internal AuthConfig(object parent)
{
if (parent is AuthConfig)
{
has_parent = true;
AuthConfig p = (AuthConfig)parent;
mode = p.mode;
cookieName = p.cookieName;
cookiePath = p.cookiePath;
loginUrl = p.loginUrl;
protection = p.protection;
timeout = p.timeout;
pwdFormat = p.pwdFormat;
#if NET_1_1
requireSSL = p.requireSSL;
slidingExpiration = p.slidingExpiration;
#endif
#if NET_2_0
cookie_domain = p.cookie_domain;
cookie_mode = p.cookie_mode;
cookies_supported = p.cookies_supported;
default_url = p.default_url;
enable_crossapp_redirects = p.enable_crossapp_redirects;
#endif
credentialUsers = new Hashtable(p.CredentialUsers);
}
}
private static HttpSessionState CreateSessionState(string key, object state)
{
string id = key.Substring(CACHEKEYPREFIXLENGTH);
ISessionStateItemCollection sessionItems =
(ISessionStateItemCollection)ExpressionEvaluator.GetValue(state, "_sessionItems");
HttpStaticObjectsCollection staticObjects =
(HttpStaticObjectsCollection)ExpressionEvaluator.GetValue(state, "_staticObjects");
int timeout = (int)ExpressionEvaluator.GetValue(state, "_timeout");
TypeRegistry.RegisterType("SessionStateModule", typeof(SessionStateModule));
HttpCookieMode cookieMode =
(HttpCookieMode)ExpressionEvaluator.GetValue(null, "SessionStateModule.s_configCookieless");
SessionStateMode stateMode =
(SessionStateMode)ExpressionEvaluator.GetValue(null, "SessionStateModule.s_configMode");
HttpSessionStateContainer container = new HttpSessionStateContainer(
id
, sessionItems
, staticObjects
, timeout
, false
, cookieMode
, stateMode
, true
);
return((HttpSessionState)Activator.CreateInstance(
typeof(HttpSessionState)
, BindingFlags.Instance | BindingFlags.NonPublic
, null
, new object[] { container }
, CultureInfo.InvariantCulture
));
}
public HttpSessionStateContainer(string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly) : this(null, id, sessionItems, staticObjects, timeout, newSession, cookieMode, mode, isReadonly)
{
if (id == null)
{
throw new ArgumentNullException("id");
}
}
internal AuthConfig (object parent)
{
if (parent is AuthConfig) {
has_parent = true;
AuthConfig p = (AuthConfig) parent;
mode = p.mode;
cookieName = p.cookieName;
cookiePath = p.cookiePath;
loginUrl = p.loginUrl;
protection = p.protection;
timeout = p.timeout;
pwdFormat = p.pwdFormat;
#if NET_1_1
requireSSL = p.requireSSL;
slidingExpiration = p.slidingExpiration;
#endif
#if NET_2_0
cookie_domain = p.cookie_domain;
cookie_mode = p.cookie_mode;
cookies_supported = p.cookies_supported;
default_url = p.default_url;
enable_crossapp_redirects = p.enable_crossapp_redirects;
#endif
credentialUsers = new Hashtable (p.CredentialUsers);
}
}
private static void Initialize()
{
if (!s_Initialized)
{
lock (s_InitLock)
{
if (!s_Initialized)
{
AnonymousIdentificationSection anonymousIdentification = RuntimeConfig.GetAppConfig().AnonymousIdentification;
s_Enabled = anonymousIdentification.Enabled;
s_CookieName = anonymousIdentification.CookieName;
s_CookiePath = anonymousIdentification.CookiePath;
s_CookieTimeout = (int)anonymousIdentification.CookieTimeout.TotalMinutes;
s_RequireSSL = anonymousIdentification.CookieRequireSSL;
s_SlidingExpiration = anonymousIdentification.CookieSlidingExpiration;
s_Protection = anonymousIdentification.CookieProtection;
s_CookieMode = anonymousIdentification.Cookieless;
s_Domain = anonymousIdentification.Domain;
s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification");
if (s_CookieTimeout < 1)
{
s_CookieTimeout = 1;
}
if (s_CookieTimeout > 0x100a40)
{
s_CookieTimeout = 0x100a40;
}
s_Initialized = true;
}
}
}
}
/// <summary>
/// 变量初始化构造函数
/// </summary>
public MaSecurityConfig()
{
m_loginUrl = "login.html"; //登录路径
m_defaultUrl = "default.html"; //定义在身份验证之后用于重定向的默认 URL。
m_cookieName = "MaRBACName"; //Cookie 名称
m_requireSSL = false; //指定是否需要 SSL 连接来传输身份验证 Cookie。
m_slidingExpiration = true; //指定是否启用可调过期时间。可调过期将 Cookie 的当前身份验证时间重置为在单个会话期间收到每个请求时过期。
m_timeout = 30; //指定 Cookie 过期前逝去的时间(以整数分钟为单位)。
m_cookiePath = "/"; //Cookie路径
m_cookieMode = HttpCookieMode.UseDeviceProfile; //定义是否使用 Cookie 以及 Cookie 的行为。
m_validateIP = false;
m_maPrincipalType = "Masir.WebSite.Security.MaPrincipal";
m_openDoamin = new List <string>();
m_authorizationPath = new List <string>();
m_openPath = new List <string>();
m_securityIP = new List <string[]>();
m_securityIP.Add(new string[] { "127.0.0.1", "255.255.255.255" });
m_stopInfo = "未授权请求";
m_stopType = StopBrowseType.Redirect;
m_cookieUseCurrentRootDomain = true;
}
/// <summary>
/// IHttpModule.Init
/// </summary>
/// <param name="app"></param>
public void Init(HttpApplication app)
{
// Add event handlers.
app.AcquireRequestState += OnAcquireRequestState;
app.ReleaseRequestState += OnReleaseRequestState;
app.EndRequest += OnEndRequest;
// Create a SessionIDManager.
sessionIdManager = new SessionIDManager();
sessionIdManager.Initialize();
// If not already initialized, initialize timer and configuration.
if (!initialized)
{
lock (LockObject)
{
if (!initialized)
{
OnInit();
// Get the configuration section and set timeout and CookieMode values.
