// // System.Web.Security.RoleManagerModule // // Authors: // Ben Maurer (bmaurer@users.sourceforge.net) // // (C) 2003 Ben Maurer // // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to // permit persons to whom the Software is furnished to do so, subject to // the following conditions: // // The above copyright notice and this permission notice shall be // included in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // using System.ComponentModel; using System.Collections; using System.Collections.Specialized; using System.Security.Principal; using System.Text; using System.Threading; using System.Web.Configuration; namespace System.Web.Security { public sealed class RoleManagerModule : IHttpModule { static readonly object getRolesEvent = new object (); RoleManagerSection _config = null; EventHandlerList events = new EventHandlerList (); public event RoleManagerEventHandler GetRoles { add { events.AddHandler (getRolesEvent, value); } remove { events.RemoveHandler (getRolesEvent, value); } } public void Dispose () { } void ClearCookie (HttpApplication app, string cookieName) { HttpCookie clearCookie = new HttpCookie (_config.CookieName, ""); clearCookie.Path = _config.CookiePath; clearCookie.Expires = DateTime.MinValue; clearCookie.Domain = _config.Domain; clearCookie.Secure = _config.CookieRequireSSL; app.Response.SetCookie (clearCookie); } void OnPostAuthenticateRequest (object sender, EventArgs args) { HttpApplication app = (HttpApplication)sender; /* if we're disabled, bail out early */ if (_config == null || !_config.Enabled) return; /* allow the user to populate the Role */ RoleManagerEventHandler eh = events [getRolesEvent] as RoleManagerEventHandler; if (eh != null) { RoleManagerEventArgs role_args = new RoleManagerEventArgs (app.Context); eh (this, role_args); if (role_args.RolesPopulated) return; } RolePrincipal principal; HttpCookie cookie = app.Request.Cookies [_config.CookieName]; IIdentity currentIdentity = app.Context.User.Identity; if (app.Request.IsAuthenticated) { if (cookie != null) { if (!_config.CacheRolesInCookie) cookie = null; else if (_config.CookieRequireSSL && !app.Request.IsSecureConnection) { cookie = null; ClearCookie (app, _config.CookieName); } } if (cookie == null || String.IsNullOrEmpty (cookie.Value)) principal = new RolePrincipal (currentIdentity); else principal = new RolePrincipal (currentIdentity, cookie.Value); } else { /* anonymous request */ if (cookie != null) { ClearCookie (app, _config.CookieName); } principal = new RolePrincipal (currentIdentity); } app.Context.User = principal; Thread.CurrentPrincipal = principal; } void OnEndRequest (object sender, EventArgs args) { HttpApplication app = (HttpApplication)sender; /* if we're not enabled or configured to cache * cookies, bail out */ if (_config == null || !_config.Enabled || !_config.CacheRolesInCookie) return; /* if the user isn't authenticated, bail * out */ if (!app.Request.IsAuthenticated) return; /* if the configuration requires ssl for * cookies and we're not on an ssl connection, * bail out */ if (_config.CookieRequireSSL && !app.Request.IsSecureConnection) return; RolePrincipal principal = app.Context.User as RolePrincipal; if (principal == null) /* just for my sanity */ return; if (!principal.CachedListChanged) return; string ticket = principal.ToEncryptedTicket (); if (ticket == null || ticket.Length > 4096) { ClearCookie (app, _config.CookieName); return; } HttpCookie cookie = new HttpCookie (_config.CookieName, ticket); cookie.HttpOnly = true; if (!string.IsNullOrEmpty (_config.Domain)) cookie.Domain = _config.Domain; if (_config.CookieRequireSSL) cookie.Secure = true; if (_config.CookiePath.Length > 1) // more than '/' cookie.Path = _config.CookiePath; app.Response.SetCookie (cookie); } public void Init (HttpApplication app) { _config = (RoleManagerSection) WebConfigurationManager.GetSection ("system.web/roleManager"); app.PostAuthenticateRequest += OnPostAuthenticateRequest; app.EndRequest += OnEndRequest; } } }