コード例 #1
0
        //--------------------------------------------------------------------------------------------
        /// <summary>
        /// Called when a user attempts to authenticate using an a 'digest' format. This format means
        /// the a hash of the password and the SessionId was passed over the wire and must now be 
        /// authenticated. This is signifigantly more secure than a plain-text authentication, but still
        /// not considered truly 'secure'. 
        /// </summary>
        /// <param name="userID">The full username to be authenticated.</param>
        /// <param name="sessionID">
        /// The Session ID associated with this user upon stream initiation. 
        /// The password hash (digest) is built using this as a Salt value.
        /// </param>
        /// <param name="userDigest">The hash of the users password and the Session Id</param>
        /// <returns>
        /// A SoapBoxPrincipal, with the authentication bit properly set. If the user is 
        /// properly authenticated then roles are returned in the SoapBox Identity nested in the principal.
        /// </returns>
        //public override IPrincipal AuthUserNonSASLDigest(JabberID userID, string sessionID, Digest userDigest)
        //{
        //    if (userDigest == null) throw new ArgumentNullException("userDigest");
        //    SoapBoxIdentity soapBoxID = new SoapBoxIdentity(userID);
        //    SoapBoxPrincipal soapBoxP = new SoapBoxPrincipal(soapBoxID);
        //    // Normally the line below would be a database dip to lookup
        //    // the actual password for the user who is attempting to
        //    // authenticate. Here, I'm skipping that and mandating the
        //    // password to be "Coversant".
        //    string textPassword = "******";
        //    // Create a Digest (using the proper algorithm) of the actual password
        //    // and the session ID
        //    Digest x = new Digest(textPassword, sessionID);
        //    // Compare the two digest values and see if they match
        //    if (string.Equals(x.DigestValue, userDigest.DigestValue,
        //                            StringComparison.OrdinalIgnoreCase))
        //    {
        //        // Normally this role lookup involves a database dip of some
        //        // sort to determine what roles the user has. In this
        //        // example, I'm just hardcoding them.
        //        string[] myRoles = new string[] { "Administrator", "User" };
        //        //soapBoxP.AddRoles(myRoles);
        //        //soapBoxID.SetAuthenticated();
        //    }
        //    return soapBoxP;
        //}
        //--------------------------------------------------------------------------------------------
        /// <summary>
        /// Provides a mechanism for the user manager to lookup a principal for a user at any time. This is 
        /// required by the DigestMD5 SASL algorithm. If you don't need to suppor this algorithm, then this 
        /// method isn't needed.
        /// </summary>
        /// <param name="userID">The full username to build a principal for.</param>
        /// <param name="authenticated">The authenticated state for the user</param>
        /// <returns></returns>
        public override IPrincipal GetPrincipal(JabberID userID, bool authenticated)
        {
            SoapBoxIdentity soapBoxID = new SoapBoxIdentity(userID);
            SoapBoxPrincipal soapBoxP = new SoapBoxPrincipal(soapBoxID);

            if (authenticated)
            {
                // Normally this role lookup involves a database dip of
                // some sort to determine what roles the
                // user has. In this example, I'm just hardcoding them.
                string[] myRoles = new string[] { "Administrator", "User" };
                soapBoxP.AddRoles(myRoles);

                soapBoxID.SetAuthenticated();
            }

            return soapBoxP;
        }
コード例 #2
0
        //--------------------------------------------------------------------------------------------
        /// <summary>
        /// Called when a user attempts to authenticate using an a 'plain-text' format. This format means
        /// the password itself was passed over the wire, and must now be authenticated. While not 
        /// particularly secure, many authentication protocols require having the actual text password,
        /// and thus a Hash+Salt value can't be used. Normally a server setup to use this protocol
        /// requires TLS, which keeps the credentials from being passed over an unencrypted link.
        /// </summary>
        /// <param name="userID">The full username to be authenticated.</param>
        /// <param name="password">The users password to check.</param>
        /// <returns>
        /// A SoapBoxPrincipal, with the authentication bit properly set. If the user is 
        /// properly authenticated then roles are returned in the SoapBox Identity nested in the principal.
        /// </returns>
        public override IPrincipal AuthUserPlain(JabberID userID, string password)
        {
            SoapBoxIdentity soapBoxID = new SoapBoxIdentity(userID);
            SoapBoxPrincipal soapBoxP = new SoapBoxPrincipal(soapBoxID);

            string[] myRoles;
            if (Drupal.CheckUser(userID.FullJabberID, password, out myRoles))
            {
                 soapBoxID.SetAuthenticated();
                 soapBoxP.AddRoles(myRoles);
            }
            return soapBoxP;
        }