/// <summary> /// Authenticates the given subject using the associated /// <see cref="LoginContext"/> and if the login succeed, creates and /// attach a cookie in the response, containg the token associated with /// the authenticated subject. /// </summary> /// <param name="subject"> /// The subject to be authenticated. /// </param> /// <param name="callback"> /// The <see cref="IAuthCallbackHandler"/> that should be called to /// retrieve the <paramref name="subject"/> authentication information. /// </param> /// <param name="context"> /// The <see cref="HttpContext"/> object that should be used to store /// the authenticated subject. /// </param> /// <remarks> /// The token of the authenticated subject is associated with the key /// <see cref="kTokenKey"/> on the <see cref="HttpContext.Items"/> /// collection of the <paramref name="context"/> object and the /// authenticated token is added to the associated /// <see cref="ICacheProvider"/> using the authentication token as a key. /// </remarks> public bool Authenticate(ISubject subject, IAuthCallbackHandler callback, HttpContext context) { AuthenticationToken token; return(Authenticate(subject, callback, context, out token)); }
bool Authenticate(ISubject subject, IAuthCallbackHandler callback, HttpContext context, out AuthenticationToken token) { if (context == null) { throw new ArgumentNullException("context"); } token = base.Authenticate(subject, callback); if (!token.Authenticated) { return(false); } var ticket = new FormsAuthenticationTicket(1, token.Token, DateTime.Now, DateTime.Now.AddMinutes(TokenExpiration.TotalMinutes), false, token.Token); string e_ticket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(kCookieName, e_ticket.AsBase64(Encoding.Default)); context.Items[kTokenKey] = token.Token; context.Response.SetCookie(cookie); return(true); }
public void SetUp() { callback_ = new NopAuthCallbackHandler(); shared_ = new Dictionary<string, string>(); options_ = new Dictionary<string, string>(); module_ = Mock.Create<ILoginModule>(); Mock .Arrange( () => module_.Login(Arg.IsAny<IAuthCallbackHandler>(), subject_)) .Returns(AuthenticationInfos.Sucessful()); Mock .Arrange(() => module_.Commit(Arg.IsAny<IAuthenticationInfo>())) .Returns(true); Mock .Arrange(() => module_.ControlFlag) .Returns(LoginModuleControlFlag.Required); subject_ = Mock.Create<ISubject>(); Mock .Arrange(() => subject_.Permissions) .Returns(new HashSet<IPermission>()); Mock .Arrange(() => subject_.Principals) .Returns(new HashSet<IPrincipal>()); }
public void SetUp() { callback_ = new NopAuthCallbackHandler(); shared_ = new Dictionary <string, string>(); options_ = new Dictionary <string, string>(); module_ = Mock.Create <ILoginModule>(); Mock .Arrange( () => module_.Login(Arg.IsAny <IAuthCallbackHandler>(), subject_)) .Returns(AuthenticationInfos.Sucessful()); Mock .Arrange(() => module_.Commit(Arg.IsAny <IAuthenticationInfo>())) .Returns(true); Mock .Arrange(() => module_.ControlFlag) .Returns(LoginModuleControlFlag.Required); subject_ = Mock.Create <ISubject>(); Mock .Arrange(() => subject_.Permissions) .Returns(new HashSet <IPermission>()); Mock .Arrange(() => subject_.Principals) .Returns(new HashSet <IPrincipal>()); }
/// <summary> /// Authenticates the given subject using the associated /// <see cref="LoginContext"/> and if the login succeed, creates and /// attach a cookie in the response, containg the token associated with /// the authenticated subject. /// </summary> /// <param name="subject"> /// The subject to be authenticated. /// </param> /// <param name="callback"> /// The <see cref="IAuthCallbackHandler"/> that should be called to /// retrieve the <paramref name="subject"/> authentication information. /// </param> /// <remarks> /// The token of the authenticated subject is associated with the key /// <see cref="kTokenKey"/> on the <see cref="HttpContext.Items"/> /// collection of the <see cref="HttpContext.Current"/> object and the /// authenticated token is added to the associated /// <see cref="ICacheProvider"/> using the authentication token as a key. /// </remarks> public override AuthenticationToken Authenticate(ISubject subject, IAuthCallbackHandler callback) { AuthenticationToken token; Authenticate(subject, callback, HttpContext.Current, out token); return(token); }
