private static bool IsCertificatValid(X509Certificate2 Certificate, ClientCertificateInHeaderCollection clientCertificationCollection) { if (Certificate == null) { return(false); } // 1. Check time validity of certificate if (DateTime.Compare(DateTime.Now, Certificate.NotBefore) < 0 || DateTime.Compare(DateTime.Now, Certificate.NotAfter) > 0) { return(false); } bool isValid = true; foreach (ValidationCollection validationCollection in clientCertificationCollection.OfType <ValidationCollection>()) { isValid = false; //reset to false if bad member. bool validation_rejected = false; foreach (KeyValueElement keyValue in validationCollection) { string value = GetCertificatValue(Certificate, keyValue.Key); if (value != keyValue.Value) { validation_rejected = true; break; } } if (!validation_rejected) { isValid = true; break; } } return(isValid); }
public static TUserInfo PrepareUserInfo() { /* * var tests= BIASettingsReader.BIANetSection?.Authentication?.Tests; * foreach(HeterogeneousConfigurationElementBase test in tests) * { * if (test is Test1Element) * { * string toto = ((Test1Element)test).KeyTest1; * } * if (test is Test2Element) * { * string toto = ((Test2Element)test).KeyTest2; * } * }*/ TUserInfo user = new TUserInfo(); string cachingParameter = BIASettingsReader.BIANetSection?.Authentication?.Parameters?.Caching; bool manageSession = false; if (cachingParameter == "Session") { HttpSessionState Session = HttpContext.Current.Session; if (Session != null) { manageSession = true; if (Session[AuthenticationConstants.SessionUserInfo] != null) { AUserInfo <TUserProperties> .UserInfoContainer container = (AUserInfo <TUserProperties> .UserInfoContainer)Session[AuthenticationConstants.SessionUserInfo]; user.userInfoContainer = container; CheckInfoToRefresh(user); } else { Session[AuthenticationConstants.SessionUserInfo] = user.userInfoContainer; } } } IPrincipal principal = HttpContext.Current.User; user.Identity = (WindowsIdentity)principal.Identity; if (!user.Identity.IsAuthenticated) { ClientCertificateInHeaderCollection clientCertificateInHeader = BIASettingsReader.BIANetSection?.Authentication?.Identities?.OfType <ClientCertificateInHeaderCollection>().FirstOrDefault(); if (clientCertificateInHeader != null && !user.Identity.IsAuthenticated) { NameValueCollection headers = HttpContext.Current.Request.Headers; string certHeader = headers[clientCertificateInHeader.Key]; if (!String.IsNullOrEmpty(certHeader)) { try { byte[] clientCertBytes = Convert.FromBase64String(certHeader); X509Certificate2 Certificate = new X509Certificate2(clientCertBytes); if (Certificate != null) { if (IsCertificatValid(Certificate, clientCertificateInHeader)) { user.Identity = new WindowsIdentity(GetCertificatValue(Certificate, clientCertificateInHeader.WindowsIdentity)); } } } catch (Exception ex) { TraceManager.Error("Error when analyse certificat.", ex); } } else { certHeader = ""; } } } /* * if (((user.Identity == null || user.Identity.IsAuthenticated==false) && (windowsIdentity != null && windowsIdentity.IsAuthenticated)) || (user.Certificate == null && certificat != null)) * { * if (retrivedFromSession) * { * user = new TUserInfo(); * HttpContext.Current.Session[AuthenticationConstants.SessionUserInfo] = user.userInfoContainer; * } * user.Identity = windowsIdentity; * user.Certificate = certificat; * } * if (user.Identity == null) user.Identity = windowsIdentity;*/ /*if (retrivedFromSession && user.Identity.IsAuthenticated && user.Login == null) * { * user.userInfoContainer.identitiesShouldBeRefreshed = true; * }*/ user.FinalizePreparation(); if (manageSession && (user.Login == null)) { HttpContext.Current.Session[AuthenticationConstants.SessionUserInfo] = null; } return(user); }