public virtual HttpWebRequest CreateRightSideRequest(Stream inputBuffer) { _rightSideRequest = (HttpWebRequest)HttpWebRequest.Create(_application.GetRightSideUrl(_leftSideRequest)); _rightSideRequest.AllowAutoRedirect = false; _rightSideRequest.Timeout = Settings.Default.RequestTimeoutSeconds * 1000; _rightSideRequest.CookieContainer = new CookieContainer(); if (_application.Certificate != null) { _rightSideRequest.ClientCertificates.Add(_application.Certificate); } if (!_application.ByPass(_leftSideRequest.Url.AbsolutePath)) { AuthorizationWebServiceProxy authorizationProxy = new AuthorizationWebServiceProxy(_application.Directory.AuthorizationWebService); string userName = _auth.UserId; _authorization = authorizationProxy.GetAuthorization(_application.RootUrl, userName); if (!Properties.Settings.Default.ProcessRequestWithoutAuthorization) { if (_authorization == null || _authorization == CustomAuthorization.NoAuthorization) { throw new AuthorizationException("No Authorization received."); } } } HeaderTransformer headerTransformer = new HeaderTransformer(_leftSideRequest, _rightSideRequest, IsSoap ? PvpTokenHandling.remove : _application.PvpInformationHandling, _application.RootUrl, _application.RemoteApplicationProxyPath, _application.IsolateCookies, _authorization == null ? null : _authorization.PvpVersion); headerTransformer.Transform(); Dictionary <PvpAttributes, string> headersNames = null; if (_authorization != null && _authorization.PvpVersion == PvpVersionNumber.Version19) { headersNames = s_ProxyHeaderNames19; } if (_authorization != null && (_authorization.PvpVersion == PvpVersionNumber.Version20 || _authorization.PvpVersion == PvpVersionNumber.Version21)) { headersNames = s_ProxyHeaderNames20; } if (!IsSoap && headersNames != null) { _rightSideRequest.Headers.Add(headersNames[PvpAttributes.ORIG_SCHEME], _leftSideRequest.Url.Scheme); int port = _leftSideRequest.Url.Port; string portString = (port == 80 || port == 443) ? String.Empty : ":" + port.ToString(); _rightSideRequest.Headers.Add(headersNames[PvpAttributes.ORIG_HOST], _leftSideRequest.Url.Host + portString); _rightSideRequest.Headers.Add(headersNames[PvpAttributes.ORIG_URI], _leftSideRequest.Url.AbsolutePath); } if (headersNames != null && String.IsNullOrEmpty(_leftSideRequest.Headers[headersNames[PvpAttributes.TXID]])) { _rightSideRequest.Headers.Add(headersNames[PvpAttributes.TXID], GetTxId()); } _rightSideRequest.Method = _leftSideRequest.HttpMethod; _rightSideRequest.AuthenticationLevel = Egora.Stammportal.HttpReverseProxy.Properties.Settings.Default.AuthenticationLevel; _rightSideRequest.UseDefaultCredentials = true; if (_rightSideRequest.Proxy != null) { _rightSideRequest.Proxy.Credentials = CredentialCache.DefaultCredentials; } _rightSideRequest.PreAuthenticate = true; if (_authorization != null && _authorization.HttpHeaders != null && _authorization != CustomAuthorization.NoAuthorization) { foreach (HttpHeader header in _authorization.HttpHeaders) { if (header != null) { _rightSideRequest.Headers.Add(header.Name, header.Value); } } } HandleRequestContent(inputBuffer); return(_rightSideRequest); }
public void PvpChainedTokenForSoapWithHeaderElementNoHeaderCollection() { XmlDocument doc = new XmlDocument(); doc.LoadXml( @"<S:Envelope xmlns:S=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:wsa=""http://schemas.xmlsoap.org/ws/2002/03/addressing"" xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd""> <S:Header> <wsse:Security> <pvpToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""> <authenticate> <participantId>AT:L6:1234789</participantId> <userPrincipal> <userId>[email protected]</userId> <cn>Max Mustermann</cn> <gvOuId>AT:GGA-60420:0815</gvOuId> <ou>Meldeamt</ou> <gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ> <gvSecClass>2</gvSecClass> <gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid> <mail>[email protected]</mail> <tel>+43 3155 5153</tel> </userPrincipal> </authenticate> <authorize> <role