String.Format(@"{0}\shared", solutionFolder), "rw"); vdir.AddFolder("private", String.Format(@"{0}\private", solutionFolder), "rw"); vdir.AddFolder("exchange", String.Format(@"{0}\exchange", solutionFolder), "rw"); vdir.AddVirtualFile("exchange.txt", String.Format(@"{0}\exchange", solutionFolder), new CatalogFile()); vdir.AddVirtualFile("private.txt", String.Format(@"{0}\private", solutionFolder), new CatalogFile()); vdir.AddVirtualFile("shared.txt", String.Format(@"{0}\shared", solutionFolder), new CatalogFile()); vdir.AddVirtualFile("log.txt", String.Format(@"{0}\log", solutionFolder), new CatalogFile()); e.UserData = vdir; } return; } //user Guid userId; if (System.Guid.TryParse(e.UserName, out userId)) { e.Authorized = Common.Logon.UserExists(e.Realm, userId, e.Password); if (e.Authorized) { CreateFileSystemFoldersIfNotExists(e.Realm); VirtualDirectory vdir = new VirtualDirectory(_fileSystem, e.Realm) { UserName = e.UserName }; String solutionFolder = String.Format(@"{0}\filesystem", e.Realm); if (!_fileSystem.DirectoryExists(String.Format(@"{0}\private\{1}", solutionFolder, e.UserName))) { _fileSystem.CreateSubDirectory(String.Format(@"{0}\private", solutionFolder), e.UserName); } if (!_fileSystem.DirectoryExists(String.Format(@"{0}\log\{1}", solutionFolder, e.UserName))) { _fileSystem.CreateSubDirectory(String.Format(@"{0}\log", solutionFolder), e.UserName); } vdir.AddFolder("shared", String.Format(@"{0}\shared", solutionFolder), "r"); vdir.AddFolder("private", String.Format(@"{0}\private\{1}", solutionFolder, e.UserName), "rw"); vdir.AddFolder("log", String.Format(@"{0}\log\{1}", solutionFolder, e.UserName), "rw"); if (Common.Logon.CheckIfFilterShared(e.Realm)) { vdir.AddVirtualFile("shared.txt", String.Format(@"{0}\shared", solutionFolder), new CatalogFileFiltered(Common.Solution.CreateFromContext(e.Realm), userId)); } else { vdir.AddVirtualFile("shared.txt", String.Format(@"{0}\shared", solutionFolder), new CatalogFile()); } vdir.AddVirtualFile("private.txt", String.Format(@"{0}\private\{1}", solutionFolder, e.UserName), new CatalogFile()); vdir.AddVirtualFile("log.txt", String.Format(@"{0}\log\{1}", solutionFolder, e.UserName), new CatalogFile()); e.UserData = vdir; } } } } }