/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } var ranges = IPAddressRange.GetConfiguredRanges(m_sectionName).ToList(); if (ranges.Count == 0) { return BehaviorMethodAction.Stop; } bool isAllowed = false; foreach (var range in ranges) { if (range.IsInRange(serviceContext.GetHttpContext().Request.UserHostAddress)) { isAllowed = true; break; } } return isAllowed ? BehaviorMethodAction.Execute : BehaviorMethodAction.Stop; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } if (serviceContext.Cache == null) { throw new InvalidOperationException(Resources.Global.UnableToInitializeCache); } string remoteAddress = serviceContext.Request.ServerVariables.RemoteAddress; if (String.IsNullOrEmpty(remoteAddress)) { return BehaviorMethodAction.Execute; } string cacheKey = String.Concat("throttle-", serviceContext.Request.Url.GetLeftPart(UriPartial.Path), "-", remoteAddress); if (serviceContext.Cache.Contains(cacheKey)) { SetStatus((HttpStatusCode) 429, Resources.Global.TooManyRequests); return BehaviorMethodAction.Stop; } serviceContext.Cache.Add(cacheKey, true, DateTime.Now.AddMilliseconds(m_delayInMilliseconds), CachePriority.Low); return BehaviorMethodAction.Execute; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } if (RequiresSsl && AuthorizeConnection(serviceContext.Request) == BehaviorMethodAction.Stop) { SetStatusDescription(Resources.Global.HttpsRequiredStatusDescription); return BehaviorMethodAction.Stop; } AuthorizationHeader header; if (!AuthorizationHeaderParser.TryParse(serviceContext.Request.Headers.Authorization, serviceContext.Request.Headers.ContentCharsetEncoding, out header) || !AuthenticationType.Equals(header.AuthenticationType, StringComparison.OrdinalIgnoreCase)) { serviceContext.Response.SetStatus(HttpStatusCode.Unauthorized, Resources.Global.Unauthorized); GenerateAuthenticationHeader(serviceContext); return BehaviorMethodAction.Stop; } Credentials credentials = m_authorizationManager.GetCredentials(header.UserName); if (credentials == null || !String.Equals(header.Password, credentials.Password, StringComparison.Ordinal)) { GenerateAuthenticationHeader(serviceContext); return BehaviorMethodAction.Stop; } serviceContext.User = new GenericPrincipal(new GenericIdentity(header.UserName, AuthenticationType), credentials.GetRoles()); return BehaviorMethodAction.Execute; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } string userId, signatureHash; DateTime timestamp; if (!TryGetRequestedSignature(serviceContext.Request, out userId, out signatureHash, out timestamp) || String.IsNullOrWhiteSpace(userId) || String.IsNullOrWhiteSpace(signatureHash)) { serviceContext.Response.SetStatus(HttpStatusCode.Unauthorized, Global.Unauthorized); return BehaviorMethodAction.Stop; } if (!IsRequestedSignatureValid(serviceContext, signatureHash, timestamp)) { serviceContext.Response.SetStatus(HttpStatusCode.Unauthorized, Global.Unauthorized); return BehaviorMethodAction.Stop; } string hashedServerSignature = HashSignature(serviceContext.Request, userId, GenerateServerSignature(serviceContext, userId, timestamp)); return signatureHash == hashedServerSignature ? BehaviorMethodAction.Execute : BehaviorMethodAction.Stop; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } if (!serviceContext.Request.IsAjax) { return BehaviorMethodAction.Stop; } return BehaviorMethodAction.Execute; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } if (!serviceContext.Request.IsAjax) { SetStatus(HttpStatusCode.NotFound, Resources.Global.NotFound); return BehaviorMethodAction.Stop; } return BehaviorMethodAction.Execute; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { var sessionInfo = new SessionInfo(serviceContext.Request.Headers.TryGet("X-SpeechCycle-SmartCare-ApplicationID"), serviceContext.Request.Headers.TryGet("X-SpeechCycle-SmartCare-CustomerID"), serviceContext.Request.Headers.TryGet("X-SpeechCycle-SmartCare-SessionID"), serviceContext.Request.Headers.TryGet("X-SpeechCycle-SmartCare-CultureCode"), serviceContext.Request.Headers.TryGet("X-SpeechCycle-SmartCare-Environment")); if (String.IsNullOrEmpty(sessionInfo.ApplicationId) || String.IsNullOrEmpty(sessionInfo.CustomerId) || String.IsNullOrEmpty(sessionInfo.Environment) || sessionInfo.SessionId == Guid.Empty) { return BehaviorMethodAction.Stop; } serviceContext.Request.ResourceBag.SessionInfo = sessionInfo; return BehaviorMethodAction.Execute; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } if (EnableLoadBalancerSupport && !serviceContext.Request.IsSecure) { return BehaviorMethodAction.Stop; } if (!EnableLoadBalancerSupport && !String.Equals("https", serviceContext.Request.Url.Scheme, StringComparison.OrdinalIgnoreCase)) { return BehaviorMethodAction.Stop; } return BehaviorMethodAction.Execute; }
