public void ProcessRequest(HttpContext context)
{
var request = context.Request;
var response = context.Response;
VirtualFile vf = null;
var filePath = request.FilePath;
// Cross-Origin Resource Sharing (CORS)
if (!HttpHeaderTools.IsOriginHeaderAllowed())
{
AuthenticationHelper.ThrowForbidden(filePath);
}
if (HostingEnvironment.VirtualPathProvider.FileExists(filePath))
{
vf = HostingEnvironment.VirtualPathProvider.GetFile(filePath);
}
if (vf == null)
{
throw new HttpException(404, "File does not exist");
}
response.ClearContent();
// Set content type only if this is not a RepositoryFile, because the
// Open method of RepositoryFile will set the content type itself.
if (!(vf is RepositoryFile))
{
var extension = System.IO.Path.GetExtension(filePath);
context.Response.ContentType = MimeTable.GetMimeType(extension);
// add the necessary header for the css font-face rule
if (MimeTable.IsFontType(extension))
{
HttpHeaderTools.SetAccessControlHeaders();
}
}
// The bytes we write into the output stream will NOT be buffered and will be sent
// to the client immediately. This makes sure that the whole (potentially large)
// file is not loaded into the memory on the server.
response.BufferOutput = false;
using (var stream = vf.Open())
{
response.AppendHeader("Content-Length", stream.Length.ToString());
response.Clear();
// Let ASP.NET handle sending bytes to the client (avoid Flush).
stream.CopyTo(response.OutputStream);
}
}
public void OnAuthenticateRequest(object sender, EventArgs e)
{
var application = sender as HttpApplication;
var context = GetContext(sender); //HttpContext.Current;
var request = GetRequest(sender);
bool anonymAuthenticated;
var basicAuthenticated = DispatchBasicAuthentication(context, out anonymAuthenticated);
if (IsTokenAuthenticationRequested(request))
{
// Cross-Origin Resource Sharing (CORS)
if (!HttpHeaderTools.IsOriginHeaderAllowed())
{
AuthenticationHelper.ThrowForbidden("token auth");
}
if (request?.HttpMethod == "OPTIONS")
{
// set allowed methods and headers
HttpHeaderTools.SetPreflightResponse();
application?.CompleteRequest();
}
if (basicAuthenticated && anonymAuthenticated)
{
SnLog.WriteException(new UnauthorizedAccessException("Invalid user."));
context.Response.StatusCode = HttpResponseStatusCode.Unauthorized;
context.Response.Flush();
if (application?.Context != null)
{
application.CompleteRequest();
}
}
else
{
TokenAuthenticate(basicAuthenticated, context, application);
}
return;
}
// if it is a simple basic authentication case
if (basicAuthenticated)
{
return;
}
string authenticationType = null;
string repositoryPath = string.Empty;
// Get the current PortalContext
var currentPortalContext = PortalContext.Current;
if (currentPortalContext != null)
{
authenticationType = currentPortalContext.AuthenticationMode;
}
// default authentication mode
if (string.IsNullOrEmpty(authenticationType))
{
authenticationType = WebApplication.DefaultAuthenticationMode;
}
// if no site auth mode, no web.config default, then exception...
if (string.IsNullOrEmpty(authenticationType))
{
throw new ApplicationException(
"The engine could not determine the authentication mode for this request. This request does not belong to a site, and there was no default authentication mode set in the web.config.");
}
switch (authenticationType)
{
case "Windows":
EmulateWindowsAuthentication(application);
SetApplicationUser(application, authenticationType);
break;
case "Forms":
application.Context.User = null;
CallInternalOnEnter(sender, e);
SetApplicationUser(application, authenticationType);
break;
case "None":
// "None" authentication: set the Visitor Identity
application.Context.User = new PortalPrincipal(User.Visitor);
break;
default:
Site site = null;
var problemNode = Node.LoadNode(repositoryPath);
if (problemNode != null)
{
site = Site.GetSiteByNode(problemNode);
if (site != null)
{
authenticationType = site.GetAuthenticationType(application.Context.Request.Url);
}
}
var message = site == null
? string.Format(
HttpContext.GetGlobalResourceObject("Portal", "DefaultAuthenticationNotSupported") as string,
authenticationType)
: string.Format(
HttpContext.GetGlobalResourceObject("Portal", "AuthenticationNotSupportedOnSite") as string,
site.Name, authenticationType);
throw new NotSupportedException(message);
}
}