value=""Beispielrolle""> <param> <key>GKZ</key> <value>60420</value> </param> </role> </authorize></pvpToken> </wsse:Security> </S:Header> <S:Body> </S:Body> </S:Envelope>"); CustomAuthorization authorization = new CustomAuthorization(); XmlDocument authDoc = new XmlDocument(); XmlElement authToken = authDoc.CreateElement("P:pvpToken", "http://egov.gv.at/pvp1.xsd"); authToken.SetAttribute("version", "1.9"); authToken.InnerXml = @"<authenticate> <participantId>AT:L6:1234789</participantId> <systemPrincipal> <userId>egovstar.appserv1.intra.xyz.gv.at</userId> <cn>Anwendung 1 Register-Interface</cn> <gvOuId>AT:L6:4711</gvOuId> <ou>Fachabteilung 1B Informationstechnik</ou> <gvOuOKZ>AT:L6-FA1B</gvOuOKZ> <gvSecClass>2</gvSecClass> </systemPrincipal> </authenticate> <authorize> <role value=""Registerabfrage"" /> </authorize>"; authorization.SoapHeaderXmlFragment = authToken; authorization.PvpVersion = "1.9"; SoapFilter filter = new SoapFilter(authorization, 1000, PvpTokenHandling.chain, null); XmlElement pvpToken = filter.InsertAuthorization(doc, authorization); Assert.IsNotNull(pvpToken); string expectedValue = authToken.InnerXml + @"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate><participantId>AT:L6:1234789</participantId><userPrincipal><userId>[email protected]</userId><cn>Max Mustermann</cn><gvOuId>AT:GGA-60420:0815</gvOuId><ou>Meldeamt</ou><gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ><gvSecClass>2</gvSecClass><gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid><mail>[email protected]</mail><tel>+43 3155 5153</tel></userPrincipal></authenticate></pvpChainedToken>"; Assert.AreEqual(expectedValue, pvpToken.InnerXml); XmlElement envelope = filter.SelectXmlElement(doc.DocumentElement, "Envelope", "http://schemas.xmlsoap.org/soap/envelope/"); Assert.IsNotNull(envelope); Assert.AreEqual(pvpToken.OuterXml, pvpToken.ParentNode.InnerXml); }
public void PvpTokenWithChainedTokenForSoapWithoutHeaderElement() { XmlDocument doc = new XmlDocument(); doc.LoadXml( @"<S:Envelope xmlns:P=""http://egov.gv.at/pvp1.xsd"" xmlns:S=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:wsa=""http://schemas.xmlsoap.org/ws/2002/03/addressing"" xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd""> <S:Body> </S:Body> </S:Envelope>"); CustomAuthorization authorization = new CustomAuthorization(); XmlDocument authDoc = new XmlDocument(); XmlElement authToken = authDoc.CreateElement("P:pvpToken", "http://egov.gv.at/pvp1.xsd"); authToken.SetAttribute("version", "1.9"); authToken.InnerXml = @"<authenticate> <participantId>AT:L6:994</participantId> <systemPrincipal> <userId>egovstar.appserv1.intra.xyz.gv.at</userId> <cn>Anwendung 1 Register-Interface</cn> <gvOuId>AT:L6:4711</gvOuId> <ou>Fachabteilung 1B Informationstechnik</ou> <gvOuOKZ>AT:L6-FA1B</gvOuOKZ> <gvSecClass>2</gvSecClass> </systemPrincipal> </authenticate> <authorize> <role value=""Registerabfrage""/> </authorize> <pvpChainedToken> <authenticate> <userPrincipal> <userId>[email protected]</userId> <cn>F. Meier</cn> <gvOuId>AT:L6:1299</gvOuId> <ou>L6AL-F2/c</ou> <mail>[email protected]</mail> <tel>[email protected]</tel> <gvSecClass>2</gvSecClass> <gvGid>AT:B:0:UhO5RG++klaOTsVY+CU=</gvGid> <gvFunction>SB</gvFunction> </userPrincipal> </authenticate> <authorize> <role value=""ZMR-Fremdenbehoerdenanfrage""> <param> <key>GKZ</key> <value>60100</value> </param> </role> </authorize> </pvpChainedToken> "; authorization.SoapHeaderXmlFragment = authToken; SoapFilter filter = new SoapFilter(null, 1000, PvpTokenHandling.remove, null); XmlElement pvpToken = filter.InsertAuthorization(doc, authorization); Assert.IsNotNull(pvpToken); Assert.AreEqual(authToken.InnerXml, pvpToken.InnerXml); XmlElement envelope = filter.SelectXmlElement(doc.DocumentElement, "Envelope", "http://schemas.xmlsoap.org/soap/envelope/"); Assert.IsNotNull(envelope); Assert.AreEqual(pvpToken.OuterXml, pvpToken.ParentNode.InnerXml); }
