internal RequestAnalysis(ContextInformation context, FormsAuthenticationCookieAnalysis formsAuthenticationCookieResult, FormsAuthenticationTicketAnalysis formsAuthenticationTicketResult, UserAuthenticationTicketAnalysis userAuthenticationTicketResult)
{
Context = context;
FormsAuthenticationCookieResult = formsAuthenticationCookieResult;
FormsAuthenticationTicketResult = formsAuthenticationTicketResult;
UserAuthenticationTicketResult = userAuthenticationTicketResult;
}
/// <summary>
/// Creates a new instance of a FormsAuthenticationCookieAnalyzer
/// </summary>
/// <param name="formsAuthenticationCookie">The formsAuthenticationCookie to inspect</param>
/// <param name="isEndRequest">Indicates whether the analysis is occurring during the EndRequest phase of the execution pipeline</param>
public FormsAuthenticationAnalyzer(HttpCookie formsAuthenticationCookie, bool isEndRequest)
{
EnhancedSecurity.Initialize();
Context = new ContextInformation();
FormsAuthenticationCookieResult = AnalyzeFormsAuthenticationCookie(formsAuthenticationCookie);
if (UserAuthentication.Enabled)
{
FormsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(FormsAuthenticationCookieResult, true, isEndRequest);
UserAuthenticationTicketResult = AnalyzeServerAuthenticationTicket(Context, FormsAuthenticationCookieResult, FormsAuthenticationTicketResult, UserAuthentication.EnforceClientHostAddressValidation);
}
else
{
FormsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(FormsAuthenticationCookieResult, false, isEndRequest);
UserAuthenticationTicketResult = new UserAuthenticationTicketAnalysis();
}
}
/// <summary>
/// Retrieve and analyze the UserAuthenticationTicket
/// </summary>
/// <param name="contextInformation">Context information derived from the current request</param>
/// <param name="cookieAnalysis">The result of the FormsAuthenticationCookie analysis</param>
/// <param name="ticketAnalysis">The result of the FormsAuthenticationTicket analysis</param>
/// <param name="enforceHostAddressValidation">Indicates whether to enforce that the ticket was provided from the same IP address for which it created</param>
/// <returns>A UserAuthenticationTicketAnalysis object containing the results of the analysis</returns>
public static UserAuthenticationTicketAnalysis AnalyzeServerAuthenticationTicket(ContextInformation contextInformation, FormsAuthenticationCookieAnalysis cookieAnalysis, FormsAuthenticationTicketAnalysis ticketAnalysis, bool enforceHostAddressValidation)
{
UserAuthenticationTicket serverAuthTicket = ticketAnalysis.GetServerAuthenticationTicket();
return AnalyzeServerAuthenticationTicket(contextInformation, cookieAnalysis, ticketAnalysis, serverAuthTicket, enforceHostAddressValidation);
}
/// <summary>
/// Perform analysis of the UserAuthenticationTicket supplied
/// </summary>
/// <param name="contextInformation">Context information derived from the current request</param>
/// <param name="cookieAnalysis">The result of the FormsAuthenticationCookie analysis</param>
/// <param name="ticketAnalysis">The result of the FormsAuthenticationTicket analysis</param>
/// <param name="userAuthenticationTicket">The UserAuthenticationTicket to inspect</param>
/// <param name="enforceHostAddressValidation">Indicates whether to enforce that the ticket was provided from the same IP address for which it created</param>
/// <returns>A UserAuthenticationTicketAnalysis object containing the results of the analysis</returns>
public static UserAuthenticationTicketAnalysis AnalyzeServerAuthenticationTicket(ContextInformation contextInformation, FormsAuthenticationCookieAnalysis cookieAnalysis, FormsAuthenticationTicketAnalysis ticketAnalysis, UserAuthenticationTicket userAuthenticationTicket, bool enforceHostAddressValidation)
{
UserAuthenticationTicketAnalysis analysis = new UserAuthenticationTicketAnalysis();
HttpCookie formsAuthCookie = cookieAnalysis.FormsAuthenticationCookie;
FormsAuthenticationTicket formsAuthTicket = ticketAnalysis.FormsAuthenticationTicket;
