//----------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// Checks whether or not the Key in the CID parameter for this page is valid (this computer based on the AnonID) and the time stamp is current /// If the key should be extracted from the Page URL parameters, just set the encryptedKey to null... /// </summary> protected bool KeyIsValid(StringBuilder encryptedKey) { bool keyIsValid = false; try { // 11-May-2016 - the MGLEncryption.Decrypt method throws a serious level 9 error if no key is provided. // It is better to catch this here and simply return false as this is just due to people not using the tool correctly (or trying to cut corners) if (encryptedKey != null && encryptedKey.Length > 0) { //-----a----- Decrypt the key ... encryptedKey = MGLEncryption.DeHTMLifyString(encryptedKey); StringBuilder decryptedKey = MGLEncryption.Decrypt(encryptedKey); //-----b----- Pull out the anon ID StringBuilder anonID = new StringBuilder(decryptedKey.ToString().Substring(1, 36)); StringBuilder dtStr = new StringBuilder(decryptedKey.ToString().Substring(38, 19)); //-----c----- now check that the dt is within tolerances DateTime dt; DateTime.TryParse(dtStr.ToString(), out dt); TimeSpan ts = DateTime.Now.Subtract(dt); //-----d----- get the anonvalue cookie again ... string tempValue = DefaultAnonID; if (Request.Cookies["AnonID"] != null) { tempValue = Request.Cookies["AnonID"].Value; } //-----e----- So then finally, do the validation on two fronts // a. that the elapsed time span is more than 0 and less than 10 seconds and // b. that the anonID is correct keyIsValid = (ts.TotalSeconds >= 0 && ts.TotalSeconds < 10) && MGLEncryption.AreEqual(anonID, new StringBuilder(tempValue)); } } catch (Exception ex) { Logger.LogError(8, "Problem checking if the authorisation key in the login page is valid. This is serious! The specific error was: " + ex.ToString()); } return(keyIsValid); }