/// <summary> /// Gets a protected string to use as the value of the <see cref="ArmoredCookiesQueryParam"/> /// when making the requests in a multi-request upload. /// </summary> /// <returns>the protected string representing the cookies.</returns> /// <remarks>If the installed module does not explicitly support armored /// cookies, NeatUpoad will create a <see cref="Hashtable"/> /// containing the cookie names/values that ASP.NET uses for session ID and forms /// auth, and will pass it to <see cref="ObjectProtector.Protect"/>. /// </remarks> public static string GetArmoredCookies() { string armoredCookies = InstalledModule.GetArmoredCookies(); if (armoredCookies == null) { HttpCookieCollection cookies = HttpContext.Current.Request.Cookies; Hashtable authCookies = new Hashtable(); string[] cookieNames = new string[] { "ASP.NET_SESSIONID", "ASPSESSION", System.Web.Security.FormsAuthentication.FormsCookieName }; foreach (string cookieName in cookieNames) { HttpCookie cookie = cookies[cookieName]; if (cookie != null) { authCookies.Add(cookieName, cookie.Value); } } armoredCookies = ObjectProtector.Protect(authCookies); } return(armoredCookies); }
public static void ProcessRemoteCallRequest(HttpContext context, MethodCallHandler methodCallHandler) { string protectedPayload = context.Request.Params["ProtectedPayload"]; object[] methodCall = (object[])ObjectProtector.Unprotect(protectedPayload); object[] args = new object[methodCall.Length - 1]; Array.Copy(methodCall, 1, args, 0, args.Length); object retVal = methodCallHandler((string)methodCall[0], args); ArrayList resultsArray = new ArrayList(); resultsArray.Add(retVal); for (int i = 0; i < args.Length; i++) { if (args[i] is ICopyFromObject) { resultsArray.Add(args[i]); } } string responseBody = ObjectProtector.Protect(resultsArray.ToArray()); context.Response.ContentType = "application/octet-stream"; context.Response.Write(responseBody); }
public string Protect() { return(ObjectProtector.Protect(Serialize, Config.Current.EncryptionKey, Config.Current.ValidationKey)); }
internal static object MakeRemoteCall(Uri uri, HttpCookieCollection httpCookies, byte[] encryptionKey, byte[] validationKey, string encryptionAlgorithm, string validationAlgorithm, params object[] methodCall) { CookieContainer cookieContainer = new CookieContainer(); if (httpCookies != null) { foreach (string name in httpCookies.AllKeys) { string quotedCookieValue = httpCookies[name].Value; if (quotedCookieValue == null) { quotedCookieValue = ""; } else if (quotedCookieValue.IndexOfAny(new char[] { ',', ';' }) != -1) { quotedCookieValue = "\"" + quotedCookieValue.Replace("\"", "\\\"") + "\""; } try { cookieContainer.Add(new Cookie(name, quotedCookieValue, "/", uri.Host)); } catch (Exception ex) { // We typically only need to use cookies that are used to identify the session // so if other cookies throw exceptions, it is best to just ignore them. if (log.IsDebugEnabled) { log.DebugFormat("Ignore exception thrown by CookieContainer.Add(): {0}", ex); } } } } WebClient wc = new WebClient(); byte[] responseBytes = null; try { wc.Headers.Add("Cookie", cookieContainer.GetCookieHeader(uri)); string protectedRequestPayload = ObjectProtector.Protect(methodCall, encryptionKey, validationKey, encryptionAlgorithm, validationAlgorithm); NameValueCollection formValues = new NameValueCollection(); formValues.Add("ProtectedPayload", protectedRequestPayload); responseBytes = wc.UploadValues(uri.ToString(), formValues); } catch (Exception ex) { log.Error(String.Format("Caught exception while making call to {0} at {1}", methodCall[0], uri), ex); throw; } finally { wc.Dispose(); } string protectedResponsePayload = System.Text.Encoding.ASCII.GetString(responseBytes); if (protectedResponsePayload != null && protectedResponsePayload.Length > 0) { object[] results = null; results = (object[])ObjectProtector.Unprotect(protectedResponsePayload, encryptionKey, validationKey, encryptionAlgorithm, validationAlgorithm); int j = 1; for (int i = 1; i < methodCall.Length; i++) { ICopyFromObject copyFromObject = methodCall[i] as ICopyFromObject; if (copyFromObject != null) { copyFromObject.CopyFrom(results[j++]); } } return(results[0]); } return(null); }