public SecurityEnforcer(ISecurityEvaluator securityEvaluator) { if (securityEvaluator == null) { throw new ArgumentNullException("securityEvaluator"); } _securityEvaluator = securityEvaluator; }
public void Enrich(HttpResponseBase response, HttpRequestBase request, ISecurityEvaluator securityEvaluator, Settings settings) { if (!securityEvaluator.IsSecureConnection(request, settings) || !settings.EnableHsts) { return; } // Add the needed STS header. response.AddHeader("Strict-Transport-Security", string.Format("max-age={0:f0}", settings.HstsMaxAge)); }
/// <summary> /// Determines a target URL (if any) for this request, based on the expected security. /// </summary> /// <param name="context"></param> /// <param name="expectedSecurity"></param> /// <returns></returns> private string DetermineTargetUrl(HttpContextBase context, RequestSecurity expectedSecurity) { // Ensure the request matches the expected security. Logger.Log("Determining the URI for the expected security.", Logger.LogLevel.Info); ISecurityEvaluator securityEvaluator = SecurityEvaluatorFactory.Instance.Create(context, _settings); ISecurityEnforcer securityEnforcer = SecurityEnforcerFactory.Instance.Create(context, securityEvaluator); string targetUrl = securityEnforcer.GetUriForMatchedSecurityRequest(context.Request, context.Response, expectedSecurity, _settings); return(targetUrl); }
/// <summary> /// Gets a security enforcer. /// </summary> /// <returns></returns> internal ISecurityEnforcer Create(HttpContextBase context, ISecurityEvaluator securityEvaluator) { var enforcer = GetCacheValue(context); if (enforcer != null) { return(enforcer); } Logger.Log("Creating SecurityEnforcer."); return(new SecurityEnforcer(securityEvaluator)); }
/// <summary> /// Enriches the response as needed, based on the expected security and settings. /// </summary> /// <param name="context"></param> /// <param name="settings"></param> private void EnrichResponse(HttpContextBase context, Settings settings) { IEnumerable <IResponseEnricher> enrichers = ResponseEnricherFactory.Instance.GetAll(context); if (enrichers == null) { return; } ISecurityEvaluator securityEvaluator = SecurityEvaluatorFactory.Instance.Create(context, _settings); foreach (var enricher in enrichers) { enricher.Enrich(context.Response, context.Request, securityEvaluator, settings); } }