Ejemplo n.º 1
0
        //-----------------------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>
        ///     Probably this is a custom cookie called AnonID ....
        /// </summary>
        public void SetSessionRequiresHTTPs(HttpCookie seshCookie, string sessionID, bool isLocal)
        {
            if (isLocal == false &&
                seshCookie != null &&
                sessionID != null &&
                MGLApplicationInterface.Instance().SessionsRequiringHTTPs != null
                )
            {
                // only check if it exists based on the seshCookie, not the session ID
                // this should catch for old sessions ...
                bool existsAlready = false;
                foreach (KeyValuePair <string, string> kvp in MGLApplicationInterface.Instance().SessionsRequiringHTTPs)
                {
                    if (kvp.Key.Equals(seshCookie.Value))
                    {
                        existsAlready = true;
                        break;
                    }
                }

                // remove it if it exists
                if (existsAlready == true)
                {
                    MGLApplicationInterface.Instance().RemoveSessionRequiringHTTPS(sessionID);
                }
                // now add it
                MGLApplicationInterface.Instance().SessionsRequiringHTTPs.Add(new KeyValuePair <string, string>(seshCookie.Value, sessionID));

                MGLSessionInterface.Instance().UseHTTPS = true;

                //Logger.Log("XXXXX SetSessionRequiresHTTPs: " + seshCookie.Value + "    " + sessionID);
            }
        }
Ejemplo n.º 2
0
        //---------------------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>
        ///     Using the OnUnload method for performance benchmarking of pages
        /// </summary>
        protected override void OnUnload(EventArgs e)
        {
            // Performance benchmarking ...
            DateTime dt2 = DateTime.Now;
            TimeSpan t1  = dt2.Subtract(dt1);

            string currentPageName = HttpContext.Current.Request.Url.AbsoluteUri;

            int currentUserID = (Authorisation.CurrentUser != null) ? Authorisation.CurrentUser.ID : 0;

            // 14-Jan-2015 - Get the IP Address
            string srcIPAddress = IPAddressHelper.GetIP4OrAnyAddressFromHTTPRequest();

            // 11-Mar-2016 - Sanity check - when pages crash, dt1 is not always set so is the null date, so if the difference between dt1 and dt2 is more than one day (!!), use dt2
            // 16-Mar-2016 - And reset the timespan so it is sensible, otherwise the average response time queries in view page performance do not work!
            // you can find the crashed pages in the db with this query: SELECT * FROM Log_PageRequests WHERE Server_Render_Speed > 63593600000000;
            DateTime logTime = dt1;

            if (t1.TotalMilliseconds > 86400000)
            {
                logTime = dt2;
                t1      = new TimeSpan(0, 0, 0, 0, 50);
            }

            LoggerDB.LogPageRequestInDatabase(MGLSessionInterface.Instance().Config, MGLApplicationInterface.Instance().ApplicationName,
                                              Session.SessionID, MGLSessionInterface.Instance().SessionID, currentPageName, dt2, t1.TotalMilliseconds, currentUserID, srcIPAddress);
//            Logger.LogError(currentPageName + "Time to build page: " + t1.TotalMilliseconds);

            base.OnUnload(e);
        }
Ejemplo n.º 3
0
        //-------------------------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>Checks whether or not the session has timed out</summary>
        /// <returns></returns>
        protected bool SessionTimedOut()
        {
            bool sessionHasTimedOut = false;

            //It appears from testing that the Request and Response both share the
            // same cookie collection.  If I set a cookie myself in the Reponse, it is
            // also immediately visible to the Request collection.  This just means that
            // since the ASP.Net_SessionID is set in the Session HTTPModule (which
            // has already run), thatwe can't use our own code to see if the cookie was
            // actually sent by the agent with the request using the collection. Check if
            // the given page supports session or not (this tested as reliable indicator
            // if EnableSessionState is true), should not care about a page that does
            // not need session
            if (Context.Session != null)
            {
                //Tested and the IsNewSession is more advanced then simply checking if
                // a cookie is present, it does take into account a session timeout, because
                // I tested a timeout and it did show as a new session
                if (Session.IsNewSession)
                {
                    // If it says it is a new session, but an existing cookie exists, then it must
                    // have timed out (can't use the cookie collection because even on first
                    // request it already contains the cookie (request and response
                    // seem to share the collection)
                    string szCookieHeader = Request.Headers["Cookie"];
                    if ((null != szCookieHeader) && (szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
                    {
                        sessionHasTimedOut = true;

                        // Finally - if the user is going straight back to the default page anyway, do we care that the Session has timed out?
                        // No it is irrelevant.  Also, and more importantly - this means that we also ignore the case where a user comes to the site, does something
                        // then goes a way and comes back - after a day or so, it would be surprising to have the session expired notice come up
                        // 28-Jan-2015 - All this does is pop up a message on the default page to say that the session has expired!
                        // It does not change any of the other functionality with the logins / security pages ...
                        if (CurrentPageIsDefaultPage() == false)
                        {
                            MGLSessionInterface.Instance().SessionExpired = true;
                        }
                    }
                }
            }
            return(sessionHasTimedOut);
        }
Ejemplo n.º 4
0
        //-------------------------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>
        ///     22-Mar-2016 - This method builds the html to include static resources like javascript and css files.
        ///
        ///     We want to move towards retreiving all the JS and Styles from a static resource domain e.g. static.datanirvana.org
        ///     To do this is fine, but we also want to be able to test using local resources, so lets setup a web config param specifying the static resource path
        ///     ~/ is the local path and e.g. static.datanirvana.org would be the static path
        ///     If an external resource we need to choose https or not depending on the current session ...
        ///     THe resource list will appear like this: "Scripts/jquery-1.11.3.min.js", "Scripts/Site.js", "Styles/Site.css"
        ///     The Scripts or Styles prefix is critical as this determines which type of resource is referenced.
        ///     Note that for external resources like maps.googleapi.com still DO NOT include the http / https prefix ...
        /// </summary>
        public static string BuildStaticResourcesHTML(Page currentPage, string[] resourceNames)
        {
            StringBuilder str = new StringBuilder();

