1118 lines
46 KiB
C#
1118 lines
46 KiB
C#
//------------------------------------------------------------------------------
|
|
// <copyright file="PassportIdentity.cs" company="Microsoft">
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
// </copyright>
|
|
//------------------------------------------------------------------------------
|
|
|
|
/*
|
|
* PassportIdentity
|
|
*
|
|
* Copyright (c) 1999 Microsoft Corporation
|
|
*/
|
|
|
|
namespace System.Web.Security {
|
|
using System.Text;
|
|
using System.Web;
|
|
using System.Web.Util;
|
|
using System.Security.Principal;
|
|
using System.Runtime.InteropServices;
|
|
using System.Security.Permissions;
|
|
using System.Globalization;
|
|
|
|
|
|
/// <devdoc>
|
|
/// This IIdenty derived class provides access
|
|
/// to the Passport profile information contained in the Passport profile cookies.
|
|
/// </devdoc>
|
|
[Obsolete("This type is obsolete. The Passport authentication product is no longer supported and has been superseded by Live ID.")]
|
|
public sealed class PassportIdentity : IIdentity, IDisposable {
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
// Private Data
|
|
private String _Name;
|
|
private bool _Authenticated;
|
|
private IntPtr _iPassport;
|
|
private static int _iPassportVer=0;
|
|
private bool _WWWAuthHeaderSet = false;
|
|
internal bool WWWAuthHeaderSet { get { return _WWWAuthHeaderSet; }}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
// Construtor
|
|
|
|
/// <devdoc>
|
|
/// <para>[To be supplied.]</para>
|
|
/// </devdoc>
|
|
[SecurityPermission(SecurityAction.Demand, UnmanagedCode=true)]
|
|
public PassportIdentity() {
|
|
HttpContext context = HttpContext.Current;
|
|
|
|
if (_iPassportVer == 0)
|
|
_iPassportVer = UnsafeNativeMethods.PassportVersion();
|
|
|
|
if (_iPassportVer < 3) {
|
|
String strTVariable = context.Request.QueryString["t"];
|
|
String strPVariable = context.Request.QueryString["p"];
|
|
HttpCookie cookieAuth = context.Request.Cookies["MSPAuth"];
|
|
HttpCookie cookieProf = context.Request.Cookies["MSPProf"];
|
|
HttpCookie cookieProfC = context.Request.Cookies["MSPProfC"];
|
|
String strMSPAuthCookie = ((cookieAuth != null && cookieAuth.Value != null) ? cookieAuth.Value : String.Empty);
|
|
String strMSPProfCookie = ((cookieProf != null && cookieProf.Value != null) ? cookieProf.Value : String.Empty);
|
|
String strMSPProfCCookie = ((cookieProfC != null && cookieProfC.Value != null) ? cookieProfC.Value : String.Empty);
|
|
|
|
StringBuilder strA = new StringBuilder(1028);
|
|
StringBuilder strP = new StringBuilder(1028);
|
|
|
|
strMSPAuthCookie = HttpUtility.UrlDecode(strMSPAuthCookie);
|
|
strMSPProfCookie = HttpUtility.UrlDecode(strMSPProfCookie);
|
|
strMSPProfCCookie = HttpUtility.UrlDecode(strMSPProfCCookie);
|
|
|
|
int iRet = UnsafeNativeMethods.PassportCreate(strTVariable, strPVariable, strMSPAuthCookie,
|
|
strMSPProfCookie, strMSPProfCCookie, strA, strP, 1024, ref _iPassport);
|
|
if (_iPassport == IntPtr.Zero)
|
|
throw new COMException(SR.GetString(SR.Could_not_create_passport_identity), iRet);
|
|
|
|
String strACookie = UrlEncodeCookie(strA.ToString()); //HttpUtility.AspCompatUrlEncode(strA.ToString());
|
|
