public void ProcessRequest(HttpContextBase context)
{
var settings = new Settings();
var requestProcessor = new RequestProcessor(settings);
requestProcessor.Process(context, EvaluatorCallback);
}
/// <summary>
/// Determines a target URL (if any) for this request, based on the expected security.
/// </summary>
/// <param name="context"></param>
/// <param name="expectedSecurity"></param>
/// <returns></returns>
private string DetermineTargetUrl(HttpContextBase context, RequestSecurity expectedSecurity)
{
// Ensure the request matches the expected security.
Logger.Log("Determining the URI for the expected security.", Logger.LogLevel.Info);
ISecurityEvaluator securityEvaluator = SecurityEvaluatorFactory.Instance.Create(context, _settings);
ISecurityEnforcer securityEnforcer = SecurityEnforcerFactory.Instance.Create(context, securityEvaluator);
string targetUrl = securityEnforcer.GetUriForMatchedSecurityRequest(context.Request, context.Response, expectedSecurity, _settings);
return targetUrl;
}
/// <summary>
/// Processes a request.
/// </summary>
/// <param name="context">The context in which the request to process is running.</param>
/// <param name="evaluatorCallback">A callback to a custom request evaluator.</param>
public void Process(HttpContextBase context, RequestEvaluatorCallback evaluatorCallback)
{
Logger.Log("Begin request processing.");
RequestSecurity expectedSecurity = EvaluateRequestViaCallbackOrEvaluator(context, evaluatorCallback);
if (expectedSecurity == RequestSecurity.Ignore) {
// No redirect is needed for a result of Ignore.
EnrichResponse(context, _settings);
Logger.Log("Expected security is Ignore; done.", Logger.LogLevel.Info);
return;
}
string targetUrl = DetermineTargetUrl(context, expectedSecurity);
if (string.IsNullOrEmpty(targetUrl)) {
// No redirect is needed for a null/empty target URL.
EnrichResponse(context, _settings);
Logger.Log("No target URI determined; done.", Logger.LogLevel.Info);
return;
}
Redirect(context, targetUrl);
}
/// <summary>
/// Creates an instance of EvaluateRequestEventArgs with the specified application and settings.
/// </summary>
/// <param name="context">The current context.</param>
/// <param name="settings">An instance of Settings used for the evaluation of the request.</param>
public EvaluateRequestEventArgs(HttpContextBase context, Settings settings)
{
ExpectedSecurity = null;
Context = context;
Settings = settings;
}
/// <summary>
/// Enriches the response as needed, based on the expected security and settings.
/// </summary>
/// <param name="context"></param>
/// <param name="settings"></param>
private void EnrichResponse(HttpContextBase context, Settings settings)
{
IEnumerable<IResponseEnricher> enrichers = ResponseEnricherFactory.Instance.GetAll(context);
if (enrichers == null) {
return;
}
ISecurityEvaluator securityEvaluator = SecurityEvaluatorFactory.Instance.Create(context, _settings);
foreach (var enricher in enrichers) {
enricher.Enrich(context.Response, context.Request, securityEvaluator, settings);
}
}
/// <summary>
/// Responds with a redirect to the target URL.
/// </summary>
/// <param name="context"></param>
/// <param name="targetUrl"></param>
private void Redirect(HttpContextBase context, string targetUrl)
{
// Redirect.
Logger.Log("Redirecting the request.", Logger.LogLevel.Info);
ILocationRedirector redirector = LocationRedirectorFactory.Instance.Create(context);
redirector.Redirect(context.Response, targetUrl, _settings.BypassSecurityWarning);
}
/// <summary>
/// Evaluates this request via any request evaluator callback or an IRequestEvaluator.
/// </summary>
/// <param name="context"></param>
/// <param name="evaluatorCallback">A callback to a custom request evaluator.</param>
/// <returns></returns>
private RequestSecurity EvaluateRequestViaCallbackOrEvaluator(HttpContextBase context, RequestEvaluatorCallback evaluatorCallback)
{
RequestSecurity? evaluatorSecurity = null;
if (evaluatorCallback != null) {
evaluatorSecurity = evaluatorCallback(context);
}
RequestSecurity expectedSecurity;
if (evaluatorSecurity.HasValue) {
// Use the value returned by the EvaluateRequest event.
Logger.Log("Using the expected security value provided by the RequestEvaluatorCallback.", Logger.LogLevel.Info);
expectedSecurity = evaluatorSecurity.Value;
} else {
// Evaluate this request with the configured settings, if necessary.
IRequestEvaluator requestEvaluator = RequestEvaluatorFactory.Instance.Create(context);
expectedSecurity = requestEvaluator.Evaluate(context.Request, _settings);
}
return expectedSecurity;
}
