internal void Update(HttpWebRequest httpWebRequest) { if (this.Authorization != null) { this.PrepareState(httpWebRequest); ISessionAuthenticationModule module = this.Module as ISessionAuthenticationModule; if (module != null) { string challenge = httpWebRequest.AuthHeader(this.AuthenticateHeader); if (this.IsProxyAuth || (httpWebRequest.ResponseStatusCode != HttpStatusCode.ProxyAuthenticationRequired)) { bool complete = true; try { complete = module.Update(challenge, httpWebRequest); } catch (Exception) { this.ClearSession(httpWebRequest); if ((httpWebRequest.AuthenticationLevel == AuthenticationLevel.MutualAuthRequired) && (((httpWebRequest.CurrentAuthenticationState == null) || (httpWebRequest.CurrentAuthenticationState.Authorization == null)) || !httpWebRequest.CurrentAuthenticationState.Authorization.MutuallyAuthenticated)) { throw; } } this.Authorization.SetComplete(complete); } } if (((httpWebRequest.PreAuthenticate && (this.Module != null)) && (this.Authorization.Complete && this.Module.CanPreAuthenticate)) && (httpWebRequest.ResponseStatusCode != this.StatusCodeMatch)) { AuthenticationManager.BindModule(this.ChallengedUri, this.Authorization, this.Module); } } }
// // gives the IAuthenticationModule a chance to update its internal state. // do any necessary cleanup and update the Complete status of the associated Authorization. // internal void Update(HttpWebRequest httpWebRequest) { // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " Authorization#" + ValidationHelper.HashString(Authorization) + " ResponseStatusCode:" + httpWebRequest.ResponseStatusCode.ToString()); if (Authorization != null) { PrepareState(httpWebRequest); ISessionAuthenticationModule myModule = Module as ISessionAuthenticationModule; if (myModule != null) { // // the whole point here is to complete the Security Context. Sometimes, though, // a bad cgi script or a bad server, could miss sending back the final blob. // in this case we won't be able to complete the handshake, but we'll have to clean up anyway. // string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() Complete:" + Authorization.Complete.ToString() + " Module:" + ValidationHelper.ToString(Module) + " challenge:" + ValidationHelper.ToString(challenge)); if (!IsProxyAuth && httpWebRequest.ResponseStatusCode == HttpStatusCode.ProxyAuthenticationRequired) { // // don't call Update on the module, since there's an ongoing // handshake and we don't need to update any state in such a case // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() skipping call to " + myModule.ToString() + ".Update() since we need to reauthenticate with the proxy"); } else { bool complete = true; try { complete = myModule.Update(challenge, httpWebRequest); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() returned complete:" + complete.ToString()); } catch (Exception exception) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception:" + exception.Message); ClearSession(httpWebRequest); } catch { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception: Non-CLS Compliant Exception"); ClearSession(httpWebRequest); } Authorization.SetComplete(complete); } } // // If authentication was successful, create binding between // the request and the authorization for future preauthentication // if (Module != null && Authorization.Complete && Module.CanPreAuthenticate && httpWebRequest.ResponseStatusCode != StatusCodeMatch) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() handshake is Complete calling BindModule()"); AuthenticationManager.BindModule(ChallengedUri, Authorization, Module); } } }
// // gives the IAuthenticationModule a chance to update its internal state. // do any necessary cleanup and update the Complete status of the associated Authorization. // internal void Update(HttpWebRequest httpWebRequest) { // // RAID#86753 // Microsoft: this is just a fix for redirection & kerberos. // we need to close the Context and call ISC() again with the final // blob returned from the server. to do this in general // we would probably need to change the IAuthenticationMdule interface and // add this Update() method. for now we just have it internally. // // actually this turns out to be quite handy for 2 more cases: // NTLM auth: we need to clear the connection group after we suceed to prevent leakage. // Digest auth: we need to support stale credentials, if we fail with a 401 and stale is true we need to retry. // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() httpWebRequest#" + ValidationHelper.HashString(httpWebRequest) + " Authorization#" + ValidationHelper.HashString(Authorization) + " ResponseStatusCode:" + httpWebRequest.ResponseStatusCode.ToString()); if (Authorization != null) { PrepareState(httpWebRequest); ISessionAuthenticationModule myModule = Module as ISessionAuthenticationModule; if (myModule != null) { // // the whole point here is to complete the Security Context. Sometimes, though, // a bad cgi script or a bad server, could miss sending back the final blob. // in this case we won't be able to complete the handshake, but we'll have to clean up anyway. // string challenge = httpWebRequest.AuthHeader(AuthenticateHeader); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() Complete:" + Authorization.Complete.ToString() + " Module:" + ValidationHelper.ToString(Module) + " challenge:" + ValidationHelper.ToString(challenge)); if (!IsProxyAuth && httpWebRequest.ResponseStatusCode == HttpStatusCode.ProxyAuthenticationRequired) { // // don't call Update on the module, since there's an ongoing // handshake and we don't need to update any state in such a case // GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() skipping call to " + myModule.ToString() + ".Update() since we need to reauthenticate with the proxy"); } else { bool complete = true; try { complete = myModule.Update(challenge, httpWebRequest); GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() returned complete:" + complete.ToString()); } catch (Exception exception) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() " + myModule.ToString() + ".Update() caught exception:" + exception.Message); ClearSession(httpWebRequest); #if !FEATURE_PAL if ((httpWebRequest.AuthenticationLevel == AuthenticationLevel.MutualAuthRequired) && (httpWebRequest.CurrentAuthenticationState == null || httpWebRequest.CurrentAuthenticationState.Authorization == null || !httpWebRequest.CurrentAuthenticationState.Authorization.MutuallyAuthenticated)) { throw; } #endif // !FEATURE_PAL } Authorization.SetComplete(complete); } } // // If authentication was successful, create binding between // the request and the authorization for future preauthentication // if (httpWebRequest.PreAuthenticate && Module != null && Authorization.Complete && Module.CanPreAuthenticate && httpWebRequest.ResponseStatusCode != StatusCodeMatch) { GlobalLog.Print("AuthenticationState#" + ValidationHelper.HashString(this) + "::Update() handshake is Complete calling BindModule()"); AuthenticationManager.BindModule(ChallengedUri, Authorization, Module); } } }