public CasTicketData GetTicketData(HttpCookie ticketCookie)
{
var myTicketData = new CasTicketData();
if (ticketCookie != null)
{
if (!string.IsNullOrEmpty(ticketCookie.Value))
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(ticketCookie.Value);
if (ticket != null)
{
if (CasAuthentication.ServiceTicketManager != null)
{
CasAuthenticationTicket casTicket = CasAuthentication.ServiceTicketManager.GetTicket(ticket.UserData);
if (casTicket != null)
{
myTicketData.CasTicket = casTicket;
myTicketData.CasUserID = casTicket.NetId;
GetAssertAttribute(myTicketData, casTicket);
}
}
}
}
}
return(myTicketData);
}
/// <summary>
/// Inserts a CasAuthenticationTicket to the ticket store with a corresponding
/// ticket expiration date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
// Don't enforce sliding expiration on the cache entry. Sliding expiration is handled by the HttpModule.
MemoryCacheManager.Instance.Set(GetTicketKey(casAuthenticationTicket.ServiceTicket), casAuthenticationTicket, expiration);
}
/// <summary>
/// Updates the expiration date and time for an existing ticket. If the ticket does
/// not exist in the ticket store, just return (do not throw an exception).
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="newExpiration">The new expiration date and time</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void UpdateTicketExpiration(CasAuthenticationTicket casAuthenticationTicket, DateTime newExpiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
// FYI this method performs the Memcached 'set' command which basically performs an upsert.
InsertTicket(casAuthenticationTicket, newExpiration);
}
protected void Page_Load(object sender, EventArgs e)
{
HttpCookie ticketCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (ticketCookie != null)
{
if (!string.IsNullOrEmpty(ticketCookie.Value))
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(ticketCookie.Value);
if (CasAuthentication.ServiceTicketManager != null)
{
CasAuthenticationTicket casTicket = CasAuthentication.ServiceTicketManager.GetTicket(ticket.UserData);
if (casTicket != null)
{
CasNetId.Text = casTicket.NetId;
CasServiceTicket.Text = casTicket.ServiceTicket;
CasOriginatingServiceName.Text = casTicket.OriginatingServiceName;
CasClientHostAddress.Text = casTicket.ClientHostAddress;
CasValidFromDate.Text = casTicket.ValidFromDate.ToString();
CasValidUntilDate.Text = casTicket.ValidUntilDate.ToString();
}
}
}
}
}
/// <summary>
/// Updates the expiration date and time for an existing ticket. If the ticket does
/// not exist in the ticket store, just return (do not throw an exception).
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="newExpiration">The new expiration date and time</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void UpdateTicketExpiration(CasAuthenticationTicket casAuthenticationTicket, DateTime newExpiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
RevokeTicket(casAuthenticationTicket.ServiceTicket);
InsertTicket(casAuthenticationTicket, newExpiration);
}
/// <summary>
/// Updates the expiration date and time for an existing ticket. If the ticket does
/// not exist in the ticket store, just return (do not throw an exception).
