// // What follows is the logic for selection of the authentication algorithm // Enjoy boys and girls // // Bit 3 - Anonymous User // Bit 2 - UDDI Authentication Mode // Bit 1 - Windows Authentication Mode // Bit 0 - Ticket Present // | // | Authentication Module Used // 0000 X // 0001 X // 0010 Windows // 0011 Exception ( UDDI authentication turned off ) // 0100 UDDI ( will fail authentication due to invalid credentials ) // 0101 UDDI // 0110 Windows // 0111 UDDI // 1000 X // 1001 X // 1010 Exception UDDI authentication turned off // 1011 Exception "" // 1100 UDDI ( will fail authentication due to invalid credentials ) // 1101 UDDI // 1110 UDDI ( will fail authentication due to invalid credentials ) // 1111 UDDI // // // Reduction Work // // A - Anonymous User // B - UDDI Authentication Mode // C - Windows Authentication Mode // D - Ticket Present // // Key // e - throw exception invalid configuration // x - invalid state // w - windows authentication // u - uddi authentication // // CD // AB 00 01 11 10 // 00 x x e w // 01 u u u w // 11 u u u u // 10 x x e e // // if( !A && C && !D ) // w - windows authentication // else if( B ) // u - uddi authentication // else // throw exception // private void Authenticate(SoapMessage message) { Debug.Enter(); IAuthenticateable authenticate = (IAuthenticateable)message.GetInParameterValue(0); //WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity; IIdentity identity = HttpContext.Current.User.Identity; int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both); if (mode == (int)AuthenticationMode.Passport) { if (identity is PassportIdentity) { string ticket = authenticate.AuthInfo.Trim(); // // Authentication the user using the attached passport ticket // PassportAuthenticator pa = new PassportAuthenticator(); pa.Authenticate(ticket, Config.GetInt("Security.TimeOut", 60)); } else { throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_FATALERROR_PASSPORTBADCONFIG"); } Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Passport based authentication Identity is " + identity.Name); } else if (!((WindowsIdentity)identity).IsAnonymous && ((mode & (int)AuthenticationMode.Windows) != 0) && Utility.StringEmpty(authenticate.AuthInfo)) { /* 0X10 Case */ // // Authenticate the user using the currently impersonated credentials // WindowsAuthenticator wa = new WindowsAuthenticator(); wa.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60)); Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Windows based authentication Identity is " + identity.Name); } else if ((mode & (int)AuthenticationMode.Uddi) != 0) { /* X1XX Case for leftovers */ // // If windows authentication is turned off or the Debug.Write(SeverityType.Info, CategoryType.Soap, "Anonymous user: using UDDI authentication"); // // Authenticate the user using the authToken // UDDIAuthenticator ua = new UDDIAuthenticator(); ua.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60)); } else { // // Throw exception for the rest // throw new UDDIException(UDDI.ErrorType.E_unsupported, "UDDI_ERROR_UNSUPPORTED_BADAUTHENTICATIONCONFIG"); } // // Check to make sure the authenticated user has publisher credentials // Debug.Verify(Context.User.IsPublisher, "UDDI_ERROR_FATALERROR_USERNOPUBLISHERCRED", UDDI.ErrorType.E_fatalError, Context.User.ID); // // The server can be configured for automatic registration of publishers with credentials // if (!Context.User.IsRegistered) { if (1 == Config.GetInt("Security.AutoRegister", 0)) { // // Mark the user as verified. // Context.User.TrackPassport = false; Context.User.Verified = true; Context.User.Register(); } else { throw new UDDIException(UDDI.ErrorType.E_unknownUser, "UDDI_ERROR_UNKNOWNUSER_NOTREGISTERED"); } } Context.User.Login(); #if DEBUG Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + System.Threading.Thread.CurrentPrincipal.Identity.Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsAdministrator = " + Context.User.IsAdministrator); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsCoordinator = " + Context.User.IsCoordinator); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsPublisher = " + Context.User.IsPublisher); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsUser = " + Context.User.IsUser); #endif Debug.Leave(); }
public override void ProcessMessage(SoapMessage message) { Debug.Enter(); #if DEBUG string info = "log: " + data.log.ToString() + "; https: " + data.https.ToString() + "; validate: " + data.validate.ToString() + "; performance: " + data.performance.ToString() + "; authenticate: " + data.authenticate.ToString() + "; transaction: " + data.transaction.ToString() + "; messageType: " + data.messageType; Debug.Write(SeverityType.Info, CategoryType.Soap, info); #endif try { switch (message.Stage) { // // First Event // case SoapMessageStage.BeforeDeserialize: // // Initialize our context. // Context.Current.Initialize(); Config.CheckForUpdate(); // // TODO: Since we are using DispositionReport.ThrowFinal() I don't think this is // needed anymore. // // // Check to make sure the authenticated user has user credentials // Debug.Verify("1" != HttpContext.Current.Request.ServerVariables["Exception"], "UDDI_ERROR_FATALERROR_VERSIONCHECKERROR", UDDI.ErrorType.E_fatalError); Debug.Write(SeverityType.Info, CategoryType.Soap, "URL: " + message.Url); Debug.Write(SeverityType.Info, CategoryType.Soap, "SOAPAction: " + HttpContext.Current.Request.Headers["SOAPAction"]); string contentType = HttpContext.Current.Request.ContentType.ToLower(); bool validEncoding = (contentType.IndexOf("charset=\"utf-8\"") >= 0) || (contentType.IndexOf("charset=utf-8") >= 0); Debug.Verify(validEncoding, "UDDI_ERROR_UNSUPPORTED_CONTENTTYPEHEADERMISSING", ErrorType.E_unsupported); if (data.performance) { PublishMethodBegin(message); } if (data.https) { CheckForHttps(message); } // // Validation