internal AuthConfig(object parent) { if (parent is AuthConfig) { has_parent = true; AuthConfig p = (AuthConfig)parent; mode = p.mode; cookieName = p.cookieName; cookiePath = p.cookiePath; loginUrl = p.loginUrl; protection = p.protection; timeout = p.timeout; pwdFormat = p.pwdFormat; #if NET_1_1 requireSSL = p.requireSSL; slidingExpiration = p.slidingExpiration; #endif #if NET_2_0 cookie_domain = p.cookie_domain; cookie_mode = p.cookie_mode; cookies_supported = p.cookies_supported; default_url = p.default_url; enable_crossapp_redirects = p.enable_crossapp_redirects; #endif credentialUsers = new Hashtable(p.CredentialUsers); } }
private static HttpSessionState CreateSessionState(string key, object state) { string id = key.Substring(CACHEKEYPREFIXLENGTH); ISessionStateItemCollection sessionItems = (ISessionStateItemCollection)ExpressionEvaluator.GetValue(state, "_sessionItems"); HttpStaticObjectsCollection staticObjects = (HttpStaticObjectsCollection)ExpressionEvaluator.GetValue(state, "_staticObjects"); int timeout = (int)ExpressionEvaluator.GetValue(state, "_timeout"); TypeRegistry.RegisterType("SessionStateModule", typeof(SessionStateModule)); HttpCookieMode cookieMode = (HttpCookieMode)ExpressionEvaluator.GetValue(null, "SessionStateModule.s_configCookieless"); SessionStateMode stateMode = (SessionStateMode)ExpressionEvaluator.GetValue(null, "SessionStateModule.s_configMode"); HttpSessionStateContainer container = new HttpSessionStateContainer( id , sessionItems , staticObjects , timeout , false , cookieMode , stateMode , true ); return((HttpSessionState)Activator.CreateInstance( typeof(HttpSessionState) , BindingFlags.Instance | BindingFlags.NonPublic , null , new object[] { container } , CultureInfo.InvariantCulture )); }
public HttpSessionStateContainer(string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) : this(null, id, sessionItems, staticObjects, timeout, newSession, cookieMode, mode, isReadonly) { if (id == null) { throw new ArgumentNullException("id"); } }
internal AuthConfig (object parent) { if (parent is AuthConfig) { has_parent = true; AuthConfig p = (AuthConfig) parent; mode = p.mode; cookieName = p.cookieName; cookiePath = p.cookiePath; loginUrl = p.loginUrl; protection = p.protection; timeout = p.timeout; pwdFormat = p.pwdFormat; #if NET_1_1 requireSSL = p.requireSSL; slidingExpiration = p.slidingExpiration; #endif #if NET_2_0 cookie_domain = p.cookie_domain; cookie_mode = p.cookie_mode; cookies_supported = p.cookies_supported; default_url = p.default_url; enable_crossapp_redirects = p.enable_crossapp_redirects; #endif credentialUsers = new Hashtable (p.CredentialUsers); } }
private static void Initialize() { if (!s_Initialized) { lock (s_InitLock) { if (!s_Initialized) { AnonymousIdentificationSection anonymousIdentification = RuntimeConfig.GetAppConfig().AnonymousIdentification; s_Enabled = anonymousIdentification.Enabled; s_CookieName = anonymousIdentification.CookieName; s_CookiePath = anonymousIdentification.CookiePath; s_CookieTimeout = (int)anonymousIdentification.CookieTimeout.TotalMinutes; s_RequireSSL = anonymousIdentification.CookieRequireSSL; s_SlidingExpiration = anonymousIdentification.CookieSlidingExpiration; s_Protection = anonymousIdentification.CookieProtection; s_CookieMode = anonymousIdentification.Cookieless; s_Domain = anonymousIdentification.Domain; s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification"); if (s_CookieTimeout < 1) { s_CookieTimeout = 1; } if (s_CookieTimeout > 0x100a40) { s_CookieTimeout = 0x100a40; } s_Initialized = true; } } } }
/// <summary> /// 变量初始化构造函数 /// </summary> public MaSecurityConfig() { m_loginUrl = "login.html"; //登录路径 m_defaultUrl = "default.html"; //定义在身份验证之后用于重定向的默认 URL。 m_cookieName = "MaRBACName"; //Cookie 名称 m_requireSSL = false; //指定是否需要 SSL 连接来传输身份验证 Cookie。 m_slidingExpiration = true; //指定是否启用可调过期时间。可调过期将 Cookie 的当前身份验证时间重置为在单个会话期间收到每个请求时过期。 m_timeout = 30; //指定 Cookie 过期前逝去的时间(以整数分钟为单位)。 m_cookiePath = "/"; //Cookie路径 m_cookieMode = HttpCookieMode.UseDeviceProfile; //定义是否使用 Cookie 以及 Cookie 的行为。 m_validateIP = false; m_maPrincipalType = "Masir.WebSite.Security.MaPrincipal"; m_openDoamin = new List <string>(); m_authorizationPath = new List <string>(); m_openPath = new List <string>(); m_securityIP = new List <string[]>(); m_securityIP.Add(new string[] { "127.0.0.1", "255.255.255.255" }); m_stopInfo = "未授权请求"; m_stopType = StopBrowseType.Redirect; m_cookieUseCurrentRootDomain = true; }
