public async Task<ValidateResult> Validate(HttpRequestBase request, HttpResponseBase response) { request.ThrowIfNull("request"); response.ThrowIfNull("response"); if (!String.IsNullOrEmpty(request.ContentType)) { try { var contentType = new ContentType(request.ContentType); if (String.Equals(contentType.MediaType, "application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) || String.Equals(contentType.MediaType, "multipart/form-data", StringComparison.OrdinalIgnoreCase)) { ValidationResult validationResult = await _antiCsrfNonceValidator.ValidateAsync(request); ResponseResult responseResult = await _antiCsrfResponseGenerator.GetResponseAsync(validationResult); if (responseResult.ResultType == ResponseResultType.ResponseGenerated) { return ValidateResult.ResponseGenerated(responseResult.Response); } } } catch (FormatException) { } } await _antiCsrfCookieManager.ConfigureCookieAsync(request, response); return ValidateResult.RequestValidated(); }
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey) { httpRequest.ThrowIfNull("httpRequest"); httpResponse.ThrowIfNull("httpResponse"); suggestedResponse.ThrowIfNull("suggestedResponse"); StatusAndSubStatusCode statusCode = suggestedResponse.StatusCode; if (!_statusCodes.Contains(statusCode)) { return ResponseHandlerResult.ResponseNotHandled(); } AcceptHeader[] acceptHeaders = AcceptHeader.ParseMany(httpRequest.Headers["Accept"]).ToArray(); if (acceptHeaders.Any() && !acceptHeaders.Any(arg => arg.MediaTypeMatches("text/plain"))) { return ResponseHandlerResult.ResponseNotHandled(); } Response response = new Response(statusCode) .TextPlain() .Content(String.Format("{0} {1}", statusCode.StatusDescription, statusCode.StatusDescription.Length > 0 ? String.Format("({0})", statusCode.StatusDescription) : "")); response.CachePolicy.NoClientCaching(); new CacheResponse(response).WriteResponse(httpResponse); httpResponse.TrySkipIisCustomErrors = true; return ResponseHandlerResult.ResponseWritten(); }
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey) { httpRequest.ThrowIfNull("httpRequest"); httpResponse.ThrowIfNull("httpResponse"); suggestedResponse.ThrowIfNull("suggestedResponse"); var cacheResponse = new CacheResponse(suggestedResponse); cacheResponse.WriteResponse(httpResponse); return ResponseHandlerResult.ResponseWritten(); }
public Task<Guid?> GetSessionIdAsync(HttpResponseBase response) { response.ThrowIfNull("response"); if (!response.Cookies.AllKeys.Contains(_configuration.CookieName)) { return null; } Guid sessionId; return (Guid.TryParse(response.Cookies[_configuration.CookieName].Value, out sessionId) ? sessionId : (Guid?)null).AsCompletedTask(); }
public Task ConfigureCookieAsync(HttpRequestBase request, HttpResponseBase response) { request.ThrowIfNull("request"); response.ThrowIfNull("response"); string cookieName = _configuration.CookieName; string sessionId = request.Cookies.AllKeys.Contains(cookieName) ? request.Cookies[cookieName].Value : _guidFactory.Random().ToString("N"); response.Cookies.Remove(cookieName); var cookie = new HttpCookie(cookieName, sessionId) { HttpOnly = true }; response.Cookies.Add(cookie); return Task.Factory.Empty(); }
public Task ConfigureCookieAsync(HttpRequestBase request, HttpResponseBase response) { request.ThrowIfNull("request"); response.ThrowIfNull("response"); if (request.Cookies.AllKeys.Contains(_configuration.CookieName)) { response.Cookies.Set(request.Cookies[_configuration.CookieName]); return Task.Factory.Empty(); } string sessionId = _guidFactory.Random().ToString("N"); var cookie = new HttpCookie(_configuration.CookieName, sessionId) { HttpOnly = true }; response.Cookies.Add(cookie); return Task.Factory.Empty(); }
public Task<AuthenticationResult> AuthenticateAsync(HttpRequestBase request, HttpResponseBase response, Routing.Route route) { request.ThrowIfNull("request"); response.ThrowIfNull("response"); route.ThrowIfNull("route"); if (!_helper.IsTicketValid(request)) { return AuthenticationResult.AuthenticationFailed.AsCompletedTask(); } Cookie cookie = _helper.RenewTicket(request); response.Cookies.Remove(cookie.Name); response.Cookies.Add(cookie.GetHttpCookie()); return AuthenticationResult.AuthenticationSucceeded.AsCompletedTask(); }
