Пример #1
0
 /// <summary>
 /// Raises the Authenticate event
 /// </summary>
 private void OnAuthenticateRequest(AuthenticationArgs e)
 {
     if (AuthenticateRequest != null)
     {
         AuthenticateRequest(this, e);
     }
 }
Пример #2
0
        private void FileWebDAVModule_Authentication(object sender, AuthenticationArgs e)
        {
            String solutionName = SolutionFromUri(e.RequestUri);

            if (!String.IsNullOrEmpty(solutionName))
            {
                e.ProcessAuthorization = true;
                e.Realm = solutionName;
            }
            else
            {
                e.ProcessAuthorization = false;
            }
        }
Пример #3
0
        void context_EndRequest(object sender, EventArgs e)
        {
            HttpApplication _httpApp = (HttpApplication)sender;

            if (_httpApp.Response.StatusCode == 401)
            {
                AuthenticationArgs _authArgs = (AuthenticationArgs)_httpApp.Context.Items["WebDAVModule_AuthArgs"];

                if (_authArgs != null)
                {
                    switch (this.ModuleAuthentication)
                    {
                    case Authentication.Basic:
                        string _authHeader = String.Format("Basic realm=\"{0}\"", _authArgs.Realm);
                        _httpApp.Response.AppendHeader("WWW-Authenticate", _authHeader);
                        break;

                    case Authentication.Digest:
                        bool _isNonceStale = false;
                        if (_httpApp.Context.Items["WebDAVModule_DigestStaleNonce"] != null)
                        {
                            _isNonceStale = (bool)_httpApp.Context.Items["WebDAVModule_DigestStaleNonce"];
                        }

                        StringBuilder _digestHeader = new StringBuilder("Digest");
                        _digestHeader.Append(" realm=\"");
                        _digestHeader.Append(_authArgs.Realm);
                        _digestHeader.Append("\"");
                        _digestHeader.Append(", nonce=\"");
                        _digestHeader.Append(this.GetCurrentNonce());
                        _digestHeader.Append("\"");
                        _digestHeader.Append(", opaque=\"0000000000000000\"");
                        _digestHeader.Append(", stale=");
                        _digestHeader.Append(!_isNonceStale ? "false" : "true");
                        _digestHeader.Append(", algorithm=MD5");
                        _digestHeader.Append(", qop=\"auth\"");

                        _httpApp.Response.AppendHeader("WWW-Authenticate", _digestHeader.ToString());
                        break;
                    }
                }
            }
        }
 public Task <AuthResult> Authenticate(AuthenticationArgs args)
 {
     return(Task.Run(() => AuthResult.Success));
 }
Пример #5
0
        private void context_AuthenticateRequest(object sender, EventArgs e)
        {
            bool            _requestAuthorized = true;
            HttpApplication _httpApp           = (HttpApplication)sender;


            //Since we are processing all wildcards...
            //	The web project will not load if we intercept its request.
            //	Therefore... if the User-Agent is the studio... do nothing
            if (_httpApp.Request.Headers["User-Agent"] != null && !_httpApp.Request.Headers["User-Agent"].StartsWith("Microsoft-Visual-Studio.NET"))
            {
                //Check to see if the request needs to be authenticated
                if (this.ModuleAuthentication != Authentication.None)
                {
                    AuthenticationArgs _authArgs          = new AuthenticationArgs(_httpApp.Request.Url, "", this.ModuleAuthentication);
                    AuthorizationArgs  _authorizationArgs = new AuthorizationArgs(_authArgs);

                    //Fire the event
                    this.OnAuthenticateRequest(_authArgs);

                    if (_authArgs.ProcessAuthorization)
                    {
                        _httpApp.Context.Items["WebDAVModule_AuthArgs"] = _authArgs;

                        string _authStr = _httpApp.Request.Headers["Authorization"];
                        switch (this.ModuleAuthentication)
                        {
                        case Authentication.Basic:
                            //By default the request is not authorized
                            _requestAuthorized = false;
                            if (!string.IsNullOrEmpty(_authStr) && _authStr.StartsWith("Basic"))
                            {
                                byte[]   _decodedBytes = Convert.FromBase64String(_authStr.Substring(6));
                                string[] _authInfo     = System.Text.Encoding.ASCII.GetString(_decodedBytes).Split(':');

                                BasicAuthorizationArgs _basicAuthArgs = new BasicAuthorizationArgs(_authInfo[0], _authInfo[1], _authArgs.Realm);

