PassportAuthenticationModule.cs source code in C# .NET

Source code for the .NET framework in C#

                        

Code:

/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / xsp / System / Web / Security / PassportAuthenticationModule.cs / 1305376 / PassportAuthenticationModule.cs

                            //------------------------------------------------------------------------------ 
// 
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// 
//----------------------------------------------------------------------------- 

/* 
 * PassportAuthenticationModule class 
 *
 * Copyright (c) 1999 Microsoft Corporation 
 */

namespace System.Web.Security {
    using System.Web; 
    using  System.Security.Principal;
    using System.Web.Configuration; 
    using System.Web.Handlers; 
    using System.Globalization;
    using System.Security.Permissions; 
    using System.Web.Management;


 
    /// 
    ///    This 
    ///       module provides a wrapper around passport authentication services. 
    /// 
    [Obsolete("This type is obsolete. The Passport authentication product is no longer supported and has been superseded by Live ID.")] 
    public sealed class PassportAuthenticationModule : IHttpModule {
        private PassportAuthenticationEventHandler _eventHandler;

        private static bool _fAuthChecked  = false; 
        private static bool _fAuthRequired = false;
        private static String _LoginUrl    = null; 
 

        ///  
        ///    
        ///       Initializes a new instance of the 
        ///       class.
        ///      
        /// 
        [SecurityPermission(SecurityAction.Demand, Unrestricted=true)] 
        public PassportAuthenticationModule() { 
        }
 
        ////////////////////////////////////////////////////////////
        // AddOnAuthenticate and RemoveOnAuthenticate: Use these
        //   methods to hook up event handlers to handle the
        //   OnAuthenticate Event 

        ///  
        ///    This is a global.asax event that must be 
        ///    named PassportAuthenticate_OnAuthenticate event.
        ///  
        public event PassportAuthenticationEventHandler Authenticate {
            add {
                _eventHandler += value;
            } 
            remove {
                _eventHandler -= value; 
            } 
        }
 

        /// 
        ///    [To be supplied.]
        ///  
        public void Dispose() {
        } 
 

        ///  
        ///    [To be supplied.]
        /// 
        public void Init(HttpApplication app) {
            app.AuthenticateRequest += new EventHandler(this.OnEnter); 
            app.EndRequest += new EventHandler(this.OnLeave);
        } 
 
        ////////////////////////////////////////////////////////////
        // OnAuthenticate: Custom Authentication modules can override 
        //             this method to create a custom IPrincipal object from
        //             a PassportIdentity

        ///  
        ///    Calls the
        ///    PassportAuthentication_OnAuthenticate handler, if one exists. 
        ///  
        void OnAuthenticate(PassportAuthenticationEventArgs e) {
            //////////////////////////////////////////////////////////// 
            // If there are event handlers, invoke the handlers
            if (_eventHandler != null) {
                _eventHandler(this, e);
                if (e.Context.User == null && e.User != null) 
                {
                    InternalSecurityPermissions.ControlPrincipal.Demand(); 
                    e.Context.User = e.User; 
                }
            } 

            ////////////////////////////////////////////////////////////
            // Default Implementation: If IPrincipal has not been created,
            //                         create a PassportUser 
            if (e.Context.User == null)
            { 
                InternalSecurityPermissions.ControlPrincipal.Demand(); 
                e.Context.User = new PassportPrincipal(e.Identity, new String[0]);
            } 
        }


        //////////////////////////////////////////////////////////// 
        ////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////// 
        // Methods for internal implementation 

        ///  
        /// 
        /// 
        void OnEnter(Object source, EventArgs eventArgs) {
            if (_fAuthChecked && !_fAuthRequired) 
                return;
 
            HttpApplication app; 
            HttpContext context;
 
            app = (HttpApplication)source;
            context = app.Context;

            if (!_fAuthChecked) { 
                AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication;
                _fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Passport); 
                _LoginUrl = settings.Passport.RedirectUrl; 
                _fAuthChecked = true;
            } 

            if (!_fAuthRequired)
                return;
 
            ////////////////////////////////////////////////////////
            // Step 1: See if this request is valid or not 
            // VSWhidbey 442515: We no longer need to do this check, always proceed 

            //////////////////////////////////////////////////////// 
            // Step 2: Create a Passport Identity from the credentials
            //     from IIS
            PassportIdentity identity = new PassportIdentity();
 