/// <summary> /// Authenticates a given subject using the given /// <see cref="IAuthCallbackHandler"/> and associate it with a token. /// </summary> /// <param name="subject"> /// The subject to be authenticated. /// </param> /// <param name="callback"> /// A <see cref="IAuthCallbackHandler"/> object that can be used to get /// authentication information for the user. /// </param> /// <returns> /// A <see cref="AuthenticationToken"/> object containing information /// about the success or failure of the authentication process. /// </returns> public virtual AuthenticationToken Authenticate(ISubject subject, IAuthCallbackHandler callback) { if (subject == null || callback == null) { throw new ArgumentNullException(callback == null ? "callback" : "context"); } if (!login_context_.Login(subject, callback)) { return(new AuthenticationToken(string.Empty, false)); } var token = Convert.ToBase64String(Guid.NewGuid().ToByteArray()); cache_.Add(token, subject, (long)TokenExpiration.TotalSeconds, TimeUnit.Seconds); return(new AuthenticationToken(token, true)); }
public void Init(Subject subject, IAuthCallbackHandler callback, IDictionary<string, object> sharedState, IDictionary<string, object> options) { }
/// <summary> /// Performs the authentication. /// </summary> /// <remarks> /// This method invokes the login method for each configured /// <see cref="ILoginModule"/>. /// Each <see cref="ILoginModule"/> then performs its respective type of /// authentication (username/password, smart card pin verification, etc.) /// <para> /// The method completes a 2-phase authentication process by calling each /// configured <see cref="ILoginModule.Commit"/> method if the overall /// authentication succeeded (the relevant Required, Requisite, Sufficient, /// and Optional <see cref="ILoginModule"/> succeeded, or by calling /// each configured <see cref="ILoginModule.Abort"/> method if the overall /// authentication failed. If the authentication succeeded, each successful /// <see cref="ILoginModule.Commit"/> method associates the relevant /// <see cref="IPermission"/> with the <see cref="AbstractSubject"/>. /// If authentication failed, each <see cref="ILoginModule.Abort"/> method /// removes/destroys any previous stored state. /// </para> /// <para> /// If the commit phase of the authentication process fails, then the /// overall authentication fails and this method invokes the abort method /// for each configured <see cref="ILoginModule"/>. /// </para> /// <para> /// If the abort method fails for any reason, the overall authentication /// fails. /// </para> /// <para> /// Note that if this method enters the abort phase (either the login or /// commit phase failed), this method invokes all <see cref="ILoginModule"/> /// configured for the application regardless of their respective /// configuration flag parameters. Essentially this means that required and /// sufficient semantics are ignored during the abort phase. This /// guarantees that proper cleanup and state restoration can take place. /// </para> /// </remarks> public bool Login(ISubject subject, IAuthCallbackHandler auth_callback_handler) { bool overall_login_succeeds = true; var shared = new Dictionary <string, object>(); var attempted_login_modules = new List <ModuleAuthInfo>(login_modules_.Count); foreach (ILoginModule login_module in login_modules_) { // A try/catch block is used here to ensure that the login method will // be called for each configured module (respecting the control flag // semantics). IAuthenticationInfo auth_info; try { auth_info = login_module.Login(auth_callback_handler, subject, shared); attempted_login_modules.Add( new ModuleAuthInfo(login_module, auth_info)); } catch (Exception ex) { MustLogger.ForCurrentProcess.Error(string.Format( StringResources.Log_MethodThrowsException, "login"), ex); auth_info = AuthenticationInfos.Failed(); } if (auth_info.Authenticated) { if (login_module.ControlFlag == LoginModuleControlFlag.Sufficient) { break; } } else { // The login has failed, if the failed module is "requisite" or // "required" the overall login should fail. if (login_module.ControlFlag == LoginModuleControlFlag.Requisite) { // If the failed module is "requisite" we need to stop procceding // down the login module list. overall_login_succeeds = false; break; } // If the failed module is "required", authentication should still // continues to proceed down the login module list. if (login_module.ControlFlag == LoginModuleControlFlag.Required) { overall_login_succeeds = false; } } } if (!overall_login_succeeds) { Abort(attempted_login_modules); return(false); } try { if (!Commit(attempted_login_modules)) { Abort(attempted_login_modules); return(false); } } catch (Exception e) { MustLogger.ForCurrentProcess.Debug(string.Format( StringResources.Log_ThrowsException, "commit"), e); } return(true); }
