예제 #1
0
        /// <summary>
        /// This method will set the publisher ID to impersonate.
        /// </summary>
        /// <param name="publisherID"></param>
        /// <returns></returns>
        public static bool Set(string publisherID)
        {
            bool success = false;

            //
            // Make sure the name we are given is OK
            //
            if (true == ViewAsPublisher.IsValid(publisherID))
            {
                //
                // Remove any current cookies.
                //
                HttpContext.Current.Response.Cookies.Remove(ViewAsPublisher.name);

                //
                // Set the impersonation publisher ID in a cookie.
                //
                HttpCookie viewAsPublisher = new HttpCookie(name, publisherID);
                HttpContext.Current.Response.Cookies.Add(viewAsPublisher);

                success = true;
            }

            return(success);
        }
예제 #2
0
 public static bool IsValid()
 {
     return(ViewAsPublisher.IsValid(ViewAsPublisher.GetPublisherID()));
 }
예제 #3
0
        /// ****************************************************************
        ///   protected OnInit
        /// ----------------------------------------------------------------
        ///   <summary>
        ///		Initializes the security control.
        ///   </summary>
        /// ****************************************************************
        ///
        protected override void OnInit(EventArgs e)
        {
            //
            // Check to make sure config settings are fresh.
            //
            Config.CheckForUpdate();

            //
            // Check to see if the server has been manually stopped.
            //
            if (0 == Config.GetInt("Run", 1))
            {
#if never
                throw new UDDIException(
                          ErrorType.E_busy,
                          "UDDI Services are currently unavailable.");
#endif
                throw new UDDIException(ErrorType.E_busy, "UDDI_ERROR_SERVICES_NOT_AVAILABLE");
            }

            int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Windows);


            //
            // TODO:  This code should be simplified to simple if statements.
            //	It is obviously old code that needs to be updated.
            //
            if ((mode & (int)AuthenticationMode.Passport) != 0)
            {
                //
                // SECURITY: Passport.TimeWindow should be the same
                // timeout as API authentication.
                //
                passport = (PassportIdentity)Context.User.Identity;



                timeWindow = Config.GetInt("Passport.TimeWindow", 14400);

                string thisUrl = (Request.IsSecureConnection ? "https://" : "http://") +
                                 Request.ServerVariables["SERVER_NAME"] +
                                 Request.ServerVariables["SCRIPT_NAME"];

                if (Utility.StringEmpty(ReturnUrl))
                {
                    ReturnUrl = thisUrl;
                }

                //
                // If the user just logged in, clean up the query string by redirecting
                // to this page.
                //
                if (passport.GetFromNetworkServer)
                {
                    Response.Redirect(thisUrl);
                }

                //
                // Check to see if the current role is more that a passport user
                // can do.
                //
                if (AdminRequired || CoordinatorRequired)
                {
                    //
                    //Passport Users are not allowed in these areas.
                    //
#if never
                    throw new UDDIException(
                              ErrorType.E_unknownUser,
                              "Access denied.");
#endif
                    throw new UDDIException(
                              ErrorType.E_unknownUser,
                              "UDDI_ERROR_ACCESS_DENIED");
                }

                //
                // Check to see if the user is authenticated.
                //
                if (!passport.GetIsAuthenticated(timeWindow, ForceLogin, false))
                {
                    //
                    // If the user already has a ticket, force them to re-enter
                    // their password.
                    //
                    if (passport.HasTicket)
                    {
                        bool secure = Request.IsSecureConnection;

                        //
                        // Update this to AuthUrl2 when Passport .NET support is updated.
                        //
                        Response.Redirect(passport.AuthUrl(ReturnUrl, timeWindow, ForceLogin, "", 0, "", 0, secure));
                    }

                    //
                    // If login is required, redirect the user to the login page.
                    //
                    if (PublisherRequired)
                    {
                        Response.Redirect(LoginUrl + "?publish=true");
                    }
                }
                else
                {
                    string userID = passport.HexPUID;

