public void ProcessRequest(HttpContext context) { var request = context.Request; var response = context.Response; VirtualFile vf = null; var filePath = request.FilePath; // Cross-Origin Resource Sharing (CORS) if (!HttpHeaderTools.IsOriginHeaderAllowed()) { AuthenticationHelper.ThrowForbidden(filePath); } if (HostingEnvironment.VirtualPathProvider.FileExists(filePath)) { vf = HostingEnvironment.VirtualPathProvider.GetFile(filePath); } if (vf == null) { throw new HttpException(404, "File does not exist"); } response.ClearContent(); // Set content type only if this is not a RepositoryFile, because the // Open method of RepositoryFile will set the content type itself. if (!(vf is RepositoryFile)) { var extension = System.IO.Path.GetExtension(filePath); context.Response.ContentType = MimeTable.GetMimeType(extension); // add the necessary header for the css font-face rule if (MimeTable.IsFontType(extension)) { HttpHeaderTools.SetAccessControlHeaders(); } } // The bytes we write into the output stream will NOT be buffered and will be sent // to the client immediately. This makes sure that the whole (potentially large) // file is not loaded into the memory on the server. response.BufferOutput = false; using (var stream = vf.Open()) { response.AppendHeader("Content-Length", stream.Length.ToString()); response.Clear(); // Let ASP.NET handle sending bytes to the client (avoid Flush). stream.CopyTo(response.OutputStream); } }
public void OnAuthenticateRequest(object sender, EventArgs e) { var application = sender as HttpApplication; var context = GetContext(sender); //HttpContext.Current; var request = GetRequest(sender); bool anonymAuthenticated; var basicAuthenticated = DispatchBasicAuthentication(context, out anonymAuthenticated); if (IsTokenAuthenticationRequested(request)) { // Cross-Origin Resource Sharing (CORS) if (!HttpHeaderTools.IsOriginHeaderAllowed()) { AuthenticationHelper.ThrowForbidden("token auth"); } if (request?.HttpMethod == "OPTIONS") { // set allowed methods and headers HttpHeaderTools.SetPreflightResponse(); application?.CompleteRequest(); } if (basicAuthenticated && anonymAuthenticated) { SnLog.WriteException(new UnauthorizedAccessException("Invalid user.")); context.Response.StatusCode = HttpResponseStatusCode.Unauthorized; context.Response.Flush(); if (application?.Context != null) { application.CompleteRequest(); } } else { TokenAuthenticate(basicAuthenticated, context, application); } return; } // if it is a simple basic authentication case if (basicAuthenticated) { return; } string authenticationType = null; string repositoryPath = string.Empty; // Get the current PortalContext var currentPortalContext = PortalContext.Current; if (currentPortalContext != null) { authenticationType = currentPortalContext.AuthenticationMode; } // default authentication mode if (string.IsNullOrEmpty(authenticationType)) { authenticationType = WebApplication.DefaultAuthenticationMode; } // if no site auth mode, no web.config default, then exception... if (string.IsNullOrEmpty(authenticationType)) { throw new ApplicationException( "The engine could not determine the authentication mode for this request. This request does not belong to a site, and there was no default authentication mode set in the web.config."); } switch (authenticationType) { case "Windows": EmulateWindowsAuthentication(application); SetApplicationUser(application, authenticationType); break; case "Forms": application.Context.User = null; CallInternalOnEnter(sender, e); SetApplicationUser(application, authenticationType); break; case "None": // "None" authentication: set the Visitor Identity application.Context.User = new PortalPrincipal(User.Visitor); break; default: Site site = null; var problemNode = Node.LoadNode(repositoryPath); if (problemNode != null) { site = Site.GetSiteByNode(problemNode); if (site != null) { authenticationType = site.GetAuthenticationType(application.Context.Request.Url); } } var message = site == null ? string.Format( HttpContext.GetGlobalResourceObject("Portal", "DefaultAuthenticationNotSupported") as string, authenticationType) : string.Format( HttpContext.GetGlobalResourceObject("Portal", "AuthenticationNotSupportedOnSite") as string, site.Name, authenticationType); throw new NotSupportedException(message); } }