internal RequestAnalysis(ContextInformation context, FormsAuthenticationCookieAnalysis formsAuthenticationCookieResult, FormsAuthenticationTicketAnalysis formsAuthenticationTicketResult, UserAuthenticationTicketAnalysis userAuthenticationTicketResult) { Context = context; FormsAuthenticationCookieResult = formsAuthenticationCookieResult; FormsAuthenticationTicketResult = formsAuthenticationTicketResult; UserAuthenticationTicketResult = userAuthenticationTicketResult; }
/// <summary> /// Creates a new instance of a FormsAuthenticationCookieAnalyzer /// </summary> /// <param name="formsAuthenticationCookie">The formsAuthenticationCookie to inspect</param> /// <param name="isEndRequest">Indicates whether the analysis is occurring during the EndRequest phase of the execution pipeline</param> public FormsAuthenticationAnalyzer(HttpCookie formsAuthenticationCookie, bool isEndRequest) { EnhancedSecurity.Initialize(); Context = new ContextInformation(); FormsAuthenticationCookieResult = AnalyzeFormsAuthenticationCookie(formsAuthenticationCookie); if (UserAuthentication.Enabled) { FormsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(FormsAuthenticationCookieResult, true, isEndRequest); UserAuthenticationTicketResult = AnalyzeServerAuthenticationTicket(Context, FormsAuthenticationCookieResult, FormsAuthenticationTicketResult, UserAuthentication.EnforceClientHostAddressValidation); } else { FormsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(FormsAuthenticationCookieResult, false, isEndRequest); UserAuthenticationTicketResult = new UserAuthenticationTicketAnalysis(); } }
/// <summary> /// Perform analysis of the UserAuthenticationTicket supplied /// </summary> /// <param name="contextInformation">Context information derived from the current request</param> /// <param name="cookieAnalysis">The result of the FormsAuthenticationCookie analysis</param> /// <param name="ticketAnalysis">The result of the FormsAuthenticationTicket analysis</param> /// <param name="userAuthenticationTicket">The UserAuthenticationTicket to inspect</param> /// <param name="enforceHostAddressValidation">Indicates whether to enforce that the ticket was provided from the same IP address for which it created</param> /// <returns>A UserAuthenticationTicketAnalysis object containing the results of the analysis</returns> public static UserAuthenticationTicketAnalysis AnalyzeServerAuthenticationTicket(ContextInformation contextInformation, FormsAuthenticationCookieAnalysis cookieAnalysis, FormsAuthenticationTicketAnalysis ticketAnalysis, UserAuthenticationTicket userAuthenticationTicket, bool enforceHostAddressValidation) { UserAuthenticationTicketAnalysis analysis = new UserAuthenticationTicketAnalysis(); HttpCookie formsAuthCookie = cookieAnalysis.FormsAuthenticationCookie; FormsAuthenticationTicket formsAuthTicket = ticketAnalysis.FormsAuthenticationTicket; analysis.TicketExists = (userAuthenticationTicket != null); if (analysis.TicketExists) { analysis.UserAuthenticationTicket = userAuthenticationTicket; if (userAuthenticationTicket != null) { analysis.CookieDomainMatch = (userAuthenticationTicket.CookieDomain == formsAuthCookie.Domain); analysis.CookiePathMatch = (userAuthenticationTicket.CookiePath == formsAuthTicket.CookiePath && formsAuthTicket.CookiePath == formsAuthCookie.Path); analysis.CookieSecureMatch = (userAuthenticationTicket.CookieSecure == formsAuthCookie.Secure); /* analysis.ExpirationMatch = (DateTime.Compare(UserAuthenticationTicket.TicketExpiration, formsAuthTicket.Expiration) == 0 && DateTime.Compare(formsAuthTicket.Expiration, formsAuthCookie.Expires) == 0); */ analysis.CookieNameMatch = (userAuthenticationTicket.CookieName == formsAuthCookie.Name); analysis.TicketPersistenceMatch = (userAuthenticationTicket.TicketIsPersistent == formsAuthTicket.IsPersistent); analysis.TicketIssueDateMatch = (DateTime.Compare(userAuthenticationTicket.TicketIssueDate, formsAuthTicket.IssueDate) == 0); analysis.TicketUsernameMatch = (userAuthenticationTicket.Username == formsAuthTicket.Name); analysis.TicketVersionMatch = (userAuthenticationTicket.TicketVersion == formsAuthTicket.Version); analysis.TicketHashMatch = (userAuthenticationTicket.TicketHash == ticketAnalysis.TicketHash); analysis.HostAddressMatch = (userAuthenticationTicket.HostAddress == contextInformation.HostAddress); } analysis.IsValid = analysis.CookieDomainMatch && analysis.CookiePathMatch && analysis.CookieSecureMatch && /* analysis.ExpirationMatch && */ analysis.CookieNameMatch && analysis.TicketPersistenceMatch && analysis.TicketIssueDateMatch && analysis.TicketUsernameMatch && analysis.TicketVersionMatch && analysis.TicketHashMatch && (!enforceHostAddressValidation || analysis.HostAddressMatch); if (!analysis.IsValid) { analysis.IsMalicious = !analysis.CookieDomainMatch || !analysis.CookiePathMatch || !analysis.CookieSecureMatch || /* !analysis.ExpirationMatch || */ !analysis.CookieNameMatch || !analysis.TicketPersistenceMatch || !analysis.TicketIssueDateMatch || !analysis.TicketUsernameMatch || !analysis.TicketVersionMatch || !analysis.TicketHashMatch || (enforceHostAddressValidation && !analysis.HostAddressMatch); } } else { analysis.IsValid = false; analysis.IsMalicious = false; } return analysis; }
/// <summary> /// Creates a new instance of a FormsAuthenticationCookieAnalyzer /// </summary> /// <param name="formsAuthenticationCookie">The formsAuthenticationCookie to inspect</param> /// <param name="requestPhase">The phase of the request procesisng lifecycle from which the analysis is being requested</param> /// <param name="saveToContext">Whether or not to save the result of the analysis to the HttpContext.Current.Items collection</param> public static RequestAnalysis AnalyzeRequest(HttpCookie formsAuthenticationCookie, RequestLifecyclePhase? requestPhase, bool saveToContext) { EnhancedSecurity.Initialize(); ContextInformation context = new ContextInformation(); FormsAuthenticationCookieAnalysis formsAuthenticationCookieResult = AnalyzeFormsAuthenticationCookie(formsAuthenticationCookie); FormsAuthenticationTicketAnalysis formsAuthenticationTicketResult; UserAuthenticationTicketAnalysis userAuthenticationTicketResult; if (UserAuthentication.Enabled) { formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, true, requestPhase); userAuthenticationTicketResult = AnalyzeServerAuthenticationTicket(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, UserAuthentication.EnforceClientHostAddressValidation); } else { formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, false, requestPhase); userAuthenticationTicketResult = new UserAuthenticationTicketAnalysis(); } RequestAnalysis result = new RequestAnalysis(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, userAuthenticationTicketResult); if (saveToContext) { string contextKey = "Analysis:" + requestPhase.ToString(); HttpContext.Current.Items[contextKey] = result; } return result; }