archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetsrv/uddi/source/web/security.cs

580 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. using System;
  2. using System.ComponentModel;
  3. using System.Security.Principal;
  4. using System.Web;
  5. using System.Web.Security;
  6. using System.Web.UI;
  7. using UDDI;
  9. namespace UDDI.Web
  10. {
  11. /// ********************************************************************
  12. /// public class SignInControl
  13. /// --------------------------------------------------------------------
  14. /// <summary>
  15. /// Web control for producing a sign-in link.
  16. /// </summary>
  17. /// ********************************************************************
  18. ///
  19. public class SignInControl : UserControl
  20. {
  21. protected string returnUrl = null;
  22. protected bool forceLogin = true;
  24. /// ****************************************************************
  25. /// public ForceLogin [get/set]
  26. /// ----------------------------------------------------------------
  27. /// <summary>
  28. /// Specifies whether the user will be forced to re-enter his
  29. /// or her password after the time window has expired.
  30. /// </summary>
  31. /// ****************************************************************
  32. ///
  33. [ Bindable( true ), Category( "Behavior" ), DefaultValue( true ) ]
  34. public bool ForceLogin
  35. {
  36. get { return forceLogin; }
  37. set { forceLogin = value; }
  38. }
  40. /// ****************************************************************
  41. /// public ReturnUrl [get/set]
  42. /// ----------------------------------------------------------------
  43. /// <summary>
  44. /// Specifies the URL we should redirect to after a user
  45. /// has signed in.
  46. /// </summary>
  47. /// ****************************************************************
  48. ///
  49. [ Bindable( true ), Category( "Behavior" ), DefaultValue( null ) ]
  50. public string ReturnUrl
  51. {
  52. get { return returnUrl; }
  53. set { returnUrl = value; }
  54. }
  56. /// ****************************************************************
  57. /// protected Render
  58. /// ----------------------------------------------------------------
  59. /// <summary>
  60. /// Renders the control.
  61. /// </summary>
  62. /// ****************************************************************
  63. ///
  64. protected override void Render( HtmlTextWriter output )
  65. {
  66. if( ( Config.GetInt( "Security.AuthenticationMode", (int)AuthenticationMode.Windows ) & (int)AuthenticationMode.Passport ) != 0 )
  67. {
  68. PassportIdentity passport = (PassportIdentity)Context.User.Identity;
  70. //
  71. // Display the Passport login image.
  72. //
  73. int timeWindow = Config.GetInt( "Passport.TimeWindow", 14400 );
  74. bool secure = Request.IsSecureConnection;
  76. string thisUrl = ( Request.IsSecureConnection ? "https://" : "http://" ) +
  77. Request.ServerVariables["SERVER_NAME"] +
  78. Request.ServerVariables["SCRIPT_NAME"];
  80. if( Utility.StringEmpty( ReturnUrl ) )
  81. ReturnUrl = thisUrl;
  83. //
  84. // Update this to LogoTag2 when Passport .NET support is updated.
  85. //
  86. string html = passport.LogoTag( ReturnUrl, timeWindow, forceLogin, "", 0, secure, "", 0, false );
  88. output.WriteLine(
  89. "&nbsp;&nbsp;" +
  90. html.Replace( "<A ", "<A TARGET='_top' " )+
  91. "&nbsp;&nbsp;" );
  92. }
  93. }
  94. }
  96. public class SecurityControl : UserControl
  97. {
  98. protected PassportIdentity passport;
  99. protected string loginUrl = "/login.aspx";
  100. protected string registerUrl = "/register.aspx";
  101. protected string returnUrl = null;
  102. protected bool forceLogin = true;
  103. protected bool userRequired = false;
  104. protected bool publisherRequired = false;
  105. protected bool coordinatorRequired = false;
  106. protected bool adminRequired = false;
  107. protected int timeWindow;
  109. /// ****************************************************************
  110. /// public UserRequired [get/set]
  111. /// ----------------------------------------------------------------
  112. /// <summary>
  113. /// Specifies the user role is required for the page.
  114. /// </summary>
  115. /// ****************************************************************
  116. ///
  117. public bool UserRequired
  118. {
  119. get { return userRequired; }
  120. set { userRequired = value; }
  121. }
  123. /// ****************************************************************
  124. /// public PublisherRequired [get/set]
  125. /// ----------------------------------------------------------------
  126. /// <summary>
  127. /// Specifies the publisher role is required for the page.
  128. /// </summary>
  129. /// ****************************************************************
  130. ///
  131. public bool PublisherRequired
  132. {
  133. get { return publisherRequired; }
  134. set { publisherRequired = value; }
  135. }
  137. /// ****************************************************************
  138. /// public CoordinatorRequired [get/set]
  139. /// ----------------------------------------------------------------
  140. /// <summary>
  141. /// Specifies the coordinator role is required for the page.