            ////////////////////////////////////////////////////////
            // Step 4: Call OnAuthenticate virtual method to create 
            //    an IPrincipal for this request 
            OnAuthenticate( new PassportAuthenticationEventArgs(identity, context) );
 
            ////////////////////////////////////////////////////////
            // Skip AuthZ if accessing the login page
            context.SetSkipAuthorizationNoDemand(AuthenticationConfig.AccessingLoginPage(context, _LoginUrl), false /*managedOnly*/);
 
            if (!context.SkipAuthorization) {
                context.SkipAuthorization = AssemblyResourceLoader.IsValidWebResourceRequest(context); 
            } 
        }
 
        void OnLeave(Object source, EventArgs eventArgs) {
            HttpApplication app;
            HttpContext context;
            app = (HttpApplication)source; 
            context = app.Context;
            if (!_fAuthChecked || !_fAuthRequired || context.User == null || context.User.Identity == null || !(context.User.Identity is PassportIdentity)) 
                return; 

 

            PassportIdentity id = (PassportIdentity) context.User.Identity;
            if (context.Response.StatusCode != 401 || id.WWWAuthHeaderSet)
                return; 

            if ( _LoginUrl==null || _LoginUrl.Length < 1 || String.Compare(_LoginUrl, "internal", StringComparison.Ordinal) == 0) { 
                context.Response.Clear(); 
                context.Response.StatusCode = 200;
 
                if (!ErrorFormatter.RequiresAdaptiveErrorReporting(context)) {
                    String strUrl = context.Request.Url.ToString();
                    int iPos = strUrl.IndexOf('?');
                    if (iPos >= 0) { 
                        strUrl = strUrl.Substring(0, iPos);
                    } 
                    String strLogoTag = id.LogoTag2(HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding)); 

                    String strMsg = SR.GetString(SR.PassportAuthFailed, strLogoTag); 
                    context.Response.Write(strMsg);
                }
                else {
                    ErrorFormatter errorFormatter = new PassportAuthFailedErrorFormatter(); 
                    context.Response.Write(errorFormatter.GetAdaptiveErrorMessage(context, true));
                } 
            } 
            else {
                //////////////////////////////////////////////////////////// 
                // Step 1: Get the redirect url
                String redirectUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl);

                //////////////////////////////////////////////////////////// 
                // Step 2: Check if we have a valid url to the redirect-page
                if (redirectUrl == null || redirectUrl.Length <= 0) 
                    throw new HttpException(SR.GetString(SR.Invalid_Passport_Redirect_URL)); 

 
                ////////////////////////////////////////////////////////////
                // Step 3: Construct the redirect-to url
                String             strUrl       = context.Request.Url.ToString();
                String             strRedirect; 
                int                iIndex;
                String             strSep; 
 
                if (redirectUrl.IndexOf('?') >= 0)
                    strSep = "&"; 
                else
                    strSep = "?";

                strRedirect = redirectUrl  + strSep + "ReturnUrl=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding); 

 
                //////////////////////////////////////////////////////////// 
                // Step 4: Add the query-string from the current url
                iIndex = strUrl.IndexOf('?'); 
                if (iIndex >= 0 && iIndex < strUrl.Length-1)
                    strRedirect += "&" + strUrl.Substring(iIndex+1);

 
                ////////////////////////////////////////////////////////////
                // Step 5: Do the redirect 
                context.Response.Redirect(strRedirect, false); 
            }
        } 

    }

    ////////////////////////////////////////////////////////////////// 
    //////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////// 
    // ErrorFormatter for generating adaptive error for mobile devices 
    internal class PassportAuthFailedErrorFormatter : ErrorFormatter {
 
        protected override string ErrorTitle {
            get { return SR.GetString(SR.PassportAuthFailed_Title);}
        }
 
        protected override string Description {
            get { return SR.GetString(SR.PassportAuthFailed_Description);} 
        } 

        protected override string MiscSectionTitle { 
            get { return SR.GetString(SR.Assess_Denied_Title);}
        }

        protected override string MiscSectionContent { 
            get { return null;}
        } 
 
        protected override string ColoredSquareTitle {
            get { return null;} 
        }

        protected override string ColoredSquareContent {
            get { return null;} 
        }
 
        protected override bool ShowSourceFileInfo { 
            get { return false;}
        } 
    }
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------ 
// 
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// 
//----------------------------------------------------------------------------- 