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="newExpiration">The new expiration date and time</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void UpdateTicketExpiration(CasAuthenticationTicket casAuthenticationTicket, DateTime newExpiration)
{
Argument.ThrowIfNull(casAuthenticationTicket, "casAuthenticationTicket", "casAuthenticationTicket parameter cannot be null.");
RevokeTicket(casAuthenticationTicket.ServiceTicket);
InsertTicket(casAuthenticationTicket, newExpiration);
}
/// <summary>
/// Inserts a CasAuthenticationTicket to the ticket store with a corresponding
/// ticket expiration date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
// Don't enforce sliding expiration on the cache entry. Sliding expiration
// is handled by the HttpModule
HttpContext.Current.Cache.Insert(GetTicketKey(casAuthenticationTicket.ServiceTicket), casAuthenticationTicket, null, expiration, Cache.NoSlidingExpiration);
}
/// <summary>
/// Inserts a CasAuthenticationTicket to the ticket store with a corresponding
/// ticket expiration date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
var key = GetTicketKey(casAuthenticationTicket.ServiceTicket);
MemcachedClientManager.Instance.Store(StoreMode.Set, key, casAuthenticationTicket, expiration);
}
/// <summary>
/// Inserts a CasAuthenticationTicket to the ticket store with a corresponding
/// ticket expiration date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration) {
Argument.ThrowIfNull(casAuthenticationTicket, "casAuthenticationTicket", "casAuthenticationTicket parameter cannot be null.");
var context = _httpContextAccessor.Current();
// Don't enforce sliding expiration on the cache entry. Sliding expiration
// is handled by the HttpModule
context.Cache.Insert(GetTicketKey(casAuthenticationTicket.ServiceTicket), casAuthenticationTicket, null, expiration, Cache.NoSlidingExpiration);
}
/// <summary>
/// Inserts a CasAuthenticationTicket to the ticket store with a corresponding
/// ticket expiration date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
var key = GetTicketKey(casAuthenticationTicket.ServiceTicket);
var db = RedisClientManager.Instance.GetDatabase();
db.StringSet(key, SerializationUtil.Serialize(casAuthenticationTicket), expiration - DateTime.Now);
}
/// <summary>
/// Inserts a CasAuthenticationTicket to the ticket store with a corresponding
/// ticket expiration date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration)
{
Argument.ThrowIfNull(casAuthenticationTicket, "casAuthenticationTicket", "casAuthenticationTicket parameter cannot be null.");
var context = _httpContextAccessor.Current();
// Don't enforce sliding expiration on the cache entry. Sliding expiration
// is handled by the HttpModule
context.Cache.Insert(GetTicketKey(casAuthenticationTicket.ServiceTicket), casAuthenticationTicket, null, expiration, Cache.NoSlidingExpiration);
}
/// <summary>
/// Retrieve a CasAuthenticationTicket from the ticket store
/// by it's CAS Service Ticket
/// </summary>
/// <param name="serviceTicket">The service ticket generated by the CAS server</param>
/// <returns>The CasAuthenticationTicket or null if no matching ticket is found</returns>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public CasAuthenticationTicket GetTicket(string serviceTicket)
{
CommonUtils.AssertNotNullOrEmpty(serviceTicket, "serviceTicket parameter cannot be null or empty.");
string key = GetTicketKey(serviceTicket);
if (HttpContext.Current.Cache[key] != null)
{
CasAuthenticationTicket result = HttpContext.Current.Cache[key] as CasAuthenticationTicket;
return(result);
}
return(null);
}
/// <summary>
/// Retrieve a CasAuthenticationTicket from the ticket store by it's CAS Service Ticket
/// </summary>
/// <param name="serviceTicket">The service ticket generated by the CAS server</param>
/// <returns>The CasAuthenticationTicket or null if no matching ticket is found</returns>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public CasAuthenticationTicket GetTicket(string serviceTicket)
{
CommonUtils.AssertNotNullOrEmpty(serviceTicket, "serviceTicket parameter cannot be null or empty.");
string key = GetTicketKey(serviceTicket);
if (MemoryCacheManager.Instance.Get(key) != null)
{
CasAuthenticationTicket result = MemoryCacheManager.Instance.Get(key) as CasAuthenticationTicket;
return(result);
}
return(null);
}
/// <summary>
/// Retrieves all CAS Service Tickets in the ticket store that have not already
/// expired.
/// </summary>
/// <returns>An enumerable collection of service tickets</returns>
public IEnumerable <string> GetAllServiceTickets()
{
var cacheItems = MemoryCacheManager.Instance.GetAll();
foreach (var cacheItem in cacheItems)
{
if (cacheItem.Key != null && cacheItem.Key.StartsWith(CACHE_TICKET_KEY_PREFIX))
{
CasAuthenticationTicket currentAuthTicket = cacheItem.Value as CasAuthenticationTicket;
if (currentAuthTicket != null)
{
yield return(currentAuthTicket.ServiceTicket);
}
}
}
}
/// <summary>
/// Retrieves all CAS Service Tickets in the ticket store that have not already
/// expired.