has been moved into the other SOAP extension // // if( data.validate ) // Validate( message ); break; // // Second Event // case SoapMessageStage.AfterDeserialize: ConnectionManager.Open(data.transaction, data.transaction); if (data.certificate) { CheckCertificate(message); } if (data.authenticate) { Authenticate(message); } else if (0 != (Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both) & (int)AuthenticationMode.AuthenticatedRead)) { // // Authenticated reads are turned on and this is a read request // Make sure the caller is authenticated using Windows and is at least a user // WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity; WindowsAuthenticator wa = new WindowsAuthenticator(); wa.Authenticate("", 0 /* not used */); Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Windows based authentication Identity is " + identity.Name); // // Check to make sure the authenticated user has user credentials // Debug.Verify(Context.User.IsUser, "UDDI_ERROR_FATALERROR_NOUSERCREDS", UDDI.ErrorType.E_fatalError, Context.User.ID); } break; // // Third Event // case SoapMessageStage.BeforeSerialize: break; // // Last Event // case SoapMessageStage.AfterSerialize: // // Cleanup the connection and commit the database activity // if (data.transaction && (null != (object)ConnectionManager.GetConnection()) && (null != (object)ConnectionManager.GetTransaction())) { if (null == (object)message.Exception) { ConnectionManager.Commit(); } else { ConnectionManager.Abort(); } } ConnectionManager.Close(); try { if (data.performance) { PublishMethodEnd(message); } } catch { Debug.OperatorMessage( SeverityType.Warning, CategoryType.None, OperatorMessageType.UnableToPublishCounter, "An error occurred while trying to publish a performance counter, the system will continue"); } break; default: throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_FATALERROR_UNKNOWNEXTSTAGE"); } } catch (Exception e) { DispositionReport.Throw(e); } Debug.Leave(); }
public AuthToken GetAuthToken(GetAuthToken gat) { Debug.Enter(); AuthToken at = new AuthToken(); try { // // XX-SECURITY: Review the value here in the case where we use // XX-this with a web.config with Authentication set to None or Passport // // // NOW: We now Get a Generic Identity. If the AuthenticationMode is AuthenticationMode.Passport (8), // we make sure the Identity is a PassportIdentity, then we authenticate. If AuthenticationMode // is Not set to AuthenticationMode.Passport, then process it as a WindowsIdentity. // // IIdentity identity = HttpContext.Current.User.Identity; int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both); if (((int)AuthenticationMode.Passport) == mode) { if (identity is PassportIdentity) { Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Passport based authentication Identity is " + gat.UserID); PassportAuthenticator pa = new PassportAuthenticator(); // // Get a Passport ticket for this user. // if (!pa.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo)) { // throw new UDDIException( ErrorType.E_unknownUser, "User failed authentication." ) ; throw new UDDIException(ErrorType.E_unknownUser, "USER_FAILED_AUTHENTICATION"); } // // We need to extract the PUID from the ticket and put it into our Context.UserInfo.ID; a // successfull call to Authenticate will do all of this. // if (!pa.Authenticate(at.AuthInfo, UDDI.Constants.Passport.TimeWindow)) { throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_USER_FAILED_AUTHENTICATION"); } // // Make sure this Passport user has registered with our UDDI site as a publisher. // if (!Context.User.IsVerified) { // throw new UDDIException( ErrorType.E_unknownUser, "Not a valid publisher." ) ; throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_NOT_A_VALID_PUBLISHER"); } } else { #if never throw new UDDIException(ErrorType.E_fatalError, "CONFIGURATION ERROR: Passport Identity Expected. \r\n" + "You are currently running in Passport Authentication Mode. \r\n" + "Check your web.config for the <authentication mode=\"Passport\" /> entry and try again."); #endif throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_PASSPORT_CONFIGURATION_ERROR"); } } // // SECURITY: Check to make sure the password is blank too // else if (!((WindowsIdentity)identity).IsAnonymous && ((mode & (int)AuthenticationMode.Windows) != 0) && Utility.StringEmpty(gat.UserID)) { Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Windows based authentication Identity is " + identity.Name); WindowsAuthenticator wa = new WindowsAuthenticator(); wa.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo); } else if ((mode & (int)AuthenticationMode.Uddi) != 0) { Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for UDDI based authentication"); UDDIAuthenticator ua = new UDDIAuthenticator(); ua.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo); } else { // throw new UDDIException( UDDI.ErrorType.E_unsupported, //"The UDDI server is not configured to support the requested form of authentication." ); throw new UDDIException(UDDI.ErrorType.E_unsupported, "UDDI_ERROR_AUTHENTICATION_CONFIGURATION_ERROR"); } Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + System.Threading.Thread.CurrentPrincipal.Identity.Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name); // // Check to make sure the authenticated user has publisher credentials // #if never Debug.Verify(Context.User.IsPublisher, "The user account " + Context.User.ID + " does not have publisher credentials", UDDI.ErrorType.E_fatalError); #endif Debug.Verify(Context.User.IsPublisher, "UDDI_ERROR_NO_PUBLISHER_CREDENTIALS", UDDI.ErrorType.E_fatalError, Context.User.ID); Debug.Write( SeverityType.Info, CategoryType.Authorization, "Authenticated user (userid = " + gat.UserID + " )"); } catch (Exception e) { DispositionReport.Throw(e); } return(at); }