String strPCookie = UrlEncodeCookie(strP.ToString()); //HttpUtility.AspCompatUrlEncode(strP.ToString());
|
|
|
|
if (strACookie.Length > 1)
|
|
{
|
|
context.Response.AppendHeader("Set-Cookie", strACookie);
|
|
}
|
|
if (strPCookie.Length > 1) {
|
|
context.Response.AppendHeader("Set-Cookie", strPCookie);
|
|
}
|
|
|
|
} else {
|
|
String strRequestLine = context.Request.HttpMethod + " " +
|
|
context.Request.RawUrl + " " +
|
|
context.Request.ServerVariables["SERVER_PROTOCOL"] + "\r\n";
|
|
StringBuilder szOut = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportCreateHttpRaw(strRequestLine,
|
|
context.Request.ServerVariables["ALL_RAW"],
|
|
context.Request.IsSecureConnection ? 1 : 0,
|
|
szOut, 4090, ref _iPassport);
|
|
|
|
if (_iPassport == IntPtr.Zero)
|
|
throw new COMException(SR.GetString(SR.Could_not_create_passport_identity), iRet);
|
|
|
|
String strResponseHeaders = szOut.ToString();
|
|
SetHeaders(context, strResponseHeaders);
|
|
}
|
|
|
|
_Authenticated = GetIsAuthenticated(-1, -1, -1);
|
|
if (_Authenticated == false) {
|
|
_Name = String.Empty;
|
|
}
|
|
}
|
|
|
|
|
|
private void SetHeaders(HttpContext context, String strResponseHeaders) {
|
|
for(int iStart = 0; iStart < strResponseHeaders.Length;)
|
|
{
|
|
int iEnd = strResponseHeaders.IndexOf('\r', iStart);
|
|
if (iEnd < 0)
|
|
iEnd = strResponseHeaders.Length;
|
|
String strCurrentHeader = strResponseHeaders.Substring(iStart, iEnd - iStart);
|
|
int iColon = strCurrentHeader.IndexOf(':');
|
|
if (iColon > 0)
|
|
{
|
|
String strHeader = strCurrentHeader.Substring(0, iColon);
|
|
String strValue = strCurrentHeader.Substring(iColon+1);
|
|
context.Response.AppendHeader(strHeader, strValue);
|
|
}
|
|
|
|
iStart = iEnd + 2;
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
~PassportIdentity() {
|
|
UnsafeNativeMethods.PassportDestroy(_iPassport);
|
|
_iPassport = IntPtr.Zero;
|
|
}
|
|
|
|
|
|
private static string UrlEncodeCookie(string strIn) {
|
|
if (strIn == null || strIn.Length < 1)
|
|
return String.Empty;
|
|
int iPos1 = strIn.IndexOf('=');
|
|
if (iPos1 < 0)
|
|
return HttpUtility.AspCompatUrlEncode(strIn);
|
|
|
|
iPos1++;
|
|
int iPos2 = strIn.IndexOf(';', iPos1);
|
|
if (iPos2 < 0)
|
|
return HttpUtility.AspCompatUrlEncode(strIn);
|
|
|
|
string str1 = strIn.Substring(0, iPos1);
|
|
string str2 = strIn.Substring(iPos1, iPos2-iPos1);
|
|
string str3 = strIn.Substring(iPos2, strIn.Length-iPos2);
|
|
|
|
return str1 + HttpUtility.AspCompatUrlEncode(str2) + str3;
|
|
}
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
// Properties
|
|
|
|
/// <devdoc>
|
|
/// The name of the identity. In this
|
|
/// case, the Passport user name.
|
|
/// </devdoc>
|
|
public String Name {
|
|
get {
|
|
if (_Name == null) {
|
|
if (_iPassportVer >= 3)
|
|
_Name = HexPUID;
|
|
else
|
|
if (HasProfile("core")) {
|
|
_Name = Int32.Parse(this["MemberIDHigh"], CultureInfo.InvariantCulture).ToString("X8", CultureInfo.InvariantCulture) +
|
|
Int32.Parse(this["MemberIDLow"], CultureInfo.InvariantCulture).ToString("X8", CultureInfo.InvariantCulture);
|
|
} else {
|
|
_Name = String.Empty;
|
|
}
|
|
}
|
|
|
|
return _Name;
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
/// <devdoc>
|
|
/// The type of the identity. In this
|
|
/// case, "Passport".