                    //
                    // Check to ensure that the passport UserID is not ""
                    // if it is, force them to retype thier password
                    //
                    //	if( ""==userID )
                    //		Response.Redirect( LoginUrl );


                    string email = (string)passport.GetProfileObject("PreferredEmail");

                    UDDI.Context.User.SetPublisherRole(userID);

                    if (PublisherRequired)
                    {
                        //
                        // SECURITY: Is Validate the same as IsRegistered?
                        //   lucasm: no, Validate makes sure the registered publisher has validated
                        //       the email address they have supplied.  IsRegistered checks to see
                        //       if we have added this uses to the publishers table.
                        //
                        int valid = Publisher.Validate(userID);
                        if (50013 == valid)
                        {
                            //
                            // Need to create a page that tells the
                            // user to click the link in the email
                            //
                            Response.Redirect(LoginUrl);
                        }
                        else if (0 != valid)
                        {
                            Response.Redirect(LoginUrl);
                        }

                        Publisher publisher = new Publisher();
                        publisher.Login(userID, email);

                        if (null == email)
                        {
                            email = publisher.Email;
                        }

                        //
                        // TODO: this REALLY should be merged with the PublisherInfo class
                        // in core!!
                        //
                        UDDI.Context.User.Name          = publisher.Name;
                        UDDI.Context.User.BindingLimit  = publisher.BindingLimit;
                        UDDI.Context.User.BusinessCount = publisher.BusinessCount;
                        UDDI.Context.User.BusinessLimit = publisher.BusinessLimit;
                        UDDI.Context.User.CompanyName   = publisher.CompanyName;
                        UDDI.Context.User.IsoLangCode   = publisher.IsoLangCode;
                        UDDI.Context.User.ServiceLimit  = publisher.ServiceLimit;
                        UDDI.Context.User.TModelCount   = publisher.TModelCount;
                        UDDI.Context.User.TModelLimit   = publisher.TModelLimit;
                    }


                    //
                    // Save the credentials for the authenticated user.
                    //
                    UDDI.Context.User.ID    = userID;
                    UDDI.Context.User.Email = email;
                }
            }
            else
            {
                WindowsPrincipal principal = (WindowsPrincipal)HttpContext.Current.User;

                UDDI.Context.User.SetRole(principal);
                UDDI.Context.User.Name = principal.Identity.Name;

                if (UserRequired && !UDDI.Context.User.IsUser && (mode & (int)AuthenticationMode.AuthenticatedRead) != 0 ||
                    PublisherRequired && !UDDI.Context.User.IsPublisher ||
                    CoordinatorRequired && !UDDI.Context.User.IsCoordinator ||
                    AdminRequired && !UDDI.Context.User.IsAdministrator)
                {
#if never
                    throw new UDDIException(
                              ErrorType.E_unknownUser,
                              "Access denied.");
#endif
                    throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_ACCESS_DENIED");
                }

                if (PublisherRequired || CoordinatorRequired || AdminRequired)
                {
                    if (!UDDI.Context.User.IsRegistered)
                    {
                        if (1 == Config.GetInt("Security.AutoRegister", 0))
                        {
                            UDDI.Context.User.TrackPassport = false;
                            UDDI.Context.User.Verified      = true;

                            UDDI.Context.User.Register();
                        }
                        else
                        {
#if never
                            throw new UDDIException(UDDI.ErrorType.E_unknownUser,
                                                    "User login failed");
#endif
                            throw new UDDIException(UDDI.ErrorType.E_unknownUser, "UDDI_ERROR_USER_LOGIN_FAILED");
                        }
                    }

                    UDDI.Context.User.Login();
                }
            }

            //
            // SECURITY: put this in the Windows Authentication block... not available
            // for Passport auth.
            //
            // If the user is a coordinator and they have a cookie indicating they are
            // impersonating another user, setup the user info in the current UDDI
            // context.
            //

            //
            // 734292 - Make sure the user is an administrator if they are trying to impersonate the system.
            //
            if (true == ViewAsPublisher.IsValid())
            {
                UDDI.Context.User.ImpersonatorID = UDDI.Context.User.ID;
                UDDI.Context.User.ID             = ViewAsPublisher.GetPublisherID();
            }
        }