X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mcs%2Fclass%2FMono.Http%2FMono.Http.Modules%2FDigestAuthenticationModule.cs;h=fe55fe17768096c150086a2ef655f316e24c668e;hb=9d61782c6e2392d7ceec2006b35be582598a70ae;hp=82c4bae60c4a9b31e437c43051735a5568deccc0;hpb=e6ee5d9be4d9d5124f37dce92eb06068da9b2a81;p=mono.git diff --git a/mcs/class/Mono.Http/Mono.Http.Modules/DigestAuthenticationModule.cs b/mcs/class/Mono.Http/Mono.Http.Modules/DigestAuthenticationModule.cs index 82c4bae60c4..fe55fe17768 100644 --- a/mcs/class/Mono.Http/Mono.Http.Modules/DigestAuthenticationModule.cs +++ b/mcs/class/Mono.Http/Mono.Http.Modules/DigestAuthenticationModule.cs @@ -12,6 +12,27 @@ // http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html // +// +// Permission is hereby granted, free of charge, to any person obtaining +// a copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to +// permit persons to whom the Software is furnished to do so, subject to +// the following conditions: +// +// The above copyright notice and this permission notice shall be +// included in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +// + using System; using System.Collections.Specialized; using System.Configuration; @@ -54,6 +75,36 @@ namespace Mono.Http.Modules return (DateTime.Now <= expireTime); } + protected virtual bool GetUserByName (HttpApplication app, string username, + out string password, out string[] roles) + { + password = String.Empty; + roles = new string[0]; + + string userFileName = app.Request.MapPath (ConfigurationSettings.AppSettings ["Digest.Users"]); + if (userFileName == null || !File.Exists (userFileName)) + return false; + + XmlDocument userDoc = new XmlDocument (); + userDoc.Load (userFileName); + + string xPath = String.Format ("/users/user[@name='{0}']", username); + XmlNode user = userDoc.SelectSingleNode (xPath); + + if (user == null) + return false; + + password = user.Attributes ["password"].Value; + + XmlNodeList roleNodes = user.SelectNodes ("role"); + roles = new string [roleNodes.Count]; + int i = 0; + foreach (XmlNode xn in roleNodes) + roles [i++] = xn.Attributes ["name"].Value; + + return true; + } + protected override bool AcceptCredentials (HttpApplication app, string authentication) { // digest @@ -69,21 +120,12 @@ namespace Mono.Http.Modules } string username = (string) reqInfo ["username"]; + string password; + string[] roles; - string userFileName = app.Request.MapPath (ConfigurationSettings.AppSettings ["Digest.Users"]); - if (userFileName == null || !File.Exists (userFileName)) + if (!GetUserByName (app, username, out password, out roles)) return false; - XmlDocument userDoc = new XmlDocument (); - userDoc.Load (userFileName); - - string xPath = String.Format ("/users/user[@name='{0}']", username); - XmlNode user = userDoc.SelectSingleNode (xPath); - - if (user == null) - return false; - - string password = user.Attributes ["password"].Value; string realm = ConfigurationSettings.AppSettings ["Digest.Realm"]; // calculate the Digest hashes @@ -135,12 +177,6 @@ namespace Mono.Http.Modules bool result = (((string)reqInfo["response"] == hashedDigest) && (!isNonceStale)); if (result) { - XmlNodeList roleNodes = user.SelectNodes ("role"); - string[] roles = new string [roleNodes.Count]; - int i = 0; - foreach (XmlNode xn in roleNodes) - roles [i++] = xn.Attributes ["name"].Value; - IIdentity id = new GenericIdentity (username, AuthenticationMethod); app.Context.User = new GenericPrincipal (id, roles); }