public static bool IsValid() { return(ViewAsPublisher.IsValid(ViewAsPublisher.GetPublisherID())); }
/// **************************************************************** /// protected OnInit /// ---------------------------------------------------------------- /// <summary> /// Initializes the security control. /// </summary> /// **************************************************************** /// protected override void OnInit(EventArgs e) { // // Check to make sure config settings are fresh. // Config.CheckForUpdate(); // // Check to see if the server has been manually stopped. // if (0 == Config.GetInt("Run", 1)) { #if never throw new UDDIException( ErrorType.E_busy, "UDDI Services are currently unavailable."); #endif throw new UDDIException(ErrorType.E_busy, "UDDI_ERROR_SERVICES_NOT_AVAILABLE"); } int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Windows); // // TODO: This code should be simplified to simple if statements. // It is obviously old code that needs to be updated. // if ((mode & (int)AuthenticationMode.Passport) != 0) { // // SECURITY: Passport.TimeWindow should be the same // timeout as API authentication. // passport = (PassportIdentity)Context.User.Identity; timeWindow = Config.GetInt("Passport.TimeWindow", 14400); string thisUrl = (Request.IsSecureConnection ? "https://" : "http://") + Request.ServerVariables["SERVER_NAME"] + Request.ServerVariables["SCRIPT_NAME"]; if (Utility.StringEmpty(ReturnUrl)) { ReturnUrl = thisUrl; } // // If the user just logged in, clean up the query string by redirecting // to this page. // if (passport.GetFromNetworkServer) { Response.Redirect(thisUrl); } // // Check to see if the current role is more that a passport user // can do. // if (AdminRequired || CoordinatorRequired) { // //Passport Users are not allowed in these areas. // #if never throw new UDDIException( ErrorType.E_unknownUser, "Access denied."); #endif throw new UDDIException( ErrorType.E_unknownUser, "UDDI_ERROR_ACCESS_DENIED"); } // // Check to see if the user is authenticated. // if (!passport.GetIsAuthenticated(timeWindow, ForceLogin, false)) { // // If the user already has a ticket, force them to re-enter // their password. // if (passport.HasTicket) { bool secure = Request.IsSecureConnection; // // Update this to AuthUrl2 when Passport .NET support is updated. // Response.Redirect(passport.AuthUrl(ReturnUrl, timeWindow, ForceLogin, "", 0, "", 0, secure)); } // // If login is required, redirect the user to the login page. // if (PublisherRequired) { Response.Redirect(LoginUrl + "?publish=true"); } } else { string userID = passport.HexPUID; // // Check to ensure that the passport UserID is not "" // if it is, force them to retype thier password // // if( ""==userID ) // Response.Redirect( LoginUrl ); string email = (string)passport.GetProfileObject("PreferredEmail"); UDDI.Context.User.SetPublisherRole(userID); if (PublisherRequired) { // // SECURITY: Is Validate the same as IsRegistered? // lucasm: no, Validate makes sure the registered publisher has validated // the email address they have supplied. IsRegistered checks to see // if we have added this uses to the publishers table. // int valid = Publisher.Validate(userID); if (50013 == valid) { // // Need to create a page that tells the // user to click the link in the email // Response.Redirect(LoginUrl); } else if (0 != valid) { Response.Redirect(LoginUrl); } Publisher publisher = new Publisher(); publisher.Login(userID, email); if (null == email) { email = publisher.Email; } // // TODO: this REALLY should be merged with the PublisherInfo class // in core!! // UDDI.Context.User.Name = publisher.Name; UDDI.Context.User.BindingLimit = publisher.BindingLimit; UDDI.Context.User.BusinessCount = publisher.BusinessCount; UDDI.Context.User.BusinessLimit = publisher.BusinessLimit; UDDI.Context.User.CompanyName = publisher.CompanyName; UDDI.Context.User.IsoLangCode = publisher.IsoLangCode; UDDI.Context.User.ServiceLimit = publisher.ServiceLimit; UDDI.Context.User.TModelCount = publisher.TModelCount; UDDI.Context.User.TModelLimit = publisher.TModelLimit; } // // Save the credentials for the authenticated user. // UDDI.Context.User.ID = userID; UDDI.Context.User.Email = email; } } else { WindowsPrincipal principal = (WindowsPrincipal)HttpContext.Current.User; UDDI.Context.User.SetRole(principal); UDDI.Context.User.Name = principal.Identity.Name; if (UserRequired && !UDDI.Context.User.IsUser && (mode & (int)AuthenticationMode.AuthenticatedRead) != 0 || PublisherRequired && !UDDI.Context.User.IsPublisher || CoordinatorRequired && !UDDI.Context.User.IsCoordinator || AdminRequired && !UDDI.Context.User.IsAdministrator) { #if never throw new UDDIException( ErrorType.E_unknownUser, "Access denied."); #endif throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_ACCESS_DENIED"); } if (PublisherRequired || CoordinatorRequired || AdminRequired) { if (!UDDI.Context.User.IsRegistered) { if (1 == Config.GetInt("Security.AutoRegister", 0)) { UDDI.Context.User.TrackPassport = false; UDDI.Context.User.Verified = true; UDDI.Context.User.Register(); } else { #if never throw new UDDIException(UDDI.ErrorType.E_unknownUser, "User login failed"); #endif throw new UDDIException(UDDI.ErrorType.E_unknownUser, "UDDI_ERROR_USER_LOGIN_FAILED"); } } UDDI.Context.User.Login(); } } // // SECURITY: put this in the Windows Authentication block... not available // for Passport auth. // // If the user is a coordinator and they have a cookie indicating they are // impersonating another user, setup the user info in the current UDDI // context. // // // 734292 - Make sure the user is an administrator if they are trying to impersonate the system. // if (true == ViewAsPublisher.IsValid()) { UDDI.Context.User.ImpersonatorID = UDDI.Context.User.ID; UDDI.Context.User.ID = ViewAsPublisher.GetPublisherID(); } }