NETC-11

- Fixed redirect-related bug. The endRequest parameter in Response.Redirect(url, endRequest) aborts the executing thread when set to true, preventing cookies from being stored on the client and raising/handling a ThreadAbortException. Set parameter to false and followed with HttpContext.Current.ApplicationInstance.CompleteRequest() to avoid the undesired behavior. - Removed unused GatewayResolver field/property
apereo · Mar 4, 2010 · 96e2331 · 96e2331
1 parent c852af3
commit 96e2331
Showing 1 changed file with 46 additions and 25 deletions.
diff --git a/DotNetCasClient/CasAuthentication.cs b/DotNetCasClient/CasAuthentication.cs
@@ -4,7 +4,6 @@
 using System.Web;
 using System.Web.Configuration;
 using System.Web.Security;
-using DotNetCasClient.Authentication;
 using DotNetCasClient.Configuration;
 using DotNetCasClient.Proxy;
 using DotNetCasClient.State;
@@ -56,7 +55,6 @@ public sealed class CasAuthentication
 
         // Gateway support
         private static bool _gateway;
-        private static IGatewayResolver _gatewayResolver;
         private static string _gatewayStatusCookieName;
 
         // Proxy support
@@ -162,11 +160,11 @@ public static void Initialize()
 
                         if (CasClientConfig.ProxyGrantingTicketReceptor)
                         {
-                            // throw new NotImplementedException("Proxy support is not implemented at this time.");
                             /*
                             _proxyGrantingTicketReceptor = CasClientConfig.ProxyGrantingTicketReceptor;
                             _proxyCallbackUrl = CasClientConfig.ProxyCallbackUrl;
                             _proxyReceptorUrl = CasClientConfig.ProxyReceptorUrl;
+                            _proxyCallbackHandler = new ProxyCallbackHandler();
                             */
                         }
 
@@ -254,18 +252,26 @@ public static void Initialize()
 
         public static void RedirectToLoginPage()
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpResponse response = context.Response;
-
-            response.Redirect(ConstructLoginRedirectUrl(false, Renew), true);
+            HttpApplication application = context.ApplicationInstance;
+
+            response.Redirect(ConstructLoginRedirectUrl(false, Renew), false);
+            application.CompleteRequest();
         }               
 
         public static void RedirectToLoginPage(bool forceRenew)
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpResponse response = context.Response;
+            HttpApplication application = context.ApplicationInstance;
 
-            response.Redirect(ConstructLoginRedirectUrl(false, forceRenew), true);
+            response.Redirect(ConstructLoginRedirectUrl(false, forceRenew), false);
+            application.CompleteRequest();
         }
 
         public static void Authenticate(string netId, string password)
@@ -275,8 +281,11 @@ public static void Authenticate(string netId, string password)
 
         public static void GatewayAuthenticate(bool ignoreGatewayStatusCookie)
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpResponse response = context.Response;
+            HttpApplication application = context.ApplicationInstance;
 
             if (!ignoreGatewayStatusCookie)
             {
@@ -287,39 +296,55 @@ public static void GatewayAuthenticate(bool ignoreGatewayStatusCookie)
             }
 
             SetGatewayStatusCookie(GatewayStatus.Attempting);
-            response.Redirect(ConstructLoginRedirectUrl(true, false), true);
+            response.Redirect(ConstructLoginRedirectUrl(true, false), false);
+            application.CompleteRequest();
         }
 
         public static void PerformSingleSignout()
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpResponse response = context.Response;
+            HttpApplication application = context.ApplicationInstance;
 
             ClearAuthCookie();
-            response.Redirect(ConstructSingleSignOutRedirectUrl(), true);
+            response.Redirect(ConstructSingleSignOutRedirectUrl(), false);
+            application.CompleteRequest();
         }
 
         public static void RedirectToCookiesRequiredPage()
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpResponse response = context.Response;
+            HttpApplication application = context.ApplicationInstance;
 
-            response.Redirect(ResolveUrl(CookiesRequiredUrl), true);
+            response.Redirect(ResolveUrl(CookiesRequiredUrl), false);
+            application.CompleteRequest();
         }
 
         public static void RedirectToUnauthorizedPage()
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpResponse response = context.Response;
+            HttpApplication application = context.ApplicationInstance;
 
-            response.Redirect(ResolveUrl(NotAuthorizedUrl), true);            
+            response.Redirect(ResolveUrl(NotAuthorizedUrl), false);
+            application.CompleteRequest();
         }
 
         internal static void RedirectFromLoginCallback()
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpRequest request = context.Request;
             HttpResponse response = context.Response;
+            HttpApplication application = context.ApplicationInstance;
 
             if (GetRequestHasGatewayParameter())
             {
@@ -328,27 +353,36 @@ internal static void RedirectFromLoginCallback()
                 SetGatewayStatusCookie(GatewayStatus.Success);
             }
 
-            response.Redirect(RemoveCasArtifactsFromUrl(request.Url.AbsoluteUri), true);
+            response.Redirect(RemoveCasArtifactsFromUrl(request.Url.AbsoluteUri), false);
+            application.CompleteRequest();
         }
 
         internal static void RedirectFromFailedGatewayCallback()
         {
+            Initialize();
+
             HttpContext context = HttpContext.Current;
             HttpRequest request = context.Request;
             HttpResponse response = context.Response;
+            HttpApplication application = context.ApplicationInstance;
 
             SetGatewayStatusCookie(GatewayStatus.Failed);
-            response.Redirect(RemoveGatewayStatusArtifactFromUrl(request.Url.AbsoluteUri), true);
+            response.Redirect(RemoveGatewayStatusArtifactFromUrl(request.Url.AbsoluteUri), false);
+            application.CompleteRequest();
         }
 
         internal static string RemoveCasArtifactsFromUrl(string url)
         {
+            Initialize();
+
             string urlSansTicket = RemoveQueryStringVariableFromUrl(url, TicketValidator.ArtifactParameterName);
             return RemoveQueryStringVariableFromUrl(urlSansTicket, GatewayParameterName);
         }
 
         internal static string RemoveGatewayStatusArtifactFromUrl(string url)
         {
+            Initialize();
+
             return RemoveQueryStringVariableFromUrl(url, GatewayParameterName);
         }
 
@@ -1236,19 +1270,6 @@ public static bool Gateway
             }
         }
 
-        /// <summary>
-        /// Gateway resolver handles CAS gateway requests & responses. 
-        /// http://www.ja-sig.org/wiki/display/CAS/gateway
-        /// </summary>
-        internal static IGatewayResolver GatewayResolver
-        {
-            get
-            {
-                Initialize();
-                return _gatewayResolver;
-            }
-        }
-
         /// <summary>
         /// The name of the cookie used to store the Gateway status (NotAttempted, 
         /// Success, Failed).  This cookie is used to prevent the client from