public static Boolean CheckAndPunchTicket(HttpContext httpContext, String ServiceURL, String ticketKey, out ServiceUser t) { try { t = null; String[] parts = ticketKey.Split(new char[] { '-' }, StringSplitOptions.RemoveEmptyEntries); if (parts.Length != 4) { return false; } if (!String.Equals(parts[0], "TRUST")) { return false; } DateTime dateTimeCheck = DateTime.Now; if (!DateTime.TryParseExact(parts[1], "MMddyyyyHHmmss", System.Globalization.DateTimeFormatInfo.CurrentInfo, System.Globalization.DateTimeStyles.None, out dateTimeCheck) || dateTimeCheck.AddMinutes(1.0) < DateTime.Now) { return false; } if (String.IsNullOrWhiteSpace(parts[2]) || parts[2].Length != 21) { return false; } if (!String.Equals(parts[3], "ticket")) { return false; } // load ticket from context cache ServiceUser ticket = httpContext.Cache.Get(ticketKey) as ServiceUser; if (ticket == null) { return false; } if (!String.Equals(ticket.serviceURL, ServiceURL)) { return false; } // return ticket data t = ticket; return true; } finally { Conductor.PunchTicket(httpContext, ticketKey); } }
public static String IssueTicket(HttpContext httpContext, ServiceUser serviceUser) { // create 120 bit random data Byte[] rdata = new Byte[15]; Random random = new Random(Convert.ToInt32(DateTime.Now.Ticks % Int32.MaxValue)); random.NextBytes(rdata); // convert random data to an URL save token of 20 characters length String TicketToken = HttpServerUtility.UrlTokenEncode(rdata); // build the ticket Key String TicketKey = "TRUST-" + DateTime.Now.ToString("MMddyyyyHHmmss") + "-" + TicketToken + "-ticket"; // store ticket in context cache httpContext.Cache.Add(TicketKey, serviceUser, null, DateTime.Now.AddMinutes(1.0), Cache.NoSlidingExpiration, CacheItemPriority.Normal, null); return TicketKey; }
protected void Page_Load(Object sender, EventArgs e) { this.usernameValidation.Visible = false; this.passphraseValidation.Visible = false; this.LoginValidationSummary.Visible = false; this.LoginValidationSummary.Text = String.Empty; if (!String.Equals(this.Request.HttpMethod, "post", StringComparison.InvariantCultureIgnoreCase)) { return; } if (this.Page.IsPostBack) { if (!Regex.IsMatch(this.Request.Form["anonym"], "^[a-zA-Z.0-9]{5,20}$")) { this.usernameValidation.Visible = true; this.LoginValidationSummary.Visible = true; this.LoginValidationSummary.Text = "Username must be 5-20 alphanumeric characters."; } if (!Regex.IsMatch(this.Request.Form["plainText1"], "^[a-zA-Z.0-9]{3,7}$") || !Regex.IsMatch(this.Request.Form["plainText2"], "^[a-zA-Z.0-9]{3,7}$") || !Regex.IsMatch(this.Request.Form["plainText3"], "^[a-zA-Z.0-9]{3,7}$") || !Regex.IsMatch(this.Request.Form["plainText4"], "^[a-zA-Z.0-9]{3,7}$")) { this.passphraseValidation.Visible = true; this.LoginValidationSummary.Visible = true; this.LoginValidationSummary.Text += (!String.IsNullOrWhiteSpace(this.LoginValidationSummary.Text) ? "<br/>" : String.Empty) + "Each passphrase word must be 3-7 alphanumeric characters."; } if (!LoginValidationSummary.Visible) { if (UserAuthenticator.Authenticate(this.Request.Form["anonym"], this.Request.Form["plainText1"], this.Request.Form["plainText2"], this.Request.Form["plainText3"], this.Request.Form["plainText4"])) { this.TrustSignin(this.Request.Form["anonym"]); } else { this.LoginValidationSummary.Visible = true; this.LoginValidationSummary.Text += (!String.IsNullOrWhiteSpace(this.LoginValidationSummary.Text) ? "<br/>" : String.Empty) + "Could not validate username and/or passphrase."; } } } if (System.Web.HttpContext.Current.User.Identity != null && System.Web.HttpContext.Current.User.Identity.IsAuthenticated && System.Web.HttpContext.Current.User.Identity.AuthenticationType == "Forms") { String upn = System.Web.HttpContext.Current.User.Identity.Name; if (!String.IsNullOrWhiteSpace(upn)) { String service = Request.QueryString["service"]; if (!String.IsNullOrWhiteSpace(service)) { Uri serviceHostChecker = null; Uri.TryCreate(service, UriKind.RelativeOrAbsolute, out serviceHostChecker); if (serviceHostChecker != null && serviceHostChecker.IsAbsoluteUri && ServiceHosts.whiteList.Contains(serviceHostChecker.Host)) { // as an aside, check sign out rules ServiceUser _user = new ServiceUser(service, upn); String ticketKey = Conductor.IssueTicket(this.Context, _user); String returnServiceUrl = service + (!service.Contains('?') ? "?ticket=" + ticketKey : "&ticket=" + ticketKey); this.Response.Redirect(returnServiceUrl, false); this.Context.ApplicationInstance.CompleteRequest(); } } } } }