internal void Update(HttpWebRequest httpWebRequest) { if (this.Authorization != null) { this.PrepareState(httpWebRequest); ISessionAuthenticationModule module = this.Module as ISessionAuthenticationModule; if (module != null) { string challenge = httpWebRequest.AuthHeader(this.AuthenticateHeader); if (this.IsProxyAuth || (httpWebRequest.ResponseStatusCode != HttpStatusCode.ProxyAuthenticationRequired)) { bool complete = true; try { complete = module.Update(challenge, httpWebRequest); } catch (Exception) { this.ClearSession(httpWebRequest); if ((httpWebRequest.AuthenticationLevel == AuthenticationLevel.MutualAuthRequired) && (((httpWebRequest.CurrentAuthenticationState == null) || (httpWebRequest.CurrentAuthenticationState.Authorization == null)) || !httpWebRequest.CurrentAuthenticationState.Authorization.MutuallyAuthenticated)) { throw; } } this.Authorization.SetComplete(complete); } } if (((httpWebRequest.PreAuthenticate && (this.Module != null)) && (this.Authorization.Complete && this.Module.CanPreAuthenticate)) && (httpWebRequest.ResponseStatusCode != this.StatusCodeMatch)) { AuthenticationManager.BindModule(this.ChallengedUri, this.Authorization, this.Module); } } }
// // gives the IAuthenticationModule a chance to update its internal state. // do any necessary cleanup and update the Complete status of the associated Authorization. // internal void Update(HttpWebRequest httpWebRequest) { // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " Authorization#" + ValidationHelper.HashString(Authorization) + " ResponseStatusCode:" + httpWebRequest.ResponseStatusCode.ToString()); if (Authorization != null) { PrepareState(httpWebRequest); ISessionAuthenticationModule myModule = Module as ISessionAuthenticationModule; if (myModule != null) { // // the whole point here is to complete the Security Context. Sometimes, though, // a bad cgi script or a bad server, could miss sending back the final blob. // in this case we won't be able to complete the handshake, but we'll have to clean up anyway. // string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() Complete:" + Authorization.Complete.ToString() + " Module:" + ValidationHelper.ToString(Module) + " challenge:" + ValidationHelper.ToString(challenge)); if (!IsProxyAuth && httpWebRequest.ResponseStatusCode == HttpStatusCode.ProxyAuthenticationRequired) { // // don't call Update on the module, since there's an ongoing // handshake and we don't need to update any state in such a case // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() skipping call to " + myModule.ToString() + ".Update() since we need to reauthenticate with the proxy"); } else { bool complete = true; try { complete = myModule.Update(challenge, httpWebRequest); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() returned complete:" + complete.ToString()); } catch (Exception exception) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception:" + exception.Message); ClearSession(httpWebRequest); } catch { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception: Non-CLS Compliant Exception"); ClearSession(httpWebRequest); } Authorization.SetComplete(complete); } } // // If authentication was successful, create binding between // the request and the authorization for future preauthentication // if (Module != null && Authorization.Complete && Module.CanPreAuthenticate && httpWebRequest.ResponseStatusCode != StatusCodeMatch) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() handshake is Complete calling BindModule()"); AuthenticationManager.BindModule(ChallengedUri, Authorization, Module); } } }
internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { if ((this.Authorization != null) && this.Authorization.Complete) { if (this.IsProxyAuth) { this.ClearAuthReq(httpWebRequest); } return(false); } if (authInfo == null) { return(false); } string challenge = httpWebRequest.AuthHeader(this.AuthenticateHeader); if (challenge == null) { if ((!this.IsProxyAuth && (this.Authorization != null)) && (httpWebRequest.ProxyAuthenticationState.Authorization != null)) { httpWebRequest.Headers.Set(this.AuthorizationHeader, this.Authorization.Message); } return(false); } this.PrepareState(httpWebRequest); try { this.Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception) { this.Authorization = null; this.ClearSession(httpWebRequest); throw; } if (this.Authorization == null) { return(false); } if (this.Authorization.Message == null) { this.Authorization = null; return(false); } this.UniqueGroupId = this.Authorization.ConnectionGroupId; try { httpWebRequest.Headers.Set(this.AuthorizationHeader, this.Authorization.Message); } catch { this.Authorization = null; this.ClearSession(httpWebRequest); throw; } return(true); }
internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { if ((this.Authorization != null) && this.Authorization.Complete) { if (this.IsProxyAuth) { this.ClearAuthReq(httpWebRequest); } return false; } if (authInfo == null) { return false; } string challenge = httpWebRequest.AuthHeader(this.AuthenticateHeader); if (challenge == null) { if ((!this.IsProxyAuth && (this.Authorization != null)) && (httpWebRequest.ProxyAuthenticationState.Authorization != null)) { httpWebRequest.Headers.Set(this.AuthorizationHeader, this.Authorization.Message); } return false; } this.PrepareState(httpWebRequest); try { this.Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception) { this.Authorization = null; this.ClearSession(httpWebRequest); throw; } if (this.Authorization == null) { return false; } if (this.Authorization.Message == null) { this.Authorization = null; return false; } this.UniqueGroupId = this.Authorization.ConnectionGroupId; try { httpWebRequest.Headers.Set(this.AuthorizationHeader, this.Authorization.Message); } catch { this.Authorization = null; this.ClearSession(httpWebRequest); throw; } return true; }
