private void OnLeave(object source, EventArgs eventArgs)
{
if (this._fOnEnterCalled)
{
this._fOnEnterCalled = false;
}
else
{
return;
}
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
if (context.Response.Cookies.GetNoCreate(FormsAuthentication.FormsCookieName) != null)
{
context.Response.Cache.SetCacheability(HttpCacheability.NoCache, "Set-Cookie");
}
if (context.Response.StatusCode == 0x191)
{
string rawUrl = context.Request.RawUrl;
if ((rawUrl.IndexOf("?ReturnUrl=", StringComparison.Ordinal) == -1) && (rawUrl.IndexOf("&ReturnUrl=", StringComparison.Ordinal) == -1))
{
string str3;
string strUrl = null;
if (!string.IsNullOrEmpty(FormsAuthentication.LoginUrl))
{
strUrl = AuthenticationConfig.GetCompleteLoginUrl(context, FormsAuthentication.LoginUrl);
}
if ((strUrl == null) || (strUrl.Length <= 0))
{
throw new HttpException(System.Web.SR.GetString("Auth_Invalid_Login_Url"));
}
CookielessHelperClass cookielessHelper = context.CookielessHelper;
if (strUrl.IndexOf('?') >= 0)
{
str3 = FormsAuthentication.RemoveQueryStringVariableFromUrl(strUrl, "ReturnUrl") + "&ReturnUrl=" + HttpUtility.UrlEncode(rawUrl, context.Request.ContentEncoding);
}
else
{
str3 = strUrl + "?ReturnUrl=" + HttpUtility.UrlEncode(rawUrl, context.Request.ContentEncoding);
}
int index = rawUrl.IndexOf('?');
if ((index >= 0) && (index < (rawUrl.Length - 1)))
{
str3 = str3 + "&" + rawUrl.Substring(index + 1);
}
cookielessHelper.SetCookieValue('F', null);
cookielessHelper.RedirectWithDetectionIfRequired(str3, FormsAuthentication.CookieMode);
context.Response.Redirect(str3, false);
}
}
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
// Private method for decrypting a cookie
private static FormsAuthenticationTicket ExtractTicketFromCookie(HttpContext context, String name, out bool cookielessTicket)
{
FormsAuthenticationTicket ticket = null;
string encValue = null;
bool ticketExpired = false;
bool badTicket = false;
try {
try {
////////////////////////////////////////////////////////////
// Step 0: Check if we should use cookieless
cookielessTicket = CookielessHelperClass.UseCookieless(context, false, FormsAuthentication.CookieMode);
////////////////////////////////////////////////////////////
// Step 1: Check URI/cookie for ticket
if (cookielessTicket)
{
encValue = context.CookielessHelper.GetCookieValue('F');
}
else
{
HttpCookie cookie = context.Request.Cookies[name];
if (cookie != null)
{
encValue = cookie.Value;
}
}
////////////////////////////////////////////////////////////
// Step 2: Decrypt encrypted ticket
if (encValue != null && encValue.Length > 1)
{
try {
ticket = FormsAuthentication.Decrypt(encValue);
} catch {
if (cookielessTicket)
{
context.CookielessHelper.SetCookieValue('F', null);
}
else
{
context.Request.Cookies.Remove(name);
}
badTicket = true;
//throw;
}
if (ticket == null)
{
badTicket = true;
}
if (ticket != null && !ticket.Expired)
{
if (cookielessTicket || !FormsAuthentication.RequireSSL || context.Request.IsSecureConnection) // Make sure it is NOT a secure cookie over an in-secure connection
{
return(ticket); // Found valid ticket
}
}
if (ticket != null && ticket.Expired)
{
ticketExpired = true;
}
// Step 2b: Remove expired/bad ticket
ticket = null;
if (cookielessTicket)
{
context.CookielessHelper.SetCookieValue('F', null);
}
else
{
context.Request.Cookies.Remove(name);
}
}
////////////////////////////////////////////////////////////
// Step 3: Look in QueryString
if (FormsAuthentication.EnableCrossAppRedirects)
{
encValue = context.Request.QueryString[name];
if (encValue != null && encValue.Length > 1)
{
if (!cookielessTicket && FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect)
{
cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode); // find out for sure
}
try {
ticket = FormsAuthentication.Decrypt(encValue);
} catch {
badTicket = true;
//throw;
}
if (ticket == null)
{
badTicket = true;
}
}
// Step 3b: Look elsewhere in the request (i.e. posted body)
if (ticket == null || ticket.Expired)
{
encValue = context.Request.Form[name];
if (encValue != null && encValue.Length > 1)
{
if (!cookielessTicket && FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect)
{
cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode); // find out for sure
}
try {
ticket = FormsAuthentication.Decrypt(encValue);
} catch {
badTicket = true;
//throw;
}
if (ticket == null)
{
badTicket = true;
}
}
}
}
if (ticket == null || ticket.Expired)
{
if (ticket != null && ticket.Expired)
{
ticketExpired = true;
}
return(null); // not found! Exit with null
}
if (FormsAuthentication.RequireSSL && !context.Request.IsSecureConnection) // Bad scenario: valid ticket over non-SSL
{
throw new HttpException(SR.GetString(SR.Connection_not_secure_creating_secure_cookie));
}
////////////////////////////////////////////////////////////
// Step 4: Create the cookie/URI value
if (cookielessTicket)
{
if (ticket.CookiePath != "/")
{
FormsAuthenticationTicket tempTicket = FormsAuthenticationTicket.FromUtc(ticket.Version, ticket.Name, ticket.IssueDateUtc,
ticket.ExpirationUtc, ticket.IsPersistent, ticket.UserData,
"/");
ticket = tempTicket;
encValue = FormsAuthentication.Encrypt(ticket);
}
context.CookielessHelper.SetCookieValue('F', encValue);
string strUrl = FormsAuthentication.RemoveQueryStringVariableFromUrl(context.Request.RawUrl, name);
context.Response.Redirect(strUrl);
}
else
{
HttpCookie cookie = new HttpCookie(name, encValue);
cookie.HttpOnly = true;
cookie.Path = ticket.CookiePath;
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
cookie.Secure = FormsAuthentication.RequireSSL;
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
context.Response.Cookies.Remove(cookie.Name);
context.Response.Cookies.Add(cookie);
}
return(ticket);
} finally {
if (badTicket)
{
WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditFormsAuthenticationFailure,
WebEventCodes.InvalidTicketFailure);
}
else if (ticketExpired)
{
WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditFormsAuthenticationFailure,
WebEventCodes.ExpiredTicketFailure);
}
}
} catch {
throw;
}
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
private void OnLeave(Object source, EventArgs eventArgs)
{
if (_fOnEnterCalled)
{
_fOnEnterCalled = false;
}
else
{
return; // no need to continue if we skipped OnEnter
}
HttpApplication app;
HttpContext context;
app = (HttpApplication)source;
context = app.Context;
////////////////////////////////////////////////////////////
// Step 1: Check if we are using cookie authentication and
// if authentication failed
if (context.Response.StatusCode != 401)
{
return;
}
////////////////////////////////////////////////////////////
// Change 401 to a redirect to login page
// Don't do it if the redirect is suppressed for this response
if (context.Response.SuppressFormsAuthenticationRedirect)
{
return;
}
// Don't do it if already there is ReturnUrl, already being redirected,
// to avoid infinite redirection loop
String strUrl = context.Request.RawUrl;
if (strUrl.IndexOf("?" + FormsAuthentication.ReturnUrlVar + "=", StringComparison.Ordinal) != -1 ||
strUrl.IndexOf("&" + FormsAuthentication.ReturnUrlVar + "=", StringComparison.Ordinal) != -1)
{
return;
}
////////////////////////////////////////////////////////////
// Step 2: Get the complete url to the login-page
String loginUrl = null;
if (!String.IsNullOrEmpty(FormsAuthentication.LoginUrl))
{
loginUrl = AuthenticationConfig.GetCompleteLoginUrl(context, FormsAuthentication.LoginUrl);
}
////////////////////////////////////////////////////////////
// Step 3: Check if we have a valid url to the login-page
if (loginUrl == null || loginUrl.Length <= 0)
{
throw new HttpException(SR.GetString(SR.Auth_Invalid_Login_Url));
}
////////////////////////////////////////////////////////////
// Step 4: Construct the redirect-to url
String strRedirect;
int iIndex;
CookielessHelperClass cookielessHelper;
// if(context.Request.Browser["isMobileDevice"] == "true") {
// //__redir=1 is marker for devices that post on redirect
// if(strUrl.IndexOf("__redir=1") >= 0) {
// strUrl = SanitizeUrlForCookieless(strUrl);
// }
// else {
// if(strUrl.IndexOf('?') >= 0)
// strSep = "&";
// else
// strSep = "?";
// strUrl = SanitizeUrlForCookieless(strUrl + strSep + "__redir=1");
// }
// }
// Create the CookielessHelper class to rewrite the path, if needed.
