public static RenewTicketIfOld ( FormsAuthenticationTicket tOld ) : FormsAuthenticationTicket | ||
tOld | FormsAuthenticationTicket | |
return | FormsAuthenticationTicket |
void OnAuthenticateRequest(object sender, EventArgs args) { HttpApplication app = (HttpApplication)sender; HttpContext context = app.Context; string cookieName; string cookiePath; string loginPage; bool slidingExpiration; InitConfig(context); if (_config == null || _config.Mode != AuthenticationMode.Forms) { return; } #if NET_2_0 cookieName = _config.Forms.Name; cookiePath = _config.Forms.Path; loginPage = _config.Forms.LoginUrl; slidingExpiration = _config.Forms.SlidingExpiration; #else cookieName = _config.CookieName; cookiePath = _config.CookiePath; loginPage = _config.LoginUrl; slidingExpiration = _config.SlidingExpiration; #endif if (!VirtualPathUtility.IsRooted(loginPage)) { loginPage = "~/" + loginPage; } string reqPath = String.Empty; string loginPath = null; try { reqPath = context.Request.PhysicalPath; loginPath = context.Request.MapPath(loginPage); } catch {} // ignore context.SkipAuthorization = String.Compare(reqPath, loginPath, RuntimeHelpers.CaseInsensitive, Helpers.InvariantCulture) == 0; #if NET_2_0 //TODO: need to check that the handler is System.Web.Handlers.AssemblyResourceLoader type string filePath = context.Request.FilePath; if (filePath.Length > 15 && String.CompareOrdinal("WebResource.axd", 0, filePath, filePath.Length - 15, 15) == 0) { context.SkipAuthorization = true; } #endif FormsAuthenticationEventArgs formArgs = new FormsAuthenticationEventArgs(context); FormsAuthenticationEventHandler eh = events [authenticateEvent] as FormsAuthenticationEventHandler; if (eh != null) { eh(this, formArgs); } bool contextUserNull = (context.User == null); if (formArgs.User != null || !contextUserNull) { if (contextUserNull) { context.User = formArgs.User; } return; } HttpCookie cookie = context.Request.Cookies [cookieName]; if (cookie == null || (cookie.Expires != DateTime.MinValue && cookie.Expires < DateTime.Now)) { return; } FormsAuthenticationTicket ticket = null; try { ticket = FormsAuthentication.Decrypt(cookie.Value); } catch (ArgumentException) { // incorrect cookie value, suppress the exception return; } if (ticket == null || (!ticket.IsPersistent && ticket.Expired)) { return; } FormsAuthenticationTicket oldticket = ticket; if (slidingExpiration) { ticket = FormsAuthentication.RenewTicketIfOld(ticket); } context.User = new GenericPrincipal(new FormsIdentity(ticket), new string [0]); if (cookie.Expires == DateTime.MinValue && oldticket == ticket) { return; } cookie.Value = FormsAuthentication.Encrypt(ticket); cookie.Path = cookiePath; if (ticket.IsPersistent) { cookie.Expires = ticket.Expiration; } context.Response.Cookies.Add(cookie); }
private void OnAuthenticate(FormsAuthenticationEventArgs e) { HttpCookie cookie = null; if (this._eventHandler != null) { this._eventHandler(this, e); } if (e.Context.User == null) { if (e.User != null) { e.Context.SetPrincipalNoDemand(e.User); } else { bool cookielessTicket = false; FormsAuthenticationTicket tOld = ExtractTicketFromCookie(e.Context, FormsAuthentication.FormsCookieName, out cookielessTicket); if ((tOld != null) && !tOld.Expired) { FormsAuthenticationTicket ticket = tOld; if (FormsAuthentication.SlidingExpiration) { ticket = FormsAuthentication.RenewTicketIfOld(tOld); } e.Context.SetPrincipalNoDemand(new GenericPrincipal(new FormsIdentity(ticket), new string[0])); if (!cookielessTicket && !ticket.CookiePath.Equals("/")) { cookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { cookie.Path = ticket.CookiePath; } } if (ticket != tOld) { if ((cookielessTicket && (ticket.CookiePath != "/")) && (ticket.CookiePath.Length > 1)) { ticket = FormsAuthenticationTicket.FromUtc(ticket.Version, ticket.Name, ticket.IssueDateUtc, ticket.ExpirationUtc, ticket.IsPersistent, ticket.UserData, "/"); } string cookieValue = FormsAuthentication.Encrypt(ticket); if (cookielessTicket) { e.Context.CookielessHelper.SetCookieValue('F', cookieValue); e.Context.Response.Redirect(e.Context.Request.RawUrl); } else { if (cookie != null) { cookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; } if (cookie == null) { cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue) { Path = ticket.CookiePath }; } if (ticket.IsPersistent) { cookie.Expires = ticket.Expiration; } cookie.Value = cookieValue; cookie.Secure = FormsAuthentication.RequireSSL; cookie.HttpOnly = true; if (FormsAuthentication.CookieDomain != null) { cookie.Domain = FormsAuthentication.CookieDomain; } e.Context.Response.Cookies.Remove(cookie.Name); e.Context.Response.Cookies.Add(cookie); } } } } } }