/// <summary> /// Performs the authentication. /// </summary> /// <remarks> /// This method invokes the login method for each configured /// <see cref="ILoginModule"/>. /// Each <see cref="ILoginModule"/> then performs its respective type of /// authentication (username/password, smart card pin verification, etc.) /// <para> /// The method completes a 2-phase authentication process by calling each /// configured <see cref="ILoginModule.Commit"/> method if the overall /// authentication succeeded (the relevant Required, Requisite, Sufficient, /// and Optional <see cref="ILoginModule"/> succeeded, or by calling /// each configured <see cref="ILoginModule.Abort"/> method if the overall /// authentication failed. If the authentication succeeded, each successful /// <see cref="ILoginModule.Commit"/> method associates the relevant /// <see cref="IPermission"/> with the <see cref="AbstractSubject"/>. /// If authentication failed, each <see cref="ILoginModule.Abort"/> method /// removes/destroys any previous stored state. /// </para> /// <para> /// If the commit phase of the authentication process fails, then the /// overall authentication fails and this method invokes the abort method /// for each configured <see cref="ILoginModule"/>. /// </para> /// <para> /// If the abort method fails for any reason, the overall authentication /// fails. /// </para> /// <para> /// Note that if this method enters the abort phase (either the login or /// commit phase failed), this method invokes all <see cref="ILoginModule"/> /// configured for the application regardless of their respective /// configuration flag parameters. Essentially this means that required and /// sufficient semantics are ignored during the abort phase. This /// guarantees that proper cleanup and state restoration can take place. /// </para> /// </remarks> public bool Login(ISubject subject, IAuthCallbackHandler auth_callback_handler) { bool overall_login_succeeds = true; var shared = new Dictionary<string, object>(); var attempted_login_modules = new List<ModuleAuthInfo>(login_modules_.Count); foreach (ILoginModule login_module in login_modules_) { // A try/catch block is used here to ensure that the login method will // be called for each configured module (respecting the control flag // semantics). IAuthenticationInfo auth_info; try { auth_info = login_module.Login(auth_callback_handler, subject, shared); attempted_login_modules.Add( new ModuleAuthInfo(login_module, auth_info)); } catch (Exception ex) { MustLogger.ForCurrentProcess.Error(string.Format( StringResources.Log_MethodThrowsException, "login"), ex); auth_info = AuthenticationInfos.Failed(); } if (auth_info.Authenticated) { if (login_module.ControlFlag == LoginModuleControlFlag.Sufficient) { break; } } else { // The login has failed, if the failed module is "requisite" or // "required" the overall login should fail. if (login_module.ControlFlag == LoginModuleControlFlag.Requisite) { // If the failed module is "requisite" we need to stop procceding // down the login module list. overall_login_succeeds = false; break; } // If the failed module is "required", authentication should still // continues to proceed down the login module list. if (login_module.ControlFlag == LoginModuleControlFlag.Required) { overall_login_succeeds = false; } } } if (!overall_login_succeeds) { Abort(attempted_login_modules); return false; } try { if (!Commit(attempted_login_modules)) { Abort(attempted_login_modules); return false; } } catch (Exception e) { MustLogger.ForCurrentProcess.Debug(string.Format( StringResources.Log_ThrowsException, "commit"), e); } return true; }
public void Init(Subject subject, IAuthCallbackHandler callback, IDictionary <string, object> sharedState, IDictionary <string, object> options) { }