            if (resourceNames != null)
            {
                //-----a1----- declare all the variables to building these static resources to improve the readability!
                string staticResourcePath = MGLApplicationInterface.Instance().StaticResourcePath;
                bool   minifyJS           = MGLApplicationInterface.Instance().StaticJavascriptIsMinified;
                string httpPrefix         = (MGLSessionInterface.Instance().UseHTTPS == true) ? "https://" : "http://";

                //-----a2----- 11-May-2016 - Ok so here, if the SSLError bool in the session is set, then we DONT want to use the external resources as they wont work, so reset to use the local variants
                if (MGLSessionInterface.Instance().SSLError == true)
                {
                    staticResourcePath = "~/";
                    int userID = (Authorisation.CurrentUser != null) ? Authorisation.CurrentUser.ID : 0;
                    // This may be a little verbose on some sites, but lets keep it in for now to see how often this occurs....
                    Logger.LogWarning("SSL configuration error detected for user " + userID + " with ipaddress " + IPAddressHelper.GetIPAddressFromHTTPRequest() + " on page '" + currentPage.Title + "'.");
                }

                //-----a3---- And double check if we need to add a trailing forward slash ....
                string dir = (staticResourcePath.EndsWith("/") == true) ? "" : "/";

                //-----a4----- 31-Mar-2016 - lets append the JSVersion to ALL static resources, so that we can try to influence clients browsers to automatically refresh after updates
                // without having to visit the new DefaultFullReload page - this needs testing!!
                // http://stackoverflow.com/questions/32414/how-can-i-force-clients-to-refresh-javascript-files#32427
                // lets also remove the . from the version just to make 100% sure we dont confuse any legacy code that splits the file suffix on the last dot (oooops!)
                string versionSuffix = "?v=" + MGLApplicationInterface.Instance().JSVersion.Replace(".", "");


                //-----b----- loop through the static resources
                foreach (string staticResource in resourceNames)
                {
                    //-----c----- Get the relative path to this resource
                    string tempPath = httpPrefix + staticResourcePath + dir + staticResource;
                    // 31-Mar-2016 - special case for script files that are built dynamically and accessed from the code directory
                    // We dont want to get these from the remote resource location, these should always be local....
                    // Note that we cannot use the default path as this gets reset to the full default path - we always just want to use the simple ~/
                    if (staticResource.StartsWith("Code", StringComparison.CurrentCultureIgnoreCase) == true)
                    {
                        tempPath = currentPage.ResolveClientUrl("~/" + staticResource);
                    }
                    // And lets resolve the right relative URL if this is a local implementation
                    if (staticResourcePath.StartsWith("~"))
                    {
                        tempPath = currentPage.ResolveClientUrl(staticResourcePath + staticResource);
                    }

                    //-----d----- Build the resource tag!
                    // 31-Mar-2016 - also include the code prefix here so that the semi-static files for the Information and Map pages are treated in the same way with the v suffix
                    if (staticResource.StartsWith("Scripts", StringComparison.CurrentCultureIgnoreCase) == true ||
                        staticResource.StartsWith("Code", StringComparison.CurrentCultureIgnoreCase) == true)
                    {
                        //-----e----- Determine whether or not the javascript needs to be minified - if it does then convert the JS at the end to be .min.js if it has not already been set
                        if (minifyJS == true && tempPath.EndsWith(".min.js", StringComparison.CurrentCultureIgnoreCase) == false)
                        {
                            tempPath = tempPath.ToLower().Replace(".js", ".min.js");
                        }
                        str.Append("<script src=\"" + tempPath + versionSuffix + "\" type=\"text/javascript\"></script>");
                    }
                    else if (staticResource.StartsWith("Styles", StringComparison.CurrentCultureIgnoreCase))
                    {
                        //-----f1----- 19-Apr-2016 - we are now also minifying the CSS too - if it does then convert the css at the end to be .min.css if it has not already been set
                        if (minifyJS == true && tempPath.EndsWith(".min.css", StringComparison.CurrentCultureIgnoreCase) == false)
                        {
                            tempPath = tempPath.ToLower().Replace(".css", ".min.css");
                        }
                        //-----f2----- Build the styles link!
                        str.Append("<link href=\"" + tempPath + versionSuffix + "\" rel=\"stylesheet\" type=\"text/css\" />");
                    }
                    else
                    {
                        // Unusual / unknown static resource ... In fact, most probably an external resource!  So lets not amend the staticResource string, we just prefix and dont add the ?v=
                        // To reiterate - DO prefix with http / https and DO NOT add the version as a parameter ...
                        // e.g. maps.googleapis.com/maps/api/js?key=MY_API_KEY
                        str.Append("<script src=\"" + httpPrefix + staticResource + "\" type=\"text/javascript\"></script>");
                    }
                }
            }

            return(str.ToString());
        }