Code:
/ FXUpdate3074 / FXUpdate3074 / 1.1 / untmp / whidbey / QFE / ndp / fx / src / xsp / System / Web / Security / AnonymousIdentificationModule.cs / 5 / AnonymousIdentificationModule.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------------
/*
* AnonymousIdentificationModule class
*
* Copyright (c) 1999 Microsoft Corporation
*/
namespace System.Web.Security {
using System.Web;
using System.Text;
using System.Web.Configuration;
using System.Web.Caching;
using System.Web.Handlers;
using System.Collections;
using System.Configuration.Provider;
using System.Web.Util;
using System.Security.Principal;
using System.Security.Permissions;
using System.Globalization;
using System.Web.Management;
using System.Web.Hosting;
using System.IO;
using System.Runtime.Serialization.Formatters.Binary;
///
/// [To be supplied.]
///
[AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)]
public sealed class AnonymousIdentificationModule : IHttpModule {
private const int MAX_ENCODED_COOKIE_STRING = 512;
private const int MAX_ID_LENGTH = 128;
///
///
/// Initializes a new instance of the
///
[SecurityPermission(SecurityAction.Demand, Unrestricted=true)]
public AnonymousIdentificationModule() {
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Events
private AnonymousIdentificationEventHandler _CreateNewIdEventHandler;
public event AnonymousIdentificationEventHandler Creating {
add { _CreateNewIdEventHandler += value; }
remove { _CreateNewIdEventHandler -= value; }
}
public static void ClearAnonymousIdentifier()
{
if (!s_Initialized)
Initialize();
HttpContext context = HttpContext.Current;
if (context == null)
return;
//
if (!s_Enabled || !context.Request.IsAuthenticated) {
throw new NotSupportedException(SR.GetString(SR.Anonymous_ClearAnonymousIdentifierNotSupported));
}
////////////////////////////////////////////////////////////
// Check if we need to clear the ticket stored in the URI
bool clearUri = false;
if (context.CookielessHelper.GetCookieValue('A') != null) {
context.CookielessHelper.SetCookieValue('A', null); // Always clear the uri-cookie
clearUri = true;
}
////////////////////////////////////////////////////////////
// Clear cookie if cookies are supported by the browser
if (!CookielessHelperClass.UseCookieless(context, false, s_CookieMode) || context.Request.Browser.Cookies)
{ // clear cookie if required
string cookieValue = String.Empty;
if (context.Request.Browser["supportsEmptyStringInCookieValue"] == "false")
cookieValue = "NoCookie";
HttpCookie cookie = new HttpCookie(s_CookieName, cookieValue);
cookie.HttpOnly = true;
cookie.Path = s_CookiePath;
cookie.Secure = s_RequireSSL;
if (s_Domain != null)
cookie.Domain = s_Domain;
cookie.Expires = new System.DateTime(1999, 10, 12);
context.Response.Cookies.RemoveCookie(s_CookieName);
context.Response.Cookies.Add(cookie);
}
////////////////////////////////////////////////////////////
// Redirect back to this page if we removed a URI ticket
if (clearUri) {
context.Response.Redirect(context.Request.PathWithQueryString, false);
}
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Public functions
public void Dispose() { }
public void Init(HttpApplication app) {
// for IIS 7, skip event wireup altogether if this feature isn't
// enabled
if (!s_Initialized) {
Initialize();
}
if (s_Enabled) {
app.PostAuthenticateRequest += new EventHandler(this.OnEnter);
}
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
///
/// [To be supplied.]