// // gives the IAuthenticationModule a chance to update its internal state. // do any necessary cleanup and update the Complete status of the associated Authorization. // internal void Update(HttpWebRequest httpWebRequest) { // // RAID#86753 // Microsoft: this is just a fix for redirection & kerberos. // we need to close the Context and call ISC() again with the final // blob returned from the server. to do this in general // we would probably need to change the IAuthenticationMdule interface and // add this Update() method. for now we just have it internally. // // actually this turns out to be quite handy for 2 more cases: // NTLM auth: we need to clear the connection group after we suceed to prevent leakage. // Digest auth: we need to support stale credentials, if we fail with a 401 and stale is true we need to retry. // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " Authorization#" + ValidationHelper.HashString(Authorization) + " ResponseStatusCode:" + httpWebRequest.ResponseStatusCode.ToString()); if (Authorization!=null) { PrepareState(httpWebRequest); ISessionAuthenticationModule myModule = Module as ISessionAuthenticationModule; if (myModule!=null) { // // the whole point here is to complete the Security Context. Sometimes, though, // a bad cgi script or a bad server, could miss sending back the final blob. // in this case we won't be able to complete the handshake, but we'll have to clean up anyway. // string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() Complete:" + Authorization.Complete.ToString() + " Module:" + ValidationHelper.ToString(Module) + " challenge:" + ValidationHelper.ToString(challenge)); if (!IsProxyAuth && httpWebRequest.ResponseStatusCode==HttpStatusCode.ProxyAuthenticationRequired) { // // don't call Update on the module, since there's an ongoing // handshake and we don't need to update any state in such a case // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() skipping call to " + myModule.ToString() + ".Update() since we need to reauthenticate with the proxy"); } else { bool complete = true; try { complete = myModule.Update(challenge, httpWebRequest); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() returned complete:" + complete.ToString()); } catch (Exception exception) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception:" + exception.Message); ClearSession(httpWebRequest); #if !FEATURE_PAL if ((httpWebRequest.AuthenticationLevel == AuthenticationLevel.MutualAuthRequired) && (httpWebRequest.CurrentAuthenticationState == null || httpWebRequest.CurrentAuthenticationState.Authorization == null || !httpWebRequest.CurrentAuthenticationState.Authorization.MutuallyAuthenticated)) { throw; } #endif // !FEATURE_PAL } Authorization.SetComplete(complete); } } // // If authentication was successful, create binding between // the request and the authorization for future preauthentication // if (httpWebRequest.PreAuthenticate && Module != null && Authorization.Complete && Module.CanPreAuthenticate && httpWebRequest.ResponseStatusCode != StatusCodeMatch) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() handshake is Complete calling BindModule()"); AuthenticationManager.BindModule(ChallengedUri, Authorization, Module); } } }
// // attempts to authenticate the request: // returns true only if it succesfully called into the AuthenticationManager // and got back a valid Authorization and succesfully set the appropriate auth headers // internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { // // Check for previous authentication attempts or the presence of credentials // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " AuthorizationHeader:" + AuthorizationHeader.ToString()); if (Authorization!=null && Authorization.Complete) { // // here the design gets "dirty". // if this is proxy auth, we might have been challenged by an external // server as well. in this case we will have to clear our previous proxy // auth state before we go any further. this will be broken if the handshake // requires more than one dropped connection (which NTLM is a border case for, // since it droppes the connection on the 1st challenge but not on the second) // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization!=null Authorization.Complete:" + Authorization.Complete.ToString()); if (IsProxyAuth) { // // so, we got passed a 407 but now we got a 401, the proxy probably // dropped the connection on us so we need to reset our proxy handshake // Consider: this should have been taken care by Update() // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() ProxyAuth cleaning up auth status"); ClearAuthReq(httpWebRequest); } return false; } if (authInfo==null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() authInfo==null Authorization#" + ValidationHelper.HashString(Authorization)); return false; } string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); if (challenge==null) { // // the server sent no challenge, but this might be the case // in which we're succeeding an authorization handshake to // a proxy while a handshake with the server is still in progress. // if the handshake with the proxy is complete and we actually have // a handshake with the server in progress we can send the authorization header for the server as well. // if (!IsProxyAuth && Authorization!=null && httpWebRequest.ProxyAuthenticationState.Authorization!