haliphax/ShibbolethIISAuthModule.cs

## ShibbolethIISAuthModule.cs
/***
 * Shibboleth IIS Authentication Module
 *
 * This module is responsible for taking two attributes from Shibboleth
 * (uid, memberOf) and using them to construct a user principal that
 * can be used in IIS authorization rules. Add the generated DLL to
 * either the GAC or the web site's Bin folder and reference it in the
 * Modules configuration for IIS.
 ***/

namespace CCIS.Shibboleth.IISAuthModule
{
	using System;
	using System.Collections.Generic;
	using System.Security.Principal;
	using System.Web;

	public class Module : IHttpModule
	{
		public void Dispose()
		{
			/* nothing */
		}

		public void Init(HttpApplication context)
		{
			context.AuthenticateRequest += Context_AuthenticateRequest;
		}

		private void Context_AuthenticateRequest(object sender, EventArgs e)
		{
			var context = ((HttpApplication)sender).Context;
			var remoteUser = context.Request.ServerVariables["HTTP_UID"];
			var memberships = context.Request.ServerVariables["HTTP_MEMBEROF"];

			// if Shibboleth hasn't populated the "uid" header, exit early
			if (string.IsNullOrEmpty(remoteUser)) return;

			var roles = new List<string>();

			// split memberOf and extract the group names
			if (!string.IsNullOrEmpty(memberships))
			{
				var splitRoles = memberships.Split(';');

				foreach (var role in splitRoles)
				{
					roles.Add(string.Format("DOMAIN\\{0}", role));
				}
			}

			// set the user principal to be used by IIS
			context.User = new GenericPrincipal(
				new GenericIdentity(string.Format("DOMAIN\\{0}", remoteUser)),
				roles.ToArray());
		}
	}
}
	/***
	* Shibboleth IIS Authentication Module
	*
	* This module is responsible for taking two attributes from Shibboleth
	* (uid, memberOf) and using them to construct a user principal that
	* can be used in IIS authorization rules. Add the generated DLL to
	* either the GAC or the web site's Bin folder and reference it in the
	* Modules configuration for IIS.
	***/

	namespace CCIS.Shibboleth.IISAuthModule
	{
	using System;
	using System.Collections.Generic;
	using System.Security.Principal;
	using System.Web;

	public class Module : IHttpModule
	{
	public void Dispose()
	{
	/* nothing */
	}

	public void Init(HttpApplication context)
	{
	context.AuthenticateRequest += Context_AuthenticateRequest;
	}

	private void Context_AuthenticateRequest(object sender, EventArgs e)
	{
	var context = ((HttpApplication)sender).Context;
	var remoteUser = context.Request.ServerVariables["HTTP_UID"];
	var memberships = context.Request.ServerVariables["HTTP_MEMBEROF"];

	// if Shibboleth hasn't populated the "uid" header, exit early
	if (string.IsNullOrEmpty(remoteUser)) return;

	var roles = new List<string>();

	// split memberOf and extract the group names
	if (!string.IsNullOrEmpty(memberships))
	{
	var splitRoles = memberships.Split(';');

	foreach (var role in splitRoles)
	{
	roles.Add(string.Format("DOMAIN\\{0}", role));
	}
	}

	// set the user principal to be used by IIS
	context.User = new GenericPrincipal(
	new GenericIdentity(string.Format("DOMAIN\\{0}", remoteUser)),
	roles.ToArray());
	}
	}
	}