public virtual SecurityMessageProperty ProcessAuthentication(IHttpAuthenticationContext authenticationContext) { SecurityMessageProperty property; if (!this.IsAuthenticationRequired) { return(null); } try { property = this.ProcessAuthentication(authenticationContext.LogonUserIdentity, this.GetAuthType(authenticationContext)); } catch (Exception exception) { if (Fx.IsFatal(exception)) { throw; } if (AuditLevel.Failure == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure)) { this.WriteAuditEvent(AuditLevel.Failure, (authenticationContext.LogonUserIdentity != null) ? authenticationContext.LogonUserIdentity.Name : string.Empty, exception); } throw; } if (AuditLevel.Success == (base.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Success)) { this.WriteAuditEvent(AuditLevel.Success, (authenticationContext.LogonUserIdentity != null) ? authenticationContext.LogonUserIdentity.Name : string.Empty, null); } return(property); }
private string GetAuthType(IHttpAuthenticationContext authenticationContext) { string authenticationType = null; if (authenticationContext.LogonUserIdentity != null) { authenticationType = authenticationContext.LogonUserIdentity.AuthenticationType; } return(authenticationType); }
public virtual HttpStatusCode ValidateAuthentication(IHttpAuthenticationContext authenticationContext) { HttpStatusCode oK = HttpStatusCode.OK; if (this.IsAuthenticationRequired) { string authType = this.GetAuthType(authenticationContext); oK = this.ValidateAuthentication(authType); } if (((oK == HttpStatusCode.OK) && (this.ExtendedProtectionPolicy.PolicyEnforcement == PolicyEnforcement.Always)) && !authenticationContext.IISSupportsExtendedProtection) { Exception exception = DiagnosticUtility.ExceptionUtility.ThrowHelperError(new PlatformNotSupportedException(System.ServiceModel.SR.GetString("ExtendedProtectionNotSupported"))); this.WriteAuditEvent(AuditLevel.Failure, string.Empty, exception); oK = HttpStatusCode.Unauthorized; } return(oK); }
public override HttpStatusCode ValidateAuthentication(IHttpAuthenticationContext authenticationContext) { HttpStatusCode result = base.ValidateAuthentication(authenticationContext); if (result == HttpStatusCode.OK) { if (this.shouldValidateClientCertificate) { bool isValidCertificate; X509Certificate2 clientCertificate = authenticationContext.GetClientCertificate(out isValidCertificate); if (clientCertificate == null) { if (this.RequireClientCertificate) { if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, TraceCode.HttpsClientCertificateNotPresent, SR.GetString(SR.TraceCodeHttpsClientCertificateNotPresent), authenticationContext.CreateTraceRecord(), this, null); } result = CertificateErrorStatusCode; } } else if (!isValidCertificate && !this.useCustomClientCertificateVerification) { if (DiagnosticUtility.ShouldTraceError) { TraceUtility.TraceEvent(TraceEventType.Error, TraceCode.HttpsClientCertificateInvalid, SR.GetString(SR.TraceCodeHttpsClientCertificateInvalid), authenticationContext.CreateTraceRecord(), this, null); } result = CertificateErrorStatusCode; } // Audit Authentication failure if (result != HttpStatusCode.OK && (AuditLevel.Failure == (this.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure))) { string message = SR.GetString(SR.HttpAuthenticationFailed, this.AuthenticationScheme, result); Exception exception = DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(message)); WriteAuditEvent(AuditLevel.Failure, (clientCertificate != null) ? SecurityUtils.GetCertificateId(clientCertificate) : String.Empty, exception); } } } return(result); }
public override SecurityMessageProperty ProcessAuthentication(IHttpAuthenticationContext authenticationContext) { if (this.shouldValidateClientCertificate) { SecurityMessageProperty retValue; X509Certificate2 certificate = null; try { bool isCertificateValid; certificate = authenticationContext.GetClientCertificate(out isCertificateValid); Fx.Assert(!this.requireClientCertificate || certificate != null, "ClientCertificate must be present"); if (certificate != null) { if (!this.useCustomClientCertificateVerification) { Fx.Assert(isCertificateValid, "ClientCertificate must be valid"); } WindowsIdentity identity = null; string authType = base.GetAuthType(authenticationContext); if (this.useHostedClientCertificateMapping) { identity = authenticationContext.LogonUserIdentity; if (identity == null || !identity.IsAuthenticated) { identity = WindowsIdentity.GetAnonymous(); } else { // it is not recommended to call identity.AuthenticationType as this is a privileged instruction. // when the identity is cloned, it will be created with an authtype indicating WindowsIdentity from a cert. identity = SecurityUtils.CloneWindowsIdentityIfNecessary(identity, SecurityUtils.AuthTypeCertMap); authType = SecurityUtils.AuthTypeCertMap; } } retValue = CreateSecurityProperty(certificate, identity, authType); } else if (this.AuthenticationScheme == AuthenticationSchemes.Anonymous) { return(new SecurityMessageProperty()); } else { return(base.ProcessAuthentication(authenticationContext)); } } #pragma warning suppress 56500 // covered by FXCop catch (Exception exception) { if (Fx.IsFatal(exception)) { throw; } // Audit Authentication failure if (AuditLevel.Failure == (this.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Failure)) { WriteAuditEvent(AuditLevel.Failure, (certificate != null) ? SecurityUtils.GetCertificateId(certificate) : String.Empty, exception); } throw; } // Audit Authentication success if (AuditLevel.Success == (this.AuditBehavior.MessageAuthenticationAuditLevel & AuditLevel.Success)) { WriteAuditEvent(AuditLevel.Success, (certificate != null) ? SecurityUtils.GetCertificateId(certificate) : String.Empty, null); } return(retValue); } else if (this.AuthenticationScheme == AuthenticationSchemes.Anonymous) { return(new SecurityMessageProperty()); } else { return(base.ProcessAuthentication(authenticationContext)); } }