///
private void OnEnter(Object source, EventArgs eventArgs) {
if (!s_Initialized)
Initialize();
if (!s_Enabled)
return;
HttpApplication app;
HttpContext context;
HttpCookie cookie = null;
bool createCookie = false;
AnonymousIdData decodedValue = null;
bool cookieLess;
string encValue = null;
bool isAuthenticated = false;
app = (HttpApplication)source;
context = app.Context;
isAuthenticated = context.Request.IsAuthenticated;
if (isAuthenticated) {
cookieLess = CookielessHelperClass.UseCookieless(context, false /* no redirect */, s_CookieMode);
} else {
cookieLess = CookielessHelperClass.UseCookieless(context, true /* do redirect */, s_CookieMode);
//if (!cookieLess && s_RequireSSL && !context.Request.IsSecureConnection)
// throw new HttpException(SR.GetString(SR.Connection_not_secure_creating_secure_cookie));
}
////////////////////////////////////////////////////////////////////////
// Handle secure-cookies over non SSL
if (s_RequireSSL && !context.Request.IsSecureConnection)
{
if (!cookieLess)
{
cookie = context.Request.Cookies[s_CookieName];
if (cookie != null)
{
cookie = new HttpCookie(s_CookieName, String.Empty);
cookie.HttpOnly = true;
cookie.Path = s_CookiePath;
cookie.Secure = s_RequireSSL;
if (s_Domain != null)
cookie.Domain = s_Domain;
cookie.Expires = new System.DateTime(1999, 10, 12);
if (context.Request.Browser["supportsEmptyStringInCookieValue"] == "false")
cookie.Value = "NoCookie";
context.Response.Cookies.Add(cookie);
}
return;
}
}
////////////////////////////////////////////////////////////
// Step 2: See if cookie, or cookie-header has the value
if (!cookieLess)
{
cookie = context.Request.Cookies[s_CookieName];
if (cookie != null)
{
encValue = cookie.Value;
cookie.Path = s_CookiePath;
if (s_Domain != null)
cookie.Domain = s_Domain;
}
}
else
{
encValue = context.CookielessHelper.GetCookieValue('A');
}
decodedValue = GetDecodedValue(encValue);
if (decodedValue != null && decodedValue.AnonymousId != null) {
// Copy existing value in Request
context.Request._AnonymousId = decodedValue.AnonymousId;
}
if (isAuthenticated) // For the authenticated case, we are done
return;
if (context.Request._AnonymousId == null) {
////////////////////////////////////////////////////////////
// Step 3: Create new Identity
// Raise event
if (_CreateNewIdEventHandler != null) {
AnonymousIdentificationEventArgs e = new AnonymousIdentificationEventArgs(context);
_CreateNewIdEventHandler(this, e);
context.Request._AnonymousId = e.AnonymousID;
}
// Create from GUID
if (string.IsNullOrEmpty(context.Request._AnonymousId)) {
context.Request._AnonymousId = Guid.NewGuid().ToString("D", CultureInfo.InvariantCulture);
} else {
if (context.Request._AnonymousId.Length > MAX_ID_LENGTH)
throw new HttpException(SR.GetString(SR.Anonymous_id_too_long));
}
if (s_RequireSSL && !context.Request.IsSecureConnection && !cookieLess)
return; // Don't create secure-cookie in un-secured connection
createCookie = true;
}
////////////////////////////////////////////////////////////
// Step 4: Check if cookie has to be created
DateTime dtNow = DateTime.UtcNow;
if (!createCookie) {
if (s_SlidingExpiration) {
if (decodedValue == null || decodedValue.ExpireDate < dtNow) {
createCookie = true;
} else {
double secondsLeft = (decodedValue.ExpireDate - dtNow).TotalSeconds;
if (secondsLeft < (double) ((s_CookieTimeout*60)/2)) {
createCookie = true;
}
}
}
}
////////////////////////////////////////////////////////////
// Step 4: Create new cookie or cookieless header
if (createCookie) {