//////////////////////////////////////////////////////////// // OnAuthenticate: Forms Authentication modules can override // this method to create a Forms IPrincipal object from // a WindowsIdentity private void OnAuthenticate(FormsAuthenticationEventArgs e) { HttpCookie cookie = null; //////////////////////////////////////////////////////////// // Step 1: If there are event handlers, invoke the handlers if (_eventHandler != null) { _eventHandler(this, e); } //////////////////////////////////////////////////////////// // Step 2: Check if the event handler created a user-object if (e.Context.User != null) { // do nothing because someone else authenticated return; } if (e.User != null) { // the event handler created a user e.Context.SetPrincipalNoDemand(e.User); return; } //////////////////////////////////////////////////////////// // Step 3: Extract the cookie and create a ticket from it bool cookielessTicket = false; FormsAuthenticationTicket ticket = ExtractTicketFromCookie(e.Context, FormsAuthentication.FormsCookieName, out cookielessTicket); //////////////////////////////////////////////////////////// // Step 4: See if the ticket was created: No => exit immediately if (ticket == null || ticket.Expired) { return; } //////////////////////////////////////////////////////////// // Step 5: Renew the ticket FormsAuthenticationTicket ticket2 = ticket; if (FormsAuthentication.SlidingExpiration) { ticket2 = FormsAuthentication.RenewTicketIfOld(ticket); } //////////////////////////////////////////////////////////// // Step 6: Create a user object for the ticket e.Context.SetPrincipalNoDemand(new GenericPrincipal(new FormsIdentity(ticket2), new String[0])); //////////////////////////////////////////////////////////// // Step 7: Browser does not send us the correct cookie-path // Update the cookie to show the correct path if (!cookielessTicket && !ticket2.CookiePath.Equals("/")) { cookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { cookie.Path = ticket2.CookiePath; } } //////////////////////////////////////////////////////////// // Step 8: If the ticket was renewed, save the ticket in the cookie if (ticket2 != ticket) { if (cookielessTicket && ticket2.CookiePath != "/" && ticket2.CookiePath.Length > 1) { FormsAuthenticationTicket tempTicket = FormsAuthenticationTicket.FromUtc(ticket2.Version, ticket2.Name, ticket2.IssueDateUtc, ticket2.ExpirationUtc, ticket2.IsPersistent, ticket2.UserData, "/"); ticket2 = tempTicket; } String strEnc = FormsAuthentication.Encrypt(ticket2, !cookielessTicket); if (cookielessTicket) { e.Context.CookielessHelper.SetCookieValue('F', strEnc); e.Context.Response.Redirect(e.Context.Request.RawUrl); } else { if (cookie != null) { cookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; } if (cookie == null) { cookie = new HttpCookie(FormsAuthentication.FormsCookieName, strEnc); cookie.Path = ticket2.CookiePath; } if (ticket2.IsPersistent) { cookie.Expires = ticket2.Expiration; } cookie.Value = strEnc; cookie.Secure = FormsAuthentication.RequireSSL; cookie.HttpOnly = true; if (FormsAuthentication.CookieDomain != null) { cookie.Domain = FormsAuthentication.CookieDomain; } e.Context.Response.Cookies.Remove(cookie.Name); e.Context.Response.Cookies.Add(cookie); } } }
//////////////////////////////////////////////////////////// // OnAuthenticate: Forms Authentication modules can override // this method to create a Forms IPrincipal object from // a WindowsIdentity private void OnAuthenticate(FormsAuthenticationEventArgs e) { HttpCookie cookie = null; //////////////////////////////////////////////////////////// // Step 1: If there are event handlers, invoke the handlers if (_eventHandler != null) { _eventHandler(this, e); } //////////////////////////////////////////////////////////// // Step 2: Check if the event handler create a user-object if (e.Context.User != null || e.User != null) { // It did e.Context.User = (e.Context.User == null ? e.User : e.Context.User); return; } //////////////////////////////////////////////////////////// // Step 3: Extract the cookie and create a ticket from it FormsAuthenticationTicket ticket = null; try { ticket = ExtractTicketFromCookie(e.Context, _FormsName); } catch (Exception) { ticket = null; } //////////////////////////////////////////////////////////// // Step 4: See if the ticket was created: No => exit immediately if (ticket == null || ticket.Expired) { return; } //////////////////////////////////////////////////////////// // Step 5: Renew the ticket FormsAuthenticationTicket ticket2 = ticket; if (FormsAuthentication.SlidingExpiration) { ticket2 = FormsAuthentication.RenewTicketIfOld(ticket); } //////////////////////////////////////////////////////////// // Step 6: Create a user object for the ticket e.Context.User = new GenericPrincipal(new FormsIdentity(ticket2), new String[0]); //////////////////////////////////////////////////////////// // Step 7: Browser does not send us the correct cookie-path // Update the cookie to show the correct path if (!ticket2.CookiePath.Equals("/")) { cookie = e.Context.Request.Cookies[_FormsName]; if (cookie != null) { cookie.Path = ticket2.CookiePath; if (ticket2.IsPersistent) { cookie.Expires = ticket2.Expiration; } } } //////////////////////////////////////////////////////////// // Step 8: If the ticket was renewed, save the ticket in the cookie if (ticket2 != ticket) { String strEnc = FormsAuthentication.Encrypt(ticket2); if (cookie != null) { cookie = e.Context.Request.Cookies[_FormsName]; } if (cookie == null) { cookie = new HttpCookie(_FormsName, strEnc); cookie.Path = ticket2.CookiePath; } if (ticket2.IsPersistent) { cookie.Expires = ticket2.Expiration; } cookie.Value = strEnc; cookie.Secure = FormsAuthentication.RequireSSL; } if (cookie != null) { e.Context.Response.Cookies.Add(cookie); } }