/// </summary>
/// <returns>An enumerable collection of service tickets</returns>
public IEnumerable <string> GetAllServiceTickets()
{
IDictionaryEnumerator enumerator = HttpContext.Current.Cache.GetEnumerator();
while (enumerator.MoveNext())
{
string currentKey = enumerator.Entry.Key as string;
if (currentKey != null && currentKey.StartsWith(CACHE_TICKET_KEY_PREFIX))
{
CasAuthenticationTicket currentAuthTicket = enumerator.Entry.Value as CasAuthenticationTicket;
if (currentAuthTicket != null)
{
yield return(currentAuthTicket.ServiceTicket);
}
}
}
}
private static void GetAssertAttribute(CasTicketData myTicketData, CasAuthenticationTicket casTicket)
{
try
{
myTicketData.BannerID = casTicket.Assertion.Attributes["BannerID"][0];
}
catch
{
myTicketData.BannerID = "No BannerID";
}
try
{
myTicketData.FirstName = casTicket.Assertion.Attributes["FirstName"][0];
}
catch
{
myTicketData.FirstName = "Invalid FirstName";
}
try
{
myTicketData.LastName = casTicket.Assertion.Attributes["LastName"][0];
}
catch
{
myTicketData.LastName = "Invalid LastName";
}
try
{
myTicketData.Email = casTicket.Assertion.Attributes["emailAddress"][0];
}
catch
{
myTicketData.Email = "Invalid Email";
}
try
{
myTicketData.FullName = $"{myTicketData.FirstName} {myTicketData.LastName}";
}
catch
{
myTicketData.FullName = "Invalid FullName";
}
}
/// <summary>
/// Removes the ticket from the collection if it exists. If the ticket does not
/// exist in the ticket store, just return (do not throw an exception).
/// </summary>
/// <param name="serviceTicket">The ticket to remove from the ticket store</param>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public void RevokeTicket(string serviceTicket)
{
CommonUtils.AssertNotNullOrEmpty(serviceTicket, "serviceTicket parameter cannot be null or empty.");
string key = GetTicketKey(serviceTicket);
if (HttpContext.Current.Cache[key] != null)
{
CasAuthenticationTicket ticket = HttpContext.Current.Cache[key] as CasAuthenticationTicket;
if (ticket != null)
{
if (HttpContext.Current.Cache[key] != null)
{
HttpContext.Current.Cache.Remove(key);
}
}
}
}
/// <summary>
/// Retrieves all non-expired CAS Service Tickets in the ticket store associated
/// with the netId supplied.
/// </summary>
/// <param name="netId">The netId to search the collection for</param>
/// <returns>An enumerable collection of service tickets</returns>
/// <exception cref="ArgumentNullException">netId is null</exception>
/// <exception cref="ArgumentException">netId is empty</exception>
public IEnumerable <string> GetUserServiceTickets(string netId)
{
CommonUtils.AssertNotNullOrEmpty(netId, "netId parameter cannot be null or empty.");
var cacheItems = MemoryCacheManager.Instance.GetAll();
foreach (var cacheItem in cacheItems)
{
if (cacheItem.Key != null && cacheItem.Key.StartsWith(CACHE_TICKET_KEY_PREFIX))
{
CasAuthenticationTicket currentAuthTicket = cacheItem.Value as CasAuthenticationTicket;
if (currentAuthTicket != null && String.Compare(currentAuthTicket.NetId, netId, true) == 0)
{
yield return(currentAuthTicket.ServiceTicket);
}
}
}
}
/// <summary>
/// Removes the ticket from the collection if it exists. If the ticket does not exist in the ticket store, just return (do not throw an exception).
/// </summary>
/// <param name="serviceTicket">The ticket to remove from the ticket store</param>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public void RevokeTicket(string serviceTicket)
{
CommonUtils.AssertNotNullOrEmpty(serviceTicket, "serviceTicket parameter cannot be null or empty.");
string key = GetTicketKey(serviceTicket);
if (MemoryCacheManager.Instance.Get(key) != null)
{
CasAuthenticationTicket ticket = MemoryCacheManager.Instance.Get(key) as CasAuthenticationTicket;
if (ticket != null)
{
if (MemoryCacheManager.Instance.Get(key) != null)
{
MemoryCacheManager.Instance.Remove(key);
}
}
}
}
/// <summary>
/// Retrieves all non-expired CAS Service Tickets in the ticket store associated
/// with the netId supplied.
/// </summary>
/// <param name="netId">The netId to search the collection for</param>
/// <returns>An enumerable collection of service tickets</returns>
/// <exception cref="ArgumentNullException">netId is null</exception>
/// <exception cref="ArgumentException">netId is empty</exception>
public IEnumerable <string> GetUserServiceTickets(string netId)
{
CommonUtils.AssertNotNullOrEmpty(netId, "netId parameter cannot be null or empty.");
IDictionaryEnumerator enumerator = HttpContext.Current.Cache.GetEnumerator();
while (enumerator.MoveNext())
{
string currentKey = enumerator.Entry.Key as string;
if (currentKey != null && currentKey.StartsWith(CACHE_TICKET_KEY_PREFIX))
{
CasAuthenticationTicket currentAuthTicket = enumerator.Entry.Value as CasAuthenticationTicket;
if (currentAuthTicket != null && String.Compare(currentAuthTicket.NetId, netId, true) == 0)
{
yield return(currentAuthTicket.ServiceTicket);
}
}
}
}
/// <summary>
/// Indicates whether or not the ticket store contains the supplied serviceTicket
/// </summary>
/// <param name="serviceTicket">The service ticket to check for</param>
/// <returns>True if the ticket is contained in the store</returns>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public bool ContainsTicket(string serviceTicket)
{
CommonUtils.AssertNotNullOrEmpty(serviceTicket, "serviceTicket parameter cannot be null or empty.");
string key = GetTicketKey(serviceTicket);
if (MemoryCacheManager.Instance.Get(key) != null)
{
CasAuthenticationTicket currentAuthTicket = MemoryCacheManager.Instance.Get(key) as CasAuthenticationTicket;
if (currentAuthTicket != null)
{
if (currentAuthTicket.ServiceTicket == serviceTicket)
{
return(true);
}
}
}
return(false);
}
public ActionResult Out()
{
HttpCookie ticketCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (ticketCookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(ticketCookie.Value);
CasAuthenticationTicket casTicket = CasAuthentication.ServiceTicketManager.GetTicket(ticket.UserData);
CasAuthentication.ServiceTicketManager.RevokeTicket(casTicket.ServiceTicket);
CasAuthentication.ClearAuthCookie();
FormsAuthentication.SignOut();
Request.Cookies.Remove(FormsAuthentication.FormsCookieName);
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
Session.RemoveAll();
//会回调客户端
CasAuthentication.SingleSignOut();
}
return(Content("退出成功,获取当前用户信息:" + User.Identity.IsAuthenticated));
}
/// <summary>
/// Retrieve a CasAuthenticationTicket from the ticket store
/// by it's CAS Service Ticket
/// </summary>
/// <param name="serviceTicket">The service ticket generated by the CAS server</param>
/// <returns>The CasAuthenticationTicket or null if no matching ticket is found</returns>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public CasAuthenticationTicket GetTicket(string serviceTicket)
{
Argument.ThrowIfNullOrEmpty(serviceTicket, "serviceTicket", "serviceTicket parameter cannot be null or empty.");
var context = _httpContextAccessor.Current();
string key = GetTicketKey(serviceTicket);
if (context.Cache[key] != null)
{
var result = context.Cache[key] as CasAuthenticationTicket;
return(result);
}
if (!String.IsNullOrEmpty(FederatedKey) && !String.IsNullOrEmpty(ToolkitBaseUrl))
{
String Url = ToolkitBaseUrl + "/Federated/CasAuthTicket?Id=" + key;
var Response = HttpUtil.PerformFederatedHttpGet(Url, FederatedKey);
if (!String.IsNullOrEmpty(Response))
{
var Ticket = JsonConvert.DeserializeObject <CasFederatedModel>(Response);
if (Ticket == null)
{
return(null);
}
var CasTicket = new CasAuthenticationTicket(Ticket.serviceTicket, Ticket.originatingServiceName, Ticket.clientHostAddress, Ticket.assertion, Ticket.attributes, DateTime.Now.AddDays(30));
InsertTicket(CasTicket, DateTime.Now.AddDays(30));
return(CasTicket);
}
}
