public virtual HttpWebRequest CreateRightSideRequest(Stream inputBuffer)
{
_rightSideRequest = (HttpWebRequest)HttpWebRequest.Create(_application.GetRightSideUrl(_leftSideRequest));
_rightSideRequest.AllowAutoRedirect = false;
_rightSideRequest.Timeout = Settings.Default.RequestTimeoutSeconds * 1000;
_rightSideRequest.CookieContainer = new CookieContainer();
if (_application.Certificate != null)
{
_rightSideRequest.ClientCertificates.Add(_application.Certificate);
}
if (!_application.ByPass(_leftSideRequest.Url.AbsolutePath))
{
AuthorizationWebServiceProxy authorizationProxy =
new AuthorizationWebServiceProxy(_application.Directory.AuthorizationWebService);
string userName = _auth.UserId;
_authorization = authorizationProxy.GetAuthorization(_application.RootUrl, userName);
if (!Properties.Settings.Default.ProcessRequestWithoutAuthorization)
{
if (_authorization == null || _authorization == CustomAuthorization.NoAuthorization)
{
throw new AuthorizationException("No Authorization received.");
}
}
}
HeaderTransformer headerTransformer = new HeaderTransformer(_leftSideRequest,
_rightSideRequest,
IsSoap ? PvpTokenHandling.remove : _application.PvpInformationHandling,
_application.RootUrl,
_application.RemoteApplicationProxyPath,
_application.IsolateCookies,
_authorization == null ? null : _authorization.PvpVersion);
headerTransformer.Transform();
Dictionary <PvpAttributes, string> headersNames = null;
if (_authorization != null && _authorization.PvpVersion == PvpVersionNumber.Version19)
{
headersNames = s_ProxyHeaderNames19;
}
if (_authorization != null && (_authorization.PvpVersion == PvpVersionNumber.Version20 || _authorization.PvpVersion == PvpVersionNumber.Version21))
{
headersNames = s_ProxyHeaderNames20;
}
if (!IsSoap && headersNames != null)
{
_rightSideRequest.Headers.Add(headersNames[PvpAttributes.ORIG_SCHEME], _leftSideRequest.Url.Scheme);
int port = _leftSideRequest.Url.Port;
string portString = (port == 80 || port == 443) ? String.Empty : ":" + port.ToString();
_rightSideRequest.Headers.Add(headersNames[PvpAttributes.ORIG_HOST], _leftSideRequest.Url.Host + portString);
_rightSideRequest.Headers.Add(headersNames[PvpAttributes.ORIG_URI], _leftSideRequest.Url.AbsolutePath);
}
if (headersNames != null && String.IsNullOrEmpty(_leftSideRequest.Headers[headersNames[PvpAttributes.TXID]]))
{
_rightSideRequest.Headers.Add(headersNames[PvpAttributes.TXID], GetTxId());
}
_rightSideRequest.Method = _leftSideRequest.HttpMethod;
_rightSideRequest.AuthenticationLevel =
Egora.Stammportal.HttpReverseProxy.Properties.Settings.Default.AuthenticationLevel;
_rightSideRequest.UseDefaultCredentials = true;
if (_rightSideRequest.Proxy != null)
{
_rightSideRequest.Proxy.Credentials = CredentialCache.DefaultCredentials;
}
_rightSideRequest.PreAuthenticate = true;
if (_authorization != null && _authorization.HttpHeaders != null &&
_authorization != CustomAuthorization.NoAuthorization)
{
foreach (HttpHeader header in _authorization.HttpHeaders)
{
if (header != null)
{
_rightSideRequest.Headers.Add(header.Name, header.Value);
}
}
}
HandleRequestContent(inputBuffer);
return(_rightSideRequest);
}
public void PvpChainedTokenForSoapWithHeaderElementNoHeaderCollection()
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(
@"<S:Envelope
xmlns:S=""http://schemas.xmlsoap.org/soap/envelope/""
xmlns:wsa=""http://schemas.xmlsoap.org/ws/2002/03/addressing""
xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"">
<S:Header>
<wsse:Security>
<pvpToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd"">
<authenticate>
<participantId>AT:L6:1234789</participantId>
<userPrincipal>
<userId>[email protected]</userId>
<cn>Max Mustermann</cn>
<gvOuId>AT:GGA-60420:0815</gvOuId>
<ou>Meldeamt</ou>
<gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ>
<gvSecClass>2</gvSecClass>
<gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid>
<mail>[email protected]</mail>
<tel>+43 3155 5153</tel>
</userPrincipal>
</authenticate>
<authorize>
<role value=""Beispielrolle"">
<param>
<key>GKZ</key>
<value>60420</value>
</param>
</role>
