public SSOConfidence CheckRequest(HttpContext context, SSOConfidence confidenceIn)
{
//Inputs
SSOConfidence retval = CheckInputs(context, confidenceIn);
if (retval.IsBadRequest())
{
return(retval); //Don't bother with further processing, it'll break
}
int confidenceVal = 0;
Id netId = getNetworkID(context);
if (!String.IsNullOrEmpty(netId.Name))
{
if (IsKnownIdLocally(netId))
{
confidenceVal = CalculateNetworkConfidence(netId, context);
}
}
else
{
confidenceVal = SSOConfidence.NoConfidence;
}
retval.SimpleValue = confidenceVal;
if (confidenceIn != null)
{
retval = retval.Accumulate(confidenceIn);
}
return(retval);
}
/// <summary>
/// Given a user with a given confidence, an authentication and role,
/// return a value for the access keys currently allowed
/// </summary>
/// <param name="username"></param>
/// <param name="authenticated"></param>
/// <param name="confidence"></param>
/// <param name="role"></param>
/// <returns></returns>
public int AuthorizeUserRequest(string username, bool authenticated, SSOConfidence confidence, string reqRole)
{
int retVal = 0;
Dictionary <string, string> userData = GetUser(username); //Data from DB
UserStatus useStat = new UserStatus(username, authenticated, null, confidence);
//check authentication
if (!authenticated)
{
return(retVal);
}
//check roles in DB against requested role
if (!userData["role"].Equals(reqRole))
{
return(retVal);
}
//should this routine handle adminstrative levels and access keys
else if ((confidence.SimpleValue <= SSOConfidence.CompleteConfidence) &&
confidence.SimpleValue > SSOConfidence.NoConfidence)
{
retVal = 1;
}
// 0 = request denied
// 1 = lowest authorization give requested role only
// 2 = give requested role and add to other roles
return(retVal);
}
/// <summary>
/// Check for existence and then content of our cookie and the information contained therein
/// </summary>
/// <param name="context">the HTTP context object of this request</param>
/// <param name="confidenceIn">Accumulating the confidence values</param>
/// <returns></returns>
public SSOConfidence CheckRequest(HttpContext context, SSOConfidence confidenceIn)
{
SSOConfidence retval = CheckInputs(context, confidenceIn);
if (retval.IsBadRequest())
{
return(retval);
}
int confidenceVal = 0;
//Check if we have cookies and if we have our cookie
//??? Will we ever want to check for other cookies?
if (CookieTools.HasIRCDACookie(context.Request.Cookies))
{
/*either High or PartialConfidence */
HttpCookie target = context.Request.Cookies[CookieTools.HobbesCookieName];
confidenceVal = calculateCookieConfidence(target);
}
else
{
confidenceVal = SSOConfidence.NoConfidence;
}
retval.SimpleValue = confidenceVal;
if (confidenceIn != null)
{
retval = retval.Accumulate(confidenceIn);
}
return(retval);
}
/// <summary>
/// Apply all configured context checks for submittted context
/// </summary>
/// <param name="context"></param>
/// <returns>Confidence value</returns>
public static SSOConfidence CheckConfidences(HttpContext context)
{
/***
* Process for applying context checks to an incoming request and
* to calculate a confidence interval then handle the proper challenge
***/
//Initial checks:
// EndpointContext /*isEndpoint?setHighConfidence:NoConfidence */
// CookieContext /*isCookie?checkCoookie():setNoConfidence; calculateCookieConfidence() */
// NetworkContext /*networkId?checkCredential:calculateNetworkConfidence() */
List <IContextChecker> contextchecks = new List <IContextChecker>();
contextchecks.Add(new EndpointContext());
contextchecks.Add(new NetworkContext());
contextchecks.Add(new CookieContext());
SSOConfidence cumulativeConfidence = null; //@first there is no SSOConfidence(), one is created by checkRequest;
foreach (IContextChecker check in contextchecks)
{
cumulativeConfidence = check.CheckRequest(context, cumulativeConfidence);
}
//$$$ Get the confidence settings from the configuration file
// Confidence high = readConfigValue("HighConfidence") partialChallenge = readConfigValue("PartialConfidence"),
// fullChallenge == readConfigValue("NoConfidence")
// following provides route to failed login, partial login, full login */
//$$$ NiceToHave EvaluateConfidenceRules()
//$$$ NiceToHave RouteBasedOnConfidence()
return(cumulativeConfidence);
}
/// <summary>
/// Check request to see if the endpoint is trusted, add to confidence
/// </summary>
/// <param name="context">HttpContext object</param>
/// <param name="confidenceIn">any previous confidence numbers if any or null</param>
/// <returns></returns>
public SSOConfidence CheckRequest(HttpContext context, SSOConfidence confidenceIn)
{
//Inputs
SSOConfidence retval = CheckInputs(context, confidenceIn);
if (retval.IsBadRequest())
{
return(retval); //Don't bother with further processing, it'll break
}
int confidenceVal = 0;
if (IsURLanEndPoint(context))
{
confidenceVal = SSOConfidence.CompleteConfidence;
retval.Action = SSOConfidence.ProcessEndpoint; //ProcessDocument(endpoint);
}
else
{
confidenceVal = SSOConfidence.NoConfidence;
}
retval.SimpleValue = confidenceVal;
if (confidenceIn != null)
{
retval = retval.Accumulate(confidenceIn);
}
return(retval);
}
/// <summary>
/// Aggregate confidence and weights....
/// </summary>
/// <param name="confidence"></param>
/// <returns></returns>
public SSOConfidence Accumulate(SSOConfidence confidence)
{
/* clever algorithm for aggregating confidence and weights
* from external configuration goes here... */
confidence.SimpleValue += this.SimpleValue;
return(confidence);
}
/// <summary>
/// Make sure the key inputs to CheckRequest and other methods are OK
/// Returns an SSOConfidence object
/// </summary>
/// <param name="context"></param>
/// <param name="confidenceIn"></param>
/// <returns>Confidence object - new (copy) object </returns>
protected SSOConfidence CheckInputs(HttpContext context, SSOConfidence confidenceIn)
{
SSOConfidence retVal = confidenceIn != null ? new SSOConfidence(confidenceIn) : new SSOConfidence();
if (context.Request == null)
{
retVal.Action = SSOConfidence.BadRequest;
}
return(retVal);
}
/// <summary>
///Create a user status with the authentication state and cookie
/// </summary>
/// <param name="username"></param>
/// <param name="authenticated"></param>
/// <param name="cookie"></param>
/// <param name="confidence"></param>
public UserStatus(string username, bool authenticated, HttpCookie cookie, SSOConfidence confidence)
{
Authenticated = authenticated;
MyCookie = cookie;
Confidence = confidence;
Username = username;
UserManager userMgr = new UserManager();
userData = userData.Union(userMgr.GetUser(username)).ToDictionary(pair => pair.Key, pair => pair.Value);
}
/// <summary>
/// Copy Constructor - Be sure to add any new properties/fields!!!
/// </summary>
/// <param name="confidenceIn"></param>
public SSOConfidence(SSOConfidence confidenceIn)
{
SimpleValue = confidenceIn.SimpleValue;
Action = confidenceIn.Action;
}