/// <summary> /// IHttpModule.Init /// </summary> /// <param name="app"></param> public void Init(HttpApplication app) { // Add event handlers. app.AcquireRequestState += OnAcquireRequestState; app.ReleaseRequestState += OnReleaseRequestState; app.EndRequest += OnEndRequest; // Create a SessionIDManager. sessionIdManager = new SessionIDManager(); sessionIdManager.Initialize(); // If not already initialized, initialize timer and configuration. if (!initialized) { lock (LockObject) { if (!initialized) { OnInit(); // Get the configuration section and set timeout and CookieMode values. Configuration cfg = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath); SessionStateSection config = (SessionStateSection)cfg.GetSection("system.web/sessionState"); Timeout = (int)config.Timeout.TotalMinutes; CookieMode = config.Cookieless; initialized = true; } } } }
public static void Initialize() { if (initialized) { return; } lock (locker) { if (initialized) { return; } #if NET_2_0 AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.GetSection(authConfigPath); FormsAuthenticationConfiguration config = section.Forms; cookieName = config.Name; timeout = (int)config.Timeout.TotalMinutes; cookiePath = config.Path; protection = config.Protection; requireSSL = config.RequireSSL; slidingExpiration = config.SlidingExpiration; cookie_domain = config.Domain; cookie_mode = config.Cookieless; cookies_supported = true; /* XXX ? */ default_url = MapUrl(config.DefaultUrl); enable_crossapp_redirects = config.EnableCrossAppRedirects; login_url = MapUrl(config.LoginUrl); #else HttpContext context = HttpContext.Current; AuthConfig authConfig = context.GetConfig(authConfigPath) as AuthConfig; if (authConfig != null) { cookieName = authConfig.CookieName; timeout = authConfig.Timeout; cookiePath = authConfig.CookiePath; protection = authConfig.Protection; #if NET_1_1 requireSSL = authConfig.RequireSSL; slidingExpiration = authConfig.SlidingExpiration; #endif } else { cookieName = ".MONOAUTH"; timeout = 30; cookiePath = "/"; protection = FormsProtectionEnum.All; #if NET_1_1 slidingExpiration = true; #endif } #endif initialized = true; } }
internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode) { switch (cookieMode) { case HttpCookieMode.UseUri: return(true); case HttpCookieMode.UseCookies: return(false); case HttpCookieMode.AutoDetect: if (context == null) { context = HttpContext.Current; } if (context == null) { return(false); } if (context.Request.Browser.Cookies && context.Request.Browser.SupportsRedirectWithCookie) { string cookieValue = context.CookielessHelper.GetCookieValue('X'); if ((cookieValue != null) && (cookieValue == "1")) { return(true); } string str2 = context.Request.Headers["Cookie"]; if (string.IsNullOrEmpty(str2)) { string str3 = context.Request.QueryString["AspxAutoDetectCookieSupport"]; if ((str3 != null) && (str3 == "1")) { context.CookielessHelper.SetCookieValue('X', "1"); return(true); } if (doRedirect) { context.CookielessHelper.RedirectWithDetection(null); } } return(false); } return(true); case HttpCookieMode.UseDeviceProfile: if (context == null) { context = HttpContext.Current; } if (context == null) { return(false); } return(!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie); } return(false); }
protected virtual void Reset() { _sessionID = Guid.NewGuid().ToString(); _isNewSession = false; _isCookieless = false; _mode = SessionStateMode.InProc; _codePage = -1; _cookieMode = HttpCookieMode.AutoDetect; }
/// <summary> /// Initializes a new instance of the <see cref="FakeHttpSessionState"/> class. /// </summary> public FakeHttpSessionState() { this.sessionItems = new NameObjectCollection<object>(StringComparer.InvariantCultureIgnoreCase); this.staticObjects = new HttpStaticObjectsCollectionWrapper(new HttpStaticObjectsCollection()); this.cookieMode = HttpCookieMode.UseCookies; this.isNewSession = true; this.mode = SessionStateMode.InProc; this.sessionID = Guid.NewGuid().ToString("N"); }
public TaskWaitRedisHttpSessionStateContainer(string id, RedisSessionItemHash sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) : base(id, sessionItems, staticObjects, timeout, newSession, cookieMode, mode, isReadonly) { SessionItems = sessionItems; }