|
|
/// </devdoc>
|
|
public String AuthenticationType { get { return "Passport";}}
|
|
|
|
/// <devdoc>
|
|
/// <para>True if the user is authenticated against a
|
|
/// Passport authority.</para>
|
|
/// </devdoc>
|
|
public bool IsAuthenticated { get { return _Authenticated;}}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
/// <devdoc>
|
|
/// <para>[To be supplied.]</para>
|
|
/// </devdoc>
|
|
public String this[String strProfileName]
|
|
{
|
|
get {
|
|
Object oValue = GetProfileObject(strProfileName);
|
|
if (oValue == null)
|
|
return String.Empty;
|
|
|
|
if (oValue is string)
|
|
return(String) oValue;
|
|
|
|
return oValue.ToString();
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
/// <devdoc>
|
|
/// Returns true if the user is authenticated
|
|
/// against a Passport authority.
|
|
/// </devdoc>
|
|
public bool GetIsAuthenticated(int iTimeWindow,
|
|
bool bForceLogin,
|
|
bool bCheckSecure)
|
|
{
|
|
return GetIsAuthenticated(iTimeWindow, bForceLogin ? 1 : 0, bCheckSecure ? 10 : 0);
|
|
}
|
|
|
|
|
|
public bool GetIsAuthenticated(int iTimeWindow,
|
|
int iForceLogin,
|
|
int iCheckSecure)
|
|
{
|
|
int iRet = UnsafeNativeMethods.PassportIsAuthenticated(_iPassport,
|
|
iTimeWindow,
|
|
iForceLogin,
|
|
iCheckSecure);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
|
|
return (iRet == 0);
|
|
}
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
/// <devdoc>
|
|
/// Returns Passport profile information for
|
|
/// the supplied profile attribute.
|
|
/// </devdoc>
|
|
public Object GetProfileObject(String strProfileName) {
|
|
Object oOut = new Object();
|
|
|
|
int iRet = UnsafeNativeMethods.PassportGetProfile(_iPassport, strProfileName, out oOut);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return oOut;
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// Returns an error state associated with the
|
|
/// current Passport ticket. See the error property in the Passport documentation
|
|
/// for more information.
|
|
/// </devdoc>
|
|
public int Error {
|
|
get {
|
|
return UnsafeNativeMethods.PassportGetError(_iPassport);
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// True if a connection is coming back from
|
|
/// the Passport server (log-in, update, or registration) and if the Passport data
|
|
/// contained on the query string is valid.
|
|
/// </devdoc>
|
|
public bool GetFromNetworkServer {
|
|
get {
|
|
int iRet = UnsafeNativeMethods.PassportGetFromNetworkServer(_iPassport);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return(iRet == 0);
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// Returns the Passport domain from the member
|
|
/// name string.
|
|
/// </devdoc>
|
|
public String GetDomainFromMemberName(String strMemberName) {
|
|
StringBuilder str = new StringBuilder(1028);
|
|
int iRet = UnsafeNativeMethods.PassportDomainFromMemberName(_iPassport, strMemberName, str, 1024);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return str.ToString();
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// Determines whether or not a given profile
|
|
/// attribute exists in this user's profile.