public void PvpChainedTokenForSoapWithHeaderElementAndHeaderCollection() { XmlDocument doc = new XmlDocument(); doc.LoadXml( @"<S:Envelope xmlns:P=""http://egov.gv.at/pvp1.xsd"" xmlns:S=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:wsa=""http://schemas.xmlsoap.org/ws/2002/03/addressing"" xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd""> <S:Header> </S:Header> <S:Body> </S:Body> </S:Envelope>"); CustomAuthorization authorization = new CustomAuthorization(); XmlDocument authDoc = new XmlDocument(); XmlElement authToken = authDoc.CreateElement("P:pvpToken", "http://egov.gv.at/pvp1.xsd"); authToken.SetAttribute("version", "1.9"); authToken.InnerXml = @"<authenticate> <participantId>AT:L6:1234789</participantId> <systemPrincipal> <userId>egovstar.appserv1.intra.xyz.gv.at</userId> <cn>Anwendung 1 Register-Interface</cn> <gvOuId>AT:L6:4711</gvOuId> <ou>Fachabteilung 1B Informationstechnik</ou> <gvOuOKZ>AT:L6-FA1B</gvOuOKZ> <gvSecClass>2</gvSecClass> </systemPrincipal> </authenticate> <authorize> <role value=""Registerabfrage""/> </authorize>"; authorization.SoapHeaderXmlFragment = authToken; NameValueCollection headers = new NameValueCollection() { { "X-Version", "1.9" }, { "X-AUTHENTICATE-participantId", "AT:L6:1234789" }, { "X-AUTHENTICATE-UserId", "*****@*****.**" }, { "X-AUTHENTICATE-cn", "Max Mustermann" }, { "X-AUTHENTICATE-gvGid", "AT:B:0:LxXnvpcYZesiqVXsZG0bB==" }, { "X-AUTHENTICATE-gvOuId", "AT:GGA-60420:0815" }, { "X-AUTHENTICATE-Ou", "Meldeamt" }, { "X-AUTHENTICATE-gvOuOKZ", "AT:GGA-60420-Abt13" }, { "X-AUTHENTICATE-mail", "*****@*****.**" }, { "X-AUTHENTICATE-tel", "+43 3155 5153" }, { "X-AUTHENTICATE-gvSecClass", "2" }, { "X-AUTHORIZE-roles", "Beispielrolle(GKZ=60420)" }, }; SoapFilter filter = new SoapFilter(null, 1000, PvpTokenHandling.chain, headers); XmlElement pvpToken = filter.InsertAuthorization(doc, authorization); Assert.IsNotNull(pvpToken); string expectedValue = authToken.InnerXml + @"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate><participantId>AT:L6:1234789</participantId>" + "<userPrincipal>" + "<userId>[email protected]</userId>" + "<cn>Max Mustermann</cn>" + "<gvOuId>AT:GGA-60420:0815</gvOuId>" + "<ou>Meldeamt</ou>" + "<gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ>" + "<mail>[email protected]</mail>" + "<tel>+43 3155 5153</tel>" + "<gvSecClass>2</gvSecClass>" + "<gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid>" + "</userPrincipal></authenticate><authorize>" + @"<role value=""Beispielrolle""><param><key>GKZ</key><value>60420</value></param></role>" + "</authorize></pvpChainedToken>"; Assert.IsTrue(pvpToken.InnerXml.StartsWith(authToken.InnerXml + @"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate>")); string participant = pvpToken.InnerXml.Substring(pvpToken.InnerXml.IndexOf(@"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate><participantId>") + 80); Assert.IsTrue(participant.StartsWith("<participantId>AT:L6:1234789</participantId>")); string userPrincipal = participant.Substring(participant.IndexOf("<userPrincipal>")); Assert.IsTrue(userPrincipal.Contains("<userId>[email protected]</userId>")); Assert.IsTrue(userPrincipal.Contains("<cn>Max Mustermann</cn>")); Assert.IsTrue(userPrincipal.Contains("<gvOuId>AT:GGA-60420:0815</gvOuId>")); Assert.IsTrue(userPrincipal.Contains("<ou>Meldeamt</ou>")); Assert.IsTrue(userPrincipal.Contains("<gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ>")); Assert.IsTrue(userPrincipal.Contains("<mail>[email protected]</mail>")); Assert.IsTrue(userPrincipal.Contains("<tel>+43 3155 5153</tel>")); Assert.IsTrue(userPrincipal.Contains("<gvSecClass>2</gvSecClass>")); Assert.IsTrue(userPrincipal.Contains("<gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid>")); string roles = userPrincipal.Substring(userPrincipal.IndexOf("</userPrincipal></authenticate><authorize>") + 42); Assert.IsTrue(roles.Contains(@"<role value=""Beispielrolle""><param><key>GKZ</key><value>60420</value></param></role>")); XmlElement envelope = filter.SelectXmlElement(doc.DocumentElement, "Envelope", "http://schemas.xmlsoap.org/soap/envelope/"); Assert.IsNotNull(envelope); Assert.AreEqual(pvpToken.OuterXml, pvpToken.ParentNode.InnerXml); }
protected bool IsInRole(String roleNames) { return(CustomAuthorization.IsInRole(roleNames)); }