=null) { httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge==null Authorization#" + ValidationHelper.HashString(Authorization)); return false; } // // if the AuthenticationManager throws on Authenticate, // bubble up that Exception to the user // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge:" + challenge); PrepareState(httpWebRequest); try { Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception exception) { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception:" + exception.Message); ClearSession(httpWebRequest); throw; } if (Authorization==null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization==null"); return false; } if (Authorization.Message==null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization.Message==null"); Authorization = null; return false; } UniqueGroupId = Authorization.ConnectionGroupId; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() AuthorizationHeader:" + AuthorizationHeader + " blob: " + Authorization.Message.Length + "bytes Complete:" + Authorization.Complete.ToString()); try { // // a "bad" module could try sending bad characters in the HTTP headers. // catch the exception from WebHeaderCollection.CheckBadChars() // fail the auth process // and return the exception to the user as InnerException // httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } catch { Authorization = null; ClearSession(httpWebRequest); throw; } return true; }
// // gives the IAuthenticationModule a chance to update its internal state. // do any necessary cleanup and update the Complete status of the associated Authorization. // internal void Update(HttpWebRequest httpWebRequest) { // // RAID#86753 // Microsoft: this is just a fix for redirection & kerberos. // we need to close the Context and call ISC() again with the final // blob returned from the server. to do this in general // we would probably need to change the IAuthenticationMdule interface and // add this Update() method. for now we just have it internally. // // actually this turns out to be quite handy for 2 more cases: // NTLM auth: we need to clear the connection group after we suceed to prevent leakage. // Digest auth: we need to support stale credentials, if we fail with a 401 and stale is true we need to retry. // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " Authorization#" + ValidationHelper.HashString(Authorization) + " ResponseStatusCode:" + httpWebRequest.ResponseStatusCode.ToString()); if (Authorization != null) { PrepareState(httpWebRequest); ISessionAuthenticationModule myModule = Module as ISessionAuthenticationModule; if (myModule != null) { // // the whole point here is to complete the Security Context. Sometimes, though, // a bad cgi script or a bad server, could miss sending back the final blob. // in this case we won't be able to complete the handshake, but we'll have to clean up anyway. // string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() Complete:" + Authorization.Complete.ToString() + " Module:" + ValidationHelper.ToString(Module) + " challenge:" + ValidationHelper.ToString(challenge)); if (!IsProxyAuth && httpWebRequest.ResponseStatusCode == HttpStatusCode.ProxyAuthenticationRequired) { // // don't call Update on the module, since there's an ongoing // handshake and we don't need to update any state in such a case // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() skipping call to " + myModule.ToString() + ".Update() since we need to reauthenticate with the proxy"); } else { bool complete = true; try { complete = myModule.Update(challenge, httpWebRequest); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() returned complete:" + complete.ToString()); } catch (Exception exception) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception:" + exception.Message); ClearSession(httpWebRequest); #if !FEATURE_PAL if ((httpWebRequest.AuthenticationLevel == AuthenticationLevel.MutualAuthRequired) && (httpWebRequest.CurrentAuthenticationState == null || httpWebRequest.CurrentAuthenticationState.Authorization == null || !httpWebRequest.CurrentAuthenticationState.Authorization.MutuallyAuthenticated)) { throw; } #endif // !FEATURE_PAL } Authorization.SetComplete(complete); } } // // If authentication was successful, create binding between // the request and the authorization for future preauthentication // if (httpWebRequest.PreAuthenticate && Module != null && Authorization.Complete && Module.CanPreAuthenticate && httpWebRequest.ResponseStatusCode != StatusCodeMatch) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() handshake is Complete calling BindModule()"); AuthenticationManager.BindModule(ChallengedUri, Authorization, Module); } } }
// // attempts to authenticate the request: // returns true only if it succesfully called into the AuthenticationManager // and got back a valid Authorization and succesfully set the appropriate auth headers // internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { // // Check for previous authentication attempts or the presence of credentials // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " AuthorizationHeader:" + AuthorizationHeader.ToString()); if (Authorization != null && Authorization.Complete) { // // here the design gets "dirty". // if this is proxy auth, we might have been challenged by an external // server as well. in this case we will have to clear our previous proxy // auth state before we go any further. this will be broken if the handshake // requires more than one dropped connection (which NTLM is a border case for, // since it droppes the connection on the 1st challenge but not on the second) // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization!=null Authorization.Complete:" + Authorization.Complete.ToString()); if (IsProxyAuth) { // // so, we got passed a 407 but now we got a 401, the proxy probably // dropped the connection on us so we need to reset our proxy handshake // Consider: this should have been taken care by Update() // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() ProxyAuth cleaning up auth status"); ClearAuthReq(httpWebRequest); } return(false); } if (authInfo == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() authInfo==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); if (challenge == null) { // // the server sent no challenge, but this might be the case // in which we're succeeding an authorization handshake to // a proxy while a handshake with the server is still in progress. // if the handshake with the proxy is complete and we actually have // a handshake with the server in progress we can send the authorization header for the server as well. // if (!IsProxyAuth && Authorization != null && httpWebRequest.ProxyAuthenticationState.Authorization != null) { httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } // // if the AuthenticationManager throws on Authenticate, // bubble up that Exception to the user // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge:" + challenge); PrepareState(httpWebRequest); try { Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception exception) { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception:" + exception.Message); ClearSession(httpWebRequest); throw; } if (Authorization == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization==null"); return(false); } if (Authorization.Message == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization.Message==null"); Authorization = null; return(false); } UniqueGroupId = Authorization.ConnectionGroupId; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() AuthorizationHeader:" + AuthorizationHeader + " blob: " + Authorization.Message.Length + "bytes Complete:" + Authorization.Complete.ToString()); try { // // a "bad" module could try sending bad characters in the HTTP headers. // catch the exception from WebHeaderCollection.CheckBadChars() // fail the auth process // and return the exception to the user as InnerException // httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } catch { Authorization = null; ClearSession(httpWebRequest); throw; } return(true); }
// // gives the IAuthenticationModule a chance to update its internal state. // do any necessary cleanup and update the Complete status of the associated Authorization. // internal void Update(HttpWebRequest httpWebRequest) { // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " Authorization#" + ValidationHelper.HashString(Authorization) + " ResponseStatusCode:" + httpWebRequest.ResponseStatusCode.ToString()); if (Authorization!=null) { PrepareState(httpWebRequest); ISessionAuthenticationModule myModule = Module as ISessionAuthenticationModule; if (myModule!=null) { // // the whole point here is to complete the Security Context. Sometimes, though, // a bad cgi script or a bad server, could miss sending back the final blob. // in this case we won't be able to complete the handshake, but we'll have to clean up anyway. // string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() Complete:" + Authorization.Complete.ToString() + " Module:" + ValidationHelper.ToString(Module) + " challenge:" + ValidationHelper.ToString(challenge)); if (!IsProxyAuth && httpWebRequest.ResponseStatusCode==HttpStatusCode.ProxyAuthenticationRequired) { // // don't call Update on the module, since there's an ongoing // handshake and we don't need to update any state in such a case // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() skipping call to " + myModule.ToString() + ".Update() since we need to reauthenticate with the proxy"); } else { bool complete = true; try { complete = myModule.Update(challenge, httpWebRequest); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() returned complete:" + complete.ToString()); } catch (Exception exception) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception:" + exception.Message); ClearSession(httpWebRequest); } catch { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception: Non-CLS Compliant Exception"); ClearSession(httpWebRequest); } Authorization.SetComplete(complete); } } // // If authentication was successful, create binding between // the request and the authorization for future preauthentication // if (Module != null && Authorization.Complete && Module.CanPreAuthenticate && httpWebRequest.ResponseStatusCode!=StatusCodeMatch) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() handshake is Complete calling BindModule()"); AuthenticationManager.BindModule(ChallengedUri, Authorization, Module); } } }
