private void OnEnter(object sender, EventArgs e)
{
HttpContext httpContext = (sender as HttpApplication).Context;
var request = httpContext.Request;
SnTrace.Web.Write("PCM.OnEnter {0} {1}", request.RequestType, request.Url);
// check if messages to process from msmq exceeds configured limit: delay current thread until it goes back to normal levels
DelayCurrentRequestIfNecessary();
var initInfo = PortalContext.CreateInitInfo(httpContext);
// Check for forbidden paths (custom request filtering), mainly for phisycal folders in the web folder.
// The built-in Request filtering module is not capable of filtering folders only in the root, but let
// us have folders with the same name somewhere else in the Content Repository.
if (IsForbiddenFolder(initInfo))
{
AuthenticationHelper.ThrowNotFound();
}
// check if request came to a restricted site via another site
if (Configuration.WebApplication.DenyCrossSiteAccessEnabled)
{
if (initInfo.RequestedNodeSite != null && initInfo.RequestedSite != null)
{
if (initInfo.RequestedNodeSite.DenyCrossSiteAccess && initInfo.RequestedSite.Id != initInfo.RequestedNodeSite.Id)
{
HttpContext.Current.Response.StatusCode = 404;
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.End();
return;
}
}
}
// add cache-control headers and handle ismodifiedsince requests
HandleResponseForClientCache(initInfo);
PortalContext portalContext = PortalContext.Create(httpContext, initInfo);
// Cross-Origin Resource Sharing (CORS)
if (!HttpHeaderTools.TrySetAllowedOriginHeader())
{
AuthenticationHelper.ThrowForbidden("token auth");
}
if (!portalContext.IsWebdavRequest && !portalContext.IsOfficeProtocolRequest && request.HttpMethod == "OPTIONS")
{
// set allowed methods and headers
HttpHeaderTools.SetPreflightResponse();
(sender as HttpApplication)?.CompleteRequest();
return;
}
var action = HttpActionManager.CreateAction(portalContext);
SnTrace.Web.Write("HTTP Action." + GetLoggedProperties(portalContext));
action.Execute();
}
public void OnAuthenticateRequest(object sender, EventArgs e)
{
var application = sender as HttpApplication;
var context = GetContext(sender); //HttpContext.Current;
var request = GetRequest(sender);
bool anonymAuthenticated;
var basicAuthenticated = DispatchBasicAuthentication(context, out anonymAuthenticated);
if (IsTokenAuthenticationRequested(request))
{
// Cross-Origin Resource Sharing (CORS)
if (!HttpHeaderTools.IsOriginHeaderAllowed())
{
AuthenticationHelper.ThrowForbidden("token auth");
}
if (request?.HttpMethod == "OPTIONS")
{
// set allowed methods and headers
HttpHeaderTools.SetPreflightResponse();
application?.CompleteRequest();
}
if (basicAuthenticated && anonymAuthenticated)
{
SnLog.WriteException(new UnauthorizedAccessException("Invalid user."));
context.Response.StatusCode = HttpResponseStatusCode.Unauthorized;
context.Response.Flush();
if (application?.Context != null)
{
application.CompleteRequest();
}
}
else
{
TokenAuthenticate(basicAuthenticated, context, application);
}
return;
}
// if it is a simple basic authentication case
if (basicAuthenticated)
{
return;
}
string authenticationType = null;
string repositoryPath = string.Empty;
// Get the current PortalContext
var currentPortalContext = PortalContext.Current;
if (currentPortalContext != null)
{
authenticationType = currentPortalContext.AuthenticationMode;
}
// default authentication mode
if (string.IsNullOrEmpty(authenticationType))
{
authenticationType = WebApplication.DefaultAuthenticationMode;
}
// if no site auth mode, no web.config default, then exception...
if (string.IsNullOrEmpty(authenticationType))
{
throw new ApplicationException(
"The engine could not determine the authentication mode for this request. This request does not belong to a site, and there was no default authentication mode set in the web.config.");
}
switch (authenticationType)
{
case "Windows":
EmulateWindowsAuthentication(application);
SetApplicationUser(application, authenticationType);
break;
case "Forms":
application.Context.User = null;
CallInternalOnEnter(sender, e);
SetApplicationUser(application, authenticationType);
break;
case "None":
// "None" authentication: set the Visitor Identity
application.Context.User = new PortalPrincipal(User.Visitor);
break;
default:
Site site = null;
var problemNode = Node.LoadNode(repositoryPath);
if (problemNode != null)
{
site = Site.GetSiteByNode(problemNode);
if (site != null)
{
authenticationType = site.GetAuthenticationType(application.Context.Request.Url);
}
}
var message = site == null
? string.Format(
HttpContext.GetGlobalResourceObject("Portal", "DefaultAuthenticationNotSupported") as string,
authenticationType)
: string.Format(
HttpContext.GetGlobalResourceObject("Portal", "AuthenticationNotSupportedOnSite") as string,
site.Name, authenticationType);
throw new NotSupportedException(message);
}
}