  142. /// </summary>
  143. /// ****************************************************************
  144. ///
  145. public bool CoordinatorRequired
  146. {
  147. get { return coordinatorRequired; }
  148. set { coordinatorRequired = value; }
  149. }
  151. /// ****************************************************************
  152. /// public AdminRequired [get/set]
  153. /// ----------------------------------------------------------------
  154. /// <summary>
  155. /// Specifies the administrator role is required for the page.
  156. /// </summary>
  157. /// ****************************************************************
  158. ///
  159. public bool AdminRequired
  160. {
  161. get { return adminRequired; }
  162. set { adminRequired = value; }
  163. }
  165. /// ****************************************************************
  166. /// public ForceLogin [get/set]
  167. /// ----------------------------------------------------------------
  168. /// <summary>
  169. /// Specifies whether the user will be forced to re-enter his
  170. /// or her password after the time window has expired.
  171. /// </summary>
  172. /// ****************************************************************
  173. ///
  174. [ Bindable( true ), Category( "Behavior" ), DefaultValue( true ) ]
  175. public bool ForceLogin
  176. {
  177. get { return forceLogin; }
  178. set { forceLogin = value; }
  179. }
  181. /// ****************************************************************
  182. /// public LoginUrl [get/set]
  183. /// ----------------------------------------------------------------
  184. /// <summary>
  185. /// Specifies the login page.
  186. /// </summary>
  187. /// ****************************************************************
  188. ///
  189. [ Bindable( true ), Category( "Behavior" ), DefaultValue( "/login.aspx" ) ]
  190. public string LoginUrl
  191. {
  192. get { return loginUrl; }
  193. set { loginUrl = value; }
  194. }
  196. /// ****************************************************************
  197. /// public ReturnUrl [get/set]
  198. /// ----------------------------------------------------------------
  199. /// <summary>
  200. /// Specifies the URL Passport should redirect to after a user
  201. /// has signed in.
  202. /// </summary>
  203. /// ****************************************************************
  204. ///
  205. [ Bindable( true ), Category( "Behavior" ), DefaultValue( null ) ]
  206. public string ReturnUrl
  207. {
  208. get { return returnUrl; }
  209. set { returnUrl = value; }
  210. }
  212. /// ****************************************************************
  213. /// public IsAuthenticated [get]
  214. /// ----------------------------------------------------------------
  215. /// <summary>
  216. /// Returns true if the user is authenticated.
  217. /// </summary>
  218. /// ****************************************************************
  219. ///
  220. public bool IsAuthenticated
  221. {
  222. get { return passport.GetIsAuthenticated( timeWindow, ForceLogin, false ); }
  223. }
  225. /// ****************************************************************
  226. /// protected OnInit
  227. /// ----------------------------------------------------------------
  228. /// <summary>
  229. /// Initializes the security control.
  230. /// </summary>
  231. /// ****************************************************************
  232. ///
  233. protected override void OnInit( EventArgs e )
  234. {
  235. //
  236. // Check to make sure config settings are fresh.
  237. //
  238. Config.CheckForUpdate();
  240. //
  241. // Check to see if the server has been manually stopped.
  242. //
  243. if( 0 == Config.GetInt( "Run", 1 ) )
  244. {
  245. #if never
  246. throw new UDDIException(
  247. ErrorType.E_busy,
  248. "UDDI Services are currently unavailable." );
  249. #endif
  250. throw new UDDIException( ErrorType.E_busy, "UDDI_ERROR_SERVICES_NOT_AVAILABLE" );
  251. }
  253. int mode = Config.GetInt( "Security.AuthenticationMode", (int)AuthenticationMode.Windows );
  256. //
  257. // TODO: This code should be simplified to simple if statements.
  258. // It is obviously old code that needs to be updated.
  259. //
  260. if( ( mode & (int)AuthenticationMode.Passport ) != 0 )
  261. {
  262. //
  263. // SECURITY: Passport.TimeWindow should be the same
  264. // timeout as API authentication.
  265. //
  266. passport = (PassportIdentity)Context.User.Identity;
  270. timeWindow = Config.GetInt( "Passport.TimeWindow", 14400 );
  272. string thisUrl = ( Request.IsSecureConnection ? "https://" : "http://" ) +
  273. Request.ServerVariables[ "SERVER_NAME" ] +
  274. Request.ServerVariables[ "SCRIPT_NAME" ];
  276. if( Utility.StringEmpty( ReturnUrl ) )
  277. ReturnUrl = thisUrl;
  279. //
  280. // If the user just logged in, clean up the query string by redirecting
  281. // to this page.
  282. //
  283. if( passport.GetFromNetworkServer )
  284. Response.Redirect( thisUrl );
  286. //
  287. // Check to see if the current role is more that a passport user
  288. // can do.
