Exemplo n.º 1
        /// <summary>
        /// Validates the signature of a response.
        /// </summary>
        /// <param name="response"></param>
        private Boolean Validate(RavenResponse response)
            // find the public key corresponding to the key used by the
            // server to generate the response signature
            String key = String.Format("pubkey{0}", response.CertificateID);

            if (!this.certificates.ContainsKey(key))
                throw new RavenException("Couldn't find the public key needed to validate the response.");

            X509Certificate2 cert = this.certificates[key];

            // calculate a hash for the signature data:
            // 1. convert the signature data into bytes using the ASCII encoding
            // 2. calculate a SHA1 hash for the bytes
            SHA1Managed   sha1  = new SHA1Managed();
            ASCIIEncoding ascii = new ASCIIEncoding();

            Byte[] asciiHash = sha1.ComputeHash(ascii.GetBytes(response.SignatureData));

            // 3. validate this hash against the signature obtained from the response
            RSACryptoServiceProvider     csp = (RSACryptoServiceProvider)cert.PublicKey.Key;
            RSAPKCS1SignatureDeformatter def = new RSAPKCS1SignatureDeformatter(csp);


            return(def.VerifySignature(asciiHash, response.Signature));
Exemplo n.º 2
        /// <summary>
        /// Attempts to load the user's identity from a cookie.
        /// </summary>
        /// <param name="context"></param>
        /// <returns>Returns true if the user is authenticated or false if not.</returns>
        public bool LoadIdentity(HttpContextBase context, RavenResponse response)
            // try to find the authentication cookie
            //HttpCookie authCookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
            //HttpCookie authCookie1 = context.Request.Cookies["__RequestVerificationToken"];
            //HttpCookie authCookie2 = context.Request.Cookies["ASP.NET_SessionId"];
            //HttpCookie authCookie3 = context.Request.Cookies["__RavenState"];

            if (response != null)
                // decrypt the contents
                //FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie1.Value);

                var ravenUser = new RavenPrincipal(new RavenIdentity(response.Principal));
                //ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(new List<ClaimsIdentity>()
                //    ravenClaim

                //IPrincipal principal = claimsPrincipal as IPrincipal;

                context.User = ravenUser;

                // there is an active session

            // there is no active session
Exemplo n.º 3
        public ExternalLoginInfo GetExternalLoginInfo(System.Web.HttpContextBase context, RavenCallbackCode ravenCallbackCode)
            HttpRequestBase  request  = context.Request;
            HttpResponseBase response = context.Response;

            // if this is not a POST request, then we can look for a response
            if (!request.HttpMethod.Equals("POST"))
                // try to get the response
                String wlsResponse = request.Params[WLS_RESPONSE_PARAM];

                if (!String.IsNullOrWhiteSpace(wlsResponse))
                    // parse the response data
                    RavenResponse ravenResponse = new RavenResponse(wlsResponse);

                    // if the server has indicated that authentication was successful,
                    // validate the response signature and set an authentication cookie
                    if (ravenResponse.Status == RavenStatus.OK)
                        if (!this.Validate(ravenResponse))
                            throw new RavenException("Failed to validate response signature.");

                        // create a Forms authentication ticket and cookie
                        //this.CreateTicket(response, ravenResponse);

                        // redirect the user back to where they started

                        //bool hasLocalAccount = OAuthWebSecurity.HasLocalAccount(WebSecurity.GetUserId(ravenResponse.Principal));
                        //if (hasLocalAccount || OAuthWebSecurity.GetAccountsFromUserName(ravenResponse.Principal).Count > 1)
                        if (ravenCallbackCode == RavenCallbackCode.Login)
                            this.LoadIdentity(context, ravenResponse);

                        return(GetExternalLoginInfo(context, ravenResponse));
                        //this.CreateTicket(response, ravenResponse);

                        //return new AuthenticationResult(false, ProviderName, ravenResponse.Principal, ravenResponse.Principal, null);
            // At this point authe=orisation failed. Return null authorisation.
Exemplo n.º 4
        /// <summary>
        /// Attempts to load the user's identity from a cookie.
        /// </summary>
        /// <param name="context"></param>
        /// <returns>Returns true if the user is authenticated or false if not.</returns>
        private ExternalLoginInfo GetExternalLoginInfo(HttpContextBase context, RavenResponse ravenResponse)
            var            loginInfo     = new UserLoginInfo(ProviderName, ravenResponse.Principal);
            ClaimsIdentity claims        = context.User.Identity as ClaimsIdentity;
            var            externalLogin = new ExternalLoginInfo()
                DefaultUserName  = ravenResponse.Principal,
                Email            = string.Empty,
                Login            = loginInfo,
                ExternalIdentity = claims

Exemplo n.º 5
        /// <summary>
        /// Generate a Forms authentication ticket for the current session.
        /// </summary>
        /// <param name="response"></param>
        /// <param name="ravenResponse"></param>
        private void CreateTicket(HttpResponseBase response, RavenResponse ravenResponse)
            // generate a ticket for the Raven session
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

            // encrypt it so that the client can't mess with its contents
            String encryptedTicket = FormsAuthentication.Encrypt(ticket);

            // put it in a cookie
            HttpCookie formsCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