DateTime dtExpireTime = dtNow.AddMinutes(s_CookieTimeout);
encValue = GetEncodedValue(new AnonymousIdData(context.Request.AnonymousID, dtExpireTime));
if (encValue.Length > MAX_ENCODED_COOKIE_STRING)
throw new HttpException(SR.GetString(SR.Anonymous_id_too_long_2));
if (!cookieLess) {
cookie = new HttpCookie(s_CookieName, encValue);
cookie.HttpOnly = true;
cookie.Expires = dtExpireTime;
cookie.Path = s_CookiePath;
cookie.Secure = s_RequireSSL;
if (s_Domain != null)
cookie.Domain = s_Domain;
context.Response.Cookies.Add(cookie);
} else {
context.CookielessHelper.SetCookieValue('A', encValue);
context.Response.Redirect(context.Request.PathWithQueryString);
}
}
}
public static bool Enabled {
get {
if (!s_Initialized) {
Initialize();
}
return s_Enabled;
}
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Static config settings
private static bool s_Initialized = false;
private static bool s_Enabled = false;
private static string s_CookieName = ".ASPXANONYMOUS";
private static string s_CookiePath = "/";
private static int s_CookieTimeout = 100000;
private static bool s_RequireSSL = false;
private static string s_Domain = null;
private static bool s_SlidingExpiration = true;
private static byte [] s_Modifier = null;
private static object s_InitLock = new object();
private static HttpCookieMode s_CookieMode = HttpCookieMode.UseDeviceProfile;
private static CookieProtection s_Protection = CookieProtection.None;
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Static functions
private static void Initialize() {
if (s_Initialized)
return;
lock(s_InitLock) {
if (s_Initialized)
return;
AnonymousIdentificationSection settings = RuntimeConfig.GetAppConfig().AnonymousIdentification;
s_Enabled = settings.Enabled;
s_CookieName = settings.CookieName;
s_CookiePath = settings.CookiePath;
s_CookieTimeout = (int) settings.CookieTimeout.TotalMinutes;
s_RequireSSL = settings.CookieRequireSSL;
s_SlidingExpiration = settings.CookieSlidingExpiration;
s_Protection = settings.CookieProtection;
s_CookieMode = settings.Cookieless;
s_Domain = settings.Domain;
s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification");
if (s_CookieTimeout < 1)
s_CookieTimeout = 1;
if (s_CookieTimeout > 60 * 24 * 365 * 2)
s_CookieTimeout = 60 * 24 * 365 * 2; // 2 years
s_Initialized = true;
}
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
private static string GetEncodedValue(AnonymousIdData data){
if (data == null)
return null;
byte [] bufId = Encoding.UTF8.GetBytes(data.AnonymousId);
byte [] bufIdLen = BitConverter.GetBytes(bufId.Length);
byte [] bufDate = BitConverter.GetBytes(data.ExpireDate.ToFileTimeUtc());
byte [] buffer = new byte[12 + bufId.Length];
Buffer.BlockCopy(bufDate, 0, buffer, 0, 8);
Buffer.BlockCopy(bufIdLen, 0, buffer, 8, 4);
Buffer.BlockCopy(bufId, 0, buffer, 12, bufId.Length);
return CookieProtectionHelper.Encode(s_Protection, buffer, buffer.Length);
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
private static AnonymousIdData GetDecodedValue(string data){
if (data == null || data.Length < 1 || data.Length > MAX_ENCODED_COOKIE_STRING)
return null;
try {
byte [] bBlob = CookieProtectionHelper.Decode(s_Protection, data);
if (bBlob == null || bBlob.Length < 13)
return null;
DateTime expireDate = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bBlob, 0));
if (expireDate < DateTime.UtcNow)
return null;
int len = BitConverter.ToInt32(bBlob, 8);
if (len < 0 || len > bBlob.Length - 12)
return null;
string id = Encoding.UTF8.GetString(bBlob, 12, len);
if (id.Length > MAX_ID_LENGTH)
return null;
