/// <summary> /// EndRequest is used to trigger the appropriate redirection. There are /// currently three scenarios that require special redirections. /// <list> /// <item> /// Request is unauthenticated and is being routed to the FormsLoginUrl /// (typically caused by UrlAuthorizationModule). This request needs to /// be intercepted to change the 'ReturnUrl' parameter to 'serviceName' /// </item> /// <item> /// Request contains a CAS ticket in the URL. This request needs to be /// redirected back to itself without the 'ticket' parameter in order to /// avoid potential infinite automatic ticket validation loops for when /// a the ticket in the URL has expired or was revoked and the Renew /// configuration parameter is set. /// </item> /// <item> /// Request is authenticated, but is not authorized to access the /// requested resource (by UrlAuthorizationModule). If the CAS is /// configured with a NotAuthorizedUrl, the request is redirected to /// that page. Otherwise, it is redirected to the CAS login page with /// a forced 'Renew' property (to prevent infinite redirect loops). /// </item> /// </list> /// </summary> /// <param name="sender">The HttpApplication that sent the request</param> /// <param name="e">Not used</param> private static void OnEndRequest(object sender, EventArgs e) { HttpContext context = HttpContext.Current; HttpRequest request = context.Request; if (RequestEvaluator.GetRequestIsAppropriateForCasAuthentication()) { logger.Debug("Starting EndRequest for " + request.RawUrl); if (RequestEvaluator.GetRequestRequiresGateway()) { logger.Info(" Performing Gateway Authentication"); CasAuthentication.GatewayAuthenticate(true); } else if (RequestEvaluator.GetUserDoesNotAllowSessionCookies()) { logger.Info(" Cookies not supported. Redirecting to Cookies Required Page"); CasAuthentication.RedirectToCookiesRequiredPage(); } else if (RequestEvaluator.GetRequestHasCasTicket()) { logger.Info(" Redirecting from login callback"); CasAuthentication.RedirectFromLoginCallback(); } else if (RequestEvaluator.GetRequestHasGatewayParameter()) { logger.Info(" Redirecting from failed gateway callback"); CasAuthentication.RedirectFromFailedGatewayCallback(); } else if (RequestEvaluator.GetRequestIsUnauthorized() && !String.IsNullOrEmpty(CasAuthentication.NotAuthorizedUrl)) { logger.Info(" Redirecting to Unauthorized Page"); CasAuthentication.RedirectToNotAuthorizedPage(); } else if (RequestEvaluator.GetRequestIsUnauthorized()) { logger.Info(" Redirecting to CAS Login Page (Unauthorized without NotAuthorizedUrl defined)"); CasAuthentication.RedirectToLoginPage(true); } else if (RequestEvaluator.GetRequestIsUnAuthenticated()) { logger.Info(" Redirecting to CAS Login Page"); CasAuthentication.RedirectToLoginPage(); } //Async post backs from UpdatePanels suppress the standard Forms Authentication redirect causing the above checks to fail. else if (RequestEvaluator.IsAsyncPostBackRequest() && !RequestEvaluator.CheckUrlAccessForCurrentPrincipal()) { context.Response.Redirect(UrlUtil.ConstructLoginRedirectUrl(false, CasAuthentication.Renew), false); } logger.Debug("Ending EndRequest for " + request.RawUrl); } else { logger.Debug("No EndRequest processing for " + request.RawUrl); } }
/// <summary> /// EndRequest is used to trigger the appropriate redirection. There are /// currently three scenarios that require special redirections. /// <list> /// <item> /// Request is unauthenticated and is being routed to the FormsLoginUrl /// (typically caused by UrlAuthorizationModule). This request needs to /// be intercepted to change the 'ReturnUrl' parameter to 'serviceName' /// </item> /// <item> /// Request contains a CAS ticket in the URL. This request needs to be /// redirected back to itself without the 'ticket' parameter in order to /// avoid potential infinite automatic ticket validation loops for when /// a the ticket in the URL has expired or was revoked and the Renew /// configuration parameter is set. /// </item> /// <item> /// Request is authenticated, but is not authorized to access the /// requested resource (by UrlAuthorizationModule). If the CAS is /// configured with a NotAuthorizedUrl, the request is redirected to /// that page. Otherwise, it is redirected to the CAS login page with /// a forced 'Renew' property (to prevent infinite redirect loops). /// </item> /// </list> /// </summary> /// <param name="sender">The HttpApplication that sent the request</param> /// <param name="e">Not used</param> private static void OnEndRequest(object sender, EventArgs e) { HttpContext context = HttpContext.Current; HttpRequest request = context.Request; if (RequestEvaluator.GetRequestIsAppropriateForCasAuthentication()) { logger.Debug("Starting EndRequest for " + request.RawUrl); if (RequestEvaluator.GetRequestRequiresGateway()) { logger.Info(" Performing Gateway Authentication"); CasAuthentication.GatewayAuthenticate(true); } else if (RequestEvaluator.GetUserDoesNotAllowSessionCookies()) { logger.Info(" Cookies not supported. Redirecting to Cookies Required Page"); CasAuthentication.RedirectToCookiesRequiredPage(); } else if (RequestEvaluator.GetRequestHasCasTicket()) { logger.Info(" Redirecting from login callback"); CasAuthentication.RedirectFromLoginCallback(); } else if (RequestEvaluator.GetRequestHasGatewayParameter()) { logger.Info(" Redirecting from failed gateway callback"); CasAuthentication.RedirectFromFailedGatewayCallback(); } else if (RequestEvaluator.GetRequestIsUnauthorized() && !String.IsNullOrEmpty(CasAuthentication.NotAuthorizedUrl)) { logger.Info(" Redirecting to Unauthorized Page"); CasAuthentication.RedirectToNotAuthorizedPage(); } else if (RequestEvaluator.GetRequestIsUnauthorized()) { logger.Info(" Redirecting to CAS Login Page (Unauthorized without NotAuthorizedUrl defined)"); CasAuthentication.RedirectToLoginPage(true); } else if (RequestEvaluator.GetRequestIsUnAuthenticated()) { logger.Info(" Redirecting to CAS Login Page"); CasAuthentication.RedirectToLoginPage(); } logger.Debug("Ending EndRequest for " + request.RawUrl); } else { logger.Debug("No EndRequest processing for " + request.RawUrl); } }