// // attempts to authenticate the request: // returns true only if it succesfully called into the AuthenticationManager // and got back a valid Authorization and succesfully set the appropriate auth headers // internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { // // Check for previous authentication attempts or the presence of credentials // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " AuthorizationHeader:" + AuthorizationHeader.ToString()); if (Authorization!=null && Authorization.Complete) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization!=null Authorization.Complete:" + Authorization.Complete.ToString()); if (IsProxyAuth) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() ProxyAuth cleaning up auth status"); ClearAuthReq(httpWebRequest); } return false; } if (authInfo==null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() authInfo==null Authorization#" + ValidationHelper.HashString(Authorization)); return false; } string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); if (challenge==null) { // // the server sent no challenge, but this might be the case // in which we're succeeding an authorization handshake to // a proxy while a handshake with the server is still in progress. // if the handshake with the proxy is complete and we actually have // a handshake with the server in progress we can send the authorization header for the server as well. // if (!IsProxyAuth && Authorization!=null && httpWebRequest.ProxyAuthenticationState.Authorization!=null) { httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge==null Authorization#" + ValidationHelper.HashString(Authorization)); return false; } // // if the AuthenticationManager throws on Authenticate, // bubble up that Exception to the user // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge:" + challenge); PrepareState(httpWebRequest); try { Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception exception) { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception:" + exception.Message); ClearSession(httpWebRequest); throw; } catch { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception: Non-CLS Compliant Exception"); ClearSession(httpWebRequest); throw; } if (Authorization==null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization==null"); return false; } if (Authorization.Message==null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization.Message==null"); Authorization = null; return false; } UniqueGroupId = Authorization.ConnectionGroupId; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() AuthorizationHeader:" + AuthorizationHeader + " blob: " + Authorization.Message.Length + "bytes Complete:" + Authorization.Complete.ToString()); try { // // a "bad" module could try sending bad characters in the HTTP headers. // catch the exception from WebHeaderCollection.CheckBadChars() // fail the auth process // and return the exception to the user as InnerException // httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } catch { Authorization = null; ClearSession(httpWebRequest); throw; } return true; }
// // attempts to authenticate the request: // returns true only if it succesfully called into the AuthenticationManager // and got back a valid Authorization and succesfully set the appropriate auth headers // internal bool AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) { // // Check for previous authentication attempts or the presence of credentials // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " AuthorizationHeader:" + AuthorizationHeader.ToString()); if (Authorization != null && Authorization.Complete) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization!=null Authorization.Complete:" + Authorization.Complete.ToString()); if (IsProxyAuth) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() ProxyAuth cleaning up auth status"); ClearAuthReq(httpWebRequest); } return(false); } if (authInfo == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() authInfo==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); if (challenge == null) { // // the server sent no challenge, but this might be the case // in which we're succeeding an authorization handshake to // a proxy while a handshake with the server is still in progress. // if the handshake with the proxy is complete and we actually have // a handshake with the server in progress we can send the authorization header for the server as well. // if (!IsProxyAuth && Authorization != null && httpWebRequest.ProxyAuthenticationState.Authorization != null) { httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge==null Authorization#" + ValidationHelper.HashString(Authorization)); return(false); } // // if the AuthenticationManager throws on Authenticate, // bubble up that Exception to the user // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() challenge:" + challenge); PrepareState(httpWebRequest); try { Authorization = AuthenticationManager.Authenticate(challenge, httpWebRequest, authInfo); } catch (Exception exception) { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception:" + exception.Message); ClearSession(httpWebRequest); throw; } catch { Authorization = null; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::PreAuthIfNeeded() PreAuthenticate() returned exception: Non-CLS Compliant Exception"); ClearSession(httpWebRequest); throw; } if (Authorization == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization==null"); return(false); } if (Authorization.Message == null) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() Authorization.Message==null"); Authorization = null; return(false); } UniqueGroupId = Authorization.ConnectionGroupId; GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::AttemptAuthenticate() AuthorizationHeader:" + AuthorizationHeader + " blob: " + Authorization.Message.Length + "bytes Complete:" + Authorization.Complete.ToString()); try { // // a "bad" module could try sending bad characters in the HTTP headers. // catch the exception from WebHeaderCollection.CheckBadChars() // fail the auth process // and return the exception to the user as InnerException // httpWebRequest.Headers.Set(AuthorizationHeader, Authorization.Message); } catch { Authorization = null; ClearSession(httpWebRequest); throw; } return(true); }