Code:
/ FXUpdate3074 / FXUpdate3074 / 1.1 / untmp / whidbey / QFE / ndp / fx / src / xsp / System / Web / Security / AnonymousIdentificationModule.cs / 5 / AnonymousIdentificationModule.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- /* * AnonymousIdentificationModule class * * Copyright (c) 1999 Microsoft Corporation */ namespace System.Web.Security { using System.Web; using System.Text; using System.Web.Configuration; using System.Web.Caching; using System.Web.Handlers; using System.Collections; using System.Configuration.Provider; using System.Web.Util; using System.Security.Principal; using System.Security.Permissions; using System.Globalization; using System.Web.Management; using System.Web.Hosting; using System.IO; using System.Runtime.Serialization.Formatters.Binary; ////// [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] public sealed class AnonymousIdentificationModule : IHttpModule { private const int MAX_ENCODED_COOKIE_STRING = 512; private const int MAX_ID_LENGTH = 128; ///[To be supplied.] ////// [SecurityPermission(SecurityAction.Demand, Unrestricted=true)] public AnonymousIdentificationModule() { } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // Events private AnonymousIdentificationEventHandler _CreateNewIdEventHandler; public event AnonymousIdentificationEventHandler Creating { add { _CreateNewIdEventHandler += value; } remove { _CreateNewIdEventHandler -= value; } } public static void ClearAnonymousIdentifier() { if (!s_Initialized) Initialize(); HttpContext context = HttpContext.Current; if (context == null) return; // if (!s_Enabled || !context.Request.IsAuthenticated) { throw new NotSupportedException(SR.GetString(SR.Anonymous_ClearAnonymousIdentifierNotSupported)); } //////////////////////////////////////////////////////////// // Check if we need to clear the ticket stored in the URI bool clearUri = false; if (context.CookielessHelper.GetCookieValue('A') != null) { context.CookielessHelper.SetCookieValue('A', null); // Always clear the uri-cookie clearUri = true; } //////////////////////////////////////////////////////////// // Clear cookie if cookies are supported by the browser if (!CookielessHelperClass.UseCookieless(context, false, s_CookieMode) || context.Request.Browser.Cookies) { // clear cookie if required string cookieValue = String.Empty; if (context.Request.Browser["supportsEmptyStringInCookieValue"] == "false") cookieValue = "NoCookie"; HttpCookie cookie = new HttpCookie(s_CookieName, cookieValue); cookie.HttpOnly = true; cookie.Path = s_CookiePath; cookie.Secure = s_RequireSSL; if (s_Domain != null) cookie.Domain = s_Domain; cookie.Expires = new System.DateTime(1999, 10, 12); context.Response.Cookies.RemoveCookie(s_CookieName); context.Response.Cookies.Add(cookie); } //////////////////////////////////////////////////////////// // Redirect back to this page if we removed a URI ticket if (clearUri) { context.Response.Redirect(context.Request.PathWithQueryString, false); } } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // Public functions public void Dispose() { } public void Init(HttpApplication app) { // for IIS 7, skip event wireup altogether if this feature isn't // enabled if (!s_Initialized) { Initialize(); } if (s_Enabled) { app.PostAuthenticateRequest += new EventHandler(this.OnEnter); } } //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// ////// Initializes a new instance of the ////// class. /// /// private void OnEnter(Object source, EventArgs eventArgs) { if (!s_Initialized) Initialize(); if (!s_Enabled) return; HttpApplication app; HttpContext context; HttpCookie cookie = null; bool createCookie = false; AnonymousIdData decodedValue = null; bool cookieLess; string encValue = null; bool isAuthenticated = false; app = (HttpApplication)source; context = app.Context; isAuthenticated = context.Request.IsAuthenticated; if (isAuthenticated) { cookieLess = CookielessHelperClass.UseCookieless(context, false /* no redirect */, s_CookieMode); } else { cookieLess = CookielessHelperClass.UseCookieless(context, true /* do redirect */, s_CookieMode); //if (!cookieLess && s_RequireSSL && !context.Request.IsSecureConnection) // throw new HttpException(SR.GetString(SR.Connection_not_secure_creating_secure_cookie)); } //////////////////////////////////////////////////////////////////////// // Handle secure-cookies over non SSL if (s_RequireSSL && !context.Request.IsSecureConnection) { if (!cookieLess) { cookie = context.Request.Cookies[s_CookieName]; if (cookie != null) { cookie = new HttpCookie(s_CookieName, String.Empty); cookie.HttpOnly = true; cookie.Path = s_CookiePath; cookie.Secure = s_RequireSSL; if (s_Domain != null) cookie.Domain = s_Domain; cookie.Expires = new System.DateTime(1999, 10, 12); if (context.Request.Browser["supportsEmptyStringInCookieValue"] == "false") cookie.Value = "NoCookie"; context.Response.Cookies.Add(cookie); } return; } } //////////////////////////////////////////////////////////// // Step 2: See if cookie, or cookie-header has the value if (!cookieLess) { cookie = context.Request.Cookies[s_CookieName]; if (cookie != null) { encValue = cookie.Value; cookie.Path = s_CookiePath; if (s_Domain != null) cookie.Domain = s_Domain; } } else { encValue = context.CookielessHelper.GetCookieValue('A'); } decodedValue = GetDecodedValue(encValue); if (decodedValue != null && decodedValue.AnonymousId != null) { // Copy existing value in Request context.Request._AnonymousId = decodedValue.AnonymousId; } if (isAuthenticated) // For the authenticated case, we are done return; if (context.Request._AnonymousId == null) { //////////////////////////////////////////////////////////// // Step 3: Create new Identity // Raise event if (_CreateNewIdEventHandler != null) { AnonymousIdentificationEventArgs e = new AnonymousIdentificationEventArgs(context); _CreateNewIdEventHandler(this, e); context.Request._AnonymousId = e.AnonymousID; } // Create from GUID if (string.IsNullOrEmpty(context.Request._AnonymousId)) { context.Request._AnonymousId = Guid.NewGuid().ToString("D", CultureInfo.InvariantCulture); } else { if (context.Request._AnonymousId.Length > MAX_ID_LENGTH) throw new HttpException(SR.GetString(SR.Anonymous_id_too_long)); } if (s_RequireSSL && !context.Request.IsSecureConnection && !cookieLess) return; // Don't create secure-cookie in un-secured connection createCookie = true; } //////////////////////////////////////////////////////////// // Step 4: Check if cookie has to be created DateTime dtNow = DateTime.UtcNow; if (!createCookie) { if (s_SlidingExpiration) { if (decodedValue == null || decodedValue.ExpireDate < dtNow) { createCookie = true; } else { double secondsLeft = (decodedValue.ExpireDate - dtNow).TotalSeconds; if (secondsLeft < (double) ((s_CookieTimeout*60)/2)) { createCookie = true; } } } } //////////////////////////////////////////////////////////// // Step 4: Create new cookie or cookieless header if (createCookie) { DateTime dtExpireTime = dtNow.AddMinutes(s_CookieTimeout); encValue = GetEncodedValue(new AnonymousIdData(context.Request.AnonymousID, dtExpireTime)); if (encValue.Length > MAX_ENCODED_COOKIE_STRING) throw new HttpException(SR.GetString(SR.Anonymous_id_too_long_2)); if (!cookieLess) { cookie = new HttpCookie(s_CookieName, encValue); cookie.HttpOnly = true; cookie.Expires = dtExpireTime; cookie.Path = s_CookiePath; cookie.Secure = s_RequireSSL; if (s_Domain != null) cookie.Domain = s_Domain; context.Response.Cookies.Add(cookie); } else { context.CookielessHelper.SetCookieValue('A', encValue); context.Response.Redirect(context.Request.PathWithQueryString); } } } public static bool Enabled { get { if (!s_Initialized) { Initialize(); } return s_Enabled; } } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // Static config settings private static bool s_Initialized = false; private static bool s_Enabled = false; private static string s_CookieName = ".ASPXANONYMOUS"; private static string s_CookiePath = "/"; private static int s_CookieTimeout = 100000; private static bool s_RequireSSL = false; private static string s_Domain = null; private static bool s_SlidingExpiration = true; private static byte [] s_Modifier = null; private static object s_InitLock = new object(); private static HttpCookieMode s_CookieMode = HttpCookieMode.UseDeviceProfile; private static CookieProtection s_Protection = CookieProtection.None; ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // Static functions private static void Initialize() { if (s_Initialized) return; lock(s_InitLock) { if (s_Initialized) return; AnonymousIdentificationSection settings = RuntimeConfig.GetAppConfig().AnonymousIdentification; s_Enabled = settings.Enabled; s_CookieName = settings.CookieName; s_CookiePath = settings.CookiePath; s_CookieTimeout = (int) settings.CookieTimeout.TotalMinutes; s_RequireSSL = settings.CookieRequireSSL; s_SlidingExpiration = settings.CookieSlidingExpiration; s_Protection = settings.CookieProtection; s_CookieMode = settings.Cookieless; s_Domain = settings.Domain; s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification"); if (s_CookieTimeout < 1) s_CookieTimeout = 1; if (s_CookieTimeout > 60 * 24 * 365 * 2) s_CookieTimeout = 60 * 