internal HttpSessionStateContainer(SessionStateModule stateModule, string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) { this._stateModule = stateModule; this._id = id; this._sessionItems = sessionItems; this._staticObjects = staticObjects; this._timeout = timeout; this._newSession = newSession; this._cookieMode = cookieMode; this._mode = mode; this._isReadonly = isReadonly; }
public static void Initialize() { if (initialized) { return; } lock (locker) { if (initialized) { return; } AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.GetSection(authConfigPath); FormsAuthenticationConfiguration config = section.Forms; cookieName = config.Name; #if NET_4_0 Timeout = config.Timeout; #endif timeout = (int)config.Timeout.TotalMinutes; cookiePath = config.Path; protection = config.Protection; requireSSL = config.RequireSSL; slidingExpiration = config.SlidingExpiration; cookie_domain = config.Domain; cookie_mode = config.Cookieless; cookies_supported = true; /* XXX ? */ #if NET_4_0 if (!String.IsNullOrEmpty(default_url)) { default_url = MapUrl(default_url); } else #endif default_url = MapUrl(config.DefaultUrl); enable_crossapp_redirects = config.EnableCrossAppRedirects; #if NET_4_0 if (!String.IsNullOrEmpty(login_url)) { login_url = MapUrl(login_url); } else #endif login_url = MapUrl(config.LoginUrl); initialized = true; } }
//////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// // RedirectWithDetection if we need to internal void RedirectWithDetectionIfRequired(string redirectPath, HttpCookieMode cookieMode) { Init(); //////////////////////////////////////////////////////////// // Step 1: Check if config wants us to do a challenge-reponse if (cookieMode != HttpCookieMode.AutoDetect) { return; } //////////////////////////////////////////////////////////// // Step 2: Check browser caps if (!_Context.Request.Browser.Cookies || !_Context.Request.Browser.SupportsRedirectWithCookie) { return; } //////////////////////////////////////////////////////////// // Step 3: Check header string cookieDetectHeader = GetCookieValue('X'); if (cookieDetectHeader != null && cookieDetectHeader == "1") { return; } //////////////////////////////////////////////////////////// // Step 4: see if the client sent any cookies string cookieHeader = _Context.Request.Headers["Cookie"]; if (!String.IsNullOrEmpty(cookieHeader)) { return; } //////////////////////////////////////////////////////////// // Step 5: See if we already did a challenge-reponse string qs = _Context.Request.QueryString[s_AutoDetectName]; if (qs != null && qs == s_AutoDetectValue) // Yes, we have done a challenge-response // No cookies present => no cookie support { SetCookieValue('X', "1"); return; } //////////////////////////////////////////////////////////// // Do a challenge response RedirectWithDetection(redirectPath); }
public void Init(HttpApplication app) { bool flag = false; SessionStateSection sessionState = RuntimeConfig.GetAppConfig().SessionState; if (!this.s_oneTimeInit) { s_lock.AcquireWriterLock(); try { if (!this.s_oneTimeInit) { this.InitModuleFromConfig(app, sessionState); flag = true; if (!CheckTrustLevel(sessionState)) { s_trustLevelInsufficient = true; } s_timeout = (int)sessionState.Timeout.TotalMinutes; s_useHostingIdentity = sessionState.UseHostingIdentity; if ((sessionState.Mode == SessionStateMode.InProc) && this._usingAspnetSessionIdManager) { s_allowInProcOptimization = true; } if (((sessionState.Mode != SessionStateMode.Custom) && (sessionState.Mode != SessionStateMode.Off)) && !sessionState.RegenerateExpiredSessionId) { s_allowDelayedStateStoreItemCreation = true; } s_configExecutionTimeout = RuntimeConfig.GetConfig().HttpRuntime.ExecutionTimeout; s_configRegenerateExpiredSessionId = sessionState.RegenerateExpiredSessionId; s_configCookieless = sessionState.Cookieless; s_configMode = sessionState.Mode; this.s_oneTimeInit = true; } } finally { s_lock.ReleaseWriterLock(); } } if (!flag) { this.InitModuleFromConfig(app, sessionState); } if (s_trustLevelInsufficient) { throw new HttpException(System.Web.SR.GetString("Session_state_need_higher_trust")); } }
