private void HandleMicrosoftPassportAuthentication(AuthenticationContext filterContext)
{
HttpContextBase context = filterContext.HttpContext;
Microsoft.Passport.RPS.RPS myRps = (Microsoft.Passport.RPS.RPS)context.Application["globalRPS"];
string siteName = ConfigurationManager.AppSettings["SiteName"];
Microsoft.Passport.RPS.RPSHttpAuth httpAuth = new Microsoft.Passport.RPS.RPSHttpAuth(myRps);
RPSPropBag authPropBag = new RPSPropBag(myRps);
RPSDomainMap domainMap = new RPSDomainMap(myRps);
RPSServerConfig mainConfig = new RPSServerConfig(myRps);
RPSPropBag siteConfig = (RPSPropBag)mainConfig["Sites"];
RPSPropBag mySiteConfig = (RPSPropBag)siteConfig[siteName];
int siteID = Convert.ToInt32(mySiteConfig["SiteID"]);
var returnUrlBuilder = new UriBuilder(context.Request.Url);
returnUrlBuilder.Scheme = Uri.UriSchemeHttps;
returnUrlBuilder.Port = 443;
authPropBag["ReturnURL"] = returnUrlBuilder.ToString();
authPropBag["SiteID"] = siteID;
RPSTicket ticket = null;
try
{
ticket = httpAuth.Authenticate(siteName, HttpContext.Current.Request, authPropBag);
}
catch (Exception e)
{
ticket = null;
}
// Get the user's 'authState' to determine whether user is currently signed in.
uint authState = (uint)authPropBag["RPSAuthState"];
if (ticket == null)
{
//No RPSTicket found. Check for AuthState=2 (Maybe) state.
if (authState == 2)
{
// RPS Maybe state detected. Indicates that a ticket is present
// but cannot be read. Redirect to SilentAuth URL to obtain
// a fresh RPS Ticket. Write RPS response headers to write
// the Maybe state cookie to prevent looping.
string rpsHeaders = (string)authPropBag["RPSRespHeaders"];
if (rpsHeaders != "")
{
httpAuth.WriteHeaders(HttpContext.Current.Response, rpsHeaders);
}
string silentAuthUrl = domainMap.ConstructURL("SilentAuth", siteName, null, authPropBag);
HttpContext.Current.Response.Redirect(silentAuthUrl);
}
else
{
bool showSignIn = true;
bool isSecure = HttpContext.Current.Request.IsSecureConnection;
string signInHtml = httpAuth.LogoTag(showSignIn, isSecure, null, null, siteName, authPropBag);
LiveIdAuthResult result = new LiveIdAuthResult();
result.IsUserAuthenticated = false;
result.SignInHtmlLink = signInHtml;
context.Items["liveauthstate"] = result;
}
}
else
{
// RPS ticket found. Ensure ticket is valid (signature is valid
// and policy criteria such as time window and use of SSL are met).
bool isValid = ticket.Validate(authPropBag);
if (!isValid)
{
// RPS ticket exists, but is not valid. Refresh ticket by
// redirecting user to "Auth" URL. If appropriate Login Server
// cookies exist, ticket refresh will be transparent to the user.
HttpContext.Current.Response.Redirect(domainMap.ConstructURL("Auth", siteName, null, authPropBag));
}
else
{
//// RPS ticket exists and is valid. Show page with sign-out
//// button and user's NetID.
bool showSignIn = false;
bool isSecure = HttpContext.Current.Request.IsSecureConnection;
string signOutHtml = httpAuth.LogoTag(showSignIn, isSecure, null, null, siteName, authPropBag);
LiveIdAuthResult result = new LiveIdAuthResult();
result.IsUserAuthenticated = true;
result.SignOutHtmlLink = signOutHtml;
string puid = (string)ticket.Property["HexPUID"];
uint ticketType = ticket.TicketType;
string clearTicket = (string)ticket.Property["ClearTicket"];
System.UInt32 issueInstant = (System.UInt32)ticket.Property["IssueInstant"];
if (ticket != null & ticket.ProfileProperty["memberName"] != null)
{
string profileName = (string)ticket.ProfileProperty["memberName"];
string firstName = (string)ticket.ProfileProperty["firstname"];
string lastName = (string)ticket.ProfileProperty["lastname"];
string gender = (string)ticket.ProfileProperty["gender"];
DateTime?birthdate = (DateTime?)ticket.ProfileProperty["birthdate"];
string city = (string)ticket.ProfileProperty["city"];
int region = (int)ticket.ProfileProperty["region"];
string country = (string)ticket.ProfileProperty["country"];
string postalcode = (string)ticket.ProfileProperty["postalcode"];
string revipcountry = (string)ticket.ProfileProperty["revipcountry"];
Int32 myflags = myflags = (Int32)ticket.ProfileProperty["flags"];
bool f2bit = (myflags & 0x2) == 0x2; //Hotmail enabled
bool f4bit = (myflags & 0x4) == 0x4; // Mobile Subscriber
bool f5bit = (myflags & 0x10) == 0x10; // User is blocked
bool f10bit = (myflags & 0x200) == 0x200; //Mobile Subscriber
bool f11bit = (myflags & 0x400) == 0x400; //E-mail Address Verified
bool f12bit = (myflags & 0x800) == 0x800; //Primary MSNIA subscription
bool f13bit = (myflags & 0x1000) == 0x1000; //Mobile subscription
bool f14bit = (myflags & 0x2000) == 0x2000; //Hotmail Premium subscription
bool f16bit = (myflags & 0x8000) == 0x8000; //Managed domain
bool f17bit = (myflags & 0x10000) == 0x10000; //MSN subscription-no age-out
bool f18bit = (myflags & 0x20000) == 0x20000; //Secondary MSNIA subscription
bool f19bit = (myflags & 0x40000) == 0x40000; //Verizon user
bool f20bit = (myflags & 0x80000) == 0x80000; //MSN Direct subscription
bool f21bit = (myflags & 0x100000) == 0x100000; //User does not age out
bool f22bit = (myflags & 0x200000) == 0x200000; //HIP challenge not required
bool f30bit = (myflags & 0x20000000) == 0x20000000; //WLTOU Not accepted
// Get RPS response headers from authPropBag and write to response stream
string rpsHeaders = (string)authPropBag["RPSRespHeaders"];
if (rpsHeaders != "")
{
httpAuth.WriteHeaders(HttpContext.Current.Response, rpsHeaders);
result.RpsHeaders = rpsHeaders;
}
result.ProfileName = firstName + " " + lastName;
}
result.Anid = TokenHelper.ConvertPuidToAnid(puid);
context.Items["liveauthstate"] = result;
filterContext.Principal = TokenHelper.GetClaimsPrincipal(result.Anid, result.ProfileName, "custompassportauth", puid);
string data = WriteAuthDataToAuthCookie(puid, result.ProfileName, null);
context.Items["backendtoken"] = data;
// Convert Post to Get
var query = new NameValueCollection(context.Request.QueryString);
var wa = query["wa"];
if (string.Compare(wa, "wsignin1.0", true) == 0)
{
query.Remove("wa");
UriBuilder builder = new UriBuilder(context.Request.Url);
builder.Query = ConvertToQueryString(query);
filterContext.HttpContext.Response.Redirect(builder.ToString());
}
}
}
}
