a575963da9
Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
119 lines
3.6 KiB
C#
119 lines
3.6 KiB
C#
//
|
|
// Abstract Authentication implementation
|
|
//
|
|
// Authors:
|
|
// Greg Reinacker (gregr@rassoc.com)
|
|
// Sebastien Pouliot (spouliot@motus.com)
|
|
//
|
|
// Copyright 2002-2003 Greg Reinacker, Reinacker & Associates, Inc. All rights reserved.
|
|
// Portions (C) 2003 Motus Technologies Inc. (http://www.motus.com)
|
|
//
|
|
// Based on "DigestAuthenticationModule.cs". Original source code available at
|
|
// http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html
|
|
//
|
|
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining
|
|
// a copy of this software and associated documentation files (the
|
|
// "Software"), to deal in the Software without restriction, including
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
|
// distribute, sublicense, and/or sell copies of the Software, and to
|
|
// permit persons to whom the Software is furnished to do so, subject to
|
|
// the following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be
|
|
// included in all copies or substantial portions of the Software.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
//
|
|
|
|
using System;
|
|
using System.Configuration;
|
|
using System.Web;
|
|
|
|
namespace Mono.Http.Modules
|
|
{
|
|
abstract public class AuthenticationModule : IHttpModule
|
|
{
|
|
string authMethod;
|
|
|
|
public AuthenticationModule (string authenticationMethod)
|
|
{
|
|
authMethod = authenticationMethod;
|
|
}
|
|
|
|
public string AuthenticationMethod {
|
|
get { return authMethod; }
|
|
}
|
|
|
|
#region IHttpModule Members
|
|
|
|
public virtual void Init (HttpApplication context)
|
|
{
|
|
context.AuthenticateRequest += new EventHandler (this.OnAuthenticateRequest);
|
|
context.EndRequest += new EventHandler (this.OnEndRequest);
|
|
}
|
|
|
|
public virtual void Dispose () {}
|
|
|
|
#endregion
|
|
|
|
#region Event Handlers
|
|
|
|
public virtual void OnAuthenticateRequest (object source, EventArgs eventArgs)
|
|
{
|
|
if (!AuthenticationRequired)
|
|
return;
|
|
|
|
HttpApplication app = (HttpApplication) source;
|
|
string authdata = Authorization (app, AuthenticationMethod);
|
|
if ((authdata == null) || (!AcceptCredentials (app, authdata))) {
|
|
DenyAccess (app);
|
|
return;
|
|
}
|
|
}
|
|
|
|
abstract public void OnEndRequest (object source, EventArgs eventArgs);
|
|
|
|
#endregion
|
|
|
|
abstract protected bool AcceptCredentials (HttpApplication app, string authentication);
|
|
|
|
protected bool AuthenticationRequired {
|
|
get { return (AuthenticationMethod == ConfigurationSettings.AppSettings ["Authentication"]); }
|
|
}
|
|
|
|
protected void DenyAccess (HttpApplication app)
|
|
{
|
|
app.Response.StatusCode = 401;
|
|
app.Response.StatusDescription = "Access Denied";
|
|
// Write to response stream as well, to give user visual
|
|
// indication of error during development
|
|
app.Response.Write ("401 Access Denied");
|
|
app.CompleteRequest ();
|
|
}
|
|
|
|
protected string Authorization (HttpApplication app, string authenticationMethod)
|
|
{
|
|
string autz = app.Request.Headers ["Authorization"];
|
|
if ((autz == null) || (autz.Length == 0)) {
|
|
// No credentials; anonymous request
|
|
return null;
|
|
}
|
|
|
|
if (autz.ToUpper ().StartsWith (authenticationMethod.ToUpper ())) {
|
|
return autz.Substring (authenticationMethod.Length + 1);
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|
|
}
|
|
|