//--------------------------------------------------------------------------------------------
/// <summary>
/// Called when a user attempts to authenticate using an a 'digest' format. This format means
/// the a hash of the password and the SessionId was passed over the wire and must now be
/// authenticated. This is signifigantly more secure than a plain-text authentication, but still
/// not considered truly 'secure'.
/// </summary>
/// <param name="userID">The full username to be authenticated.</param>
/// <param name="sessionID">
/// The Session ID associated with this user upon stream initiation.
/// The password hash (digest) is built using this as a Salt value.
/// </param>
/// <param name="userDigest">The hash of the users password and the Session Id</param>
/// <returns>
/// A SoapBoxPrincipal, with the authentication bit properly set. If the user is
/// properly authenticated then roles are returned in the SoapBox Identity nested in the principal.
/// </returns>
//public override IPrincipal AuthUserNonSASLDigest(JabberID userID, string sessionID, Digest userDigest)
//{
// if (userDigest == null) throw new ArgumentNullException("userDigest");
// SoapBoxIdentity soapBoxID = new SoapBoxIdentity(userID);
// SoapBoxPrincipal soapBoxP = new SoapBoxPrincipal(soapBoxID);
// // Normally the line below would be a database dip to lookup
// // the actual password for the user who is attempting to
// // authenticate. Here, I'm skipping that and mandating the
// // password to be "Coversant".
// string textPassword = "******";
// // Create a Digest (using the proper algorithm) of the actual password
// // and the session ID
// Digest x = new Digest(textPassword, sessionID);
// // Compare the two digest values and see if they match
// if (string.Equals(x.DigestValue, userDigest.DigestValue,
// StringComparison.OrdinalIgnoreCase))
// {
// // Normally this role lookup involves a database dip of some
// // sort to determine what roles the user has. In this
// // example, I'm just hardcoding them.
// string[] myRoles = new string[] { "Administrator", "User" };
// //soapBoxP.AddRoles(myRoles);
// //soapBoxID.SetAuthenticated();
// }
// return soapBoxP;
//}
//--------------------------------------------------------------------------------------------
/// <summary>
/// Provides a mechanism for the user manager to lookup a principal for a user at any time. This is
/// required by the DigestMD5 SASL algorithm. If you don't need to suppor this algorithm, then this
/// method isn't needed.
/// </summary>
/// <param name="userID">The full username to build a principal for.</param>
/// <param name="authenticated">The authenticated state for the user</param>
/// <returns></returns>
public override IPrincipal GetPrincipal(JabberID userID, bool authenticated)
{
SoapBoxIdentity soapBoxID = new SoapBoxIdentity(userID);
SoapBoxPrincipal soapBoxP = new SoapBoxPrincipal(soapBoxID);
if (authenticated)
{
// Normally this role lookup involves a database dip of
// some sort to determine what roles the
// user has. In this example, I'm just hardcoding them.
string[] myRoles = new string[] { "Administrator", "User" };
soapBoxP.AddRoles(myRoles);
soapBoxID.SetAuthenticated();
}
return soapBoxP;
}
//--------------------------------------------------------------------------------------------
/// <summary>
/// Called when a user attempts to authenticate using an a 'plain-text' format. This format means
/// the password itself was passed over the wire, and must now be authenticated. While not
/// particularly secure, many authentication protocols require having the actual text password,
/// and thus a Hash+Salt value can't be used. Normally a server setup to use this protocol
/// requires TLS, which keeps the credentials from being passed over an unencrypted link.
/// </summary>
/// <param name="userID">The full username to be authenticated.</param>
/// <param name="password">The users password to check.</param>
/// <returns>
/// A SoapBoxPrincipal, with the authentication bit properly set. If the user is
/// properly authenticated then roles are returned in the SoapBox Identity nested in the principal.
/// </returns>
public override IPrincipal AuthUserPlain(JabberID userID, string password)
{
SoapBoxIdentity soapBoxID = new SoapBoxIdentity(userID);
SoapBoxPrincipal soapBoxP = new SoapBoxPrincipal(soapBoxID);
string[] myRoles;
if (Drupal.CheckUser(userID.FullJabberID, password, out myRoles))
{
soapBoxID.SetAuthenticated();
soapBoxP.AddRoles(myRoles);
}
return soapBoxP;
}