  289. //
  290. if( AdminRequired || CoordinatorRequired )
  291. {
  292. //
  293. //Passport Users are not allowed in these areas.
  294. //
  295. #if never
  296. throw new UDDIException(
  297. ErrorType.E_unknownUser,
  298. "Access denied." );
  299. #endif
  300. throw new UDDIException(
  301. ErrorType.E_unknownUser,
  302. "UDDI_ERROR_ACCESS_DENIED" );
  303. }
  305. //
  306. // Check to see if the user is authenticated.
  307. //
  308. if( !passport.GetIsAuthenticated( timeWindow, ForceLogin, false ) )
  309. {
  310. //
  311. // If the user already has a ticket, force them to re-enter
  312. // their password.
  313. //
  314. if( passport.HasTicket )
  315. {
  316. bool secure = Request.IsSecureConnection;
  318. //
  319. // Update this to AuthUrl2 when Passport .NET support is updated.
  320. //
  321. Response.Redirect( passport.AuthUrl( ReturnUrl, timeWindow, ForceLogin, "", 0, "", 0, secure ) );
  322. }
  324. //
  325. // If login is required, redirect the user to the login page.
  326. //
  327. if( PublisherRequired )
  328. Response.Redirect( LoginUrl + "?publish=true" );
  329. }
  330. else
  331. {
  332. string userID = passport.HexPUID;
  334. //
  335. // Check to ensure that the passport UserID is not ""
  336. // if it is, force them to retype thier password
  337. //
  338. // if( ""==userID )
  339. // Response.Redirect( LoginUrl );
  342. string email = (string)passport.GetProfileObject( "PreferredEmail" );
  344. UDDI.Context.User.SetPublisherRole( userID );
  346. if( PublisherRequired )
  347. {
  348. //
  349. // SECURITY: Is Validate the same as IsRegistered?
  350. // lucasm: no, Validate makes sure the registered publisher has validated
  351. // the email address they have supplied. IsRegistered checks to see
  352. // if we have added this uses to the publishers table.
  353. //
  354. int valid = Publisher.Validate( userID );
  355. if( 50013 == valid )
  356. {
  357. //
  358. // Need to create a page that tells the
  359. // user to click the link in the email
  360. //
  361. Response.Redirect( LoginUrl );
  362. }
  363. else if( 0 != valid )
  364. {
  365. Response.Redirect( LoginUrl );
  366. }
  368. Publisher publisher = new Publisher();
  369. publisher.Login( userID, email );
  371. if( null == email )
  372. email = publisher.Email;
  374. //
  375. // TODO: this REALLY should be merged with the PublisherInfo class
  376. // in core!!
  377. //
  378. UDDI.Context.User.Name = publisher.Name;
  379. UDDI.Context.User.BindingLimit = publisher.BindingLimit;
  380. UDDI.Context.User.BusinessCount = publisher.BusinessCount;
  381. UDDI.Context.User.BusinessLimit = publisher.BusinessLimit;
  382. UDDI.Context.User.CompanyName = publisher.CompanyName;
  383. UDDI.Context.User.IsoLangCode = publisher.IsoLangCode;
  384. UDDI.Context.User.ServiceLimit = publisher.ServiceLimit;
  385. UDDI.Context.User.TModelCount = publisher.TModelCount;
  386. UDDI.Context.User.TModelLimit = publisher.TModelLimit;
  387. }
  390. //
  391. // Save the credentials for the authenticated user.
  392. //
  393. UDDI.Context.User.ID = userID;
  394. UDDI.Context.User.Email = email;
  395. }
  396. }
  397. else
  398. {
  399. WindowsPrincipal principal = (WindowsPrincipal)HttpContext.Current.User;
  401. UDDI.Context.User.SetRole( principal );
  402. UDDI.Context.User.Name = principal.Identity.Name;
  404. if( UserRequired && !UDDI.Context.User.IsUser && ( mode & (int)AuthenticationMode.AuthenticatedRead ) != 0 ||
  405. PublisherRequired && !UDDI.Context.User.IsPublisher ||
  406. CoordinatorRequired && !UDDI.Context.User.IsCoordinator ||
  407. AdminRequired && !UDDI.Context.User.IsAdministrator )
  408. {
  409. #if never
  410. throw new UDDIException(
  411. ErrorType.E_unknownUser,
  412. "Access denied." );
  413. #endif
  414. throw new UDDIException( ErrorType.E_unknownUser, "UDDI_ERROR_ACCESS_DENIED" );
  415. }
  417. if( PublisherRequired || CoordinatorRequired || AdminRequired )
  418. {
  419. if( !UDDI.Context.User.IsRegistered )
  420. {
  421. if( 1 == Config.GetInt( "Security.AutoRegister", 0 ) )
  422. {
  423. UDDI.Context.User.TrackPassport = false;
  424. UDDI.Context.User.Verified = true;
  426. UDDI.Context.User.Register();
  427. }
  428. else
  429. {
  430. #if never
  431. throw new UDDIException( UDDI.ErrorType.E_unknownUser,
  432. "User login failed" );
  433. #endif
  434. throw new UDDIException( UDDI.ErrorType.E_unknownUser, "UDDI_ERROR_USER_LOGIN_FAILED" );
  435. }
  436. }
  438. UDDI.Context.User.Login();
  439. }
  440. }
  442. //
  443. // SECURITY: put this in the Windows Authentication block... not available
  444. // for Passport auth.