/* 
 * PassportAuthenticationModule class 
 *
 * Copyright (c) 1999 Microsoft Corporation 
 */

namespace System.Web.Security {
    using System.Web; 
    using  System.Security.Principal;
    using System.Web.Configuration; 
    using System.Web.Handlers; 
    using System.Globalization;
    using System.Security.Permissions; 
    using System.Web.Management;


 
    /// 
    ///    This 
    ///       module provides a wrapper around passport authentication services. 
    /// 
    [Obsolete("This type is obsolete. The Passport authentication product is no longer supported and has been superseded by Live ID.")] 
    public sealed class PassportAuthenticationModule : IHttpModule {
        private PassportAuthenticationEventHandler _eventHandler;

        private static bool _fAuthChecked  = false; 
        private static bool _fAuthRequired = false;
        private static String _LoginUrl    = null; 
 

        ///  
        ///    
        ///       Initializes a new instance of the 
        ///       class.
        ///      
        /// 
        [SecurityPermission(SecurityAction.Demand, Unrestricted=true)] 
        public PassportAuthenticationModule() { 
        }
 
        ////////////////////////////////////////////////////////////
        // AddOnAuthenticate and RemoveOnAuthenticate: Use these
        //   methods to hook up event handlers to handle the
        //   OnAuthenticate Event 

        ///  
        ///    This is a global.asax event that must be 
        ///    named PassportAuthenticate_OnAuthenticate event.
        ///  
        public event PassportAuthenticationEventHandler Authenticate {
            add {
                _eventHandler += value;
            } 
            remove {
                _eventHandler -= value; 
            } 
        }
 

        /// 
        ///    [To be supplied.]
        ///  
        public void Dispose() {
        } 
 

        ///  
        ///    [To be supplied.]
        /// 
        public void Init(HttpApplication app) {
            app.AuthenticateRequest += new EventHandler(this.OnEnter); 
            app.EndRequest += new EventHandler(this.OnLeave);
        } 
 
        ////////////////////////////////////////////////////////////
        // OnAuthenticate: Custom Authentication modules can override 
        //             this method to create a custom IPrincipal object from
        //             a PassportIdentity

        ///  
        ///    Calls the
        ///    PassportAuthentication_OnAuthenticate handler, if one exists. 
        ///  
        void OnAuthenticate(PassportAuthenticationEventArgs e) {
            //////////////////////////////////////////////////////////// 
            // If there are event handlers, invoke the handlers
            if (_eventHandler != null) {
                _eventHandler(this, e);
                if (e.Context.User == null && e.User != null) 
                {
                    InternalSecurityPermissions.ControlPrincipal.Demand(); 
                    e.Context.User = e.User; 
                }
            } 

            ////////////////////////////////////////////////////////////
            // Default Implementation: If IPrincipal has not been created,
            //                         create a PassportUser 
            if (e.Context.User == null)
            { 
                InternalSecurityPermissions.ControlPrincipal.Demand(); 
                e.Context.User = new PassportPrincipal(e.Identity, new String[0]);
            } 
        }


        //////////////////////////////////////////////////////////// 
        ////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////// 
        // Methods for internal implementation 

        ///  
        /// 
        /// 
        void OnEnter(Object source, EventArgs eventArgs) {
            if (_fAuthChecked && !_fAuthRequired) 
                return;
 
            HttpApplication app; 
            HttpContext context;
 
            app = (HttpApplication)source;
            context = app.Context;

            if (!_fAuthChecked) { 
                AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication;
                _fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Passport); 
                _LoginUrl = settings.Passport.RedirectUrl; 
                _fAuthChecked = true;
            } 

            if (!_fAuthRequired)
                return;
 
            ////////////////////////////////////////////////////////
            // Step 1: See if this request is valid or not 
            // VSWhidbey 442515: We no longer need to do this check, always proceed 

            //////////////////////////////////////////////////////// 
            // Step 2: Create a Passport Identity from the credentials
            //     from IIS
            PassportIdentity identity = new PassportIdentity();
 
            ////////////////////////////////////////////////////////
            // Step 4: Call OnAuthenticate virtual method to create 
            //    an IPrincipal for this request 
            OnAuthenticate( new PassportAuthenticationEventArgs(identity, context) );
 
