Created
November 17, 2020 00:58
-
-
Save haliphax/e0984fd544c1151ce69e796da5d86f7c to your computer and use it in GitHub Desktop.
Shibboleth IIS Authentication Module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*** | |
* Shibboleth IIS Authentication Module | |
* | |
* This module is responsible for taking two attributes from Shibboleth | |
* (uid, memberOf) and using them to construct a user principal that | |
* can be used in IIS authorization rules. Add the generated DLL to | |
* either the GAC or the web site's Bin folder and reference it in the | |
* Modules configuration for IIS. | |
***/ | |
namespace CCIS.Shibboleth.IISAuthModule | |
{ | |
using System; | |
using System.Collections.Generic; | |
using System.Security.Principal; | |
using System.Web; | |
public class Module : IHttpModule | |
{ | |
public void Dispose() | |
{ | |
/* nothing */ | |
} | |
public void Init(HttpApplication context) | |
{ | |
context.AuthenticateRequest += Context_AuthenticateRequest; | |
} | |
private void Context_AuthenticateRequest(object sender, EventArgs e) | |
{ | |
var context = ((HttpApplication)sender).Context; | |
var remoteUser = context.Request.ServerVariables["HTTP_UID"]; | |
var memberships = context.Request.ServerVariables["HTTP_MEMBEROF"]; | |
// if Shibboleth hasn't populated the "uid" header, exit early | |
if (string.IsNullOrEmpty(remoteUser)) return; | |
var roles = new List<string>(); | |
// split memberOf and extract the group names | |
if (!string.IsNullOrEmpty(memberships)) | |
{ | |
var splitRoles = memberships.Split(';'); | |
foreach (var role in splitRoles) | |
{ | |
roles.Add(string.Format("DOMAIN\\{0}", role)); | |
} | |
} | |
// set the user principal to be used by IIS | |
context.User = new GenericPrincipal( | |
new GenericIdentity(string.Format("DOMAIN\\{0}", remoteUser)), | |
roles.ToArray()); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment