/// <summary>
/// Authenticates the given subject using the associated
/// <see cref="LoginContext"/> and if the login succeed, creates and
/// attach a cookie in the response, containg the token associated with
/// the authenticated subject.
/// </summary>
/// <param name="subject">
/// The subject to be authenticated.
/// </param>
/// <param name="callback">
/// The <see cref="IAuthCallbackHandler"/> that should be called to
/// retrieve the <paramref name="subject"/> authentication information.
/// </param>
/// <param name="context">
/// The <see cref="HttpContext"/> object that should be used to store
/// the authenticated subject.
/// </param>
/// <remarks>
/// The token of the authenticated subject is associated with the key
/// <see cref="kTokenKey"/> on the <see cref="HttpContext.Items"/>
/// collection of the <paramref name="context"/> object and the
/// authenticated token is added to the associated
/// <see cref="ICacheProvider"/> using the authentication token as a key.
/// </remarks>
public bool Authenticate(ISubject subject, IAuthCallbackHandler callback,
HttpContext context)
{
AuthenticationToken token;
return(Authenticate(subject, callback, context, out token));
}
bool Authenticate(ISubject subject, IAuthCallbackHandler callback,
HttpContext context, out AuthenticationToken token)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
token = base.Authenticate(subject, callback);
if (!token.Authenticated)
{
return(false);
}
var ticket = new FormsAuthenticationTicket(1, token.Token, DateTime.Now,
DateTime.Now.AddMinutes(TokenExpiration.TotalMinutes), false,
token.Token);
string e_ticket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(kCookieName,
e_ticket.AsBase64(Encoding.Default));
context.Items[kTokenKey] = token.Token;
context.Response.SetCookie(cookie);
return(true);
}
public void SetUp() {
callback_ = new NopAuthCallbackHandler();
shared_ = new Dictionary<string, string>();
options_ = new Dictionary<string, string>();
module_ = Mock.Create<ILoginModule>();
Mock
.Arrange(
() => module_.Login(Arg.IsAny<IAuthCallbackHandler>(), subject_))
.Returns(AuthenticationInfos.Sucessful());
Mock
.Arrange(() => module_.Commit(Arg.IsAny<IAuthenticationInfo>()))
.Returns(true);
Mock
.Arrange(() => module_.ControlFlag)
.Returns(LoginModuleControlFlag.Required);
subject_ = Mock.Create<ISubject>();
Mock
.Arrange(() => subject_.Permissions)
.Returns(new HashSet<IPermission>());
Mock
.Arrange(() => subject_.Principals)
.Returns(new HashSet<IPrincipal>());
}
public void SetUp()
{
callback_ = new NopAuthCallbackHandler();
shared_ = new Dictionary <string, string>();
options_ = new Dictionary <string, string>();
module_ = Mock.Create <ILoginModule>();
Mock
.Arrange(
() => module_.Login(Arg.IsAny <IAuthCallbackHandler>(), subject_))
.Returns(AuthenticationInfos.Sucessful());
Mock
.Arrange(() => module_.Commit(Arg.IsAny <IAuthenticationInfo>()))
.Returns(true);
Mock
.Arrange(() => module_.ControlFlag)
.Returns(LoginModuleControlFlag.Required);
subject_ = Mock.Create <ISubject>();
Mock
.Arrange(() => subject_.Permissions)
.Returns(new HashSet <IPermission>());
Mock
.Arrange(() => subject_.Principals)
.Returns(new HashSet <IPrincipal>());
}
/// <summary>
/// Authenticates the given subject using the associated
/// <see cref="LoginContext"/> and if the login succeed, creates and
/// attach a cookie in the response, containg the token associated with
/// the authenticated subject.
/// </summary>
/// <param name="subject">
/// The subject to be authenticated.
/// </param>
/// <param name="callback">
/// The <see cref="IAuthCallbackHandler"/> that should be called to
/// retrieve the <paramref name="subject"/> authentication information.
/// </param>
/// <remarks>
/// The token of the authenticated subject is associated with the key
/// <see cref="kTokenKey"/> on the <see cref="HttpContext.Items"/>
/// collection of the <see cref="HttpContext.Current"/> object and the
/// authenticated token is added to the associated
/// <see cref="ICacheProvider"/> using the authentication token as a key.
/// </remarks>
public override AuthenticationToken Authenticate(ISubject subject,
IAuthCallbackHandler callback)
{
AuthenticationToken token;
Authenticate(subject, callback, HttpContext.Current, out token);
return(token);
}
/// <summary>
/// Authenticates a given subject using the given
/// <see cref="IAuthCallbackHandler"/> and associate it with a token.
/// </summary>
/// <param name="subject">
/// The subject to be authenticated.
/// </param>
/// <param name="callback">
/// A <see cref="IAuthCallbackHandler"/> object that can be used to get
/// authentication information for the user.
/// </param>
/// <returns>
/// A <see cref="AuthenticationToken"/> object containing information
/// about the success or failure of the authentication process.
/// </returns>
public virtual AuthenticationToken Authenticate(ISubject subject,
IAuthCallbackHandler callback)
{
if (subject == null || callback == null)
{
throw new ArgumentNullException(callback == null
? "callback"
: "context");
}
if (!login_context_.Login(subject, callback))
{
return(new AuthenticationToken(string.Empty, false));
}
var token = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
cache_.Add(token, subject, (long)TokenExpiration.TotalSeconds,
TimeUnit.Seconds);
return(new AuthenticationToken(token, true));
}
public void Init(Subject subject, IAuthCallbackHandler callback, IDictionary<string, object> sharedState, IDictionary<string, object> options) {
}
/// <summary>
/// Performs the authentication.
/// </summary>
/// <remarks>
/// This method invokes the login method for each configured
/// <see cref="ILoginModule"/>.
/// Each <see cref="ILoginModule"/> then performs its respective type of
/// authentication (username/password, smart card pin verification, etc.)
/// <para>
/// The method completes a 2-phase authentication process by calling each
/// configured <see cref="ILoginModule.Commit"/> method if the overall
/// authentication succeeded (the relevant Required, Requisite, Sufficient,
/// and Optional <see cref="ILoginModule"/> succeeded, or by calling
/// each configured <see cref="ILoginModule.Abort"/> method if the overall
/// authentication failed. If the authentication succeeded, each successful
/// <see cref="ILoginModule.Commit"/> method associates the relevant
/// <see cref="IPermission"/> with the <see cref="AbstractSubject"/>.
/// If authentication failed, each <see cref="ILoginModule.Abort"/> method
/// removes/destroys any previous stored state.
/// </para>
/// <para>
/// If the commit phase of the authentication process fails, then the
/// overall authentication fails and this method invokes the abort method
/// for each configured <see cref="ILoginModule"/>.
/// </para>
/// <para>
/// If the abort method fails for any reason, the overall authentication
/// fails.
/// </para>
/// <para>
/// Note that if this method enters the abort phase (either the login or
/// commit phase failed), this method invokes all <see cref="ILoginModule"/>
/// configured for the application regardless of their respective
/// configuration flag parameters. Essentially this means that required and
/// sufficient semantics are ignored during the abort phase. This
/// guarantees that proper cleanup and state restoration can take place.
/// </para>
/// </remarks>
public bool Login(ISubject subject,
IAuthCallbackHandler auth_callback_handler)
{
bool overall_login_succeeds = true;
var shared = new Dictionary <string, object>();
var attempted_login_modules =
new List <ModuleAuthInfo>(login_modules_.Count);
foreach (ILoginModule login_module in login_modules_)
{
// A try/catch block is used here to ensure that the login method will
// be called for each configured module (respecting the control flag
// semantics).
IAuthenticationInfo auth_info;
try {
auth_info = login_module.Login(auth_callback_handler, subject, shared);
attempted_login_modules.Add(
new ModuleAuthInfo(login_module, auth_info));
} catch (Exception ex) {
MustLogger.ForCurrentProcess.Error(string.Format(
StringResources.Log_MethodThrowsException, "login"), ex);
auth_info = AuthenticationInfos.Failed();
}
if (auth_info.Authenticated)
{
if (login_module.ControlFlag == LoginModuleControlFlag.Sufficient)
{
break;
}
}
else
{
// The login has failed, if the failed module is "requisite" or
// "required" the overall login should fail.
if (login_module.ControlFlag == LoginModuleControlFlag.Requisite)
{
// If the failed module is "requisite" we need to stop procceding
// down the login module list.