return(null);
}
/// <summary>
/// Indicates whether or not the ticket store contains the supplied serviceTicket
/// </summary>
/// <param name="serviceTicket">The service ticket to check for</param>
/// <returns>True if the ticket is contained in the store</returns>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public bool ContainsTicket(string serviceTicket)
{
CommonUtils.AssertNotNullOrEmpty(serviceTicket, "serviceTicket parameter cannot be null or empty.");
IDictionaryEnumerator enumerator = HttpContext.Current.Cache.GetEnumerator();
while (enumerator.MoveNext())
{
string currentKey = enumerator.Entry.Key as string;
if (currentKey != null && currentKey.StartsWith(CACHE_TICKET_KEY_PREFIX))
{
CasAuthenticationTicket currentAuthTicket = enumerator.Entry.Value as CasAuthenticationTicket;
if (currentAuthTicket != null)
{
if (currentAuthTicket.ServiceTicket == serviceTicket)
{
return(true);
}
}
}
}
return(false);
}
/// <summary>
/// 退出
/// </summary>
/// <returns></returns>
public ActionResult LogOut()
{
HttpCookie ticketCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (ticketCookie != null)
{
//获取form auth令牌信息,用以进行令牌清除
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(ticketCookie.Value);
CasAuthenticationTicket casTicket = CasAuthentication.ServiceTicketManager.GetTicket(ticket.UserData);
CasAuthentication.ServiceTicketManager.RevokeTicket(casTicket.ServiceTicket);
CasAuthentication.ClearAuthCookie();
//移除本地cookie及session
FormsAuthentication.SignOut();
Request.Cookies.Remove(FormsAuthentication.FormsCookieName);
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
//cas登出,调用此方法时,远端cas server会再次回调此url
CasAuthentication.SingleSignOut();
}
Session.RemoveAll();
return(RedirectToAction("Login", "Currency"));
}
/// <summary>
/// Verify that the supplied casAuthenticationTicket exists in the ticket store
/// </summary>
/// <param name="casAuthenticationTicket">The casAuthenticationTicket to verify</param>
/// <returns>
/// True if the ticket exists in the ticket store and the properties of that
/// ticket match the properties of the ticket in the ticket store.
/// </returns>
public bool VerifyClientTicket(CasAuthenticationTicket casAuthenticationTicket)
{
Argument.ThrowIfNull(casAuthenticationTicket, "casAuthenticationTicket", "casAuthenticationTicket parameter cannot be null.");
string incomingServiceTicket = casAuthenticationTicket.ServiceTicket;
CasAuthenticationTicket cacheAuthTicket = GetTicket(incomingServiceTicket);
if (cacheAuthTicket != null)
{
string cacheServiceTicket = cacheAuthTicket.ServiceTicket;
if (cacheServiceTicket == incomingServiceTicket)
{
if (String.Compare(cacheAuthTicket.NetId, casAuthenticationTicket.NetId, System.StringComparison.OrdinalIgnoreCase) != 0)
{
Logger.Information("Username {0} in ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, incomingServiceTicket);
return(false);
}
if (String.Compare(cacheAuthTicket.Assertion.PrincipalName, casAuthenticationTicket.Assertion.PrincipalName, System.StringComparison.OrdinalIgnoreCase) != 0)
{
Logger.Information("Principal name {0} in assertion of ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, casAuthenticationTicket.Assertion.PrincipalName);
return(false);
}
return(true);
}
}
else
{
Logger.Information("Ticket {0} not found in cache. Never existed, expired, or removed via single sign out",
incomingServiceTicket);
return(false);
}
return(false);
}
/// <summary>
/// Verify that the supplied casAuthenticationTicket exists in the ticket store
/// </summary>
/// <param name="casAuthenticationTicket">The casAuthenticationTicket to verify</param>
/// <returns>
/// True if the ticket exists in the ticket store and the properties of that
/// ticket match the properties of the ticket in the ticket store.
