private void OnLeave(Object source, EventArgs eventArgs) { HttpApplication app; HttpContext context; app = (HttpApplication)source; context = app.Context; if (!Roles.Enabled || !Roles.CacheRolesInCookie || context.Response.HeadersWritten) { return; } if (context.User == null || !(context.User is RolePrincipal) || !context.User.Identity.IsAuthenticated) { return; } if (Roles.CookieRequireSSL && !context.Request.IsSecureConnection) { // if cookie is sent, then clear it if (context.Request.Cookies[Roles.CookieName] != null) { Roles.DeleteCookie(); } return; } RolePrincipal rp = (RolePrincipal)context.User; if (rp.CachedListChanged && context.Request.Browser.Cookies) { string s = rp.ToEncryptedTicket(); if (string.IsNullOrEmpty(s) || s.Length > MAX_COOKIE_LENGTH) { Roles.DeleteCookie(); } else { HttpCookie cookie = new HttpCookie(Roles.CookieName, s); cookie.HttpOnly = true; cookie.Path = Roles.CookiePath; cookie.Domain = Roles.Domain; if (Roles.CreatePersistentCookie) { cookie.Expires = rp.ExpireDate; } cookie.Secure = Roles.CookieRequireSSL; context.Response.Cookies.Add(cookie); } } }
private void OnLeave(object source, EventArgs eventArgs) { HttpApplication application = (HttpApplication)source; HttpContext context = application.Context; if (((Roles.Enabled && Roles.CacheRolesInCookie) && !context.Response.HeadersWritten) && (((context.User != null) && (context.User is RolePrincipal)) && context.User.Identity.IsAuthenticated)) { if (Roles.CookieRequireSSL && !context.Request.IsSecureConnection) { if (context.Request.Cookies[Roles.CookieName] != null) { Roles.DeleteCookie(); } } else { RolePrincipal user = (RolePrincipal)context.User; if (user.CachedListChanged && context.Request.Browser.Cookies) { string str = user.ToEncryptedTicket(); if (string.IsNullOrEmpty(str) || (str.Length > 0x1000)) { Roles.DeleteCookie(); } else { HttpCookie cookie = new HttpCookie(Roles.CookieName, str) { HttpOnly = true, Path = Roles.CookiePath, Domain = Roles.Domain }; if (Roles.CreatePersistentCookie) { cookie.Expires = user.ExpireDate; } cookie.Secure = Roles.CookieRequireSSL; context.Response.Cookies.Add(cookie); } } } } }
void OnEndRequest(object sender, EventArgs args) { HttpApplication app = (HttpApplication)sender; /* if we're not enabled or configured to cache * cookies, bail out */ if (_config == null || !_config.Enabled || !_config.CacheRolesInCookie) { return; } /* if the user isn't authenticated, bail * out */ if (!app.Request.IsAuthenticated) { return; } /* if the configuration requires ssl for * cookies and we're not on an ssl connection, * bail out */ if (_config.CookieRequireSSL && !app.Request.IsSecureConnection) { return; } RolePrincipal principal = app.Context.User as RolePrincipal; if (principal == null) /* just for my sanity */ { return; } if (!principal.CachedListChanged) { return; } string ticket = principal.ToEncryptedTicket(); if (ticket == null || ticket.Length > 4096) { ClearCookie(app, _config.CookieName); return; } HttpCookie cookie = new HttpCookie(_config.CookieName, ticket); cookie.HttpOnly = true; if (!string.IsNullOrEmpty(_config.Domain)) { cookie.Domain = _config.Domain; } if (_config.CookieRequireSSL) { cookie.Secure = true; } if (_config.CookiePath.Length > 1) // more than '/' { cookie.Path = _config.CookiePath; } app.Response.SetCookie(cookie); }