  445. //
  446. // If the user is a coordinator and they have a cookie indicating they are
  447. // impersonating another user, setup the user info in the current UDDI
  448. // context.
  449. //
  451. //
  452. // 734292 - Make sure the user is an administrator if they are trying to impersonate the system.
  453. //
  454. if( true == ViewAsPublisher.IsValid() )
  455. {
  456. UDDI.Context.User.ImpersonatorID = UDDI.Context.User.ID;
  457. UDDI.Context.User.ID = ViewAsPublisher.GetPublisherID();
  458. }
  459. }
  460. }
  462. /// <summary>
  463. /// This class will handle all of the operations necessary to set and get the impersontation publisher ID value
  464. /// from HTTP cookies. The name of this class is obscure by design.
  465. /// </summary>
  466. public class ViewAsPublisher
  467. {
  468. //
  469. // This value is used as the name of a cookie sent to the client.
  470. //
  471. private static string name = "ViewAsPublisher";
  473. /// <summary>
  474. /// This method will clear any current impersonation publisher ID's.
  475. /// </summary>
  476. public static void Reset()
  477. {
  478. //
  479. // Remove any current cookies.
  480. //
  481. HttpContext.Current.Response.Cookies.Remove( ViewAsPublisher.name );
  483. //
  484. // Clear out any current values the client may be holding onto
  485. //
  486. HttpCookie viewAsPublisher = new HttpCookie( name, "" );
  487. HttpContext.Current.Response.Cookies.Add( viewAsPublisher );
  488. }
  490. /// <summary>
  491. /// This method will set the publisher ID to impersonate.
  492. /// </summary>
  493. /// <param name="publisherID"></param>
  494. /// <returns></returns>
  495. public static bool Set( string publisherID )
  496. {
  497. bool success = false;
  499. //
  500. // Make sure the name we are given is OK
  501. //
  502. if( true == ViewAsPublisher.IsValid( publisherID ) )
  503. {
  504. //
  505. // Remove any current cookies.
  506. //
  507. HttpContext.Current.Response.Cookies.Remove( ViewAsPublisher.name );
  509. //
  510. // Set the impersonation publisher ID in a cookie.
  511. //
  512. HttpCookie viewAsPublisher = new HttpCookie( name, publisherID );
  513. HttpContext.Current.Response.Cookies.Add( viewAsPublisher );
  515. success = true;
  516. }
  518. return success;
  519. }
  521. /// <summary>
  522. /// This method will return the value of the publisher to impersonate, or null if there isn't one.
  523. /// </summary>
  524. /// <returns></returns>
  525. public static string GetPublisherID()
  526. {
  527. string publisherID = null;
  529. HttpCookie viewAsPublisher = HttpContext.Current.Request.Cookies[ ViewAsPublisher.name ];
  530. if( null != viewAsPublisher )
  531. {
  532. publisherID = viewAsPublisher.Value as string;
  533. if( true == Utility.StringEmpty( publisherID ) )
  534. {
  535. publisherID = null;
  536. }
  537. }
  539. return publisherID;
  540. }
  542. /// <summary>
  543. /// This method will return false if the user is not an administrator and they are trying to impersonate system
  544. /// </summary>
  545. /// <returns></returns>
  546. public static bool IsValid( string publisherID )
  547. {
  548. bool isValid = false;
  550. //
  551. // The minimum requirement is that the publisherID is not null and that the user is a coordinator.
  552. //
  553. if( true == UDDI.Context.User.IsCoordinator &&
  554. null != publisherID )
  555. {
  556. //
  557. // At this point, we are in a valid state.
  558. //
  559. isValid = true;
  561. //
  562. // Check to see if the user is trying to impersonate the system account.
  563. //
  564. if( true == publisherID.ToLower().Equals( "system" ) )
  565. {
  566. //
  567. // If the value is System, make sure the user is an administrator
  568. //
  569. isValid = UDDI.Context.User.IsAdministrator;
  570. }
  571. }
  573. return isValid;
  574. }
  576. public static bool IsValid()
  577. {
  578. return ViewAsPublisher.IsValid( ViewAsPublisher.GetPublisherID() );
  579. }
  580. }
  581. }