overall_login_succeeds = false;
break;
}
// If the failed module is "required", authentication should still
// continues to proceed down the login module list.
if (login_module.ControlFlag == LoginModuleControlFlag.Required)
{
overall_login_succeeds = false;
}
}
}
if (!overall_login_succeeds)
{
Abort(attempted_login_modules);
return(false);
}
try {
if (!Commit(attempted_login_modules))
{
Abort(attempted_login_modules);
return(false);
}
} catch (Exception e) {
MustLogger.ForCurrentProcess.Debug(string.Format(
StringResources.Log_ThrowsException, "commit"), e);
}
return(true);
}
/// <summary>
/// Performs the authentication.
/// </summary>
/// <remarks>
/// This method invokes the login method for each configured
/// <see cref="ILoginModule"/>.
/// Each <see cref="ILoginModule"/> then performs its respective type of
/// authentication (username/password, smart card pin verification, etc.)
/// <para>
/// The method completes a 2-phase authentication process by calling each
/// configured <see cref="ILoginModule.Commit"/> method if the overall
/// authentication succeeded (the relevant Required, Requisite, Sufficient,
/// and Optional <see cref="ILoginModule"/> succeeded, or by calling
/// each configured <see cref="ILoginModule.Abort"/> method if the overall
/// authentication failed. If the authentication succeeded, each successful
/// <see cref="ILoginModule.Commit"/> method associates the relevant
/// <see cref="IPermission"/> with the <see cref="AbstractSubject"/>.
/// If authentication failed, each <see cref="ILoginModule.Abort"/> method
/// removes/destroys any previous stored state.
/// </para>
/// <para>
/// If the commit phase of the authentication process fails, then the
/// overall authentication fails and this method invokes the abort method
/// for each configured <see cref="ILoginModule"/>.
/// </para>
/// <para>
/// If the abort method fails for any reason, the overall authentication
/// fails.
/// </para>
/// <para>
/// Note that if this method enters the abort phase (either the login or
/// commit phase failed), this method invokes all <see cref="ILoginModule"/>
/// configured for the application regardless of their respective
/// configuration flag parameters. Essentially this means that required and
/// sufficient semantics are ignored during the abort phase. This
/// guarantees that proper cleanup and state restoration can take place.
/// </para>
/// </remarks>
public bool Login(ISubject subject,
IAuthCallbackHandler auth_callback_handler) {
bool overall_login_succeeds = true;
var shared = new Dictionary<string, object>();
var attempted_login_modules =
new List<ModuleAuthInfo>(login_modules_.Count);
foreach (ILoginModule login_module in login_modules_) {
// A try/catch block is used here to ensure that the login method will
// be called for each configured module (respecting the control flag
// semantics).
IAuthenticationInfo auth_info;
try {
auth_info = login_module.Login(auth_callback_handler, subject, shared);
attempted_login_modules.Add(
new ModuleAuthInfo(login_module, auth_info));
} catch (Exception ex) {
MustLogger.ForCurrentProcess.Error(string.Format(
StringResources.Log_MethodThrowsException, "login"), ex);
auth_info = AuthenticationInfos.Failed();
}
if (auth_info.Authenticated) {
if (login_module.ControlFlag == LoginModuleControlFlag.Sufficient) {
break;
}
} else {
// The login has failed, if the failed module is "requisite" or
// "required" the overall login should fail.
if (login_module.ControlFlag == LoginModuleControlFlag.Requisite) {
// If the failed module is "requisite" we need to stop procceding
// down the login module list.
overall_login_succeeds = false;
break;
}
// If the failed module is "required", authentication should still
// continues to proceed down the login module list.
if (login_module.ControlFlag == LoginModuleControlFlag.Required) {
overall_login_succeeds = false;
}
}
}
if (!overall_login_succeeds) {
Abort(attempted_login_modules);
return false;
}
try {
if (!Commit(attempted_login_modules)) {
Abort(attempted_login_modules);
return false;
}
} catch (Exception e) {
MustLogger.ForCurrentProcess.Debug(string.Format(
StringResources.Log_ThrowsException, "commit"), e);
}
return true;
}
public void Init(Subject subject, IAuthCallbackHandler callback, IDictionary <string, object> sharedState, IDictionary <string, object> options)
{
}