24 * 365 * 2; // 2 years s_Initialized = true; } } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// private static string GetEncodedValue(AnonymousIdData data){ if (data == null) return null; byte [] bufId = Encoding.UTF8.GetBytes(data.AnonymousId); byte [] bufIdLen = BitConverter.GetBytes(bufId.Length); byte [] bufDate = BitConverter.GetBytes(data.ExpireDate.ToFileTimeUtc()); byte [] buffer = new byte[12 + bufId.Length]; Buffer.BlockCopy(bufDate, 0, buffer, 0, 8); Buffer.BlockCopy(bufIdLen, 0, buffer, 8, 4); Buffer.BlockCopy(bufId, 0, buffer, 12, bufId.Length); return CookieProtectionHelper.Encode(s_Protection, buffer, buffer.Length); } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// private static AnonymousIdData GetDecodedValue(string data){ if (data == null || data.Length < 1 || data.Length > MAX_ENCODED_COOKIE_STRING) return null; try { byte [] bBlob = CookieProtectionHelper.Decode(s_Protection, data); if (bBlob == null || bBlob.Length < 13) return null; DateTime expireDate = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bBlob, 0)); if (expireDate < DateTime.UtcNow) return null; int len = BitConverter.ToInt32(bBlob, 8); if (len < 0 || len > bBlob.Length - 12) return null; string id = Encoding.UTF8.GetString(bBlob, 12, len); if (id.Length > MAX_ID_LENGTH) return null; return new AnonymousIdData(id, expireDate); } catch {} return null; } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// [Serializable] internal class AnonymousIdData { internal AnonymousIdData(string id, DateTime dt) { ExpireDate = dt; AnonymousId = (dt > DateTime.UtcNow) ? id : null; // Ignore expired data } internal string AnonymousId; internal DateTime ExpireDate; } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// public delegate void AnonymousIdentificationEventHandler(object sender, AnonymousIdentificationEventArgs e); ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] public sealed class AnonymousIdentificationEventArgs : EventArgs { public string AnonymousID { get { return _AnonymousId;} set { _AnonymousId = value;}} public HttpContext Context { get { return _Context; }} private string _AnonymousId; private HttpContext _Context; public AnonymousIdentificationEventArgs(HttpContext context) { _Context = context; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.[To be supplied.] ///
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- OdbcDataReader.cs
- PropertyTabAttribute.cs
- IdentifierService.cs
- SqlDependency.cs
- HandleCollector.cs
- RoleService.cs
- Matrix3DStack.cs
- XPathNode.cs
- TextRangeBase.cs
- smtppermission.cs
- HttpServerVarsCollection.cs
- DependencyProperty.cs
- ConstantExpression.cs
- StartFileNameEditor.cs
- KeyGestureConverter.cs
- UnsafeNativeMethods.cs
- Fonts.cs
- CopyAttributesAction.cs
- StatusBarItem.cs
- CFStream.cs
- Int32EqualityComparer.cs
- dataSvcMapFileLoader.cs
- ECDsaCng.cs
- ColorContext.cs
- StringReader.cs
- Error.cs
- SqlCommandSet.cs
- AppSettingsSection.cs
- SqlDataSourceCache.cs
- CompilerParameters.cs
- CallSiteOps.cs
- OrderedDictionary.cs
- VectorCollectionValueSerializer.cs
- OperationFormatter.cs
- CompareInfo.cs
- ByteConverter.cs
- ToolStripDesigner.cs
- DataGridColumn.cs
- TypeName.cs
- BorderSidesEditor.cs
- WebUtil.cs
- _OverlappedAsyncResult.cs
- ExecutedRoutedEventArgs.cs
- XmlSchemaSimpleTypeUnion.cs
- DbMetaDataColumnNames.cs
- RegexStringValidator.cs
- BinaryObjectReader.cs
- LinqDataSource.cs
- FlatButtonAppearance.cs
- ScaleTransform3D.cs
- SafeSecurityHelper.cs
- MbpInfo.cs
- Formatter.cs
- VisemeEventArgs.cs
- Queue.cs
- oledbconnectionstring.cs
- StateBag.cs
- RepeaterItemEventArgs.cs
- EntityRecordInfo.cs
- TransformPattern.cs
- WindowsListViewGroupHelper.cs
- MarkupObject.cs
- HtmlImage.cs
- Bits.cs
- DataServiceException.cs
- ZipIOEndOfCentralDirectoryBlock.cs
- NativeMethods.cs
- ContextStaticAttribute.cs
- TextFormatterHost.cs
- CompilerTypeWithParams.cs
- NavigationProperty.cs
- DispatcherObject.cs
- ImportOptions.cs
- ReplacementText.cs
- UIAgentAsyncEndRequest.cs
- CodeIterationStatement.cs
- UserControlParser.cs
- TextBounds.cs
- SafePEFileHandle.cs
- TableFieldsEditor.cs
- SettingsPropertyValue.cs
- TraceProvider.cs
- Expressions.cs
- StatusBarItem.cs
- NativeMethods.cs
- SqlDelegatedTransaction.cs
- XamlPathDataSerializer.cs
- TableAutomationPeer.cs
- CancelEventArgs.cs
- StaticFileHandler.cs
- Triplet.cs
- DefaultObjectMappingItemCollection.cs
- EntityModelSchemaGenerator.cs
- KnownBoxes.cs
- ContextMenu.cs
- ToolStripCodeDomSerializer.cs
- GeneralTransform3DGroup.cs
- FlowDocument.cs
- ProcessThread.cs
- UrlMappingsModule.cs