protected virtual void HandleNonSecureRequest(AuthorizationContext context)
{
if (context.HttpContext.Request.HttpMethod != HttpMethod.Get)
throw Error.SecureConnectionRequired();
string url = "https://" + context.HttpContext.Request.Url.Host
+ context.HttpContext.Request.RawUrl;
context.Cancel = true;
context.Result = new RedirectResult(url);
}
protected virtual string CreateRedirectionUrl(AuthorizationContext context)
{
if (String.IsNullOrEmpty(_redirectTo))
return null;
string url = _redirectTo;
string query = String.Empty;
if (!String.IsNullOrEmpty(_parameterName))
query = String.Concat(
(_redirectTo.IndexOf('?') > -1) ? "&" : "?",
_parameterName, "=",
Uri.EscapeUriString(context.HttpContext.Request.Url.PathAndQuery)
);
return url + query;
}
public void OnAuthorization(AuthorizationContext context)
{
Precondition.Require(context, () => Error.ArgumentNull("context"));
string value = context.HttpContext.Request.Parameters.Form.GetValue<string>(FieldName);
if (String.IsNullOrEmpty(value))
throw Error.RequestValidationError();
RequestValidationToken current = RequestValidationToken.Create(context.HttpContext, Value);
RequestValidationToken token = RequestValidationToken.Create(value);
if(!token.IsValid(current))
throw Error.RequestValidationError();
if (_timeout > 0 && (DateTime.Now - token.CreationDate).TotalMinutes > _timeout)
throw Error.RequestValidationError();
}
protected virtual bool RedirectAllowed(AuthorizationContext context, string url)
{
if (String.IsNullOrEmpty(url))
return false;
if (context.Context.IsChild)
return false;
if (context.HttpContext.Request.IsAjaxRequest)
return false;
return true;
}
public void OnAuthorization(AuthorizationContext context)
{
Precondition.Require(context, () => Error.ArgumentNull("context"));
if (Validate(context.HttpContext))
{
HttpCachePolicyBase cachePolicy = context.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidationHandler, null);
}
else
{
context.Cancel = true;
string url = CreateRedirectionUrl(context);
if (RedirectAllowed(context, url))
context.Result = new RedirectResult(url);
else
context.Result = DefaultResult;
}
}
public void OnAuthorization(AuthorizationContext context)
{
Precondition.Require(context, () => Error.ArgumentNull("context"));
if (!context.HttpContext.Request.IsSecureConnection)
HandleNonSecureRequest(context);
}
protected virtual AuthorizationContext InvokeAuthorizationFilters(
ControllerContext context, ActionDescriptor descriptor,
ICollection<IAuthorizationFilter> filters)
{
Precondition.Require(context, () => Error.ArgumentNull("context"));
Precondition.Require(descriptor, () => Error.ArgumentNull("descriptor"));
Precondition.Require(filters, () => Error.ArgumentNull("filters"));
AuthorizationContext filterContext = new AuthorizationContext(context, descriptor);
foreach (IAuthorizationFilter filter in filters)
{
filter.OnAuthorization(filterContext);
if (filterContext.Cancel)
break;
}
return filterContext;
}
void IAuthorizationFilter.OnAuthorization(AuthorizationContext context)
{
OnAuthorization(context);
}
/// <summary>
/// Method called when authorization occurs.
/// </summary>
/// <param name="context">Contains information about the current request and action</param>
protected virtual void OnAuthorization(AuthorizationContext context)
{
}