/// <summary> /// Initialize the module /// </summary> /// <param name="app"></param> public void Init(HttpApplication app) { bool initModuleCalled = false; if (!s_oneTimeInit) { lock (LockObject) { if (!s_oneTimeInit) { s_config = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection; if (s_config == null) { throw new ConfigurationErrorsException(string.Format(SR.Error_Occured_Reading_Config_Secion, "system.web/sessionState")); } InitModuleFromConfig(app, s_config); initModuleCalled = true; s_timeout = (int)s_config.Timeout.TotalMinutes; var section = ConfigurationManager.GetSection("system.web/httpRuntime") as HttpRuntimeSection; if (section == null) { throw new ConfigurationErrorsException(string.Format(SR.Error_Occured_Reading_Config_Secion, "system.web/httpRuntime")); } s_configExecutionTimeout = section.ExecutionTimeout; s_configRegenerateExpiredSessionId = s_config.RegenerateExpiredSessionId; s_configCookieless = s_config.Cookieless; s_configMode = s_config.Mode; if (!s_pollIntervalRegLookedUp) { LookUpRegForPollInterval(); } // The last thing to set in this if-block. s_oneTimeInit = true; } } } if (!initModuleCalled) { InitModuleFromConfig(app, s_config); } }
SessionStateModule _stateModule; // used for optimized InProc session id callback public HttpSessionStateContainer( String id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) : this(null, id, sessionItems, staticObjects, timeout, newSession, cookieMode, mode, isReadonly) { if (id == null) { throw new ArgumentNullException("id"); } }
public MySessionState(string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) { pId = id; pSessionItems = sessionItems; pStaticObjects = staticObjects; pTimeout = timeout; pNewSession = newSession; pCookieMode = cookieMode; pMode = mode; pIsReadonly = isReadonly; }
internal HttpSessionStateContainer( SessionStateModule stateModule, string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) { _stateModule = stateModule; _id = id; // If null, it means we're delaying session id reading _sessionItems = sessionItems; _staticObjects = staticObjects; _timeout = timeout; _newSession = newSession; _cookieMode = cookieMode; _mode = mode; _isReadonly = isReadonly; }
public static void Initialize() { if (!_Initialized) { lock (_lockObject) { if (!_Initialized) { AuthenticationSection authentication = RuntimeConfig.GetAppConfig().Authentication; authentication.ValidateAuthenticationMode(); _FormsName = authentication.Forms.Name; _RequireSSL = authentication.Forms.RequireSSL; _SlidingExpiration = authentication.Forms.SlidingExpiration; if (_FormsName == null) { _FormsName = ".ASPXAUTH"; } _Protection = authentication.Forms.Protection; _Timeout = (int)authentication.Forms.Timeout.TotalMinutes; _FormsCookiePath = authentication.Forms.Path; _LoginUrl = authentication.Forms.LoginUrl; if (_LoginUrl == null) { _LoginUrl = "login.aspx"; } _DefaultUrl = authentication.Forms.DefaultUrl; if (_DefaultUrl == null) { _DefaultUrl = "default.aspx"; } _CookieMode = authentication.Forms.Cookieless; _CookieDomain = authentication.Forms.Domain; _EnableCrossAppRedirects = authentication.Forms.EnableCrossAppRedirects; _TicketCompatibilityMode = authentication.Forms.TicketCompatibilityMode; _Initialized = true; } } } }
public HttpSessionStateContainer (string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) { if (id == null) throw new ArgumentNullException ("id"); this.sessionItems = sessionItems; this.id = id; this.staticObjects = staticObjects; this.timeout = timeout; this.newSession = newSession; this.cookieMode = cookieMode; this.mode = mode; this.isReadOnly = isReadonly; this.isCookieless = cookieMode == HttpCookieMode.UseUri; }
// // IHttpModule.Init // public void Init(HttpApplication app) { // Add event handlers. app.AcquireRequestState += new EventHandler(this.OnAcquireRequestState); app.ReleaseRequestState += new EventHandler(this.OnReleaseRequestState); app.EndRequest += new EventHandler(this.OnEndRequest); // Create a SessionIDManager. pSessionIDManager = new SessionIDManager(); pSessionIDManager.Initialize(); // If not already initialized, initialize timer and configuration. if (!pInitialized) { lock (typeof(LockFreeSessionStateModule)) { if (!pInitialized) { // Create a Timer to invoke the ExpireCallback method based on // the pTimerSeconds value (e.g. every 10 seconds). pTimer = new Timer(new TimerCallback(this.ExpireCallback), null, 0, pTimerSeconds * 1000); // Get the configuration section and set timeout and CookieMode values. Configuration cfg = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath); pConfig = (SessionStateSection)cfg.GetSection("system.web/sessionState"); pTimeout = (int)pConfig.Timeout.TotalMinutes; pCookieMode = pConfig.Cookieless; pInitialized = true; } } } }