|
|
/// </devdoc>
|
|
public bool HasProfile(String strProfile) {
|
|
int iRet = UnsafeNativeMethods.PassportHasProfile(_iPassport, strProfile);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return(iRet == 0);
|
|
}
|
|
|
|
|
|
public bool HasFlag(int iFlagMask) {
|
|
int iRet = UnsafeNativeMethods.PassportHasFlag(_iPassport, iFlagMask);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return(iRet == 0);
|
|
}
|
|
|
|
|
|
/// <devdoc>
|
|
/// <para>[To be supplied.]</para>
|
|
/// </devdoc>
|
|
public bool HaveConsent(bool bNeedFullConsent, bool bNeedBirthdate) {
|
|
int iRet = UnsafeNativeMethods.PassportHasConsent(_iPassport, bNeedFullConsent ? 1 : 0, bNeedBirthdate ? 1 : 0);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return(iRet == 0);
|
|
}
|
|
|
|
|
|
|
|
public Object GetOption(String strOpt) {
|
|
Object vOut = new Object();
|
|
int iRet = UnsafeNativeMethods.PassportGetOption(_iPassport, strOpt, out vOut);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return vOut;
|
|
}
|
|
|
|
|
|
public void SetOption(String strOpt, Object vOpt) {
|
|
int iRet = UnsafeNativeMethods.PassportSetOption(_iPassport, strOpt, vOpt);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
}
|
|
|
|
|
|
public String LogoutURL() {
|
|
return LogoutURL(null, null, -1, null, -1);
|
|
}
|
|
|
|
|
|
public String LogoutURL(String szReturnURL,
|
|
String szCOBrandArgs,
|
|
int iLangID,
|
|
String strDomain,
|
|
int iUseSecureAuth) {
|
|
StringBuilder szOut = new StringBuilder(4096);
|
|
int iRet = UnsafeNativeMethods.PassportLogoutURL(_iPassport,
|
|
szReturnURL,
|
|
szCOBrandArgs,
|
|
iLangID,
|
|
strDomain,
|
|
iUseSecureAuth,
|
|
szOut,
|
|
4096);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return szOut.ToString();
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// True if the Passport member's ticket
|
|
/// indicates that they have chosen to save the password on the Passport login page
|
|
/// of the last ticket refresh.
|
|
/// </devdoc>
|
|
public bool HasSavedPassword {
|
|
get {
|
|
int iRet = UnsafeNativeMethods.PassportGetHasSavedPassword(_iPassport);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return(iRet == 0);
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// True if there is a Passport ticket as a
|
|
/// cookie on thequery string.
|
|
/// </devdoc>
|
|
public bool HasTicket {
|
|
get {
|
|
int iRet = UnsafeNativeMethods.PassportHasTicket(_iPassport);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return(iRet == 0);
|
|
}
|
|
}
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// Time in seconds since the last ticket was
|
|
/// issued or refreshed.
|
|
/// </devdoc>
|
|
public int TicketAge {
|
|
get {
|
|
int iRet = UnsafeNativeMethods.PassportGetTicketAge(_iPassport);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return iRet;
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// The time is seconds since a member's
|
|
/// sign-in to the Passport login server.
|
|
/// </devdoc>
|
|
public int TimeSinceSignIn {
|
|
get {
|
|
int iRet = UnsafeNativeMethods.PassportGetTimeSinceSignIn(_iPassport);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return iRet;
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
// Functions
|
|
|
|
/// <devdoc>
|
|
/// <para>Returns an HTML snippet containing an image tag for a Passport link. This is
|
|
/// based on the current state of the identity (already signed in, and such).</para>
|
|
/// </devdoc>
|
|
public String LogoTag() {
|
|
return LogoTag(null, -1,
|
|
-1, null, -1, -1,
|
|
null, -1, -1);
|
|
}
|
|
|
|
|
|
public String LogoTag(String strReturnUrl) {
|
|
return LogoTag(strReturnUrl, -1,
|
|
-1, null, -1, -1,
|
|
null, -1, -1);
|
|
}
|
|
|
|
|
|
|
|
public String LogoTag2() {
|
|
return LogoTag2(null, -1,
|
|
-1, null, -1, -1,
|
|
null, -1, -1);
|
|
}
|
|
|
|
|
|
public String LogoTag2(String strReturnUrl) {
|
|
return LogoTag2(strReturnUrl, -1,
|
|
-1, null, -1, -1,
|
|
null, -1, -1);
|
|
}
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// Similar to LogoTag(), this method returns
|