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey) { httpRequest.ThrowIfNull("httpRequest"); httpResponse.ThrowIfNull("httpResponse"); suggestedResponse.ThrowIfNull("suggestedResponse"); StatusAndSubStatusCode statusCode = suggestedResponse.StatusCode; if (!_statusCodes.Contains(statusCode)) { return ResponseHandlerResult.ResponseNotHandled(); } AcceptHeader[] acceptHeaders = AcceptHeader.ParseMany(httpRequest.Headers["Accept"]).ToArray(); if (acceptHeaders.Any() && !acceptHeaders.Any(arg => arg.MediaTypeMatches("text/html"))) { return ResponseHandlerResult.ResponseNotHandled(); } const string format = @"<!DOCTYPE html> <html> <head> <title>{0}</title> <style>h1 {{ margin: 0; padding: 0; }}</style> </head> <body> <h1>{0}</h1> <hr/> HTTP {1}{2} </body> </html>"; Response response = new Response(statusCode) .TextHtml() .Content(String.Format(format, statusCode.StatusDescription, statusCode.StatusCode, statusCode.SubStatusCode == 0 ? "" : "." + statusCode.SubStatusCode)); response.CachePolicy.NoClientCaching(); new CacheResponse(response).WriteResponse(httpResponse); httpResponse.TrySkipIisCustomErrors = true; return ResponseHandlerResult.ResponseWritten(); }
public async Task WriteResponseAsync(HttpResponseBase response) { response.ThrowIfNull("response"); response.StatusCode = _statusCode.StatusCode; response.SubStatusCode = _statusCode.SubStatusCode; response.ContentType = ContentType; response.Charset = Charset; response.ContentEncoding = ContentEncoding; foreach (Header header in Headers) { response.Headers.Add(header.Field, header.Value); } response.HeaderEncoding = HeaderEncoding; foreach (Cookie cookie in Cookies) { response.Cookies.Add(cookie.GetHttpCookie()); } _cachePolicy.Apply(response.Cache); response.TrySkipIisCustomErrors = _skipIisCustomErrors; response.BinaryWrite(await _content.Value); }
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey) { httpRequest.ThrowIfNull("request"); httpResponse.ThrowIfNull("httpResponse"); suggestedResponse.ThrowIfNull("suggestedResponse"); if (!suggestedResponse.CachePolicy.HasPolicy || cache == null || cacheKey == null) { return ResponseHandlerResult.ResponseNotHandled(); } CacheItem cacheItem = cache.Get(cacheKey); string responseETag = suggestedResponse.CachePolicy.ETag; #region If-Match precondition header IfMatchHeader[] ifMatchHeaders = IfMatchHeader.ParseMany(httpRequest.Headers["If-Match"]).ToArray(); // Only consider If-Match headers if response status code is 2xx or 412 if (ifMatchHeaders.Any() && ((suggestedResponse.StatusCode.StatusCode >= 200 && suggestedResponse.StatusCode.StatusCode <= 299) || suggestedResponse.StatusCode.StatusCode == 412)) { // Return 412 if no If-Match header matches the response ETag // Return 412 if an "If-Match: *" header is present and the response has no ETag if (ifMatchHeaders.All(arg => arg.EntityTag.Value != responseETag) || (responseETag == null && ifMatchHeaders.Any(arg => arg.EntityTag.Value == "*"))) { return WriteResponse(httpResponse, Response.PreconditionFailed()); } } #endregion #region If-None-Match precondition header IfNoneMatchHeader[] ifNoneMatchHeaders = IfNoneMatchHeader.ParseMany(httpRequest.Headers["If-None-Match"]).ToArray(); if (ifNoneMatchHeaders.Any()) { // Return 304 if an If-None-Match header matches the response ETag and the request method was GET or HEAD // Return 304 if an "If-None-Match: *" header is present, the response has an ETag and the request method was GET or HEAD // Return 412 if an "If-None-Match: *" header is present, the response has an ETag and the request method was not GET or HEAD if (ifNoneMatchHeaders.Any(arg => arg.EntityTag.Value == responseETag) || (ifNoneMatchHeaders.Any(arg => arg.EntityTag.Value == "*") && responseETag != null)) { if (String.Equals(httpRequest.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase) || String.Equals(httpRequest.HttpMethod, "HEAD", StringComparison.OrdinalIgnoreCase)) { if (cacheItem != null) { cacheItem.Response.CachePolicy.Apply(httpResponse.Cache); } else { suggestedResponse.CachePolicy.Apply(httpResponse.Cache); } return WriteResponse(httpResponse, Response.NotModified()); } return WriteResponse(httpResponse, Response.PreconditionFailed()); } } #endregion #region If-Modified-Since precondition header IfModifiedSinceHeader ifModifiedSinceHeader = IfModifiedSinceHeader.Parse(httpRequest.Headers["If-Modified-Since"]); bool validIfModifiedSinceHttpDate = ifModifiedSinceHeader != null && ifModifiedSinceHeader.HttpDate <= _systemClock.UtcDateTime; // Only consider an If-Modified-Since header if response status code is 200 and the HTTP-date is valid if (suggestedResponse.StatusCode.ParsedStatusCode == HttpStatusCode.OK && validIfModifiedSinceHttpDate) { // Return 304 if the response was cached before the HTTP-date if (cacheItem != null && cacheItem.CachedUtcTimestamp < ifModifiedSinceHeader.HttpDate) { return WriteResponse(httpResponse, Response.NotModified()); } } #endregion #region If-Unmodified-Since precondition header IfUnmodifiedSinceHeader ifUnmodifiedSinceHeader = IfUnmodifiedSinceHeader.Parse(httpRequest.Headers["If-Unmodified-Since"]); bool validIfUnmodifiedSinceHttpDate = ifUnmodifiedSinceHeader != null && ifUnmodifiedSinceHeader.HttpDate <= _systemClock.UtcDateTime; // Only consider an If-Unmodified-Since header if response status code is 2xx or 412 and the HTTP-date is valid if (((suggestedResponse.StatusCode.StatusCode >= 200 && suggestedResponse.StatusCode.StatusCode <= 299) || suggestedResponse.StatusCode.StatusCode == 412) && validIfUnmodifiedSinceHttpDate) { // Return 412 if the previous response was removed from the cache or was cached again at a later time if (cacheItem == null || cacheItem.CachedUtcTimestamp >= ifUnmodifiedSinceHeader.HttpDate) { return WriteResponse(httpResponse, Response.PreconditionFailed()); } } #endregion #region No server caching // Do not cache the response when the response sends a non-cacheable status code, or when an Authorization header is present if (!_cacheableStatusCodes.Contains(suggestedResponse.StatusCode) || httpRequest.Headers["Authorization"] != null) { return WriteResponse(httpResponse, suggestedResponse); } CacheControlHeader cacheControlHeader = CacheControlHeader.Parse(httpRequest.Headers["Cache-Control"]); // Do not cache the response if a "Cache-Control: no-cache" or "Cache-Control: no-store" header is present if (cacheControlHeader != null && (cacheControlHeader.NoCache || cacheControlHeader.NoStore)) { return WriteResponse(httpResponse, suggestedResponse); } IEnumerable<PragmaHeader> pragmaHeader = PragmaHeader.ParseMany(httpRequest.Headers["Pragma"]); // Do not cache the response if a "Pragma: no-cache" header is present if (pragmaHeader.Any(arg => String.Equals(arg.Name, "no-cache", StringComparison.OrdinalIgnoreCase))) { return WriteResponse(httpResponse, suggestedResponse); } #endregion // Return 504 if the response has not been cached but the client is requesting to receive only a cached response if (cacheItem == null && cacheControlHeader != null && cacheControlHeader.OnlyIfCached) { return WriteResponse(httpResponse, Response.GatewayTimeout()); } if (cacheItem != null) { // Write the cached response if no Cache-Control header is present // Write the cached response if a "Cache-Control: max-age" header is validated // Write the cached response if a "Cache-Control: max-stale" header is validated // Write the cached response if a "Cache-Control: min-fresh" header is validated if (cacheControlHeader == null || _systemClock.UtcDateTime - cacheItem.CachedUtcTimestamp <= cacheControlHeader.MaxAge || cacheControlHeader.OnlyIfCached || cacheItem.ExpiresUtcTimestamp == null || _systemClock.UtcDateTime - cacheItem.ExpiresUtcTimestamp.Value <= cacheControlHeader.MaxStale || cacheItem.ExpiresUtcTimestamp.Value - _systemClock.UtcDateTime < cacheControlHeader.MinFresh) { return WriteResponseInCache(httpResponse, cacheItem); } } bool cacheOnServer = suggestedResponse.CachePolicy.AllowsServerCaching; var cacheResponse = new CacheResponse(suggestedResponse); if (cacheOnServer) { DateTime expirationUtcTimestamp = suggestedResponse.CachePolicy.ServerCacheExpirationUtcTimestamp != null ? suggestedResponse.CachePolicy.ServerCacheExpirationUtcTimestamp.Value : _systemClock.UtcDateTime + suggestedResponse.CachePolicy.ServerCacheMaxAge.Value; cache.Add(cacheKey, cacheResponse, expirationUtcTimestamp); } return WriteResponse(httpResponse, cacheResponse); }
public void WriteResponse(HttpResponseBase response) { response.ThrowIfNull("response"); response.StatusCode = _statusCode.StatusCode; response.SubStatusCode = _statusCode.SubStatusCode; response.ContentType = ContentType; response.Charset = Charset; response.ContentEncoding = ContentEncoding; foreach (Header header in Headers) { response.Headers.Add(header.Field, header.Value); } response.HeaderEncoding = HeaderEncoding; foreach (Cookie cookie in Cookies) { response.Cookies.Add(cookie.GetHttpCookie()); } _cachePolicy.Apply(response.Cache); response.BinaryWrite(_content); }
public void RemoveTicket(HttpResponseBase response) { response.ThrowIfNull("response"); var cookie = new HttpCookie(_configuration.CookieName, "") { Expires = new DateTime(2000, 01, 01), HttpOnly = true, Path = _configuration.CookiePath, Secure = _configuration.RequireSsl, Shareable = false }; if (_configuration.CookieDomain != null) { cookie.Domain = _configuration.CookieDomain; } response.Cookies.Remove(_configuration.CookieName); response.Cookies.Add(cookie); }