176 lines
5.0 KiB
C#
176 lines
5.0 KiB
C#
//
|
|
// System.Web.Security.RoleManagerModule
|
|
//
|
|
// Authors:
|
|
// Ben Maurer (bmaurer@users.sourceforge.net)
|
|
//
|
|
// (C) 2003 Ben Maurer
|
|
//
|
|
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining
|
|
// a copy of this software and associated documentation files (the
|
|
// "Software"), to deal in the Software without restriction, including
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
|
// distribute, sublicense, and/or sell copies of the Software, and to
|
|
// permit persons to whom the Software is furnished to do so, subject to
|
|
// the following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be
|
|
// included in all copies or substantial portions of the Software.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
//
|
|
|
|
using System.ComponentModel;
|
|
using System.Collections;
|
|
using System.Collections.Specialized;
|
|
using System.Security.Principal;
|
|
using System.Text;
|
|
using System.Threading;
|
|
using System.Web.Configuration;
|
|
|
|
namespace System.Web.Security {
|
|
public sealed class RoleManagerModule : IHttpModule
|
|
{
|
|
static readonly object getRolesEvent = new object ();
|
|
|
|
RoleManagerSection _config = null;
|
|
EventHandlerList events = new EventHandlerList ();
|
|
|
|
public event RoleManagerEventHandler GetRoles {
|
|
add { events.AddHandler (getRolesEvent, value); }
|
|
remove { events.RemoveHandler (getRolesEvent, value); }
|
|
}
|
|
|
|
public void Dispose ()
|
|
{
|
|
}
|
|
|
|
void ClearCookie (HttpApplication app, string cookieName)
|
|
{
|
|
HttpCookie clearCookie = new HttpCookie (_config.CookieName, "");
|
|
|
|
clearCookie.Path = _config.CookiePath;
|
|
clearCookie.Expires = DateTime.MinValue;
|
|
clearCookie.Domain = _config.Domain;
|
|
clearCookie.Secure = _config.CookieRequireSSL;
|
|
app.Response.SetCookie (clearCookie);
|
|
}
|
|
|
|
void OnPostAuthenticateRequest (object sender, EventArgs args)
|
|
{
|
|
HttpApplication app = (HttpApplication)sender;
|
|
|
|
/* if we're disabled, bail out early */
|
|
if (_config == null || !_config.Enabled)
|
|
return;
|
|
|
|
/* allow the user to populate the Role */
|
|
RoleManagerEventHandler eh = events [getRolesEvent] as RoleManagerEventHandler;
|
|
if (eh != null) {
|
|
RoleManagerEventArgs role_args = new RoleManagerEventArgs (app.Context);
|
|
|
|
eh (this, role_args);
|
|
|
|
if (role_args.RolesPopulated)
|
|
return;
|
|
}
|
|
|
|
RolePrincipal principal;
|
|
|
|
HttpCookie cookie = app.Request.Cookies [_config.CookieName];
|
|
|
|
IIdentity currentIdentity = app.Context.User.Identity;
|
|
if (app.Request.IsAuthenticated) {
|
|
if (cookie != null) {
|
|
if (!_config.CacheRolesInCookie)
|
|
cookie = null;
|
|
else if (_config.CookieRequireSSL && !app.Request.IsSecureConnection) {
|
|
cookie = null;
|
|
ClearCookie (app, _config.CookieName);
|
|
}
|
|
|
|
}
|
|
|
|
if (cookie == null || String.IsNullOrEmpty (cookie.Value))
|
|
principal = new RolePrincipal (currentIdentity);
|
|
else
|
|
principal = new RolePrincipal (currentIdentity, cookie.Value);
|
|
}
|
|
else {
|
|
/* anonymous request */
|
|
|
|
if (cookie != null) {
|
|
ClearCookie (app, _config.CookieName);
|
|
}
|
|
|
|
principal = new RolePrincipal (currentIdentity);
|
|
}
|
|
|
|
app.Context.User = principal;
|
|
Thread.CurrentPrincipal = principal;
|
|
}
|
|
|
|
void OnEndRequest (object sender, EventArgs args)
|
|
{
|
|
HttpApplication app = (HttpApplication)sender;
|
|
|
|
/* if we're not enabled or configured to cache
|
|
* cookies, bail out */
|
|
if (_config == null || !_config.Enabled || !_config.CacheRolesInCookie)
|
|
return;
|
|
|
|
/* if the user isn't authenticated, bail
|
|
* out */
|
|
if (!app.Request.IsAuthenticated)
|
|
return;
|
|
|
|
/* if the configuration requires ssl for
|
|
* cookies and we're not on an ssl connection,
|
|
* bail out */
|
|
if (_config.CookieRequireSSL && !app.Request.IsSecureConnection)
|
|
return;
|
|
|
|
RolePrincipal principal = app.Context.User as RolePrincipal;
|
|
if (principal == null) /* just for my sanity */
|
|
return;
|
|
|
|
if (!principal.CachedListChanged)
|
|
return;
|
|
|
|
string ticket = principal.ToEncryptedTicket ();
|
|
if (ticket == null || ticket.Length > 4096) {
|
|
ClearCookie (app, _config.CookieName);
|
|
return;
|
|
}
|
|
|
|
HttpCookie cookie = new HttpCookie (_config.CookieName, ticket);
|
|
|
|
cookie.HttpOnly = true;
|
|
if (!string.IsNullOrEmpty (_config.Domain))
|
|
cookie.Domain = _config.Domain;
|
|
if (_config.CookieRequireSSL)
|
|
cookie.Secure = true;
|
|
if (_config.CookiePath.Length > 1) // more than '/'
|
|
cookie.Path = _config.CookiePath;
|
|
app.Response.SetCookie (cookie);
|
|
}
|
|
|
|
public void Init (HttpApplication app)
|
|
{
|
|
_config = (RoleManagerSection) WebConfigurationManager.GetSection ("system.web/roleManager");
|
|
|
|
app.PostAuthenticateRequest += OnPostAuthenticateRequest;
|
|
app.EndRequest += OnEndRequest;
|
|
}
|
|
}
|
|
}
|
|
|