public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription) { if (operation.parameters == null) { operation.parameters = new List <Parameter>(); } var allAfTokens = SessionGlobal.GetServiceAntiforgeryTokens(); string afToken = allAfTokens.Skip(Settings.Default.PersistantAntiforgeryTokens.Count).FirstOrDefault(); if (string.IsNullOrEmpty(afToken)) { afToken = allAfTokens.LastOrDefault(); } operation.parameters.Add(new Parameter { name = "RequestVerificationToken", @in = "header", type = "string", required = true, @default = afToken }); }
public void SessionStart(HttpApplication application, SessionGlobal sessionGlobal) { if (sessionGlobal != null) { sessionGlobal.AppRight.LogOnRight = new UserLogOnRight(); sessionGlobal.AppRight.ScriptBuilder = new BootstrapMenuBuilder(); sessionGlobal.AppRight.FunctionRight = new SimpleFunctionRight(); } }
public OutputData DoAction(IInputData input) { WebGlobalVariable.Session?.Clear(); WebGlobalVariable.Response.Cookies.Delete(JWTUtil.COOKIE_NAME); SessionGlobal.Abandon(BaseGlobalVariable.Current.UserInfo); string url = WebAppSetting.WebCurrent.LogOnPath; return(OutputData.Create(url)); }
internal PageInfo(IPageData pageData, SessionGlobal sessionGbl) { IUserInfo info = WebGlobalVariable.Info; UserId = info.UserId.ConvertToString(); RoleId = info.MainOrgId.ConvertToString(); Source = pageData.SourceInfo.Source; Module = true; IsHttpPost = pageData.IsPost; Guid = sessionGbl.TempIndentity; SessionId = sessionGbl.SessionId; Culture = ObjectUtil.SysCulture; Style = PageStyleClass.FromStyle(pageData.Style); ModuleCreator = pageData.SourceInfo.ModuleCreator; }
public static void Assert() { if (Settings.Default.ServiceAntiforgeryEnabled) { var request = HttpContext.Current.Request; if (excludedTargets.Contains(request.Url.LocalPath.ToLower())) { return; } string receivedToken = request.Headers["RequestVerificationToken"]; if (!string.IsNullOrEmpty(receivedToken)) { if (!SessionGlobal.GetServiceAntiforgeryTokens().Contains(receivedToken)) { //try do decrypt time var origStr = System.Text.Encoding.Unicode.GetString( ProtectedData.Unprotect( Convert.FromBase64String(receivedToken) , null, DataProtectionScope.CurrentUser)); var parts = origStr.Split('_'); if (parts.Length == 2 && parts[0] == HttpContext.Current.Session.SessionID) { DateTime tokenTime; DateTime.TryParseExact(parts[1], "MM/dd/yyyy HH:mm:ss", null, System.Globalization.DateTimeStyles.None, out tokenTime); if ((DateTime.UtcNow - tokenTime).TotalSeconds < 11) { return; } } //AuthenticationFactory.Logout(); throw new System.Web.Mvc.HttpAntiForgeryException(); } } } }
public WebPageInfo(IPageData pageData, SessionGlobal sessionGbl, Uri retUrl, Uri selfUrl) { Url = new UrlInfo(retUrl, selfUrl); Info = new PageInfo(pageData, sessionGbl); QueryString = pageData.QueryString.ToDictionary(); }
public InternalCallerInfo(IPageData pageData, SessionGlobal sessionGbl, Uri retUrl, Uri selfUrl) { fPageInfo = new WebPageInfo(pageData, sessionGbl, retUrl, selfUrl); }