private static bool IsCertificatValid(X509Certificate2 Certificate, ClientCertificateInHeaderCollection clientCertificationCollection)
{
if (Certificate == null)
{
return(false);
}
// 1. Check time validity of certificate
if (DateTime.Compare(DateTime.Now, Certificate.NotBefore) < 0 || DateTime.Compare(DateTime.Now, Certificate.NotAfter) > 0)
{
return(false);
}
bool isValid = true;
foreach (ValidationCollection validationCollection in clientCertificationCollection.OfType <ValidationCollection>())
{
isValid = false; //reset to false if bad member.
bool validation_rejected = false;
foreach (KeyValueElement keyValue in validationCollection)
{
string value = GetCertificatValue(Certificate, keyValue.Key);
if (value != keyValue.Value)
{
validation_rejected = true;
break;
}
}
if (!validation_rejected)
{
isValid = true;
break;
}
}
return(isValid);
}
public static TUserInfo PrepareUserInfo()
{
/*
* var tests= BIASettingsReader.BIANetSection?.Authentication?.Tests;
* foreach(HeterogeneousConfigurationElementBase test in tests)
* {
* if (test is Test1Element)
* {
* string toto = ((Test1Element)test).KeyTest1;
* }
* if (test is Test2Element)
* {
* string toto = ((Test2Element)test).KeyTest2;
* }
* }*/
TUserInfo user = new TUserInfo();
string cachingParameter = BIASettingsReader.BIANetSection?.Authentication?.Parameters?.Caching;
bool manageSession = false;
if (cachingParameter == "Session")
{
HttpSessionState Session = HttpContext.Current.Session;
if (Session != null)
{
manageSession = true;
if (Session[AuthenticationConstants.SessionUserInfo] != null)
{
AUserInfo <TUserProperties> .UserInfoContainer container = (AUserInfo <TUserProperties> .UserInfoContainer)Session[AuthenticationConstants.SessionUserInfo];
user.userInfoContainer = container;
CheckInfoToRefresh(user);
}
else
{
Session[AuthenticationConstants.SessionUserInfo] = user.userInfoContainer;
}
}
}
IPrincipal principal = HttpContext.Current.User;
user.Identity = (WindowsIdentity)principal.Identity;
if (!user.Identity.IsAuthenticated)
{
ClientCertificateInHeaderCollection clientCertificateInHeader = BIASettingsReader.BIANetSection?.Authentication?.Identities?.OfType <ClientCertificateInHeaderCollection>().FirstOrDefault();
if (clientCertificateInHeader != null && !user.Identity.IsAuthenticated)
{
NameValueCollection headers = HttpContext.Current.Request.Headers;
string certHeader = headers[clientCertificateInHeader.Key];
if (!String.IsNullOrEmpty(certHeader))
{
try
{
byte[] clientCertBytes = Convert.FromBase64String(certHeader);
X509Certificate2 Certificate = new X509Certificate2(clientCertBytes);
if (Certificate != null)
{
if (IsCertificatValid(Certificate, clientCertificateInHeader))
{
user.Identity = new WindowsIdentity(GetCertificatValue(Certificate, clientCertificateInHeader.WindowsIdentity));
}
}
}
catch (Exception ex)
{
TraceManager.Error("Error when analyse certificat.", ex);
}
}
else
{
certHeader = "";
}
}
}
/*
* if (((user.Identity == null || user.Identity.IsAuthenticated==false) && (windowsIdentity != null && windowsIdentity.IsAuthenticated)) || (user.Certificate == null && certificat != null))
* {
* if (retrivedFromSession)
* {
* user = new TUserInfo();
* HttpContext.Current.Session[AuthenticationConstants.SessionUserInfo] = user.userInfoContainer;
* }
* user.Identity = windowsIdentity;
* user.Certificate = certificat;
* }
* if (user.Identity == null) user.Identity = windowsIdentity;*/
/*if (retrivedFromSession && user.Identity.IsAuthenticated && user.Login == null)
* {
* user.userInfoContainer.identitiesShouldBeRefreshed = true;
* }*/
user.FinalizePreparation();
if (manageSession && (user.Login == null))
{
HttpContext.Current.Session[AuthenticationConstants.SessionUserInfo] = null;
}
return(user);
}
