public bool Authenticate(HttpApplication application, bool basicAuthenticated, bool anonymAuthenticated) { var context = AuthenticationHelper.GetContext(application); //HttpContext.Current; var request = AuthenticationHelper.GetRequest(application); bool headerMark, uriMark; string actionHeader, uri, accessHeadAndPayload; if (IsTokenAuthenticationRequested(request, out headerMark, out uriMark, out actionHeader, out uri, out accessHeadAndPayload)) { if (basicAuthenticated && anonymAuthenticated) { SnLog.WriteException(new UnauthorizedAccessException("Invalid user.")); context.Response.StatusCode = HttpResponseStatusCode.Unauthorized; context.Response.Flush(); if (application?.Context != null) { application.CompleteRequest(); } } else { TokenAuthenticate(basicAuthenticated, headerMark, uriMark, actionHeader, uri, accessHeadAndPayload, context, application); } return(true); } return(false); }
public void OnAuthenticateRequest(object sender, EventArgs e) { var application = sender as HttpApplication; var context = AuthenticationHelper.GetContext(sender); //HttpContext.Current; var basicAuthenticated = DispatchBasicAuthentication(context, out var anonymAuthenticated); var tokenAuthentication = new TokenAuthentication(); var tokenAuthenticated = tokenAuthentication.Authenticate(application, basicAuthenticated, anonymAuthenticated); if (!tokenAuthenticated) { tokenAuthenticated = OAuthManager.Instance.Authenticate(application, tokenAuthentication); } // if it is a simple basic authentication case or authenticated with a token if (basicAuthenticated || tokenAuthenticated) { return; } string authenticationType = null; string repositoryPath = string.Empty; // Get the current PortalContext var currentPortalContext = PortalContext.Current; if (currentPortalContext != null) { authenticationType = currentPortalContext.AuthenticationMode; } // default authentication mode if (string.IsNullOrEmpty(authenticationType)) { authenticationType = WebApplication.DefaultAuthenticationMode; } // if no site auth mode, no web.config default, then exception... if (string.IsNullOrEmpty(authenticationType)) { throw new ApplicationException( "The engine could not determine the authentication mode for this request. This request does not belong to a site, and there was no default authentication mode set in the web.config."); } switch (authenticationType) { case "Windows": EmulateWindowsAuthentication(application); SetApplicationUser(application, authenticationType); break; case "Forms": application.Context.User = null; CallInternalOnEnter(sender, e); SetApplicationUser(application, authenticationType); break; case "None": // "None" authentication: set the Visitor Identity application.Context.User = new PortalPrincipal(User.Visitor); break; default: Site site = null; var problemNode = Node.LoadNode(repositoryPath); if (problemNode != null) { site = Site.GetSiteByNode(problemNode); if (site != null) { authenticationType = site.GetAuthenticationType(application.Context.Request.Url); } } var message = site == null ? string.Format( HttpContext.GetGlobalResourceObject("Portal", "DefaultAuthenticationNotSupported") as string, authenticationType) : string.Format( HttpContext.GetGlobalResourceObject("Portal", "AuthenticationNotSupportedOnSite") as string, site.Name, authenticationType); throw new NotSupportedException(message); } }
private void EmulateWindowsAuthentication(HttpApplication application) { WindowsIdentity identity = null; if (HttpRuntime.UsingIntegratedPipeline) { WindowsPrincipal user = null; var context = AuthenticationHelper.GetContext(application); if (HttpRuntime.IsOnUNCShare && context.Request.IsAuthenticated) { user = new WindowsPrincipal(WindowsIdentity.GetCurrent()); } else { user = application.Context.User as WindowsPrincipal; } if (user != null) { identity = user.Identity as WindowsIdentity; } } else { HttpWorkerRequest workerRequest = (HttpWorkerRequest)application.Context.GetType().GetProperty("WorkerRequest", BindingFlags.NonPublic | BindingFlags.Instance).GetGetMethod(true).Invoke(application.Context, null); string logonUser = workerRequest.GetServerVariable("LOGON_USER"); string authType = workerRequest.GetServerVariable("AUTH_TYPE"); if (logonUser == null) { logonUser = string.Empty; } if (authType == null) { authType = string.Empty; } if (logonUser.Length == 0 && authType.Length == 0 || authType.ToLower() == "basic") { identity = WindowsIdentity.GetAnonymous(); } else { identity = new WindowsIdentity(workerRequest.GetUserToken(), authType, System.Security.Principal.WindowsAccountType.Normal, true); } } if (identity != null) { WindowsPrincipal wp = new WindowsPrincipal(identity); object[] setPrincipalNoDemandParameters = new object[] { wp, false }; Type[] setPrincipalNoDemandParameterTypes = new Type[] { typeof(IPrincipal), typeof(bool) }; MethodInfo setPrincipalNoDemandMethodInfo = application.Context.GetType().GetMethod("SetPrincipalNoDemand", BindingFlags.Instance | BindingFlags.NonPublic, null, setPrincipalNoDemandParameterTypes, null); setPrincipalNoDemandMethodInfo.Invoke(application.Context, setPrincipalNoDemandParameters); } // return 401 if user is not authenticated: // - application.Context.User might be null for ContentStore GetTreeNodeAllChildren?... request // - currentPortalUser.Id might be startupuserid or visitoruserid if browser did not send 'negotiate' auth header yet // - currentPortalUser might be null if application.Context.User.Identity is null or not an IUser IUser currentPortalUser = null; if (application.Context.User != null) { currentPortalUser = application.Context.User.Identity as IUser; } if ((application.Context.User == null) || (currentPortalUser != null && (currentPortalUser.Id == Identifiers.StartupUserId || currentPortalUser.Id == Identifiers.VisitorUserId))) { if (!IsLocalAxdRequest()) { AuthenticationHelper.DenyAccess(application); } } }