return new AnonymousIdData(id, expireDate);
}
catch {}
return null;
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
[Serializable]
internal class AnonymousIdData
{
internal AnonymousIdData(string id, DateTime dt) {
ExpireDate = dt;
AnonymousId = (dt > DateTime.UtcNow) ? id : null; // Ignore expired data
}
internal string AnonymousId;
internal DateTime ExpireDate;
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
public delegate void AnonymousIdentificationEventHandler(object sender, AnonymousIdentificationEventArgs e);
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
[AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)]
public sealed class AnonymousIdentificationEventArgs : EventArgs {
public string AnonymousID { get { return _AnonymousId;} set { _AnonymousId = value;}}
public HttpContext Context { get { return _Context; }}
private string _AnonymousId;
private HttpContext _Context;
public AnonymousIdentificationEventArgs(HttpContext context) {
_Context = context;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- SqlUserDefinedAggregateAttribute.cs
- MenuCommandsChangedEventArgs.cs
- NameValueConfigurationElement.cs
- TypedDataSetSchemaImporterExtension.cs
- IOThreadScheduler.cs
- VariableValue.cs
- Attribute.cs
- ObjectComplexPropertyMapping.cs
- ModelTreeManager.cs
- _BufferOffsetSize.cs
- CanonicalFormWriter.cs
- XmlSchemaException.cs
- InputScope.cs
- ExpressionBuilderContext.cs
- InputLanguageCollection.cs
- DtrList.cs
- CommonObjectSecurity.cs
- NamespaceCollection.cs
- Switch.cs
- QuadraticBezierSegment.cs
- WindowsIPAddress.cs
- ModelTreeEnumerator.cs
- AnimatedTypeHelpers.cs
- XmlSchemaInclude.cs
- regiisutil.cs
- PageBuildProvider.cs
- DesignerTransactionCloseEvent.cs
- SqlProfileProvider.cs
- XhtmlConformanceSection.cs
- WindowHideOrCloseTracker.cs
- SafePEFileHandle.cs
- TextBoxBase.cs
- DoubleCollection.cs
- ListViewGroupConverter.cs
- SecurityKeyIdentifier.cs
- StatusBarAutomationPeer.cs
- WS2007FederationHttpBindingCollectionElement.cs
- JavaScriptSerializer.cs
- DataGridTextBoxColumn.cs
- PieceNameHelper.cs
- QilDataSource.cs
- JsonEncodingStreamWrapper.cs
- Triplet.cs
- SqlAliasesReferenced.cs
- RuleRef.cs
- ProfileBuildProvider.cs
- StrongNamePublicKeyBlob.cs
- SmtpFailedRecipientsException.cs
- TraceFilter.cs
- TextUtf8RawTextWriter.cs
- BooleanToSelectiveScrollingOrientationConverter.cs
- ParseChildrenAsPropertiesAttribute.cs
- InfoCardXmlSerializer.cs
- DocumentPageHost.cs
- Delay.cs
- CheckBoxPopupAdapter.cs
- DataServices.cs
- Sql8ExpressionRewriter.cs
- DataColumn.cs
- StateElementCollection.cs
- FacetEnabledSchemaElement.cs
- ThreadPool.cs
- LinqToSqlWrapper.cs
- ProxyBuilder.cs
- WpfPayload.cs
- ItemsChangedEventArgs.cs
- WebBrowserSiteBase.cs
- HuffmanTree.cs
- dataprotectionpermissionattribute.cs
- DecoderFallback.cs
- XmlCompatibilityReader.cs
- SQLBytesStorage.cs
- TCPListener.cs
- FixUp.cs
- AppendHelper.cs
- WebPart.cs
- FixedTextSelectionProcessor.cs
- ProjectionPruner.cs
- XsdDataContractExporter.cs
- X509WindowsSecurityToken.cs
- ZoneMembershipCondition.cs
- HttpHandlerActionCollection.cs
- InstanceKeyView.cs
- NullReferenceException.cs
- CookieProtection.cs
- __ComObject.cs
- WebBrowserEvent.cs
- XdrBuilder.cs
- UnescapedXmlDiagnosticData.cs
- ADConnectionHelper.cs
- TreeNodeSelectionProcessor.cs
- AppDomainFactory.cs
- WindowsFormsHelpers.cs
- AncillaryOps.cs
- isolationinterop.cs
- RemotingAttributes.cs
- GPRECT.cs
- ProgressBar.cs
- SiteIdentityPermission.cs
- AsynchronousChannelMergeEnumerator.cs