private void TokenAccess(string accessHeadAndPayload, TokenManager tokenManager, HttpContextBase context)
{
if (!string.IsNullOrWhiteSpace(accessHeadAndPayload))
{
var authCookie = CookieHelper.GetCookie(context.Request, AccessSignatureCookieName);
if (authCookie == null)
{
throw new UnauthorizedAccessException("Missing access cookie.");
}
var accessSignature = authCookie.Value;
var tokenPrincipal = tokenManager.ValidateToken(accessHeadAndPayload + "." + accessSignature);
if (tokenPrincipal == null)
{
throw new UnauthorizedAccessException("Invalid access token.");
}
var userName = tokenManager.GetPayLoadValue(accessHeadAndPayload.Split(Convert.ToChar("."))[1], "name");
PortalPrincipal portalPrincipal;
using (AuthenticationHelper.GetSystemAccount())
{
portalPrincipal = AuthenticationHelper.LoadPortalPrincipal(userName);
}
AssertUserHasNotLoggedOut(tokenManager, portalPrincipal, accessHeadAndPayload);
using (AuthenticationHelper.GetSystemAccount())
{
context.User = portalPrincipal;
}
}
}
/// <summary>
/// Tells if the user has been logged out.
/// </summary>
/// <param name="tokenManager">TokenManager instance.</param>
/// <param name="userName">Name of the user to check.</param>
/// <param name="tokenheadAndPayload">the token head and payload value got from the client.</param>
/// <param name="portalPrincipal">Loaded PortalPrincipal of the user.</param>
private bool UserHasLoggedOut(TokenManager tokenManager, string userName, string tokenheadAndPayload, out PortalPrincipal portalPrincipal)
{
using (AuthenticationHelper.GetSystemAccount())
{
portalPrincipal = _logoutExecutor.LoadPortalPrincipalForLogout(userName);
}
return(UserHasLoggedOut(tokenManager, portalPrincipal, tokenheadAndPayload));
}
/// <summary>
/// Checks whether the user has logged out previously.
/// </summary>
/// <param name="tokenManager">TokenManager instance</param>
/// <param name="userName">name of the user to check</param>
/// <param name="tokenheadAndPayload">the token head and payload value got from client</param>
private void AssertUserHasNotLoggedOut(TokenManager tokenManager, string userName, string tokenheadAndPayload)
{
PortalPrincipal portalPrincipal;
using (AuthenticationHelper.GetSystemAccount())
{
portalPrincipal = _logoutExecutor.LoadPortalPrincipalForLogout(userName);
}
AssertUserHasNotLoggedOut(tokenManager, portalPrincipal, tokenheadAndPayload);
}
public bool DispatchBasicAuthentication(HttpContextBase context, out bool anonymAuthenticated)
{
anonymAuthenticated = false;
var authHeader = AuthenticationHelper.GetBasicAuthHeader();
if (authHeader == null || !authHeader.StartsWith("Basic "))
{
return(false);
}
var base64Encoded = authHeader.Substring(6); // 6: length of "Basic "
var bytes = Convert.FromBase64String(base64Encoded);
string[] userPass = Encoding.UTF8.GetString(bytes).Split(":".ToCharArray());
if (userPass.Length != 2)
{
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
return(true);
}
try
{
var username = userPass[0];
var password = userPass[1];
// Elevation: we need to load the user here, regardless of the current users permissions
using (AuthenticationHelper.GetSystemAccount())
{
if (AuthenticationHelper.IsUserValid(username, password))
{
context.User = AuthenticationHelper.LoadUserPrincipal(username);
}
else
{
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
}
}
}
catch (Exception e) // logged
{
SnLog.WriteException(e);
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
}
return(true);
}
private void TokenLogout(string accessHeadAndPayload, TokenManager tokenManager, HttpContextBase context)
{
if (!String.IsNullOrWhiteSpace(accessHeadAndPayload))
{
var authCookie = CookieHelper.GetCookie(context.Request, AccessSignatureCookieName);
if (authCookie == null)
{
throw new UnauthorizedAccessException("Missing access cookie.");
}
var accessSignature = authCookie.Value;
var principal = tokenManager.ValidateToken(accessHeadAndPayload + "." + accessSignature, false);
if (principal == null)
{
throw new UnauthorizedAccessException("Invalid access token.");
}
bool.TryParse(AuthenticationHelper.GetRequestParameterValue(context, "ultimateLogout"), out var ultimateLogout);
// ultimately log out only if the user has not been logged out already, if he has, just a local logout executes
if (ultimateLogout || Configuration.Security.DefaultUltimateLogout)
{
ultimateLogout = !UserHasLoggedOut(tokenManager, principal.Identity.Name, accessHeadAndPayload, out var portalPrincipal);
using (AuthenticationHelper.GetSystemAccount())
{
context.User = portalPrincipal;
}
}
_logoutExecutor?.Logout(ultimateLogout);
CookieHelper.DeleteCookie(context.Response, AccessSignatureCookieName);
CookieHelper.DeleteCookie(context.Response, AccessHeadAndPayloadCookieName);
CookieHelper.DeleteCookie(context.Response, RefreshSignatureCookieName);
context.Response.StatusCode = HttpResponseStatusCode.Ok;
}
}