internal void RedirectWithDetectionIfRequired(string redirectPath, HttpCookieMode cookieMode) { this.Init(); if ((cookieMode == HttpCookieMode.AutoDetect) && (this._Context.Request.Browser.Cookies && this._Context.Request.Browser.SupportsRedirectWithCookie)) { string cookieValue = this.GetCookieValue('X'); if ((cookieValue == null) || (cookieValue != "1")) { string str2 = this._Context.Request.Headers["Cookie"]; if (string.IsNullOrEmpty(str2)) { string str3 = this._Context.Request.QueryString["AspxAutoDetectCookieSupport"]; if ((str3 != null) && (str3 == "1")) { this.SetCookieValue('X', "1"); } else { this.RedirectWithDetection(redirectPath); } } } } }
///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // Static functions private static void Initialize() { if (s_Initialized) { return; } lock (s_InitLock) { if (s_Initialized) { return; } AnonymousIdentificationSection settings = RuntimeConfig.GetAppConfig().AnonymousIdentification; s_Enabled = settings.Enabled; s_CookieName = settings.CookieName; s_CookiePath = settings.CookiePath; s_CookieTimeout = (int)settings.CookieTimeout.TotalMinutes; s_RequireSSL = settings.CookieRequireSSL; s_SlidingExpiration = settings.CookieSlidingExpiration; s_Protection = settings.CookieProtection; s_CookieMode = settings.Cookieless; s_Domain = settings.Domain; s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification"); if (s_CookieTimeout < 1) { s_CookieTimeout = 1; } if (s_CookieTimeout > 60 * 24 * 365 * 2) { s_CookieTimeout = 60 * 24 * 365 * 2; // 2 years } s_Initialized = true; } }
public HttpSessionStateContainer(string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) { if (id == null) { throw new ArgumentNullException("id"); } this.sessionItems = sessionItems; this.id = id; this.staticObjects = staticObjects; this.timeout = timeout; this.newSession = newSession; this.cookieMode = cookieMode; this.mode = mode; this.isReadOnly = isReadonly; this.isCookieless = cookieMode == HttpCookieMode.UseUri; }
public void SetCookieMode(HttpCookieMode val) { _cookieMode = val; }
public static void Initialize() { if (!_Initialized) { lock (_lockObject) { if (!_Initialized) { AuthenticationSection authentication = RuntimeConfig.GetAppConfig().Authentication; authentication.ValidateAuthenticationMode(); _FormsName = authentication.Forms.Name; _RequireSSL = authentication.Forms.RequireSSL; _SlidingExpiration = authentication.Forms.SlidingExpiration; if (_FormsName == null) { _FormsName = ".ASPXAUTH"; } _Protection = authentication.Forms.Protection; _Timeout = (int) authentication.Forms.Timeout.TotalMinutes; _FormsCookiePath = authentication.Forms.Path; _LoginUrl = authentication.Forms.LoginUrl; if (_LoginUrl == null) { _LoginUrl = "login.aspx"; } _DefaultUrl = authentication.Forms.DefaultUrl; if (_DefaultUrl == null) { _DefaultUrl = "default.aspx"; } _CookieMode = authentication.Forms.Cookieless; _CookieDomain = authentication.Forms.Domain; _EnableCrossAppRedirects = authentication.Forms.EnableCrossAppRedirects; _TicketCompatibilityMode = authentication.Forms.TicketCompatibilityMode; _Initialized = true; } } } }
public static void Main() { // <Snippet1> // Get the Web application configuration. System.Configuration.Configuration configuration = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration( "/aspnetTest"); // Get the section. AuthenticationSection authenticationSection = (AuthenticationSection)configuration.GetSection( "system.web/authentication"); // </Snippet1> // <Snippet2> AuthenticationSection newauthenticationSection = new AuthenticationSection(); // </Snippet2> // <Snippet3> // Get the current Passport property. PassportAuthentication currentPassport = authenticationSection.Passport; // Get the Passport redirect URL. string passRedirectUrl = currentPassport.RedirectUrl; // </Snippet3> // <Snippet4> // Get the current Mode property. AuthenticationMode currentMode = authenticationSection.Mode; // Set the Mode property to Windows. authenticationSection.Mode = AuthenticationMode.Windows; // </Snippet4> // <Snippet5> // Get the current Forms property. FormsAuthenticationConfiguration currentForms = authenticationSection.Forms; // Get the Forms attributes. string name = currentForms.Name; string login = currentForms.LoginUrl; string path = currentForms.Path; HttpCookieMode cookieLess = currentForms.Cookieless; bool requireSSL = currentForms.RequireSSL; bool slidingExpiration = currentForms.SlidingExpiration; bool enableXappRedirect = currentForms.EnableCrossAppRedirects; TimeSpan timeout = currentForms.Timeout; FormsProtectionEnum protection = currentForms.Protection; string defaultUrl = currentForms.DefaultUrl; string domain = currentForms.Domain; // </Snippet5> }
