|
//===============================================================================
// Copyright � 2004 Microsoft Corporation. All rights reserved.
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY
// OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
// FITNESS FOR A PARTICULAR PURPOSE.
//===============================================================================
//-------------------------------------------------------------------------------
// $Header: /TP/TreasuryVision2/TreasuryVision.TreasuryApp.FrameWork/Security/AuthHeaderFilter.cs 1 2/18/05 12:40p Hugha $
//
// Created by: [hugha]
// Created on: 1/12/2005 4:58:36 PM
//
// Description:
// A custom SoapOutputFilter that inserts the user name in outgoing request's header.
//
// � 2004-2005 Microsoft/Avanade
// All Rights Reserved
//
// $Log: /TP/TreasuryVision2/TreasuryVision.TreasuryApp.FrameWork/Security/AuthHeaderFilter.cs $
//
// 1 2/18/05 12:40p Hugha
//
// 1 2/18/05 12:16p Hugha
//
// 1 2/18/05 12:00p Hugha
//
// 5 1/20/05 1:03p Sujitd
// Get user name from prinicipal object, fix logging.
//
// 4 1/18/05 4:45p Lenc
//
// 3 1/14/05 10:56a Hugha
// Added logic to make sure that the header always gets encrypted
//
// 2 1/13/05 6:06p Hugha
// Added WSE policy and some refactoring
//
// 1 1/13/05 11:31a Hugha
// Added framework project
//
//-------------------------------------------------------------------------------
using System;
using System.Xml;
using System.Web;
using System.Configuration;
using System.Collections;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security.Policy;
using Microsoft.Web.Services2.Security.X509;
namespace Citigroup.TreasuryVision.TreasuryApp.Framework.Security
{
/// <summary>
/// A custom SoapOutputFilter that inserts the user name in outgoing request's header.
/// </summary>
public class AuthHeaderFilter : SoapOutputFilter
{
// constants
private const string HEADER_ID = "Id:6addf27c-6710-4af9-88bd-5975fa424640";
private const string WSE_SEC_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
private const string SM_USER = "SM_USER";
private const string X509CER_KEY_ID = "X509CER_KEY_ID";
// X509 token
private static X509SecurityToken _x509Token;
static AuthHeaderFilter()
{
X509CertificateStore store = null;
try
{
store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
if (store.OpenRead())
{
string keyID = ConfigurationSettings.AppSettings[X509CER_KEY_ID];
X509CertificateCollection certs = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(keyID));
if (certs.Count > 0)
{
// Get the first certificate in the collection
_x509Token = new X509SecurityToken( ((X509Certificate) certs[0]) );
}
}
}
finally
{
if (store != null)
store.Close();
}
}
/// <summary>
/// Processes the outgoing message - inserts user name (from site minder cookie) into
/// the outgoing messages's header.
/// </summary>
/// <param name="envelope">SoapEnvelope of the outgoing message.</param>
public override void ProcessMessage(SoapEnvelope envelope)
{
SoapContext context = envelope.Context;
// store context in RequestSoapContext (HttpContext or TLS) if context
// has security tokens
if (context.Security.Tokens.Count > 0)
RequestSoapContext.Current = context;
XmlElement header = envelope.Header;
if (header == null)
header = envelope.CreateHeader();
XmlElement authElem = envelope.CreateElement("AuthHeader");
authElem.SetAttribute("Id", WSE_SEC_NS, HEADER_ID);
header.AppendChild(authElem);
XmlElement userElem = envelope.CreateElement("User");
userElem.InnerText = _UserName;
authElem.AppendChild(userElem);
// encrypt auth header
EncryptedData enc = null;
// try token from context
IEnumerator en = context.Security.Tokens.GetEnumerator();
SecurityToken token = null;
if (en.MoveNext())
token = en.Current as SecurityToken;
// try token from RequestSoapContext
if (token == null && RequestSoapContext.Current != null)
{
en = RequestSoapContext.Current.Security.Tokens.GetEnumerator();
if (en.MoveNext())
token = en.Current as SecurityToken;
}
// if token is still not available, we may be negotiating secure conversation key with the service and
// we can use the static X509 token
if (token == null)
token = _x509Token;
if (token != null)
enc = new EncryptedData(token, string.Format("#{0}", HEADER_ID));
if (enc != null)
context.Security.Elements.Add(enc);
}
// gets user name
private string _UserName
{
get
{
// from site minder header
//return HttpContext.Current.Request.Headers[SM_USER];
return HttpContext.Current.User.Identity.Name;
}
}
}
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
Years of software consulting and software development using Microsoft development products such as Microsoft Content Management System, SQL Server Reporting Service, ASP.Net C# VB.Net, HTML and javascript web development, Visual Studio add-on development, C++ MFC/ATL and COM+ development, and ActiveX components.