|
/// an HTML snippet for the Passport Logo for the current member
|
|
/// </devdoc>
|
|
public String LogoTag(String strReturnUrl,
|
|
int iTimeWindow,
|
|
bool fForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
bool fSecure,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
bool bUseSecureAuth)
|
|
{
|
|
return LogoTag(
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
(fForceLogin ? 1 : 0),
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
fSecure ? 1 : 0,
|
|
strNameSpace,
|
|
iKPP,
|
|
bUseSecureAuth ? 10 : 0);
|
|
}
|
|
|
|
|
|
public String LogoTag(String strReturnUrl,
|
|
int iTimeWindow,
|
|
int iForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
int iSecure,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
int iUseSecureAuth)
|
|
{
|
|
StringBuilder str = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportLogoTag(_iPassport,
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
iForceLogin,
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
iSecure,
|
|
strNameSpace,
|
|
iKPP,
|
|
iUseSecureAuth,
|
|
str,
|
|
4090);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return str.ToString();
|
|
}
|
|
|
|
|
|
|
|
|
|
public String LogoTag2(String strReturnUrl,
|
|
int iTimeWindow,
|
|
bool fForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
bool fSecure,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
bool bUseSecureAuth)
|
|
{
|
|
return LogoTag2(
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
fForceLogin ? 1 : 0,
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
fSecure ? 1 : 0,
|
|
strNameSpace,
|
|
iKPP,
|
|
bUseSecureAuth ? 10 : 0);
|
|
}
|
|
|
|
|
|
public String LogoTag2(String strReturnUrl,
|
|
int iTimeWindow,
|
|
int iForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
int iSecure,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
int iUseSecureAuth)
|
|
{
|
|
StringBuilder str = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportLogoTag2(_iPassport,
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
iForceLogin,
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
iSecure,
|
|
strNameSpace,
|
|
iKPP,
|
|
iUseSecureAuth,
|
|
str,
|
|
4090);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return str.ToString();
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// </devdoc>
|
|
public String AuthUrl() {
|
|
return AuthUrl(null, -1, -1, null, -1, null, -1, -1);
|
|
}
|
|
|
|
|
|
public String AuthUrl(String strReturnUrl) {
|
|
return AuthUrl(strReturnUrl, -1, -1, null, -1, null, -1, -1);
|
|
}
|
|
|
|
|
|
public String AuthUrl2() {
|
|
return AuthUrl2(null, -1, -1, null, -1, null, -1, -1);
|
|
}
|
|
|
|
|
|
public String AuthUrl2(String strReturnUrl) {
|
|
return AuthUrl2(strReturnUrl, -1, -1, null, -1, null, -1, -1);
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// <para>Similar to AuthUrl(). Returns the authentication server URL for
|
|
/// a member</para>
|
|
/// </devdoc>
|
|
public String AuthUrl (String strReturnUrl,
|
|
int iTimeWindow,
|
|
bool fForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
bool bUseSecureAuth)
|
|
{
|
|
StringBuilder str = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportAuthURL(_iPassport,
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
(fForceLogin ? 1 : 0),
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
strNameSpace,
|
|
iKPP,
|
|
bUseSecureAuth ? 10 : 0,
|
|
str,
|
|
4090);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return str.ToString();
|
|
}
|
|
|
|
|
|
public String AuthUrl2 (String strReturnUrl,
|
|
int iTimeWindow,
|
|
bool fForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
bool bUseSecureAuth)
|
|
|
|
{
|
|
StringBuilder str = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportAuthURL2(_iPassport,
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
(fForceLogin ? 1 : 0),
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
strNameSpace,
|
|
iKPP,
|
|
bUseSecureAuth ? 10 : 0,
|
|
str,
|
|
4090);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return str.ToString();
|
|
}
|
|
|
|
|
|
