/// <summary>
/// This method will set the publisher ID to impersonate.
/// </summary>
/// <param name="publisherID"></param>
/// <returns></returns>
public static bool Set(string publisherID)
{
bool success = false;
//
// Make sure the name we are given is OK
//
if (true == ViewAsPublisher.IsValid(publisherID))
{
//
// Remove any current cookies.
//
HttpContext.Current.Response.Cookies.Remove(ViewAsPublisher.name);
//
// Set the impersonation publisher ID in a cookie.
//
HttpCookie viewAsPublisher = new HttpCookie(name, publisherID);
HttpContext.Current.Response.Cookies.Add(viewAsPublisher);
success = true;
}
return(success);
}
public static bool IsValid()
{
return(ViewAsPublisher.IsValid(ViewAsPublisher.GetPublisherID()));
}
/// ****************************************************************
/// protected OnInit
/// ----------------------------------------------------------------
/// <summary>
/// Initializes the security control.
/// </summary>
/// ****************************************************************
///
protected override void OnInit(EventArgs e)
{
//
// Check to make sure config settings are fresh.
//
Config.CheckForUpdate();
//
// Check to see if the server has been manually stopped.
//
if (0 == Config.GetInt("Run", 1))
{
#if never
throw new UDDIException(
ErrorType.E_busy,
"UDDI Services are currently unavailable.");
#endif
throw new UDDIException(ErrorType.E_busy, "UDDI_ERROR_SERVICES_NOT_AVAILABLE");
}
int mode = Config.GetInt("Security.AuthenticationMode", (int)AuthenticationMode.Windows);
//
// TODO: This code should be simplified to simple if statements.
// It is obviously old code that needs to be updated.
//
if ((mode & (int)AuthenticationMode.Passport) != 0)
{
//
// SECURITY: Passport.TimeWindow should be the same
// timeout as API authentication.
//
passport = (PassportIdentity)Context.User.Identity;
timeWindow = Config.GetInt("Passport.TimeWindow", 14400);
string thisUrl = (Request.IsSecureConnection ? "https://" : "http://") +
Request.ServerVariables["SERVER_NAME"] +
Request.ServerVariables["SCRIPT_NAME"];
if (Utility.StringEmpty(ReturnUrl))
{
ReturnUrl = thisUrl;
}
//
// If the user just logged in, clean up the query string by redirecting
// to this page.
//
if (passport.GetFromNetworkServer)
{
Response.Redirect(thisUrl);
}
//
// Check to see if the current role is more that a passport user
// can do.
//
if (AdminRequired || CoordinatorRequired)
{
//
//Passport Users are not allowed in these areas.
//
#if never
throw new UDDIException(
ErrorType.E_unknownUser,
"Access denied.");
#endif
throw new UDDIException(
ErrorType.E_unknownUser,
"UDDI_ERROR_ACCESS_DENIED");
}
//
// Check to see if the user is authenticated.
//
if (!passport.GetIsAuthenticated(timeWindow, ForceLogin, false))
{
//
// If the user already has a ticket, force them to re-enter
// their password.
//
if (passport.HasTicket)
{
bool secure = Request.IsSecureConnection;
//
// Update this to AuthUrl2 when Passport .NET support is updated.
//
Response.Redirect(passport.AuthUrl(ReturnUrl, timeWindow, ForceLogin, "", 0, "", 0, secure));
}
//
// If login is required, redirect the user to the login page.
//
if (PublisherRequired)
{
Response.Redirect(LoginUrl + "?publish=true");
}
}
else
{
string userID = passport.HexPUID;
//
// Check to ensure that the passport UserID is not ""
// if it is, force them to retype thier password
//
// if( ""==userID )
// Response.Redirect( LoginUrl );
string email = (string)passport.GetProfileObject("PreferredEmail");
UDDI.Context.User.SetPublisherRole(userID);
if (PublisherRequired)
{
//
// SECURITY: Is Validate the same as IsRegistered?
// lucasm: no, Validate makes sure the registered publisher has validated
// the email address they have supplied. IsRegistered checks to see
// if we have added this uses to the publishers table.
//
int valid = Publisher.Validate(userID);
if (50013 == valid)
{
//
// Need to create a page that tells the
// user to click the link in the email
//
Response.Redirect(LoginUrl);
}
else if (0 != valid)
{
Response.Redirect(LoginUrl);
}
Publisher publisher = new Publisher();
publisher.Login(userID, email);
if (null == email)
{
email = publisher.Email;
}
//
// TODO: this REALLY should be merged with the PublisherInfo class
// in core!!
//
UDDI.Context.User.Name = publisher.Name;
UDDI.Context.User.BindingLimit = publisher.BindingLimit;
UDDI.Context.User.BusinessCount = publisher.BusinessCount;
UDDI.Context.User.BusinessLimit = publisher.BusinessLimit;
UDDI.Context.User.CompanyName = publisher.CompanyName;
UDDI.Context.User.IsoLangCode = publisher.IsoLangCode;
UDDI.Context.User.ServiceLimit = publisher.ServiceLimit;
UDDI.Context.User.TModelCount = publisher.TModelCount;
UDDI.Context.User.TModelLimit = publisher.TModelLimit;
}
//
// Save the credentials for the authenticated user.
//
UDDI.Context.User.ID = userID;
UDDI.Context.User.Email = email;
}
}
else
{
WindowsPrincipal principal = (WindowsPrincipal)HttpContext.Current.User;
UDDI.Context.User.SetRole(principal);
UDDI.Context.User.Name = principal.Identity.Name;
if (UserRequired && !UDDI.Context.User.IsUser && (mode & (int)AuthenticationMode.AuthenticatedRead) != 0 ||
PublisherRequired && !UDDI.Context.User.IsPublisher ||
CoordinatorRequired && !UDDI.Context.User.IsCoordinator ||
AdminRequired && !UDDI.Context.User.IsAdministrator)
{
#if never
throw new UDDIException(
ErrorType.E_unknownUser,
"Access denied.");
#endif
throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_ACCESS_DENIED");
}
if (PublisherRequired || CoordinatorRequired || AdminRequired)
{
if (!UDDI.Context.User.IsRegistered)
{
if (1 == Config.GetInt("Security.AutoRegister", 0))
{
UDDI.Context.User.TrackPassport = false;
UDDI.Context.User.Verified = true;
UDDI.Context.User.Register();
}
else
{
#if never
throw new UDDIException(UDDI.ErrorType.E_unknownUser,
"User login failed");
#endif
throw new UDDIException(UDDI.ErrorType.E_unknownUser, "UDDI_ERROR_USER_LOGIN_FAILED");
}
}
UDDI.Context.User.Login();
}
}
//
// SECURITY: put this in the Windows Authentication block... not available
// for Passport auth.
//
// If the user is a coordinator and they have a cookie indicating they are
// impersonating another user, setup the user info in the current UDDI
// context.
//
//
// 734292 - Make sure the user is an administrator if they are trying to impersonate the system.
//
if (true == ViewAsPublisher.IsValid())
{
UDDI.Context.User.ImpersonatorID = UDDI.Context.User.ID;
UDDI.Context.User.ID = ViewAsPublisher.GetPublisherID();
}
}