public void Init(HttpApplication app) { bool initModuleCalled = false; SessionStateSection config = RuntimeConfig.GetAppConfig().SessionState; if (!s_oneTimeInit) { s_lock.AcquireWriterLock(); try { if (!s_oneTimeInit) { InitModuleFromConfig(app, config); initModuleCalled = true; if (!CheckTrustLevel(config)) s_trustLevelInsufficient = true; s_timeout = (int)config.Timeout.TotalMinutes; s_useHostingIdentity = config.UseHostingIdentity; // See if we can try InProc optimization. See inline doc of s_allowInProcOptimization // for details. if (config.Mode == SessionStateMode.InProc && _usingAspnetSessionIdManager) { s_allowInProcOptimization = true; } if (config.Mode != SessionStateMode.Custom && config.Mode != SessionStateMode.Off && !config.RegenerateExpiredSessionId) { s_allowDelayedStateStoreItemCreation = true; } s_configExecutionTimeout = RuntimeConfig.GetConfig().HttpRuntime.ExecutionTimeout; s_configRegenerateExpiredSessionId = config.RegenerateExpiredSessionId; s_configCookieless = config.Cookieless; s_configMode = config.Mode; // The last thing to set in this if-block. s_oneTimeInit = true; Debug.Trace("SessionStateModuleInit", "Configuration: _mode=" + config.Mode + ";Timeout=" + config.Timeout + ";CookieMode=" + config.Cookieless + ";SqlConnectionString=" + config.SqlConnectionString + ";StateConnectionString=" + config.StateConnectionString + ";s_allowInProcOptimization=" + s_allowInProcOptimization + ";s_allowDelayedStateStoreItemCreation=" + s_allowDelayedStateStoreItemCreation); } } finally { s_lock.ReleaseWriterLock(); } } if (!initModuleCalled) { InitModuleFromConfig(app, config); } if (s_trustLevelInsufficient) { throw new HttpException(SR.GetString(SR.Session_state_need_higher_trust)); } }
private static void Initialize() { if (!s_Initialized) { lock (s_InitLock) { if (!s_Initialized) { AnonymousIdentificationSection anonymousIdentification = RuntimeConfig.GetAppConfig().AnonymousIdentification; s_Enabled = anonymousIdentification.Enabled; s_CookieName = anonymousIdentification.CookieName; s_CookiePath = anonymousIdentification.CookiePath; s_CookieTimeout = (int) anonymousIdentification.CookieTimeout.TotalMinutes; s_RequireSSL = anonymousIdentification.CookieRequireSSL; s_SlidingExpiration = anonymousIdentification.CookieSlidingExpiration; s_Protection = anonymousIdentification.CookieProtection; s_CookieMode = anonymousIdentification.Cookieless; s_Domain = anonymousIdentification.Domain; s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification"); if (s_CookieTimeout < 1) { s_CookieTimeout = 1; } if (s_CookieTimeout > 0x100a40) { s_CookieTimeout = 0x100a40; } s_Initialized = true; } } } }
//////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// // RedirectWithDetection if we need to internal void RedirectWithDetectionIfRequired(string redirectPath, HttpCookieMode cookieMode) { Init(); //////////////////////////////////////////////////////////// // Step 1: Check if config wants us to do a challenge-reponse if (cookieMode != HttpCookieMode.AutoDetect) { return; } //////////////////////////////////////////////////////////// // Step 2: Check browser caps if (!_Context.Request.Browser.Cookies || !_Context.Request.Browser.SupportsRedirectWithCookie) { return; } //////////////////////////////////////////////////////////// // Step 3: Check header string cookieDetectHeader = GetCookieValue('X'); if (cookieDetectHeader != null && cookieDetectHeader == "1") { return; } //////////////////////////////////////////////////////////// // Step 4: see if the client sent any cookies string cookieHeader = _Context.Request.Headers["Cookie"]; if (!String.IsNullOrEmpty(cookieHeader)) { return; } //////////////////////////////////////////////////////////// // Step 5: See if we already did a challenge-reponse string qs = _Context.Request.QueryString[s_AutoDetectName]; if (qs != null && qs == s_AutoDetectValue) { // Yes, we have done a challenge-response // No cookies present => no cookie support SetCookieValue('X', "1"); return; } //////////////////////////////////////////////////////////// // Do a challenge response RedirectWithDetection(redirectPath); }
