public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
{
if (operation.parameters == null)
{
operation.parameters = new List <Parameter>();
}
var allAfTokens = SessionGlobal.GetServiceAntiforgeryTokens();
string afToken = allAfTokens.Skip(Settings.Default.PersistantAntiforgeryTokens.Count).FirstOrDefault();
if (string.IsNullOrEmpty(afToken))
{
afToken = allAfTokens.LastOrDefault();
}
operation.parameters.Add(new Parameter
{
name = "RequestVerificationToken",
@in = "header",
type = "string",
required = true,
@default = afToken
});
}
public void SessionStart(HttpApplication application, SessionGlobal sessionGlobal)
{
if (sessionGlobal != null)
{
sessionGlobal.AppRight.LogOnRight = new UserLogOnRight();
sessionGlobal.AppRight.ScriptBuilder = new BootstrapMenuBuilder();
sessionGlobal.AppRight.FunctionRight = new SimpleFunctionRight();
}
}
public void SessionStart(HttpApplication application, SessionGlobal sessionGlobal)
{
if (sessionGlobal != null)
{
sessionGlobal.AppRight.LogOnRight = new UserLogOnRight();
sessionGlobal.AppRight.ScriptBuilder = new BootstrapMenuBuilder();
sessionGlobal.AppRight.FunctionRight = new SimpleFunctionRight();
}
}
public OutputData DoAction(IInputData input)
{
WebGlobalVariable.Session?.Clear();
WebGlobalVariable.Response.Cookies.Delete(JWTUtil.COOKIE_NAME);
SessionGlobal.Abandon(BaseGlobalVariable.Current.UserInfo);
string url = WebAppSetting.WebCurrent.LogOnPath;
return(OutputData.Create(url));
}
internal PageInfo(IPageData pageData, SessionGlobal sessionGbl)
{
IUserInfo info = WebGlobalVariable.Info;
UserId = info.UserId.ConvertToString();
RoleId = info.MainOrgId.ConvertToString();
Source = pageData.SourceInfo.Source;
Module = true;
IsHttpPost = pageData.IsPost;
Guid = sessionGbl.TempIndentity;
SessionId = sessionGbl.SessionId;
Culture = ObjectUtil.SysCulture;
Style = PageStyleClass.FromStyle(pageData.Style);
ModuleCreator = pageData.SourceInfo.ModuleCreator;
}
public static void Assert()
{
if (Settings.Default.ServiceAntiforgeryEnabled)
{
var request = HttpContext.Current.Request;
if (excludedTargets.Contains(request.Url.LocalPath.ToLower()))
{
return;
}
string receivedToken = request.Headers["RequestVerificationToken"];
if (!string.IsNullOrEmpty(receivedToken))
{
if (!SessionGlobal.GetServiceAntiforgeryTokens().Contains(receivedToken))
{
//try do decrypt time
var origStr = System.Text.Encoding.Unicode.GetString(
ProtectedData.Unprotect(
Convert.FromBase64String(receivedToken)
, null, DataProtectionScope.CurrentUser));
var parts = origStr.Split('_');
if (parts.Length == 2 && parts[0] == HttpContext.Current.Session.SessionID)
{
DateTime tokenTime;
DateTime.TryParseExact(parts[1], "MM/dd/yyyy HH:mm:ss", null, System.Globalization.DateTimeStyles.None, out tokenTime);
if ((DateTime.UtcNow - tokenTime).TotalSeconds < 11)
{
return;
}
}
//AuthenticationFactory.Logout();
throw new System.Web.Mvc.HttpAntiForgeryException();
}
}
}
}
public WebPageInfo(IPageData pageData, SessionGlobal sessionGbl, Uri retUrl, Uri selfUrl)
{
Url = new UrlInfo(retUrl, selfUrl);
Info = new PageInfo(pageData, sessionGbl);
QueryString = pageData.QueryString.ToDictionary();
}
public InternalCallerInfo(IPageData pageData, SessionGlobal sessionGbl, Uri retUrl, Uri selfUrl)
{
fPageInfo = new WebPageInfo(pageData, sessionGbl, retUrl, selfUrl);
}