            ////////////////////////////////////////////////////////
            // Skip AuthZ if accessing the login page
            context.SetSkipAuthorizationNoDemand(AuthenticationConfig.AccessingLoginPage(context, _LoginUrl), false /*managedOnly*/);
 
            if (!context.SkipAuthorization) {
                context.SkipAuthorization = AssemblyResourceLoader.IsValidWebResourceRequest(context); 
            } 
        }
 
        void OnLeave(Object source, EventArgs eventArgs) {
            HttpApplication app;
            HttpContext context;
            app = (HttpApplication)source; 
            context = app.Context;
            if (!_fAuthChecked || !_fAuthRequired || context.User == null || context.User.Identity == null || !(context.User.Identity is PassportIdentity)) 
                return; 

 

            PassportIdentity id = (PassportIdentity) context.User.Identity;
            if (context.Response.StatusCode != 401 || id.WWWAuthHeaderSet)
                return; 

            if ( _LoginUrl==null || _LoginUrl.Length < 1 || String.Compare(_LoginUrl, "internal", StringComparison.Ordinal) == 0) { 
                context.Response.Clear(); 
                context.Response.StatusCode = 200;
 
                if (!ErrorFormatter.RequiresAdaptiveErrorReporting(context)) {
                    String strUrl = context.Request.Url.ToString();
                    int iPos = strUrl.IndexOf('?');
                    if (iPos >= 0) { 
                        strUrl = strUrl.Substring(0, iPos);
                    } 
                    String strLogoTag = id.LogoTag2(HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding)); 

                    String strMsg = SR.GetString(SR.PassportAuthFailed, strLogoTag); 
                    context.Response.Write(strMsg);
                }
                else {
                    ErrorFormatter errorFormatter = new PassportAuthFailedErrorFormatter(); 
                    context.Response.Write(errorFormatter.GetAdaptiveErrorMessage(context, true));
                } 
            } 
            else {
                //////////////////////////////////////////////////////////// 
                // Step 1: Get the redirect url
                String redirectUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl);

                //////////////////////////////////////////////////////////// 
                // Step 2: Check if we have a valid url to the redirect-page
                if (redirectUrl == null || redirectUrl.Length <= 0) 
                    throw new HttpException(SR.GetString(SR.Invalid_Passport_Redirect_URL)); 

 
                ////////////////////////////////////////////////////////////
                // Step 3: Construct the redirect-to url
                String             strUrl       = context.Request.Url.ToString();
                String             strRedirect; 
                int                iIndex;
                String             strSep; 
 
                if (redirectUrl.IndexOf('?') >= 0)
                    strSep = "&"; 
                else
                    strSep = "?";

                strRedirect = redirectUrl  + strSep + "ReturnUrl=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding); 

 
                //////////////////////////////////////////////////////////// 
                // Step 4: Add the query-string from the current url
                iIndex = strUrl.IndexOf('?'); 
                if (iIndex >= 0 && iIndex < strUrl.Length-1)
                    strRedirect += "&" + strUrl.Substring(iIndex+1);

 
                ////////////////////////////////////////////////////////////
                // Step 5: Do the redirect 
                context.Response.Redirect(strRedirect, false); 
            }
        } 

    }

    ////////////////////////////////////////////////////////////////// 
    //////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////// 
    // ErrorFormatter for generating adaptive error for mobile devices 
    internal class PassportAuthFailedErrorFormatter : ErrorFormatter {
 
        protected override string ErrorTitle {
            get { return SR.GetString(SR.PassportAuthFailed_Title);}
        }
 
        protected override string Description {
            get { return SR.GetString(SR.PassportAuthFailed_Description);} 
        } 

        protected override string MiscSectionTitle { 
            get { return SR.GetString(SR.Assess_Denied_Title);}
        }

        protected override string MiscSectionContent { 
            get { return null;}
        } 
 
        protected override string ColoredSquareTitle {
            get { return null;} 
        }

        protected override string ColoredSquareContent {
            get { return null;} 
        }
 
        protected override bool ShowSourceFileInfo { 
            get { return false;}
        } 
    }
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
                        

Link Menu

Network programming in C#, Network Programming in VB.NET, Network Programming in .NET
This book is available now!
Buy at Amazon US or
Buy at Amazon UK