//-----------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// Checks whether or not the Key in the CID parameter for this page is valid (this computer based on the AnonID) and the time stamp is current
/// If the key should be extracted from the Page URL parameters, just set the encryptedKey to null...
/// </summary>
protected bool KeyIsValid(StringBuilder encryptedKey)
{
bool keyIsValid = false;
try {
// 11-May-2016 - the MGLEncryption.Decrypt method throws a serious level 9 error if no key is provided.
// It is better to catch this here and simply return false as this is just due to people not using the tool correctly (or trying to cut corners)
if (encryptedKey != null && encryptedKey.Length > 0)
{
//-----a----- Decrypt the key ...
encryptedKey = MGLEncryption.DeHTMLifyString(encryptedKey);
StringBuilder decryptedKey = MGLEncryption.Decrypt(encryptedKey);
//-----b----- Pull out the anon ID
StringBuilder anonID = new StringBuilder(decryptedKey.ToString().Substring(1, 36));
StringBuilder dtStr = new StringBuilder(decryptedKey.ToString().Substring(38, 19));
//-----c----- now check that the dt is within tolerances
DateTime dt;
DateTime.TryParse(dtStr.ToString(), out dt);
TimeSpan ts = DateTime.Now.Subtract(dt);
//-----d----- get the anonvalue cookie again ...
string tempValue = DefaultAnonID;
if (Request.Cookies["AnonID"] != null)
{
tempValue = Request.Cookies["AnonID"].Value;
}
//-----e----- So then finally, do the validation on two fronts
// a. that the elapsed time span is more than 0 and less than 10 seconds and
// b. that the anonID is correct
keyIsValid = (ts.TotalSeconds >= 0 && ts.TotalSeconds < 10) && MGLEncryption.AreEqual(anonID, new StringBuilder(tempValue));
}
} catch (Exception ex) {
Logger.LogError(8, "Problem checking if the authorisation key in the login page is valid. This is serious! The specific error was: " + ex.ToString());
}
return(keyIsValid);
}
