/sipsorcery-core/SIPSorcery.Sys/Auth/ServiceAuthToken.cs
C# | 110 lines | 59 code | 9 blank | 42 comment | 18 complexity | 6efb766447484a3cece21a8d39d42bdc MD5 | raw file
Possible License(s): CC-BY-SA-3.0
- // ============================================================================
- // FileName: ServiceAuthToken.cs
- //
- // Description:
- // Represents a security token that is passed to web or WCF service.
- //
- // Author(s):
- // Aaron Clauson
- //
- // History:
- // 09 Jun 2010 Aaron Clauson Created.
- //
- // License:
- // This software is licensed under the BSD License http://www.opensource.org/licenses/bsd-license.php
- //
- // Copyright (c) 2010 Aaron Clauson (aaron@sipsorcery.com), SIP Sorcery Ltd, Hobart, Australia (www.sipsorcery.com)
- // All rights reserved.
- //
- // Redistribution and use in source and binary forms, with or without modification, are permitted provided that
- // the following conditions are met:
- //
- // Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- // Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
- // disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of Blue Face Ltd.
- // nor the names of its contributors may be used to endorse or promote products derived from this software without specific
- // prior written permission.
- //
- // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
- // BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- // IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- // OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
- // OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- // POSSIBILITY OF SUCH DAMAGE.
- // ============================================================================
-
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.ServiceModel;
- using System.ServiceModel.Channels;
- using System.Text;
- using System.Text.RegularExpressions;
-
- #if !SILVERLIGHT
- using System.Web;
- using System.Web.Services;
- #endif
-
- namespace SIPSorcery.Sys.Auth
- {
- public class ServiceAuthToken
- {
- public const string AUTH_TOKEN_KEY = "authid";
- public const string COOKIES_KEY = "Cookie";
-
- #if !SILVERLIGHT
-
- public static string GetAuthId()
- {
- string authId = null;
-
- if (OperationContext.Current != null)
- {
- SIPSorcerySecurityHeader securityheader = SIPSorcerySecurityHeader.ParseHeader(OperationContext.Current);
- if (securityheader != null)
- {
- authId = securityheader.AuthID;
- }
- }
-
- // HTTP Context is available for ?? binding.
- if (authId.IsNullOrBlank() && HttpContext.Current != null)
- {
- // If running in IIS check for a cookie.
- HttpCookie authIdCookie = HttpContext.Current.Request.Cookies[AUTH_TOKEN_KEY];
- if (authIdCookie != null)
- {
- //logger.Debug("authid cookie found: " + authIdCookie.Value + ".");
- authId = authIdCookie.Value;
- }
- }
-
- // No HTTP context available so try and get a cookie value from the operation context.
- if (authId.IsNullOrBlank() && OperationContext.Current != null && OperationContext.Current.IncomingMessageProperties[HttpRequestMessageProperty.Name] != null)
- {
- HttpRequestMessageProperty httpRequest = (HttpRequestMessageProperty)OperationContext.Current.IncomingMessageProperties[HttpRequestMessageProperty.Name];
- // Check for the header in a case insensitive way. Allows matches on authid, Authid etc.
- if (httpRequest.Headers.AllKeys.Contains(AUTH_TOKEN_KEY, StringComparer.InvariantCultureIgnoreCase))
- {
- string authIDHeader = httpRequest.Headers.AllKeys.First(h => { return String.Equals(h, AUTH_TOKEN_KEY, StringComparison.InvariantCultureIgnoreCase); });
- authId = httpRequest.Headers[authIDHeader];
- //logger.Debug("authid HTTP header found: " + authId + ".");
- }
- else if (httpRequest.Headers.AllKeys.Contains(COOKIES_KEY, StringComparer.InvariantCultureIgnoreCase))
- {
- Match authIDMatch = Regex.Match(httpRequest.Headers[COOKIES_KEY], @"authid=(?<authid>.+)");
- if (authIDMatch.Success)
- {
- authId = authIDMatch.Result("${authid}");
- //logger.Debug("authid HTTP cookie found: " + authId + ".");
- }
- }
- }
-
- return authId;
- }
- #endif
- }
- }