cookielessHelper = context.CookielessHelper;
if (loginUrl.IndexOf('?') >= 0)
{
loginUrl = FormsAuthentication.RemoveQueryStringVariableFromUrl(loginUrl, FormsAuthentication.ReturnUrlVar);
strRedirect = loginUrl + "&" + FormsAuthentication.ReturnUrlVar + "=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding);
}
else
{
strRedirect = loginUrl + "?" + FormsAuthentication.ReturnUrlVar + "=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding);
}
////////////////////////////////////////////////////////////
// Step 5: Add the query-string from the current url
iIndex = strUrl.IndexOf('?');
if (iIndex >= 0 && iIndex < strUrl.Length - 1)
{
strRedirect += "&" + strUrl.Substring(iIndex + 1);
}
cookielessHelper.SetCookieValue('F', null); // remove old ticket if present
cookielessHelper.RedirectWithDetectionIfRequired(strRedirect, FormsAuthentication.CookieMode);
////////////////////////////////////////////////////////////
// Step 6: Do the redirect
context.Response.Redirect(strRedirect, false);
}
private static FormsAuthenticationTicket ExtractTicketFromCookie(HttpContext context, string name, out bool cookielessTicket)
{
FormsAuthenticationTicket ticket = null;
string encryptedTicket = null;
FormsAuthenticationTicket ticket2;
bool flag = false;
bool flag2 = false;
try
{
try
{
cookielessTicket = CookielessHelperClass.UseCookieless(context, false, FormsAuthentication.CookieMode);
if (cookielessTicket)
{
encryptedTicket = context.CookielessHelper.GetCookieValue('F');
}
else
{
HttpCookie cookie = context.Request.Cookies[name];
if (cookie != null)
{
encryptedTicket = cookie.Value;
}
}
if ((encryptedTicket != null) && (encryptedTicket.Length > 1))
{
try
{
ticket = FormsAuthentication.Decrypt(encryptedTicket);
}
catch
{
if (cookielessTicket)
{
context.CookielessHelper.SetCookieValue('F', null);
}
else
{
context.Request.Cookies.Remove(name);
}
flag2 = true;
}
if (ticket == null)
{
flag2 = true;
}
if (((ticket != null) && !ticket.Expired) && ((cookielessTicket || !FormsAuthentication.RequireSSL) || context.Request.IsSecureConnection))
{
return(ticket);
}
if ((ticket != null) && ticket.Expired)
{
flag = true;
}
ticket = null;
if (cookielessTicket)
{
context.CookielessHelper.SetCookieValue('F', null);
}
else
{
context.Request.Cookies.Remove(name);
}
}
if (FormsAuthentication.EnableCrossAppRedirects)
{
encryptedTicket = context.Request.QueryString[name];
if ((encryptedTicket != null) && (encryptedTicket.Length > 1))
{
if (!cookielessTicket && (FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect))
{
cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode);
}
try
{
ticket = FormsAuthentication.Decrypt(encryptedTicket);
}
catch
{
flag2 = true;
}
if (ticket == null)
{
flag2 = true;
}
}
if ((ticket == null) || ticket.Expired)
{
encryptedTicket = context.Request.Form[name];
if ((encryptedTicket != null) && (encryptedTicket.Length > 1))
{
if (!cookielessTicket && (FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect))
{
cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode);
}
try
{
ticket = FormsAuthentication.Decrypt(encryptedTicket);
}
catch
{
flag2 = true;
}
if (ticket == null)
{
flag2 = true;
}
}
}
}
if ((ticket == null) || ticket.Expired)
{
if ((ticket != null) && ticket.Expired)
{
flag = true;
}
return(null);
}
if (FormsAuthentication.RequireSSL && !context.Request.IsSecureConnection)
{
throw new HttpException(System.Web.SR.GetString("Connection_not_secure_creating_secure_cookie"));
}
if (cookielessTicket)
{
if (ticket.CookiePath != "/")
{
ticket = FormsAuthenticationTicket.FromUtc(ticket.Version, ticket.Name, ticket.IssueDateUtc, ticket.ExpirationUtc, ticket.IsPersistent, ticket.UserData, "/");
encryptedTicket = FormsAuthentication.Encrypt(ticket);
}
context.CookielessHelper.SetCookieValue('F', encryptedTicket);
string url = FormsAuthentication.RemoveQueryStringVariableFromUrl(context.Request.RawUrl, name);
context.Response.Redirect(url);
}
else
{
HttpCookie cookie2 = new HttpCookie(name, encryptedTicket)
{
HttpOnly = true,
Path = ticket.CookiePath
};
if (ticket.IsPersistent)
{
cookie2.Expires = ticket.Expiration;
}
cookie2.Secure = FormsAuthentication.RequireSSL;
if (FormsAuthentication.CookieDomain != null)
{
cookie2.Domain = FormsAuthentication.CookieDomain;
}
context.Response.Cookies.Remove(cookie2.Name);
context.Response.Cookies.Add(cookie2);
}
ticket2 = ticket;
}
finally
{
if (flag2)
{
WebBaseEvent.RaiseSystemEvent(null, 0xfa5, 0xc419);
}
else if (flag)
{
WebBaseEvent.RaiseSystemEvent(null, 0xfa5, 0xc41a);
}
}
}
catch
{
throw;
}
return(ticket2);
}