</authorize></pvpToken>
</wsse:Security>
</S:Header>
<S:Body>
</S:Body>
</S:Envelope>");
CustomAuthorization authorization = new CustomAuthorization();
XmlDocument authDoc = new XmlDocument();
XmlElement authToken = authDoc.CreateElement("P:pvpToken", "http://egov.gv.at/pvp1.xsd");
authToken.SetAttribute("version", "1.9");
authToken.InnerXml =
@"<authenticate>
<participantId>AT:L6:1234789</participantId>
<systemPrincipal>
<userId>egovstar.appserv1.intra.xyz.gv.at</userId>
<cn>Anwendung 1 Register-Interface</cn>
<gvOuId>AT:L6:4711</gvOuId>
<ou>Fachabteilung 1B Informationstechnik</ou>
<gvOuOKZ>AT:L6-FA1B</gvOuOKZ>
<gvSecClass>2</gvSecClass>
</systemPrincipal>
</authenticate>
<authorize>
<role value=""Registerabfrage"" />
</authorize>";
authorization.SoapHeaderXmlFragment = authToken;
authorization.PvpVersion = "1.9";
SoapFilter filter = new SoapFilter(authorization, 1000, PvpTokenHandling.chain, null);
XmlElement pvpToken = filter.InsertAuthorization(doc, authorization);
Assert.IsNotNull(pvpToken);
string expectedValue = authToken.InnerXml + @"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate><participantId>AT:L6:1234789</participantId><userPrincipal><userId>[email protected]</userId><cn>Max Mustermann</cn><gvOuId>AT:GGA-60420:0815</gvOuId><ou>Meldeamt</ou><gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ><gvSecClass>2</gvSecClass><gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid><mail>[email protected]</mail><tel>+43 3155 5153</tel></userPrincipal></authenticate></pvpChainedToken>";
Assert.AreEqual(expectedValue, pvpToken.InnerXml);
XmlElement envelope = filter.SelectXmlElement(doc.DocumentElement, "Envelope",
"http://schemas.xmlsoap.org/soap/envelope/");
Assert.IsNotNull(envelope);
Assert.AreEqual(pvpToken.OuterXml, pvpToken.ParentNode.InnerXml);
}
public void PvpTokenWithChainedTokenForSoapWithoutHeaderElement()
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(
@"<S:Envelope
xmlns:P=""http://egov.gv.at/pvp1.xsd""
xmlns:S=""http://schemas.xmlsoap.org/soap/envelope/""
xmlns:wsa=""http://schemas.xmlsoap.org/ws/2002/03/addressing""
xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"">
<S:Body>
</S:Body>
</S:Envelope>");
CustomAuthorization authorization = new CustomAuthorization();
XmlDocument authDoc = new XmlDocument();
XmlElement authToken = authDoc.CreateElement("P:pvpToken", "http://egov.gv.at/pvp1.xsd");
authToken.SetAttribute("version", "1.9");
authToken.InnerXml =
@"<authenticate>
<participantId>AT:L6:994</participantId>
<systemPrincipal>
<userId>egovstar.appserv1.intra.xyz.gv.at</userId>
<cn>Anwendung 1 Register-Interface</cn>
<gvOuId>AT:L6:4711</gvOuId>
<ou>Fachabteilung 1B Informationstechnik</ou>
<gvOuOKZ>AT:L6-FA1B</gvOuOKZ>
<gvSecClass>2</gvSecClass>
</systemPrincipal>
</authenticate>
<authorize>
<role value=""Registerabfrage""/>
</authorize>
<pvpChainedToken>
<authenticate>
<userPrincipal>
<userId>[email protected]</userId>
<cn>F. Meier</cn>
<gvOuId>AT:L6:1299</gvOuId>
<ou>L6AL-F2/c</ou>
<mail>[email protected]</mail>
<tel>[email protected]</tel>
<gvSecClass>2</gvSecClass>
<gvGid>AT:B:0:UhO5RG++klaOTsVY+CU=</gvGid>
<gvFunction>SB</gvFunction>
</userPrincipal>
</authenticate>
<authorize>
<role value=""ZMR-Fremdenbehoerdenanfrage"">
<param>
<key>GKZ</key>
<value>60100</value>
</param>
</role>
</authorize>
</pvpChainedToken>
";
authorization.SoapHeaderXmlFragment = authToken;
SoapFilter filter = new SoapFilter(null, 1000, PvpTokenHandling.remove, null);
XmlElement pvpToken = filter.InsertAuthorization(doc, authorization);
Assert.IsNotNull(pvpToken);
Assert.AreEqual(authToken.InnerXml, pvpToken.InnerXml);
XmlElement envelope = filter.SelectXmlElement(doc.DocumentElement, "Envelope",
"http://schemas.xmlsoap.org/soap/envelope/");
Assert.IsNotNull(envelope);
Assert.AreEqual(pvpToken.OuterXml, pvpToken.ParentNode.InnerXml);
}
public void PvpChainedTokenForSoapWithHeaderElementAndHeaderCollection()
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(
@"<S:Envelope
xmlns:P=""http://egov.gv.at/pvp1.xsd""
xmlns:S=""http://schemas.xmlsoap.org/soap/envelope/""