                                //Set the authorization username
                                _authorizationArgs.UserName = _basicAuthArgs.UserName;

                                //Fire the event
                                this.OnBasicAuthorization(_basicAuthArgs);

                                if (_basicAuthArgs.Authorized)
                                {
                                    _requestAuthorized    = true;
                                    _httpApp.Context.User = new GenericPrincipal(new GenericIdentity(_basicAuthArgs.UserName, "Basic"), null);
                                }

                                _authorizationArgs.RequestAuthorized = _requestAuthorized;

                                //Fire the event
                                this.OnAuthorizationComplete(_authorizationArgs);
                            }
                            break;

                        case Authentication.Digest:
                            //By default the request is not authorized
                            _requestAuthorized = false;
                            if (!string.IsNullOrEmpty(_authStr) && _authStr.StartsWith("Digest"))
                            {
                                _authStr = _authStr.Substring(7);

                                SortedList <string, string> _authItems = new SortedList <string, string>();
                                foreach (string _authItem in _authStr.Split(','))
                                {
                                    string[] _authItemArray = _authItem.Split('=');
                                    string   _authKey       = _authItemArray[0].Trim(new char[] { ' ', '\"' });
                                    string   _authValue     = _authItemArray[1].Trim(new char[] { ' ', '\"' });

                                    _authItems[_authKey] = _authValue;
                                }

                                DigestAuthorizationArgs _digestAuthArgs = new DigestAuthorizationArgs(_authItems["username"], _authItems["realm"]);

                                //Set the authorization username
                                _authorizationArgs.UserName = _digestAuthArgs.UserName;

                                //Fire the event
                                this.OnDigestAuthorization(_digestAuthArgs);

                                //Validate password
                                string _userInfo       = String.Format("{0}:{1}:{2}", _authItems["username"], _authArgs.Realm, _digestAuthArgs.Password);
                                string _hashedUserInfo = GetMD5HashBinHex(_userInfo);

                                string _uriInfo       = String.Format("{0}:{1}", _httpApp.Request.HttpMethod, _authItems["uri"]);
                                string _hashedUriInfo = GetMD5HashBinHex(_uriInfo);

                                string _nonceInfo = null;
                                if (_authItems.ContainsKey("qop"))
                                {
                                    _nonceInfo = String.Format
                                                 (
                                        "{0}:{1}:{2}:{3}:{4}:{5}",
                                        new object[] {
                                        _hashedUserInfo,
                                        _authItems["nonce"],
                                        _authItems["nc"],
                                        _authItems["cnonce"],
                                        _authItems["qop"],
                                        _hashedUriInfo
                                    }
                                                 );
                                }
                                else
                                {
                                    _nonceInfo = String.Format
                                                 (
                                        "{0}:{1}:{2}",
                                        _hashedUserInfo,
                                        _authItems["nonce"],
                                        _hashedUriInfo
                                                 );
                                }

                                string _hashedNonceInfo = GetMD5HashBinHex(_nonceInfo);

                                bool _staleNonce = !this.IsValidNonce(_authItems["nonce"]);
                                _httpApp.Context.Items["WebDAVModule_DigestStaleNonce"] = _staleNonce;

                                if (_authItems["response"] == _hashedNonceInfo && !_staleNonce)
                                {
                                    _requestAuthorized    = true;
                                    _httpApp.Context.User = new GenericPrincipal(new GenericIdentity(_digestAuthArgs.UserName, "Digest"), null);
                                }

                                _authorizationArgs.RequestAuthorized = _requestAuthorized;

                                //Fire the event
                                this.OnAuthorizationComplete(_authorizationArgs);
                            }
                            break;
                        }
                    }
                }

                if (!_requestAuthorized)
                {
                    DenyAccess(_httpApp);
                }
                else
                {
                    //Check to see if we should process the request
                    DavModuleProcessRequestArgs _processRequestArgs = new DavModuleProcessRequestArgs(_httpApp.Request.Url, this.IsWebDAVRequest);

                    //Fire the event
                    this.OnProcessRequest(_processRequestArgs);

                    if (_processRequestArgs.ProcessRequest)
                    {
                        if (!string.IsNullOrEmpty(this.DebugFilePath))
                        {
                            WebDavProcessor.DebugFilePath = this.DebugFilePath;
                        }

                        this.__webDavProcessor.ProcessRequest(_httpApp);
                    }

                    //Fire the event
                    this.OnRequestProcessed();
                }
            }
        }