public void MethodAuthorizingContextShouldBePopulatedForPostHttpMethod() { var service = new TestService(); MethodInfo method = service.GetType().GetMethod("Post"); Assert.That(method, Is.Not.Null); var behaviorContext = new MethodAuthorizingContext(service, method); Assert.That(behaviorContext.Service, Is.SameAs(service)); Assert.That(behaviorContext.Method, Is.SameAs(method)); Assert.That(behaviorContext.GetServiceContractType(), Is.EqualTo(typeof(ITestService))); Assert.That(behaviorContext.GetServiceType(), Is.EqualTo(typeof(TestService))); Assert.That(behaviorContext.GetMethodName(), Is.EqualTo(method.Name)); var httpMethods = behaviorContext.GetSupportedHttpMethods().ToList(); Assert.That(httpMethods.Contains(HttpMethod.Get), Is.False); Assert.That(httpMethods.Contains(HttpMethod.Head), Is.False); Assert.That(httpMethods.Contains(HttpMethod.Post), Is.True); Assert.That(httpMethods.Contains(HttpMethod.Put), Is.False); Assert.That(httpMethods.Contains(HttpMethod.Patch), Is.False); Assert.That(httpMethods.Contains(HttpMethod.Delete), Is.False); }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } if (!serviceContext.IsAuthenticated) { SetStatusDescription(Resources.Global.Forbidden); return BehaviorMethodAction.Stop; } bool isInRole = IsUserInRole(serviceContext.User); if (!isInRole) { SetStatusDescription(Resources.Global.Forbidden); return BehaviorMethodAction.Stop; } return BehaviorMethodAction.Execute; }
void ISecureServiceBehavior.OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } if (OnMethodAuthorizing(serviceContext, behaviorContext) == BehaviorMethodAction.Stop) { HttpStatusCode statusCode = serviceContext.Response.GetStatusCode(); if (statusCode != HttpStatusCode.Unauthorized && statusCode != m_statusCode) { throw new HttpResponseException(m_statusCode, m_statusDescription); } throw new HttpResponseException(statusCode, serviceContext.Response.GetStatusDescription()); } HttpCachePolicyBase cache = serviceContext.GetHttpContext().Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback(CacheValidationHandler, new CacheValidationHandlerData(serviceContext, behaviorContext)); }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public override BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { if (serviceContext == null) { throw new ArgumentNullException("serviceContext"); } AuthorizationHeader header; if (!AuthorizationHeaderParser.TryParse(serviceContext.Request.Headers.Authorization, serviceContext.Request.Headers.ContentCharsetEncoding, out header) || !AuthenticationType.Equals(header.AuthenticationType, StringComparison.OrdinalIgnoreCase)) { serviceContext.Response.SetStatus(HttpStatusCode.Unauthorized, Resources.Global.Unauthorized); GenerateAuthenticationHeader(serviceContext, false); return BehaviorMethodAction.Stop; } Credentials credentials = m_authorizationManager.GetCredentials(header.UserName); if (credentials == null) { GenerateAuthenticationHeader(serviceContext, false); return BehaviorMethodAction.Stop; } Tuple<bool, bool> responseValidationResult = ValidateResponse(serviceContext, header, credentials); if (!responseValidationResult.Item1) { GenerateAuthenticationHeader(serviceContext, responseValidationResult.Item2); return BehaviorMethodAction.Stop; } serviceContext.User = new GenericPrincipal(new GenericIdentity(header.UserName, AuthenticationType), credentials.GetRoles()); return BehaviorMethodAction.Execute; }
/// <summary> /// Called during the authorization process before a service method or behavior is executed. /// </summary> /// <param name="serviceContext">The service context.</param> /// <param name="behaviorContext">The "method authorizing" behavior context.</param> /// <returns>A service method action.</returns> public virtual BehaviorMethodAction OnMethodAuthorizing(IServiceContext serviceContext, MethodAuthorizingContext behaviorContext) { return BehaviorMethodAction.Stop; }