/// </returns>
public bool VerifyClientTicket(CasAuthenticationTicket casAuthenticationTicket)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
string incomingServiceTicket = casAuthenticationTicket.ServiceTicket;
CasAuthenticationTicket cacheAuthTicket = GetTicket(incomingServiceTicket);
if (cacheAuthTicket != null)
{
string cacheServiceTicket = cacheAuthTicket.ServiceTicket;
if (cacheServiceTicket == incomingServiceTicket)
{
if (String.Compare(cacheAuthTicket.NetId, casAuthenticationTicket.NetId, true) != 0)
{
SecurityLogger.Info("Username {0} in ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, incomingServiceTicket);
return(false);
}
if (String.Compare(cacheAuthTicket.Assertion.PrincipalName, casAuthenticationTicket.Assertion.PrincipalName, true) != 0)
{
SecurityLogger.Info("Principal name {0} in assertion of ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, casAuthenticationTicket.Assertion.PrincipalName);
return(false);
}
return(true);
}
}
else
{
SecurityLogger.Info("Ticket {0} not found in cache. Never existed, expired, or removed via single sign out",
incomingServiceTicket);
return(false);
}
return(false);
}
/// <summary>
/// Verify that the supplied casAuthenticationTicket exists in the database
/// </summary>
/// <param name="casAuthenticationTicket">The casAuthenticationTicket to verify</param>
/// <returns>
/// True if the ticket exists in the database and the properties of that ticket match the
/// properties of the ticket in the database.
/// </returns>
public bool VerifyClientTicket(CasAuthenticationTicket casAuthenticationTicket)
{
throw new NotImplementedException();
}
/// <summary>
/// Updates the expiration date and time for an existing ticket. If the ticket does not exist in
/// the database, just return (do not throw an exception).
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="newExpiration">The new expiration date and time</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void UpdateTicketExpiration(CasAuthenticationTicket casAuthenticationTicket, DateTime newExpiration)
{
throw new NotImplementedException();
}
/// <summary>
/// Inserts a CasAuthenticationTicket into the database with a corresponding ticket expiration
/// date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration)
{
throw new NotImplementedException();
}
protected void Page_Load(object sender, EventArgs e)
{
HttpCookie ticketCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (ticketCookie != null)
{
CookieDomain.Text = ticketCookie.Domain;
CookieExpires.Text = ticketCookie.Expires.ToString();
CookieName.Text = ticketCookie.Name;
CookiePath.Text = ticketCookie.Path;
CookieSecure.Text = ticketCookie.Secure.ToString();
if (!string.IsNullOrEmpty(ticketCookie.Value))
{
int i = 0;
StringBuilder cookieValueBuilder = new StringBuilder();
while (i < ticketCookie.Value.Length)
{
string line = ticketCookie.Value.Substring(i, Math.Min(ticketCookie.Value.Length - i, 50));
cookieValueBuilder.Append(line + "<br />");
i += line.Length;
}
CookieValue.Text = cookieValueBuilder.ToString();
}
if (!string.IsNullOrEmpty(ticketCookie.Value))
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(ticketCookie.Value);
if (ticket != null)
{
TicketCookiePath.Text = ticket.CookiePath;
TicketExpiration.Text = ticket.Expiration.ToString();
TicketExpired.Text = ticket.Expired.ToString();
TicketIsPersistent.Text = ticket.IsPersistent.ToString();
TicketIssueDate.Text = ticket.IssueDate.ToString();
TicketName.Text = ticket.Name;
TicketUserData.Text = ticket.UserData;
TicketVersion.Text = ticket.Version.ToString();
}
if (CasAuthentication.ServiceTicketManager != null)
{
CasAuthenticationTicket casTicket = CasAuthentication.ServiceTicketManager.GetTicket(ticket.UserData);
if (casTicket != null)
{
CasNetId.Text = casTicket.NetId;
CasServiceTicket.Text = casTicket.ServiceTicket;
CasOriginatingServiceName.Text = casTicket.OriginatingServiceName;
CasClientHostAddress.Text = casTicket.ClientHostAddress;
CasValidFromDate.Text = casTicket.ValidFromDate.ToString();
CasValidUntilDate.Text = casTicket.ValidUntilDate.ToString();
ProxyGrantingTicket.Text = casTicket.ProxyGrantingTicket;
ProxyGrantingTicketIou.Text = casTicket.ProxyGrantingTicketIou;
StringBuilder proxiesBuilder = new StringBuilder();
foreach (string proxy in casTicket.Proxies)
{
proxiesBuilder.AppendLine(proxy + "<br />");
}
Proxies.Text = proxiesBuilder.ToString();