public String AuthUrl (String strReturnUrl,
|
|
int iTimeWindow,
|
|
int iForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
int iUseSecureAuth)
|
|
|
|
{
|
|
StringBuilder str = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportAuthURL(_iPassport,
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
iForceLogin,
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
strNameSpace,
|
|
iKPP,
|
|
iUseSecureAuth,
|
|
str,
|
|
4090);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return str.ToString();
|
|
}
|
|
|
|
|
|
public String AuthUrl2 (String strReturnUrl,
|
|
int iTimeWindow,
|
|
int iForceLogin,
|
|
String strCoBrandedArgs,
|
|
int iLangID,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
int iUseSecureAuth) {
|
|
StringBuilder str = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportAuthURL2(_iPassport,
|
|
strReturnUrl,
|
|
iTimeWindow,
|
|
iForceLogin,
|
|
strCoBrandedArgs,
|
|
iLangID,
|
|
strNameSpace,
|
|
iKPP,
|
|
iUseSecureAuth,
|
|
str,
|
|
4090);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return str.ToString();
|
|
}
|
|
|
|
|
|
public int LoginUser(
|
|
String szRetURL,
|
|
int iTimeWindow,
|
|
bool fForceLogin,
|
|
String szCOBrandArgs,
|
|
int iLangID,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
bool fUseSecureAuth,
|
|
object oExtraParams) {
|
|
return LoginUser(
|
|
szRetURL,
|
|
iTimeWindow,
|
|
fForceLogin ? 1 : 0,
|
|
szCOBrandArgs,
|
|
iLangID,
|
|
strNameSpace,
|
|
iKPP,
|
|
fUseSecureAuth ? 10 : 0,
|
|
oExtraParams);
|
|
}
|
|
|
|
|
|
public int LoginUser(
|
|
String szRetURL,
|
|
int iTimeWindow,
|
|
int fForceLogin,
|
|
String szCOBrandArgs,
|
|
int iLangID,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
int iUseSecureAuth,
|
|
object oExtraParams) {
|
|
|
|
String str = GetLoginChallenge(szRetURL, iTimeWindow, fForceLogin, szCOBrandArgs,
|
|
iLangID, strNameSpace, iKPP, iUseSecureAuth, oExtraParams);
|
|
|
|
if (str == null || str.Length < 1)
|
|
return -1;
|
|
|
|
HttpContext context = HttpContext.Current;
|
|
SetHeaders(context, str);
|
|
_WWWAuthHeaderSet = true;
|
|
|
|
str = context.Request.Headers["Accept-Auth"];
|
|
if (str != null && str.Length > 0 && str.IndexOf("Passport", StringComparison.Ordinal) >= 0) {
|
|
context.Response.StatusCode = 401;
|
|
context.Response.End();
|
|
return 0;
|
|
}
|
|
|
|
str = AuthUrl(szRetURL, iTimeWindow, fForceLogin, szCOBrandArgs,
|
|
iLangID, strNameSpace, iKPP, iUseSecureAuth);
|
|
|
|
if (!String.IsNullOrEmpty(str)) {
|
|
context.Response.Redirect(str, false);
|
|
return 0;
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
|
|
|
|
public int LoginUser() {
|
|
return LoginUser(null, -1, -1, null, -1, null, -1, -1, null);
|
|
}
|
|
|
|
|
|
public int LoginUser(String strReturnUrl) {
|
|
return LoginUser(strReturnUrl, -1, -1, null, -1, null, -1, -1, null);
|
|
}
|
|
|
|
|
|
|
|
public String GetLoginChallenge() {
|
|
return GetLoginChallenge(null, -1, -1, null, -1, null, -1, -1, null);
|
|
}
|
|
|
|
|
|
public String GetLoginChallenge(String strReturnUrl) {
|
|
return GetLoginChallenge(strReturnUrl, -1, -1, null, -1, null, -1, -1, null);
|
|
}
|
|
|
|
|
|
public String GetLoginChallenge(
|
|
String szRetURL,
|
|
int iTimeWindow,
|
|
int fForceLogin,
|
|
String szCOBrandArgs,
|
|
int iLangID,
|
|
String strNameSpace,
|
|
int iKPP,
|
|
int iUseSecureAuth,
|
|
object oExtraParams) {
|
|
|
|
StringBuilder str = new StringBuilder(4092);
|
|
int iRet = UnsafeNativeMethods.PassportGetLoginChallenge(
|
|
_iPassport,
|
|
szRetURL,
|
|
iTimeWindow,
|
|
fForceLogin,
|
|
szCOBrandArgs,
|
|
iLangID,
|
|
strNameSpace,
|
|
iKPP,
|
|
iUseSecureAuth,
|
|
oExtraParams,
|
|
str, 4090);
|
|
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
String strRet = str.ToString();
|
|
if (strRet != null && !StringUtil.StringStartsWith(strRet, "WWW-Authenticate"))
|
|
strRet = "WWW-Authenticate: " + strRet;
|
|
return strRet;
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
|
|
/// <devdoc>
|
|
/// Provides information for a Passport domain
|
|
/// by querying the Passport CCD for the requested domain attribute.
