private static string[] GetRolesAndSetCookieInternal()
{
string[] currentUserRoles = new string[0];
String hostName = WebUtils.GetHostName();
SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings();
if (siteSettings != null)
{
string roleCookieName = SiteUtils.GetRoleCookieName(siteSettings);
currentUserRoles = SiteUser.GetRoles(siteSettings, HttpContext.Current.User.Identity.Name);
string roleStr = "";
foreach (string role in currentUserRoles)
{
roleStr += role;
roleStr += ";";
}
if (WebConfigSettings.PreEncryptRolesForCookie)
{
roleStr = SiteUtils.Encrypt(roleStr);
}
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // version
HttpContext.Current.User.Identity.Name, // user name
DateTime.Now, // issue time
DateTime.Now.AddHours(1), // expires every hour
false, // don't persist cookie
roleStr // roles
);
string cookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie roleCookie = new HttpCookie(roleCookieName, cookieStr);
//roleCookie.Expires = DateTime.Now.AddMinutes(20);
roleCookie.HttpOnly = true;
roleCookie.Path = "/";
if ((SiteUtils.SslIsAvailable()) && WebConfigSettings.RequireSslForRoleCookie)
{
roleCookie.Secure = true;
}
HttpContext.Current.Response.Cookies.Add(roleCookie);
}
return(currentUserRoles);
}
/// <summary>
/// required implementation
/// </summary>
/// <param name="username">a username</param>
/// <returns>a list of roles</returns>
public override string[] GetRolesForUser(string userName)
{
if (HttpContext.Current != null)
{
SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings();
string roleCookieName = SiteUtils.GetRoleCookieName(siteSettings);
if ((HttpContext.Current.Request.IsAuthenticated) &&
(HttpContext.Current.User.Identity.Name == userName) &&
(siteSettings != null)
)
{
if (
(CookieHelper.CookieExists(roleCookieName)) &&
(CookieHelper.GetCookieValue(roleCookieName).Length > 0)
)
{
return(GetRolesFromCookie());
}
else
{
return(GetRolesAndSetCookie());
}
}
else
{
// not current user or not authenticated
if ((siteSettings != null) && (userName != null) && (userName.Length > 0))
{
return(SiteUser.GetRoles(siteSettings, userName));
}
}
}
return(new string[0]);
}
/// <summary>
/// required implementation
/// </summary>
/// <param name="username">a username</param>
/// <returns>a list of roles</returns>
public override string[] GetRolesForUser(string userName)
{
if (HttpContext.Current != null)
{
SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings();
string roleCookieName = SiteUtils.GetRoleCookieName(siteSettings);
if ((HttpContext.Current.Request.IsAuthenticated) &&
(HttpContext.Current.User.Identity.Name == userName) &&
(siteSettings != null)
)
{
if (
(CookieHelper.CookieExists(roleCookieName)) &&
(CookieHelper.GetCookieValue(roleCookieName).Length > 0)
)
{
try
{
return(GetRolesFromCookie());
// the below errors are expected if the machine key has been changed and the user already has a role cookie
// apparently the update for http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx
// changed it from throwing a CryptographyException to an HttpException
}
catch (System.Security.Cryptography.CryptographicException)
{
return(GetRolesAndSetCookie());
}
catch (HttpException)
{
return(GetRolesAndSetCookie());
}
catch (NullReferenceException ex)
{
// https://www.mojoportal.com/Forums/Thread.aspx?thread=9515&mid=34&pageid=5&ItemID=2&pagenumber=1#post39505
// not sure what is null here but someone reported it happening using the Amazon silk browser
// which does some very weird things like caching everything on their own servers
// so their servers make the web request and the brwoser gets it from their server
// its like a strange proxy server
// then it happened on my own site after applying a windows update
log.Error("handled exception", ex);
return(GetRolesAndSetCookie());
}
}
else
{
return(GetRolesAndSetCookie());
}
}
else
{
// not current user or not authenticated
if ((siteSettings != null) && (userName != null) && (userName.Length > 0))
{
return(SiteUser.GetRoles(siteSettings, userName));
}
}
}
return(new string[0]);
}