1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
//------------------------------------------------------------------------------
// <copyright file="WindowsAuthenticationModule.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
/*
* WindowsAuthenticationModule class
*
* Copyright (c) 1999 Microsoft Corporation
*/
namespace System.Web.Security {
using System;
using System.Security.Permissions;
using System.Security.Principal;
using System.Web;
using System.Web.Configuration;
using System.Web.Util;
/// <devdoc>
/// <para>
/// Allows ASP.NET applications to use Windows/IIS authentication.
/// </para>
/// </devdoc>
public sealed class WindowsAuthenticationModule : IHttpModule {
private WindowsAuthenticationEventHandler _eventHandler;
private static bool _fAuthChecked;
private static bool _fAuthRequired;
// anonymous identity + principal are static for easy referencing + reuse
private static readonly WindowsIdentity AnonymousIdentity = WindowsIdentity.GetAnonymous();
internal static readonly WindowsPrincipal AnonymousPrincipal = new WindowsPrincipal(AnonymousIdentity);
/// <devdoc>
/// <para>
/// Initializes a new instance of the <see cref='System.Web.Security.WindowsAuthenticationModule'/>
/// class.
/// </para>
/// </devdoc>
[SecurityPermission(SecurityAction.Demand, Unrestricted=true)]
public WindowsAuthenticationModule() {
}
/// <devdoc>
/// This is a global.asax event that must be
/// named WindowsAuthenticate_OnAuthenticate event. It's used primarily to attach a
/// custom IPrincipal object to the context.
/// </devdoc>
public event WindowsAuthenticationEventHandler Authenticate {
add {
_eventHandler += value;
}
remove {
_eventHandler -= value;
}
}
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
public void Dispose() {
}
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
public void Init(HttpApplication app) {
app.AuthenticateRequest += new EventHandler(this.OnEnter);
}
////////////////////////////////////////////////////////////
// OnAuthenticate: Custom Authentication modules can override
// this method to create a custom IPrincipal object from
// a WindowsIdentity
/// <devdoc>
/// Calls the
/// WindowsAuthentication_OnAuthenticate handler if one exists.
/// </devdoc>
void OnAuthenticate(WindowsAuthenticationEventArgs e) {
////////////////////////////////////////////////////////////
// If there are event handlers, invoke the handlers
if (_eventHandler != null)
_eventHandler(this, e);
if (e.Context.User == null)
{
if (e.User != null)
e.Context.User = e.User;
else if (e.Identity == AnonymousIdentity)
e.Context.SetPrincipalNoDemand(AnonymousPrincipal, false /*needToSetNativePrincipal*/);
else
e.Context.SetPrincipalNoDemand(new WindowsPrincipal(e.Identity), false /*needToSetNativePrincipal*/);
}
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
// Methods for internal implementation
/// <internalonly/>
/// <devdoc>
/// </devdoc>
[SecurityPermission(SecurityAction.Assert, UnmanagedCode = true, ControlPrincipal = true)]
void OnEnter(Object source, EventArgs eventArgs) {
if (!IsEnabled)
return;
HttpApplication app = (HttpApplication)source;
HttpContext context = app.Context;;
WindowsIdentity identity = null;
//////////////////////////////////////////////////////////////////
// Step 2: Create a Windows Identity from the credentials from IIS
if (HttpRuntime.UseIntegratedPipeline) {
// The native WindowsAuthenticationModule sets the user principal in IIS7WorkerRequest.SynchronizeVariables.
// The managed WindowsAuthenticationModule provides backward compatibility by rasing the OnAuthenticate event.
WindowsPrincipal user = context.User as WindowsPrincipal;
if (user != null) {
// identity will be null if this is not a WindowsIdentity
identity = user.Identity as WindowsIdentity;
// clear Context.User for backward compatibility (it will be set in OnAuthenticate)
context.SetPrincipalNoDemand(null, false /*needToSetNativePrincipal*/);
}
}
else {
String strLogonUser = context.WorkerRequest.GetServerVariable("LOGON_USER");
String strAuthType = context.WorkerRequest.GetServerVariable("AUTH_TYPE");
if (strLogonUser == null) {
strLogonUser = String.Empty;
}
if (strAuthType == null) {
strAuthType = String.Empty;
}
if (strLogonUser.Length == 0 && (strAuthType.Length == 0 ||
StringUtil.EqualsIgnoreCase(strAuthType, "basic")))
{
////////////////////////////////////////////////////////
// Step 2a: Use the anonymous identity
identity = AnonymousIdentity;
}
else
{
identity = new WindowsIdentity(
context.WorkerRequest.GetUserToken(),
strAuthType,
WindowsAccountType.Normal,
true);
}
}
///////////////////////////////////////////////////////////////////////////////////
// Step 3: Call OnAuthenticate to create IPrincipal for this request.
if (identity != null) {
OnAuthenticate( new WindowsAuthenticationEventArgs(identity, context) );
}
}
internal static bool IsEnabled {
get {
if (!_fAuthChecked) {
_fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Windows);
_fAuthChecked = true;
}
return _fAuthRequired;
}
}
}
}
|
