public DispositionReport DiscardAuthToken(DiscardAuthToken dat) { Debug.Enter(); DispositionReport dr = new DispositionReport(); try { if ((Config.GetInt("Security.AuthenticationMode") == (int)AuthenticationMode.Passport)) { PassportAuthenticator authenticator = new PassportAuthenticator(); authenticator.Authenticate(dat.AuthInfo, Config.GetInt("Security.TimeOut")); // // Call to the database to update the user status to logged off. // SqlCommand cmd = new SqlCommand("ADM_setPublisherStatus", ConnectionManager.GetConnection()); cmd.Transaction = ConnectionManager.GetTransaction(); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add(new SqlParameter("@PUID", SqlDbType.NVarChar, UDDI.Constants.Lengths.UserID)).Direction = ParameterDirection.Input; cmd.Parameters.Add(new SqlParameter("@publisherStatus", SqlDbType.NVarChar, UDDI.Constants.Lengths.PublisherStatus)).Direction = ParameterDirection.Input; SqlParameterAccessor paramacc = new SqlParameterAccessor(cmd.Parameters); paramacc.SetString("@PUID", Context.User.ID); paramacc.SetString("@publisherStatus", "loggedOut"); cmd.ExecuteNonQuery(); } } catch (Exception e) { DispositionReport.Throw(e); } return(dr); }
// // What follows is the logic for selection of the authentication algorithm // Enjoy boys and girls // // Bit 3 - Anonymous User // Bit 2 - UDDI Authentication Mode // Bit 1 - Windows Authentication Mode // Bit 0 - Ticket Present // | // | Authentication Module Used // 0000 X // 0001 X // 0010 Windows // 0011 Exception ( UDDI authentication turned off ) // 0100 UDDI ( will fail authentication due to invalid credentials ) // 0101 UDDI // 0110 Windows // 0111 UDDI // 1000 X // 1001 X // 1010 Exception UDDI authentication turned off // 1011 Exception "" // 1100 UDDI ( will fail authentication due to invalid credentials ) // 1101 UDDI // 1110 UDDI ( will fail authentication due to invalid credentials ) // 1111 UDDI // // // Reduction Work // // A - Anonymous User // B - UDDI Authentication Mode // C - Windows Authentication Mode // D - Ticket Present // // Key // e - throw exception invalid configuration // x - invalid state // w - windows authentication // u - uddi authentication // // CD // AB 00 01 11 10 // 00 x x e w // 01 u u u w // 11 u u u u // 10 x x e e // // if( !A && C && !D ) // w - windows authentication // else if( B ) // u - uddi authentication // else // throw exception // private void Authenticate(SoapMessage message) { Debug.Enter(); IAuthenticateable authenticate = (IAuthenticateable)message.GetInParameterValue(0); //WindowsIdentity identity = (WindowsIdentity)HttpContext.Current.User.Identity; IIdentity identity = HttpContext.Current.User.Identity; int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both); if (mode == (int)AuthenticationMode.Passport) { if (identity is PassportIdentity) { string ticket = authenticate.AuthInfo.Trim(); // // Authentication the user using the attached passport ticket // PassportAuthenticator pa = new PassportAuthenticator(); pa.Authenticate(ticket, Config.GetInt("Security.TimeOut", 60)); } else { throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_FATALERROR_PASSPORTBADCONFIG"); } Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Passport based authentication Identity is " + identity.Name); } else if (!((WindowsIdentity)identity).IsAnonymous && ((mode & (int)AuthenticationMode.Windows) != 0) && Utility.StringEmpty(authenticate.AuthInfo)) { /* 0X10 Case */ // // Authenticate the user using the currently impersonated credentials // WindowsAuthenticator wa = new WindowsAuthenticator(); wa.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60)); Debug.Write(SeverityType.Info, CategoryType.Soap, "Authenticated user: using Windows based authentication Identity is " + identity.Name); } else if ((mode & (int)AuthenticationMode.Uddi) != 0) { /* X1XX Case for leftovers */ // // If windows authentication is turned off or the Debug.Write(SeverityType.Info, CategoryType.Soap, "Anonymous user: using UDDI authentication"); // // Authenticate the user using the authToken // UDDIAuthenticator ua = new UDDIAuthenticator(); ua.Authenticate(authenticate.AuthInfo, Config.GetInt("Security.TimeOut", 60)); } else { // // Throw exception for the rest // throw new UDDIException(UDDI.ErrorType.E_unsupported, "UDDI_ERROR_UNSUPPORTED_BADAUTHENTICATIONCONFIG"); } // // Check to make sure the authenticated user has publisher credentials // Debug.Verify(Context.User.IsPublisher, "UDDI_ERROR_FATALERROR_USERNOPUBLISHERCRED", UDDI.ErrorType.E_fatalError, Context.User.ID); // // The server can be configured for automatic registration of publishers with credentials // if (!Context.User.IsRegistered) { if (1 == Config.GetInt("Security.AutoRegister", 0)) { // // Mark the user as verified. // Context.User.TrackPassport = false; Context.User.Verified = true; Context.User.Register(); } else { throw new UDDIException(UDDI.ErrorType.E_unknownUser, "UDDI_ERROR_UNKNOWNUSER_NOTREGISTERED"); } } Context.User.Login(); #if DEBUG Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + System.Threading.Thread.CurrentPrincipal.Identity.Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsAdministrator = " + Context.User.IsAdministrator); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsCoordinator = " + Context.User.IsCoordinator); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsPublisher = " + Context.User.IsPublisher); Debug.Write(SeverityType.Info, CategoryType.Soap, "IsUser = " + Context.User.IsUser); #endif Debug.Leave(); }
public AuthToken GetAuthToken(GetAuthToken gat) { Debug.Enter(); AuthToken at = new AuthToken(); try { // // XX-SECURITY: Review the value here in the case where we use // XX-this with a web.config with Authentication set to None or Passport // // // NOW: We now Get a Generic Identity. If the AuthenticationMode is AuthenticationMode.Passport (8), // we make sure the Identity is a PassportIdentity, then we authenticate. If AuthenticationMode // is Not set to AuthenticationMode.Passport, then process it as a WindowsIdentity. // // IIdentity identity = HttpContext.Current.User.Identity; int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Both); if (((int)AuthenticationMode.Passport) == mode) { if (identity is PassportIdentity) { Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Passport based authentication Identity is " + gat.UserID); PassportAuthenticator pa = new PassportAuthenticator(); // // Get a Passport ticket for this user. // if (!pa.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo)) { // throw new UDDIException( ErrorType.E_unknownUser, "User failed authentication." ) ; throw new UDDIException(ErrorType.E_unknownUser, "USER_FAILED_AUTHENTICATION"); } // // We need to extract the PUID from the ticket and put it into our Context.UserInfo.ID; a // successfull call to Authenticate will do all of this. // if (!pa.Authenticate(at.AuthInfo, UDDI.Constants.Passport.TimeWindow)) { throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_USER_FAILED_AUTHENTICATION"); } // // Make sure this Passport user has registered with our UDDI site as a publisher. // if (!Context.User.IsVerified) { // throw new UDDIException( ErrorType.E_unknownUser, "Not a valid publisher." ) ; throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_NOT_A_VALID_PUBLISHER"); } } else { #if never throw new UDDIException(ErrorType.E_fatalError, "CONFIGURATION ERROR: Passport Identity Expected. \r\n" + "You are currently running in Passport Authentication Mode. \r\n" + "Check your web.config for the <authentication mode=\"Passport\" /> entry and try again."); #endif throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_PASSPORT_CONFIGURATION_ERROR"); } } // // SECURITY: Check to make sure the password is blank too // else if (!((WindowsIdentity)identity).IsAnonymous && ((mode & (int)AuthenticationMode.Windows) != 0) && Utility.StringEmpty(gat.UserID)) { Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Windows based authentication Identity is " + identity.Name); WindowsAuthenticator wa = new WindowsAuthenticator(); wa.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo); } else if ((mode & (int)AuthenticationMode.Uddi) != 0) { Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for UDDI based authentication"); UDDIAuthenticator ua = new UDDIAuthenticator(); ua.GetAuthenticationInfo(gat.UserID, gat.Cred, out at.AuthInfo); } else { // throw new UDDIException( UDDI.ErrorType.E_unsupported, //"The UDDI server is not configured to support the requested form of authentication." ); throw new UDDIException(UDDI.ErrorType.E_unsupported, "UDDI_ERROR_AUTHENTICATION_CONFIGURATION_ERROR"); } Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + System.Threading.Thread.CurrentPrincipal.Identity.Name); Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name); // // Check to make sure the authenticated user has publisher credentials // #if never Debug.Verify(Context.User.IsPublisher, "The user account " + Context.User.ID + " does not have publisher credentials", UDDI.ErrorType.E_fatalError); #endif Debug.Verify(Context.User.IsPublisher, "UDDI_ERROR_NO_PUBLISHER_CREDENTIALS", UDDI.ErrorType.E_fatalError, Context.User.ID); Debug.Write( SeverityType.Info, CategoryType.Authorization, "Authenticated user (userid = " + gat.UserID + " )"); } catch (Exception e) { DispositionReport.Throw(e); } return(at); }