public void Save(SessionData data)
{
var context = HttpContextUtilities.GetHttpContext();
if (context != null)
{
SaveSessionObjectDataToCookie(data, context);
return;
}
SaveSessionObjectDataToAssemblyIsolatedStorage(data);
}
internal override void Init()
{
var loadingResult = SessionObjectStorageStrategy.Load();
if (loadingResult.Status == SessionDataLoadingStatus.Succeeded)
{
SessionData = loadingResult.Data;
SaveAuthenticatedIdentity();
return;
}
//Either internet user is disabled or invalid/expired data stored in cookie. Sign out and redirect to login page
if (loadingResult.Status == SessionDataLoadingStatus.Invalid)
{
RemoveAuthenticatedIdentity();
if (Context.Request.Url != null && Context.Request.Url.AbsolutePath.IndexOf(FormsAuthentication.LoginUrl, StringComparison.OrdinalIgnoreCase) < 0)
{
FormsAuthentication.RedirectToLoginPage();
}
return;
}
SessionData = new SessionData();
}
private SessionDataLoadingResult LoadSessionObjectDataFromCookie(HttpContextBase context)
{
//for performance reason, try to load session object data from http context first
if (HttpContext.Current.Items.Contains(_sessionDataCookieName))
{
SessionData data = (SessionData)HttpContext.Current.Items[_sessionDataCookieName];
return(new SessionDataLoadingResult(SessionDataLoadingStatus.Succeeded, data));
}
try
{
string authenticationCookieName = FormsAuthentication.FormsCookieName;
HttpCookie authenticationCookie = context.Request.Cookies.Get(authenticationCookieName);
if (authenticationCookie == null || string.IsNullOrEmpty(authenticationCookie.Value))
{
return(SessionDataLoadingResult.NotExistedResult);
}
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authenticationCookie.Value);
HttpCookie sessionDataCookie = context.Request.Cookies.Get(_sessionDataCookieName);
if (sessionDataCookie == null || string.IsNullOrEmpty(sessionDataCookie.Value))
{
return(SessionDataLoadingResult.InvalidResult);
}
string dataString = sessionDataCookie.Value;
//Extract ticket, checksum and datastring from cookie
//Regex regEx = new Regex("(.*)?\\*{5}(.*)?\\*{5}(.*)");
//Match match = regEx.Match(dataString);
//string ticket = match.Groups[2].Value;
//string checksumFromCookie = match.Groups[3].Value;
//dataString = match.Groups[1].Value;
string[] l = dataString.Split(new[] { "*****" }, StringSplitOptions.None);
string ticket = l[1];
string checksumFromCookie = l[2];
dataString = l[0];
// Get the authenticated user name as part of the key, this is to make sure we have the correct
// Dashboard Session Data coupled with the right authentication cookie.
if (authTicket != null)
{
string sessionId = authTicket.Name;
//if (_securityUtility.UsernameContainsDomain(sessionId))
//{
// // If we are running windows authentication, remove domain from username.
// sessionId = SecurityUtility.ExtractUsername(sessionId);
//}
#region Check checksum. Logout and go to login page if not valid.
string generatedChecksum = CreateChecksum(dataString, ticket, sessionId);
if (generatedChecksum != checksumFromCookie)
{
return(SessionDataLoadingResult.InvalidResult);
}
}
#endregion
var stream = new MemoryStream(Convert.FromBase64String(dataString));
var bin = new BinaryFormatter();
var data = (SessionData)bin.Deserialize(stream);
stream.Close();
//Save for current request so we don't have to do this work for every requests during the same session
SaveSessionObjectDataToHttpContext(data, context);
return(new SessionDataLoadingResult(SessionDataLoadingStatus.Succeeded, data));
}
catch (Exception ex)
{
//Log.Error(this, ex.ToString());
}
return(SessionDataLoadingResult.NotExistedResult);
}
internal virtual void Init()
{
var loadingResult = SessionObjectStorageStrategy.Load();
if (loadingResult.Status != SessionDataLoadingStatus.Succeeded)
{
SessionData = new SessionData();
return;
}
SessionData = loadingResult.Data;
SaveAuthenticatedIdentity();
}
protected BaseSessionObject()
{
SessionData = new SessionData();
}
public SessionDataLoadingResult(SessionDataLoadingStatus status, SessionData data = null)
{
Data = data;
Status = status;
}
internal virtual void RemoveAuthenticatedIdentity()
{
SessionData = new SessionData();
Principal = null;
if (Context != null)
{
Context.User = null;
AuthenticationCookieManager.Remove(Context);
}
SessionObjectStorageStrategy.Remove();
}
internal virtual void Init(User loggingUser)
{
SessionData = new SessionData(loggingUser);
SaveAuthenticatedIdentity();
}
private void SaveSessionObjectDataToHttpContext(SessionData data, HttpContextBase context)
{
if (context.Items.Contains(_sessionDataCookieName))
{
context.Items[_sessionDataCookieName] = data;
}
else
{
context.Items.Add(_sessionDataCookieName, data);
}
}
private void SaveSessionObjectDataToCookie(SessionData data, HttpContextBase context)
{
//for performance reason, save session object data to http context
SaveSessionObjectDataToHttpContext(data, context);
BinaryFormatter bin = new BinaryFormatter();
MemoryStream stream = new MemoryStream();
bin.Serialize(stream, data);
string dataString = Convert.ToBase64String(stream.ToArray());
stream.Close();
string sessionId = data.Username;
string ticket = string.Format("{0}{1}", DateTime.Now.Ticks, Guid.NewGuid());
string chksum = CreateChecksum(dataString, ticket, sessionId);
string cookieValue = string.Format("{0}*****{1}*****{2}", dataString, ticket, chksum);
context.AddCookie(_sessionDataCookieName, cookieValue);
}
private static void SaveSessionObjectDataToAssemblyIsolatedStorage(SessionData data)
{
string filePath = GetIsolatedStorageFilePath();
BinaryFormatter bin = new BinaryFormatter();
MemoryStream stream = new MemoryStream();
bin.Serialize(stream, data);
string dataString = Convert.ToBase64String(stream.ToArray());
stream.Close();
IsolatedStorageFile s = IsolatedStorageFile.GetUserStoreForAssembly();
IsolatedStorageFileStream storage = new IsolatedStorageFileStream(filePath, FileMode.Create, s);
storage.Write(Encoding.ASCII.GetBytes(dataString), 0, dataString.Length);
storage.Close();
}
protected BaseSessionObject()
{
SessionData = new SessionData();
}
public SessionDataLoadingResult(SessionDataLoadingStatus status, SessionData data = null)
{
Data = data;
Status = status;
}
internal virtual void Init(User loggingUser)
{
SessionData = new SessionData(loggingUser);
SaveAuthenticatedIdentity();
}