//////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// // Look at config (<httpCookies>) and (maybe) current request, and return // whether to use cookie-less feature internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode) { //////////////////////////////////////////////////////////// // Step 2: Look at config switch(cookieMode) { case HttpCookieMode.UseUri: // Use cookieless always return true; case HttpCookieMode.UseCookies: // Never use cookieless return false; case HttpCookieMode.UseDeviceProfile: // Use browser config if (context == null) context = HttpContext.Current; if (context == null) return false; bool fRet = (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie); return fRet; case HttpCookieMode.AutoDetect: // Detect based on whether the client supports cookieless if (context == null) context = HttpContext.Current; if (context == null) return false; if (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie) { return true; } ////////////////////////////////////////////////////////////////// // Look in the header string cookieDetectHeader = context.CookielessHelper.GetCookieValue('X'); if (cookieDetectHeader != null && cookieDetectHeader == "1") { return true; } ////////////////////////////////////////////////// // Step 3a: See if the client sent any (request) cookies string cookieHeader = context.Request.Headers["Cookie"]; if (!String.IsNullOrEmpty(cookieHeader)) { // Yes, client sent request cookies return false; } ////////////////////////////////////////////////// // Step 3b: See if we have done a challenge-response to detect cookie support string qs = context.Request.QueryString[s_AutoDetectName]; if (qs != null && qs == s_AutoDetectValue) { // Yes, we have done a challenge-response: No cookies present => no cookie support context.CookielessHelper.SetCookieValue('X', "1"); return true; } ////////////////////////////////////////////////// // Step 3c: Do a challenge-response (redirect) to detect cookie support if (doRedirect) { context.CookielessHelper.RedirectWithDetection(null); } // Note: if doRedirect==true, execution won't reach here return false; default: // Config broken? return false; } }
public void Init(HttpApplication app) { bool flag = false; SessionStateSection sessionState = RuntimeConfig.GetAppConfig().SessionState; if (!this.s_oneTimeInit) { s_lock.AcquireWriterLock(); try { if (!this.s_oneTimeInit) { this.InitModuleFromConfig(app, sessionState); flag = true; if (!CheckTrustLevel(sessionState)) { s_trustLevelInsufficient = true; } s_timeout = (int) sessionState.Timeout.TotalMinutes; s_useHostingIdentity = sessionState.UseHostingIdentity; if ((sessionState.Mode == SessionStateMode.InProc) && this._usingAspnetSessionIdManager) { s_allowInProcOptimization = true; } if (((sessionState.Mode != SessionStateMode.Custom) && (sessionState.Mode != SessionStateMode.Off)) && !sessionState.RegenerateExpiredSessionId) { s_allowDelayedStateStoreItemCreation = true; } s_configExecutionTimeout = RuntimeConfig.GetConfig().HttpRuntime.ExecutionTimeout; s_configRegenerateExpiredSessionId = sessionState.RegenerateExpiredSessionId; s_configCookieless = sessionState.Cookieless; s_configMode = sessionState.Mode; this.s_oneTimeInit = true; } } finally { s_lock.ReleaseWriterLock(); } } if (!flag) { this.InitModuleFromConfig(app, sessionState); } if (s_trustLevelInsufficient) { throw new HttpException(System.Web.SR.GetString("Session_state_need_higher_trust")); } }
internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode) { switch (cookieMode) { case HttpCookieMode.UseUri: return true; case HttpCookieMode.UseCookies: return false; case HttpCookieMode.AutoDetect: if (context == null) { context = HttpContext.Current; } if (context == null) { return false; } if (context.Request.Browser.Cookies && context.Request.Browser.SupportsRedirectWithCookie) { string cookieValue = context.CookielessHelper.GetCookieValue('X'); if ((cookieValue != null) && (cookieValue == "1")) { return true; } string str2 = context.Request.Headers["Cookie"]; if (string.IsNullOrEmpty(str2)) { string str3 = context.Request.QueryString["AspxAutoDetectCookieSupport"]; if ((str3 != null) && (str3 == "1")) { context.CookielessHelper.SetCookieValue('X', "1"); return true; } if (doRedirect) { context.CookielessHelper.RedirectWithDetection(null); } } return false; } return true; case HttpCookieMode.UseDeviceProfile: if (context == null) { context = HttpContext.Current; } if (context == null) { return false; } return (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie); } return false; }