|
|
/// </devdoc>
|
|
public String GetDomainAttribute(String strAttribute, int iLCID, String strDomain) {
|
|
StringBuilder str = new StringBuilder(1028);
|
|
int iRet = UnsafeNativeMethods.PassportGetDomainAttribute(_iPassport, strAttribute, iLCID, strDomain, str, 1024);
|
|
if (iRet >= 0)
|
|
return str.ToString();
|
|
else
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
}
|
|
|
|
|
|
public Object Ticket(String strAttribute) {
|
|
Object oOut = new Object();
|
|
int iRet = UnsafeNativeMethods.PassportTicket(_iPassport, strAttribute, out oOut);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return oOut;
|
|
}
|
|
|
|
|
|
public Object GetCurrentConfig(String strAttribute) {
|
|
Object oOut = new Object();
|
|
int iRet = UnsafeNativeMethods.PassportGetCurrentConfig(_iPassport, strAttribute, out oOut);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return oOut;
|
|
}
|
|
|
|
|
|
public String HexPUID {
|
|
get {
|
|
StringBuilder str = new StringBuilder(1024);
|
|
int iRet = UnsafeNativeMethods.PassportHexPUID(_iPassport, str, 1024);
|
|
if (iRet >= 0)
|
|
return str.ToString();
|
|
else
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/// <internalonly/>
|
|
void IDisposable.Dispose()
|
|
{
|
|
if (_iPassport != IntPtr.Zero)
|
|
UnsafeNativeMethods.PassportDestroy(_iPassport);
|
|
_iPassport = IntPtr.Zero;
|
|
|
|
GC.SuppressFinalize(this);
|
|
}
|
|
|
|
/// <devdoc>
|
|
/// Signs out the given Passport member from
|
|
/// their current session.
|
|
/// </devdoc>
|
|
public static void SignOut(String strSignOutDotGifFileName) {
|
|
HttpContext context = HttpContext.Current;
|
|
String [] sCookieNames = {"MSPAuth", "MSPProf", "MSPConsent", "MSPSecAuth", "MSPProfC"};
|
|
String [] sCookieDomains = {"TicketDomain", "TicketDomain", "ProfileDomain", "SecureDomain", "TicketDomain"};
|
|
String [] sCookiePaths = {"TicketPath", "TicketPath", "ProfilePath", "SecurePath", "TicketPath"};
|
|
String [] sCookieDomainsV = new String[5];
|
|
String [] sCookiePathsV = new String[5];
|
|
PassportIdentity pi = null;
|
|
int iter = 0;
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Step 1: Clear all headers
|
|
context.Response.ClearHeaders();
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Step 2: Get passport config information (if using Passport 2.0 sdk)
|
|
try {
|
|
if (context.User.Identity is PassportIdentity) {
|
|
pi = (PassportIdentity) context.User.Identity;
|
|
} else {
|
|
pi = new PassportIdentity();
|
|
}
|
|
|
|
if (pi != null && _iPassportVer >= 3) {
|
|
// Get Domains
|
|
for(iter=0; iter<5; iter++) {
|
|
Object obj = pi.GetCurrentConfig(sCookieDomains[iter]);
|
|
if (obj != null && (obj is String))
|
|
sCookieDomainsV[iter] = (String) obj;
|
|
}
|
|
|
|
// Get Paths
|
|
for(iter=0; iter<5; iter++) {
|
|
Object obj = pi.GetCurrentConfig(sCookiePaths[iter]);
|
|
if (obj != null && (obj is String))
|
|
sCookiePathsV[iter] = (String) obj;
|
|
}
|
|
}
|
|
}
|
|
catch {
|
|
// ---- exceptions
|
|
}
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Step 3: Add cookies
|
|
for(iter=0; iter<5; iter++) {
|
|
HttpCookie cookie = new HttpCookie(sCookieNames[iter], String.Empty);
|
|
cookie.Expires = new DateTime(1998, 1, 1);
|
|