AssertionPrincipalName.Text = casTicket.Assertion.PrincipalName;
AssertionValidFromDate.Text = casTicket.Assertion.ValidFromDate.ToString();
AssertionValidUntilDate.Text = casTicket.Assertion.ValidUntilDate.ToString();
AssertionAttributesTable.Rows.Clear();
string newLine = "<br />";
StringBuilder assertionValuesBuilder = new StringBuilder();
foreach (KeyValuePair <string, IList <string> > item in casTicket.Assertion.Attributes)
{
TableRow assertionRow = new TableRow();
TableCell assertionKeyCell = new TableCell();
assertionKeyCell.VerticalAlign = VerticalAlign.Top;
assertionKeyCell.Text = item.Key;
TableCell assertionValuesCell = new TableCell();
assertionValuesCell.VerticalAlign = VerticalAlign.Top;
foreach (string value in item.Value)
{
assertionValuesBuilder.Append(value + newLine);
}
if (assertionValuesBuilder.Length > newLine.Length)
{
assertionValuesBuilder.Length -= newLine.Length;
}
assertionValuesCell.Text = assertionValuesBuilder.ToString();
assertionRow.Cells.Add(assertionKeyCell);
assertionRow.Cells.Add(assertionValuesCell);
AssertionAttributesTable.Rows.Add(assertionRow);
assertionValuesBuilder.Length = 0;
}
}
}
}
}
}
/// <summary>
/// Inserts a CasAuthenticationTicket to the ticket store with a corresponding
/// ticket expiration date.
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="expiration">The date and time at which the ticket expires</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void InsertTicket(CasAuthenticationTicket casAuthenticationTicket, DateTime expiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
// Don't enforce sliding expiration on the cache entry. Sliding expiration
// is handled by the HttpModule
HttpContext.Current.Cache.Insert(GetTicketKey(casAuthenticationTicket.ServiceTicket), casAuthenticationTicket, null, expiration, Cache.NoSlidingExpiration);
}
/// <summary>
/// Updates the expiration date and time for an existing ticket. If the ticket does
/// not exist in the ticket store, just return (do not throw an exception).
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="newExpiration">The new expiration date and time</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void UpdateTicketExpiration(CasAuthenticationTicket casAuthenticationTicket, DateTime newExpiration) {
Argument.ThrowIfNull(casAuthenticationTicket, "casAuthenticationTicket", "casAuthenticationTicket parameter cannot be null.");
RevokeTicket(casAuthenticationTicket.ServiceTicket);
InsertTicket(casAuthenticationTicket, newExpiration);
}
/// <summary>
/// Verify that the supplied casAuthenticationTicket exists in the ticket store
/// </summary>
/// <param name="casAuthenticationTicket">The casAuthenticationTicket to verify</param>
/// <returns>
/// True if the ticket exists in the ticket store and the properties of that
/// ticket match the properties of the ticket in the ticket store.
/// </returns>
public bool VerifyClientTicket(CasAuthenticationTicket casAuthenticationTicket)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
string incomingServiceTicket = casAuthenticationTicket.ServiceTicket;
CasAuthenticationTicket cacheAuthTicket = GetTicket(incomingServiceTicket);
if (cacheAuthTicket != null)
{
string cacheServiceTicket = cacheAuthTicket.ServiceTicket;
if (cacheServiceTicket == incomingServiceTicket)
{
if (String.Compare(cacheAuthTicket.NetId, casAuthenticationTicket.NetId, true) != 0)
{
securityLogger.Info("Username {0} in ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, incomingServiceTicket);
return false;
}
if (String.Compare(cacheAuthTicket.Assertion.PrincipalName, casAuthenticationTicket.Assertion.PrincipalName, true) != 0)
{
securityLogger.Info("Principal name {0} in assertion of ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, casAuthenticationTicket.Assertion.PrincipalName);
return false;
}
return true;
}
}
else
{
securityLogger.Info("Ticket {0} not found in cache. Never existed, expired, or removed via single sign out",
incomingServiceTicket);
return false;
}
return false;
}
/// <summary>
/// Verify that the supplied casAuthenticationTicket exists in the ticket store
/// </summary>
/// <param name="casAuthenticationTicket">The casAuthenticationTicket to verify</param>
/// <returns>
/// True if the ticket exists in the ticket store and the properties of that
/// ticket match the properties of the ticket in the ticket store.