/// <summary> /// Sets a value that indicates whether the application is configured for cookieless sessions. /// </summary> /// <param name="cookieMode">The cookie mode.</param> public void SetCookieMode(HttpCookieMode cookieMode) { this.cookieMode = cookieMode; }
///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // Static functions private static void Initialize() { if (s_Initialized) return; lock(s_InitLock) { if (s_Initialized) return; AnonymousIdentificationSection settings = RuntimeConfig.GetAppConfig().AnonymousIdentification; s_Enabled = settings.Enabled; s_CookieName = settings.CookieName; s_CookiePath = settings.CookiePath; s_CookieTimeout = (int) settings.CookieTimeout.TotalMinutes; s_RequireSSL = settings.CookieRequireSSL; s_SlidingExpiration = settings.CookieSlidingExpiration; s_Protection = settings.CookieProtection; s_CookieMode = settings.Cookieless; s_Domain = settings.Domain; s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification"); if (s_CookieTimeout < 1) s_CookieTimeout = 1; if (s_CookieTimeout > 60 * 24 * 365 * 2) s_CookieTimeout = 60 * 24 * 365 * 2; // 2 years s_Initialized = true; } }
public void SetCookieMode(HttpCookieMode val) { }
public static void Initialize () { if (initialized) return; lock (locker) { if (initialized) return; AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.GetSection (authConfigPath); FormsAuthenticationConfiguration config = section.Forms; cookieName = config.Name; Timeout = config.Timeout; timeout = (int)config.Timeout.TotalMinutes; cookiePath = config.Path; protection = config.Protection; requireSSL = config.RequireSSL; slidingExpiration = config.SlidingExpiration; cookie_domain = config.Domain; cookie_mode = config.Cookieless; cookies_supported = true; /* XXX ? */ if (!String.IsNullOrEmpty (default_url)) default_url = MapUrl (default_url); else default_url = MapUrl(config.DefaultUrl); enable_crossapp_redirects = config.EnableCrossAppRedirects; if (!String.IsNullOrEmpty (login_url)) login_url = MapUrl (login_url); else login_url = MapUrl(config.LoginUrl); initialized = true; } }
//////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// // Look at config (<httpCookies>) and (maybe) current request, and return // whether to use cookie-less feature internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode) { //////////////////////////////////////////////////////////// // Step 2: Look at config switch (cookieMode) { case HttpCookieMode.UseUri: // Use cookieless always return(true); case HttpCookieMode.UseCookies: // Never use cookieless return(false); case HttpCookieMode.UseDeviceProfile: // Use browser config if (context == null) { context = HttpContext.Current; } if (context == null) { return(false); } bool fRet = (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie); return(fRet); case HttpCookieMode.AutoDetect: // Detect based on whether the client supports cookieless if (context == null) { context = HttpContext.Current; } if (context == null) { return(false); } if (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie) { return(true); } ////////////////////////////////////////////////////////////////// // Look in the header string cookieDetectHeader = context.CookielessHelper.GetCookieValue('X'); if (cookieDetectHeader != null && cookieDetectHeader == "1") { return(true); } ////////////////////////////////////////////////// // Step 3a: See if the client sent any (request) cookies string cookieHeader = context.Request.Headers["Cookie"]; if (!String.IsNullOrEmpty(cookieHeader)) // Yes, client sent request cookies { return(false); } ////////////////////////////////////////////////// // Step 3b: See if we have done a challenge-response to detect cookie support string qs = context.Request.QueryString[s_AutoDetectName]; if (qs != null && qs == s_AutoDetectValue) // Yes, we have done a challenge-response: No cookies present => no cookie support { context.CookielessHelper.SetCookieValue('X', "1"); return(true); } ////////////////////////////////////////////////// // Step 3c: Do a challenge-response (redirect) to detect cookie support if (doRedirect) { context.CookielessHelper.RedirectWithDetection(null); } // Note: if doRedirect==true, execution won't reach here return(false); default: // Config broken? return(false); } }