xmlns:wsa=""http://schemas.xmlsoap.org/ws/2002/03/addressing""
xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"">
<S:Header>
</S:Header>
<S:Body>
</S:Body>
</S:Envelope>");
CustomAuthorization authorization = new CustomAuthorization();
XmlDocument authDoc = new XmlDocument();
XmlElement authToken = authDoc.CreateElement("P:pvpToken", "http://egov.gv.at/pvp1.xsd");
authToken.SetAttribute("version", "1.9");
authToken.InnerXml =
@"<authenticate>
<participantId>AT:L6:1234789</participantId>
<systemPrincipal>
<userId>egovstar.appserv1.intra.xyz.gv.at</userId>
<cn>Anwendung 1 Register-Interface</cn>
<gvOuId>AT:L6:4711</gvOuId>
<ou>Fachabteilung 1B Informationstechnik</ou>
<gvOuOKZ>AT:L6-FA1B</gvOuOKZ>
<gvSecClass>2</gvSecClass>
</systemPrincipal>
</authenticate>
<authorize>
<role value=""Registerabfrage""/>
</authorize>";
authorization.SoapHeaderXmlFragment = authToken;
NameValueCollection headers = new NameValueCollection()
{
{ "X-Version", "1.9" },
{ "X-AUTHENTICATE-participantId", "AT:L6:1234789" },
{ "X-AUTHENTICATE-UserId", "*****@*****.**" },
{ "X-AUTHENTICATE-cn", "Max Mustermann" },
{ "X-AUTHENTICATE-gvGid", "AT:B:0:LxXnvpcYZesiqVXsZG0bB==" },
{ "X-AUTHENTICATE-gvOuId", "AT:GGA-60420:0815" },
{ "X-AUTHENTICATE-Ou", "Meldeamt" },
{ "X-AUTHENTICATE-gvOuOKZ", "AT:GGA-60420-Abt13" },
{ "X-AUTHENTICATE-mail", "*****@*****.**" },
{ "X-AUTHENTICATE-tel", "+43 3155 5153" },
{ "X-AUTHENTICATE-gvSecClass", "2" },
{ "X-AUTHORIZE-roles", "Beispielrolle(GKZ=60420)" },
};
SoapFilter filter = new SoapFilter(null, 1000, PvpTokenHandling.chain, headers);
XmlElement pvpToken = filter.InsertAuthorization(doc, authorization);
Assert.IsNotNull(pvpToken);
string expectedValue = authToken.InnerXml + @"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate><participantId>AT:L6:1234789</participantId>" +
"<userPrincipal>" + "<userId>[email protected]</userId>" + "<cn>Max Mustermann</cn>" + "<gvOuId>AT:GGA-60420:0815</gvOuId>" + "<ou>Meldeamt</ou>" + "<gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ>" +
"<mail>[email protected]</mail>" + "<tel>+43 3155 5153</tel>" + "<gvSecClass>2</gvSecClass>" + "<gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid>" + "</userPrincipal></authenticate><authorize>" +
@"<role value=""Beispielrolle""><param><key>GKZ</key><value>60420</value></param></role>" + "</authorize></pvpChainedToken>";
Assert.IsTrue(pvpToken.InnerXml.StartsWith(authToken.InnerXml + @"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate>"));
string participant = pvpToken.InnerXml.Substring(pvpToken.InnerXml.IndexOf(@"<pvpChainedToken version=""1.9"" xmlns=""http://egov.gv.at/pvp1.xsd""><authenticate><participantId>") + 80);
Assert.IsTrue(participant.StartsWith("<participantId>AT:L6:1234789</participantId>"));
string userPrincipal = participant.Substring(participant.IndexOf("<userPrincipal>"));
Assert.IsTrue(userPrincipal.Contains("<userId>[email protected]</userId>"));
Assert.IsTrue(userPrincipal.Contains("<cn>Max Mustermann</cn>"));
Assert.IsTrue(userPrincipal.Contains("<gvOuId>AT:GGA-60420:0815</gvOuId>"));
Assert.IsTrue(userPrincipal.Contains("<ou>Meldeamt</ou>"));
Assert.IsTrue(userPrincipal.Contains("<gvOuOKZ>AT:GGA-60420-Abt13</gvOuOKZ>"));
Assert.IsTrue(userPrincipal.Contains("<mail>[email protected]</mail>"));
Assert.IsTrue(userPrincipal.Contains("<tel>+43 3155 5153</tel>"));
Assert.IsTrue(userPrincipal.Contains("<gvSecClass>2</gvSecClass>"));
Assert.IsTrue(userPrincipal.Contains("<gvGid>AT:B:0:LxXnvpcYZesiqVXsZG0bB==</gvGid>"));
string roles = userPrincipal.Substring(userPrincipal.IndexOf("</userPrincipal></authenticate><authorize>") + 42);
Assert.IsTrue(roles.Contains(@"<role value=""Beispielrolle""><param><key>GKZ</key><value>60420</value></param></role>"));
XmlElement envelope = filter.SelectXmlElement(doc.DocumentElement, "Envelope",
"http://schemas.xmlsoap.org/soap/envelope/");
Assert.IsNotNull(envelope);
Assert.AreEqual(pvpToken.OuterXml, pvpToken.ParentNode.InnerXml);
}
protected bool IsInRole(String roleNames)
{
return(CustomAuthorization.IsInRole(roleNames));
}