analysis.TicketExists = (userAuthenticationTicket != null);
if (analysis.TicketExists)
{
analysis.UserAuthenticationTicket = userAuthenticationTicket;
if (userAuthenticationTicket != null)
{
analysis.CookieDomainMatch = (userAuthenticationTicket.CookieDomain == formsAuthCookie.Domain);
analysis.CookiePathMatch = (userAuthenticationTicket.CookiePath == formsAuthTicket.CookiePath && formsAuthTicket.CookiePath == formsAuthCookie.Path);
analysis.CookieSecureMatch = (userAuthenticationTicket.CookieSecure == formsAuthCookie.Secure);
/* analysis.ExpirationMatch = (DateTime.Compare(UserAuthenticationTicket.TicketExpiration, formsAuthTicket.Expiration) == 0 && DateTime.Compare(formsAuthTicket.Expiration, formsAuthCookie.Expires) == 0); */
analysis.CookieNameMatch = (userAuthenticationTicket.CookieName == formsAuthCookie.Name);
analysis.TicketPersistenceMatch = (userAuthenticationTicket.TicketIsPersistent == formsAuthTicket.IsPersistent);
analysis.TicketIssueDateMatch = (DateTime.Compare(userAuthenticationTicket.TicketIssueDate, formsAuthTicket.IssueDate) == 0);
analysis.TicketUsernameMatch = (userAuthenticationTicket.Username == formsAuthTicket.Name);
analysis.TicketVersionMatch = (userAuthenticationTicket.TicketVersion == formsAuthTicket.Version);
analysis.TicketHashMatch = (userAuthenticationTicket.TicketHash == ticketAnalysis.TicketHash);
analysis.HostAddressMatch = (userAuthenticationTicket.HostAddress == contextInformation.HostAddress);
}
analysis.IsValid =
analysis.CookieDomainMatch &&
analysis.CookiePathMatch &&
analysis.CookieSecureMatch &&
/* analysis.ExpirationMatch && */
analysis.CookieNameMatch &&
analysis.TicketPersistenceMatch &&
analysis.TicketIssueDateMatch &&
analysis.TicketUsernameMatch &&
analysis.TicketVersionMatch &&
analysis.TicketHashMatch &&
(!enforceHostAddressValidation || analysis.HostAddressMatch);
if (!analysis.IsValid)
{
analysis.IsMalicious =
!analysis.CookieDomainMatch ||
!analysis.CookiePathMatch ||
!analysis.CookieSecureMatch ||
/* !analysis.ExpirationMatch || */
!analysis.CookieNameMatch ||
!analysis.TicketPersistenceMatch ||
!analysis.TicketIssueDateMatch ||
!analysis.TicketUsernameMatch ||
!analysis.TicketVersionMatch ||
!analysis.TicketHashMatch ||
(enforceHostAddressValidation && !analysis.HostAddressMatch);
}
}
else
{
analysis.IsValid = false;
analysis.IsMalicious = false;
}
return analysis;
}
/// <summary>
/// Creates a new instance of a FormsAuthenticationCookieAnalyzer
/// </summary>
/// <param name="formsAuthenticationCookie">The formsAuthenticationCookie to inspect</param>
/// <param name="requestPhase">The phase of the request procesisng lifecycle from which the analysis is being requested</param>
/// <param name="saveToContext">Whether or not to save the result of the analysis to the HttpContext.Current.Items collection</param>
public static RequestAnalysis AnalyzeRequest(HttpCookie formsAuthenticationCookie, RequestLifecyclePhase? requestPhase, bool saveToContext)
{
EnhancedSecurity.Initialize();
ContextInformation context = new ContextInformation();
FormsAuthenticationCookieAnalysis formsAuthenticationCookieResult = AnalyzeFormsAuthenticationCookie(formsAuthenticationCookie);
FormsAuthenticationTicketAnalysis formsAuthenticationTicketResult;
UserAuthenticationTicketAnalysis userAuthenticationTicketResult;
if (UserAuthentication.Enabled)
{
formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, true, requestPhase);
userAuthenticationTicketResult = AnalyzeServerAuthenticationTicket(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, UserAuthentication.EnforceClientHostAddressValidation);
}
else
{
formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, false, requestPhase);
userAuthenticationTicketResult = new UserAuthenticationTicketAnalysis();
}
RequestAnalysis result = new RequestAnalysis(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, userAuthenticationTicketResult);
if (saveToContext)
{
string contextKey = "Analysis:" + requestPhase.ToString();
HttpContext.Current.Items[contextKey] = result;
}
return result;
}