/// <summary>
        /// Performs the Raven authentication flow.
        /// </summary>
        /// <param name="filterContext"></param>
        public void Authorize(AuthorizationContext filterContext)
        {
            HttpRequestBase  request  = filterContext.HttpContext.Request;
            HttpResponseBase response = filterContext.HttpContext.Response;

            if (this.LoadIdentity(filterContext.HttpContext))
            {
                return;
            }

            // if this is not a POST request, then we can look for a response
            if (!request.HttpMethod.Equals("POST"))
            {
                // try to get the response
                String wlsResponse = request.Params[WLS_RESPONSE_PARAM];

                if (!String.IsNullOrWhiteSpace(wlsResponse))
                {
                    // parse the response data
                    RavenResponse ravenResponse = new RavenResponse(wlsResponse);

                    // if the server has indicated that authentication was successful,
                    // validate the response signature and set an authentication cookie
                    if (ravenResponse.Status == RavenStatus.OK)
                    {
                        if (!this.Validate(ravenResponse))
                        {
                            throw new RavenException("Failed to validate response signature.");
                        }

                        // create a Forms authentication ticket and cookie
                        this.CreateTicket(response, ravenResponse);

                        // redirect the user back to where they started
                        response.Redirect(ravenResponse.URL);
                    }
                    else
                    {
                        // check to see if there is a URL we should redirect the user to
                        // if not: throw an exception
                        if (String.IsNullOrWhiteSpace(this.errorURL))
                        {
                            throw new RavenResponseException(
                                      "Authentication failed: " + ravenResponse.Status.ToString(),
                                      ravenResponse.Status);
                        }

                        response.Redirect(this.errorURL + (Int32)ravenResponse.Status);
                    }

                    return;
                }
            }

            // if we end up here, then we don't have a Raven session
            RavenRequest ravenRequest = new RavenRequest();

            ravenRequest.Parameters.Add("url", request.Url.AbsoluteUri);

            // redirect the user so they can set one up
            response.Redirect(String.Format("{0}{1}{2}",
                                            this.baseURL, RAVEN_AUTHENTICATE, ravenRequest.ToString()));
        }
Exemplo n.º 2
0
        /// <summary>
        /// Performs the Raven authentication flow.
        /// </summary>
        /// <param name="filterContext"></param>
        public void Authorize(AuthorizationContext filterContext)
        {
            HttpRequestBase request = filterContext.HttpContext.Request;
            HttpResponseBase response = filterContext.HttpContext.Response;

            if (this.LoadIdentity(filterContext.HttpContext))
                return;

            // if this is not a POST request, then we can look for a response
            if (!request.HttpMethod.Equals("POST"))
            {
                // try to get the response
                String wlsResponse = request.Params[WLS_RESPONSE_PARAM];

                if (!String.IsNullOrWhiteSpace(wlsResponse))
                {
                    // parse the response data
                    RavenResponse ravenResponse = new RavenResponse(wlsResponse);

                    // if the server has indicated that authentication was successful,
                    // validate the response signature and set an authentication cookie
                    if (ravenResponse.Status == RavenStatus.OK)
                    {
                        if (!this.Validate(ravenResponse))
                            throw new RavenException("Failed to validate response signature.");

                        // create a Forms authentication ticket and cookie
                        this.CreateTicket(response, ravenResponse);

                        // redirect the user back to where they started
                        response.Redirect(ravenResponse.URL);
                    }
                    else
                    {
                        // check to see if there is a URL we should redirect the user to
                        // if not: throw an exception
                        if (String.IsNullOrWhiteSpace(this.errorURL))
                        {
                            throw new RavenResponseException(
                                "Authentication failed: " + ravenResponse.Status.ToString(), 
                                ravenResponse.Status);
                        }

                        response.Redirect(this.errorURL + (Int32)ravenResponse.Status);
                    }

                    return;
                }
            }
           
            // if we end up here, then we don't have a Raven session
            RavenRequest ravenRequest = new RavenRequest();
            ravenRequest.Parameters.Add("url", request.Url.AbsoluteUri);

            // redirect the user so they can set one up
            response.Redirect(String.Format("{0}{1}{2}",
                this.baseURL, RAVEN_AUTHENTICATE, ravenRequest.ToString()));
        }