/// </returns>
public bool VerifyClientTicket(CasAuthenticationTicket casAuthenticationTicket) {
Argument.ThrowIfNull(casAuthenticationTicket, "casAuthenticationTicket", "casAuthenticationTicket parameter cannot be null.");
string incomingServiceTicket = casAuthenticationTicket.ServiceTicket;
CasAuthenticationTicket cacheAuthTicket = GetTicket(incomingServiceTicket);
if (cacheAuthTicket != null) {
string cacheServiceTicket = cacheAuthTicket.ServiceTicket;
if (cacheServiceTicket == incomingServiceTicket) {
if (String.Compare(cacheAuthTicket.NetId, casAuthenticationTicket.NetId, System.StringComparison.OrdinalIgnoreCase) != 0) {
Logger.Information("Username {0} in ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, incomingServiceTicket);
return false;
}
if (String.Compare(cacheAuthTicket.Assertion.PrincipalName, casAuthenticationTicket.Assertion.PrincipalName, System.StringComparison.OrdinalIgnoreCase) != 0) {
Logger.Information("Principal name {0} in assertion of ticket {1} does not match cached value.",
casAuthenticationTicket.NetId, casAuthenticationTicket.Assertion.PrincipalName);
return false;
}
return true;
}
}
else {
Logger.Information("Ticket {0} not found in cache. Never existed, expired, or removed via single sign out",
incomingServiceTicket);
return false;
}
return false;
}
/// <summary>
/// Updates the expiration date and time for an existing ticket. If the ticket does
/// not exist in the ticket store, just return (do not throw an exception).
/// </summary>
/// <param name="casAuthenticationTicket">The CasAuthenticationTicket to insert</param>
/// <param name="newExpiration">The new expiration date and time</param>
/// <exception cref="ArgumentNullException">casAuthenticationTicket is null</exception>
public void UpdateTicketExpiration(CasAuthenticationTicket casAuthenticationTicket, DateTime newExpiration)
{
CommonUtils.AssertNotNull(casAuthenticationTicket, "casAuthenticationTicket parameter cannot be null.");
RevokeTicket(casAuthenticationTicket.ServiceTicket);
InsertTicket(casAuthenticationTicket, newExpiration);
}
/// <summary>
/// Retrieve a CasAuthenticationTicket from the ticket store
/// by it's CAS Service Ticket
/// </summary>
/// <param name="serviceTicket">The service ticket generated by the CAS server</param>
/// <returns>The CasAuthenticationTicket or null if no matching ticket is found</returns>
/// <exception cref="ArgumentNullException">serviceTicket is null</exception>
/// <exception cref="ArgumentException">serviceTicket is empty</exception>
public CasAuthenticationTicket GetTicket(string serviceTicket) {
Argument.ThrowIfNullOrEmpty(serviceTicket, "serviceTicket", "serviceTicket parameter cannot be null or empty.");
var context = _httpContextAccessor.Current();
string key = GetTicketKey(serviceTicket);
if (context.Cache[key] != null) {
var result = context.Cache[key] as CasAuthenticationTicket;
return result;
}
if (!String.IsNullOrEmpty(FederatedKey) && !String.IsNullOrEmpty(ToolkitBaseUrl))
{
String Url = ToolkitBaseUrl + "/Federated/CasAuthTicket?Id=" + key;
var Response = HttpUtil.PerformFederatedHttpGet(Url, FederatedKey);
if (!String.IsNullOrEmpty(Response))
{
var Ticket = JsonConvert.DeserializeObject<CasFederatedModel>(Response);
if (Ticket == null)
return null;
var CasTicket = new CasAuthenticationTicket(Ticket.serviceTicket, Ticket.originatingServiceName, Ticket.clientHostAddress, Ticket.assertion, Ticket.attributes, DateTime.Now.AddDays(30));
InsertTicket(CasTicket, DateTime.Now.AddDays(30));
return CasTicket;
}
}
return null;
}