if (sCookieDomainsV[iter] != null && sCookieDomainsV[iter].Length > 0)
|
|
cookie.Domain = sCookieDomainsV[iter];
|
|
if (sCookiePathsV[iter] != null && sCookiePathsV[iter].Length > 0)
|
|
cookie.Path = sCookiePathsV[iter];
|
|
else
|
|
cookie.Path = "/";
|
|
context.Response.Cookies.Add(cookie);
|
|
}
|
|
|
|
// context.Response.AppendHeader("P3P", "CP=\"TST\"");
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Step 4: Add no-cache headers
|
|
context.Response.Expires = -1;
|
|
context.Response.Cache.SetCacheability(HttpCacheability.NoCache);
|
|
context.Response.AppendHeader("Pragma", "no-cache");
|
|
context.Response.ContentType = "image/gif";
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Step 5: Write Image file
|
|
context.Response.WriteFile(strSignOutDotGifFileName);
|
|
|
|
////////////////////////////////////////////////////////////
|
|
// Step 6: Mobile device support: Redirect to the "ru" in the QS (if present)
|
|
String strRU = context.Request.QueryString["ru"];
|
|
if (strRU != null && strRU.Length > 1)
|
|
context.Response.Redirect(strRU, false);
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
////////////////////////////////////////////////////////////
|
|
|
|
/// <devdoc>
|
|
/// Encrypts data using the Passport
|
|
/// participant keycfor the current site. Maximum input size is 2045 characters.
|
|
/// </devdoc>
|
|
static public String Encrypt(String strData) {
|
|
return CallPassportCryptFunction(0, strData);
|
|
}
|
|
|
|
|
|
/// <devdoc>
|
|
/// Decrypts data using the Passport
|
|
/// participant key for the current site.
|
|
/// </devdoc>
|
|
static public String Decrypt(String strData) {
|
|
return CallPassportCryptFunction(1, strData);
|
|
}
|
|
|
|
|
|
static public String Compress(String strData) {
|
|
return CallPassportCryptFunction(2, strData);
|
|
}
|
|
|
|
static public String Decompress(String strData) {
|
|
return CallPassportCryptFunction(3, strData);
|
|
}
|
|
|
|
|
|
static public int CryptPutHost(String strHost) {
|
|
int iRet = UnsafeNativeMethods.PassportCryptPut(0, strHost);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
|
|
return iRet;
|
|
}
|
|
|
|
|
|
static public int CryptPutSite(String strSite) {
|
|
int iRet = UnsafeNativeMethods.PassportCryptPut(1, strSite);
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
|
|
return iRet;
|
|
}
|
|
|
|
|
|
static public bool CryptIsValid() {
|
|
int iRet = UnsafeNativeMethods.PassportCryptIsValid();
|
|
if (iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
return (iRet == 0);
|
|
}
|
|
|
|
|
|
static private String CallPassportCryptFunction(int iFunctionID, String strData) {
|
|
int iRet = 0;
|
|
int iSize = ((strData == null || strData.Length < 512) ? 512 : strData.Length);
|
|
|
|
do {
|
|
iSize *= 2;
|
|
StringBuilder str = new StringBuilder(iSize);
|
|
iRet = UnsafeNativeMethods.PassportCrypt(iFunctionID, strData, str, iSize);
|
|
|
|
if (iRet == 0) // Worked
|
|
return str.ToString();
|
|
if (iRet != HResults.E_INSUFFICIENT_BUFFER && iRet < 0)
|
|
throw new COMException(SR.GetString(SR.Passport_method_failed), iRet);
|
|
}
|
|
while ( iRet == HResults.E_INSUFFICIENT_BUFFER &&
|
|
iSize < 10*1024*1024 ); // Less than 10MB
|
|
|
|
return null;
|
|
}
|
|
}
|
|
}
|