//------------------------------------------------------------------------------
// <copyright file="ClientFormsIdentity.cs" company="Microsoft">
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
namespace System.Web.ClientServices
{
    using System;
    using System.Net;
    using System.Security.Principal;
    using System.Runtime.InteropServices;
    using System.Security;
    using System.Web.Security;
    using System.Diagnostics.CodeAnalysis;

    public class ClientFormsIdentity : IIdentity, IDisposable
    {
        public  string              Name                    { get { return _Name; }}
        public  bool                IsAuthenticated         { get { return _IsAuthenticated; }}
        public  string              AuthenticationType      { get { return _AuthenticationType; } }
        public  CookieContainer     AuthenticationCookies   { get { return _AuthenticationCookies; } }
        public  MembershipProvider  Provider                { get { return _Provider; } }

        public ClientFormsIdentity(string name, string password, MembershipProvider provider, string authenticationType, bool isAuthenticated, CookieContainer authenticationCookies)
        {
            _Name = name;
            _AuthenticationType = authenticationType;
            _IsAuthenticated = isAuthenticated;
            _AuthenticationCookies = authenticationCookies;
            _Password = GetSecureStringFromString(password);
            _Provider = provider;
        }

        public void RevalidateUser()
        {
            if (_Disposed)
            {
                throw new ObjectDisposedException(this.GetType().FullName);
            }
            _Provider.ValidateUser(_Name, GetStringFromSecureString(_Password));
        }

        public void Dispose()
        {
            Dispose(true);
            GC.SuppressFinalize(this);
        }

        protected virtual void Dispose(bool disposing)
        {
            if (disposing)
            {
                if (_Password != null)
                {
                    _Password.Dispose();
                }
            }
            _Disposed = true;
        }

        private string              _Name;
        private bool                _IsAuthenticated;
        private string              _AuthenticationType;
        private CookieContainer     _AuthenticationCookies;
        private SecureString        _Password;
        private MembershipProvider  _Provider;
        private bool                _Disposed;

        private static SecureString GetSecureStringFromString(string password)
        {
            char[] passwordChars = password.ToCharArray();
            SecureString ss = new SecureString();
            for (int iter = 0; iter < passwordChars.Length; iter++)
                ss.AppendChar(passwordChars[iter]);
            ss.MakeReadOnly();
            return ss;
        }

        [SuppressMessage("Microsoft.Security", "CA2122:DoNotIndirectlyExposeMethodsWithLinkDemands", Justification="Reviewed and approved by feature crew")]
        [SecuritySafeCritical]
        private static string GetStringFromSecureString(SecureString securePass)
        {

            IntPtr bstr = IntPtr.Zero;
            try {
                bstr = Marshal.SecureStringToBSTR(securePass);
                return Marshal.PtrToStringBSTR(bstr);
            } finally {
                if (bstr != IntPtr.Zero)
                    Marshal.FreeBSTR(bstr);
            }
        }
    }
}