//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//------------------------------------------------------------------------------
namespace System.Web.ApplicationServices {
using System;
using System.Diagnostics.CodeAnalysis;
using System.ServiceModel;
using System.ServiceModel.Activation;
using System.Web;
using System.Web.Management;
using System.Web.Resources;
using System.Web.Security;
///
/// Implements login service contract to be exposed as a WCF service. Uses Membership provider
/// or custom authentication login in the Authenticating event. Also uses Forms.SetAuthCookie() or
/// custom cookie generation via the CreatingCookie event.
///
[
AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required),
ServiceContract(Namespace="http://asp.net/ApplicationServices/v200"),
ServiceBehavior(Namespace="http://asp.net/ApplicationServices/v200", InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)
]
public class AuthenticationService {
///
/// Raised to authenticate the user . The event handler sets the e.AuthenticationIsComplete flag to true
/// and e.Authenticated to the result.
///
private static object _authenticatingEventHandlerLock = new object();
private static EventHandler _authenticating;
public static event EventHandler Authenticating {
add {
lock (_authenticatingEventHandlerLock) {
_authenticating += value;
}
}
remove {
lock (_authenticatingEventHandlerLock) {
_authenticating -= value;
}
}
}
///
/// Raised to create and set the cookie. The event handler shouldset the e.CookieIsSet flag to true, if it is
/// setting the cookie.
///
private static object _creatingCookieEventHandlerLock = new object();
private static EventHandler _creatingCookie;
public static event EventHandler CreatingCookie {
add {
lock (_creatingCookieEventHandlerLock) {
_creatingCookie += value;
}
}
remove {
lock (_creatingCookieEventHandlerLock) {
_creatingCookie -= value;
}
}
}
public AuthenticationService() {
}
///
/// Raises the AuthentincatingEvent if atleast one handler is assigned.
///
private void OnAuthenticating(AuthenticatingEventArgs e) {
EventHandler handler = _authenticating;
if (null != handler) {
handler(this, e);
}
}
///
/// Raises the CreatingCookieEvent if atleast one handler is assigned.
///
private void OnCreatingCookie(CreatingCookieEventArgs e) {
EventHandler handler = _creatingCookie;
if (null != handler) {
handler(this, e);
}
}
///
/// Validates user credentials,without actually setting the FormAuth cookie
///
/// Username of the account
/// Password of the account
/// Any misc. string to be used by custom authentication logic
/// True, if credentials are valid, otherwise false
[OperationContract]
[SuppressMessage("Microsoft.Naming", "CA1702:CompoundWordsShouldBeCasedCorrectly", MessageId="username", Justification="consistent with Whidbey")]
public bool ValidateUser(string username, string password, string customCredential) {
ApplicationServiceHelper.EnsureAuthenticationServiceEnabled(HttpContext.Current, true);
return LoginInternal(username, password, customCredential, false, false);
}
///
/// Validates user credentials,and sets the FormAuth cookie if the credentials are valid.
///
/// Username of the account
/// Password of the account
/// Any misc. string to be used by custom authentication logic
/// If true the persistant cookie is generated.
/// True, if credentials are valid, otherwise false
[OperationContract]
[SuppressMessage("Microsoft.Naming", "CA1702:CompoundWordsShouldBeCasedCorrectly", MessageId="username", Justification="consistent with Whidbey")]
public bool Login(string username, string password, string customCredential, bool isPersistent) {
ApplicationServiceHelper.EnsureAuthenticationServiceEnabled(HttpContext.Current, true);
return LoginInternal(username, password, customCredential, isPersistent, true);
}
///
/// Checks whether the Forms Authentication cookie attached to the request is valid.
///
[OperationContract]
public bool IsLoggedIn() {
ApplicationServiceHelper.EnsureAuthenticationServiceEnabled(HttpContext.Current, true);
return HttpContext.Current.User.Identity.IsAuthenticated;
}
///
/// Clears the Forms Authentication cookie
///
[OperationContract]
public void Logout() {
ApplicationServiceHelper.EnsureAuthenticationServiceEnabled(HttpContext.Current, false);
FormsAuthentication.SignOut();
}
///
/// Validates the user credentials.
///
///
///
///
///
/// If this is true, CreatingCookie event is raised, and cookie is set in HttpResponse
///
private bool LoginInternal(string username, string password, string customCredential, bool isPersistent, bool setCookie) {
if (null == username) {
throw new ArgumentNullException("username");
}
if (null == password) {
throw new ArgumentNullException("password");
}
AuthenticatingEventArgs authEventArgs = new AuthenticatingEventArgs(username, password, customCredential);
try {
OnAuthenticating(authEventArgs);
if (!authEventArgs.AuthenticationIsComplete) {
MembershipValidate(authEventArgs);
}
if (!authEventArgs.Authenticated) {
Logout();
}
if (authEventArgs.Authenticated && setCookie) {
CreatingCookieEventArgs cookieEventArgs = new CreatingCookieEventArgs(username, password, isPersistent, customCredential);
OnCreatingCookie(cookieEventArgs);
if (!cookieEventArgs.CookieIsSet) {
SetCookie(username, isPersistent);
}
}
}
catch (Exception e) {
LogException(e);
throw;
}
return authEventArgs.Authenticated;
}
private static void MembershipValidate(AuthenticatingEventArgs e) {
e.Authenticated = Membership.ValidateUser(e.UserName, e.Password);
}
private static void SetCookie(string username, bool isPersistent) {
FormsAuthentication.SetAuthCookie(username, isPersistent);
}
private void LogException(Exception e) {
WebServiceErrorEvent errorevent = new WebServiceErrorEvent(AtlasWeb.UnhandledExceptionEventLogMessage, this, e);
errorevent.Raise();
}
}
}