/// <summary> /// Performs the Raven authentication flow. /// </summary> /// <param name="filterContext"></param> public void Authorize(AuthorizationContext filterContext) { HttpRequestBase request = filterContext.HttpContext.Request; HttpResponseBase response = filterContext.HttpContext.Response; if (this.LoadIdentity(filterContext.HttpContext)) { return; } // if this is not a POST request, then we can look for a response if (!request.HttpMethod.Equals("POST")) { // try to get the response String wlsResponse = request.Params[WLS_RESPONSE_PARAM]; if (!String.IsNullOrWhiteSpace(wlsResponse)) { // parse the response data RavenResponse ravenResponse = new RavenResponse(wlsResponse); // if the server has indicated that authentication was successful, // validate the response signature and set an authentication cookie if (ravenResponse.Status == RavenStatus.OK) { if (!this.Validate(ravenResponse)) { throw new RavenException("Failed to validate response signature."); } // create a Forms authentication ticket and cookie this.CreateTicket(response, ravenResponse); // redirect the user back to where they started response.Redirect(ravenResponse.URL); } else { // check to see if there is a URL we should redirect the user to // if not: throw an exception if (String.IsNullOrWhiteSpace(this.errorURL)) { throw new RavenResponseException( "Authentication failed: " + ravenResponse.Status.ToString(), ravenResponse.Status); } response.Redirect(this.errorURL + (Int32)ravenResponse.Status); } return; } } // if we end up here, then we don't have a Raven session RavenRequest ravenRequest = new RavenRequest(); ravenRequest.Parameters.Add("url", request.Url.AbsoluteUri); // redirect the user so they can set one up response.Redirect(String.Format("{0}{1}{2}", this.baseURL, RAVEN_AUTHENTICATE, ravenRequest.ToString())); }
/// <summary> /// Performs the Raven authentication flow. /// </summary> /// <param name="filterContext"></param> public void Authorize(AuthorizationContext filterContext) { HttpRequestBase request = filterContext.HttpContext.Request; HttpResponseBase response = filterContext.HttpContext.Response; if (this.LoadIdentity(filterContext.HttpContext)) return; // if this is not a POST request, then we can look for a response if (!request.HttpMethod.Equals("POST")) { // try to get the response String wlsResponse = request.Params[WLS_RESPONSE_PARAM]; if (!String.IsNullOrWhiteSpace(wlsResponse)) { // parse the response data RavenResponse ravenResponse = new RavenResponse(wlsResponse); // if the server has indicated that authentication was successful, // validate the response signature and set an authentication cookie if (ravenResponse.Status == RavenStatus.OK) { if (!this.Validate(ravenResponse)) throw new RavenException("Failed to validate response signature."); // create a Forms authentication ticket and cookie this.CreateTicket(response, ravenResponse); // redirect the user back to where they started response.Redirect(ravenResponse.URL); } else { // check to see if there is a URL we should redirect the user to // if not: throw an exception if (String.IsNullOrWhiteSpace(this.errorURL)) { throw new RavenResponseException( "Authentication failed: " + ravenResponse.Status.ToString(), ravenResponse.Status); } response.Redirect(this.errorURL + (Int32)ravenResponse.Status); } return; } } // if we end up here, then we don't have a Raven session RavenRequest ravenRequest = new RavenRequest(); ravenRequest.Parameters.Add("url", request.Url.AbsoluteUri); // redirect the user so they can set one up response.Redirect(String.Format("{0}{1}{2}", this.baseURL, RAVEN_AUTHENTICATE, ravenRequest.ToString())); }