Configuration cfg =
WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
SessionStateSection config = (SessionStateSection)cfg.GetSection("system.web/sessionState");
Timeout = (int)config.Timeout.TotalMinutes;
CookieMode = config.Cookieless;
initialized = true;
}
}
}
}
public static void Initialize()
{
if (initialized)
{
return;
}
lock (locker) {
if (initialized)
{
return;
}
#if NET_2_0
AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.GetSection(authConfigPath);
FormsAuthenticationConfiguration config = section.Forms;
cookieName = config.Name;
timeout = (int)config.Timeout.TotalMinutes;
cookiePath = config.Path;
protection = config.Protection;
requireSSL = config.RequireSSL;
slidingExpiration = config.SlidingExpiration;
cookie_domain = config.Domain;
cookie_mode = config.Cookieless;
cookies_supported = true; /* XXX ? */
default_url = MapUrl(config.DefaultUrl);
enable_crossapp_redirects = config.EnableCrossAppRedirects;
login_url = MapUrl(config.LoginUrl);
#else
HttpContext context = HttpContext.Current;
AuthConfig authConfig = context.GetConfig(authConfigPath) as AuthConfig;
if (authConfig != null)
{
cookieName = authConfig.CookieName;
timeout = authConfig.Timeout;
cookiePath = authConfig.CookiePath;
protection = authConfig.Protection;
#if NET_1_1
requireSSL = authConfig.RequireSSL;
slidingExpiration = authConfig.SlidingExpiration;
#endif
}
else
{
cookieName = ".MONOAUTH";
timeout = 30;
cookiePath = "/";
protection = FormsProtectionEnum.All;
#if NET_1_1
slidingExpiration = true;
#endif
}
#endif
initialized = true;
}
}
internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode)
{
switch (cookieMode)
{
case HttpCookieMode.UseUri:
return(true);
case HttpCookieMode.UseCookies:
return(false);
case HttpCookieMode.AutoDetect:
if (context == null)
{
context = HttpContext.Current;
}
if (context == null)
{
return(false);
}
if (context.Request.Browser.Cookies && context.Request.Browser.SupportsRedirectWithCookie)
{
string cookieValue = context.CookielessHelper.GetCookieValue('X');
if ((cookieValue != null) && (cookieValue == "1"))
{
return(true);
}
string str2 = context.Request.Headers["Cookie"];
if (string.IsNullOrEmpty(str2))
{
string str3 = context.Request.QueryString["AspxAutoDetectCookieSupport"];
if ((str3 != null) && (str3 == "1"))
{
context.CookielessHelper.SetCookieValue('X', "1");
return(true);
}
if (doRedirect)
{
context.CookielessHelper.RedirectWithDetection(null);
}
}
return(false);
}
return(true);
case HttpCookieMode.UseDeviceProfile:
if (context == null)
{
context = HttpContext.Current;
}
if (context == null)
{
return(false);
}
return(!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie);
}
return(false);
}
protected virtual void Reset()
{
_sessionID = Guid.NewGuid().ToString();
_isNewSession = false;
_isCookieless = false;
_mode = SessionStateMode.InProc;
_codePage = -1;
_cookieMode = HttpCookieMode.AutoDetect;
}
protected virtual void Reset()
{
_sessionID = Guid.NewGuid().ToString();
_isNewSession = false;
_isCookieless = false;
_mode = SessionStateMode.InProc;
_codePage = -1;
_cookieMode = HttpCookieMode.AutoDetect;
}
/// <summary>
/// Initializes a new instance of the <see cref="FakeHttpSessionState"/> class.
/// </summary>
public FakeHttpSessionState()
{
this.sessionItems = new NameObjectCollection<object>(StringComparer.InvariantCultureIgnoreCase);
this.staticObjects = new HttpStaticObjectsCollectionWrapper(new HttpStaticObjectsCollection());
this.cookieMode = HttpCookieMode.UseCookies;
this.isNewSession = true;
this.mode = SessionStateMode.InProc;
this.sessionID = Guid.NewGuid().ToString("N");
}
public TaskWaitRedisHttpSessionStateContainer(string id,
RedisSessionItemHash sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
: base(id, sessionItems, staticObjects, timeout, newSession, cookieMode, mode, isReadonly)
{
SessionItems = sessionItems;
}
public TaskWaitRedisHttpSessionStateContainer(string id,
RedisSessionItemHash sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
: base(id, sessionItems, staticObjects, timeout, newSession, cookieMode, mode, isReadonly)
{
SessionItems = sessionItems;
}
internal HttpSessionStateContainer(SessionStateModule stateModule, string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly)
{
this._stateModule = stateModule;
this._id = id;
this._sessionItems = sessionItems;
this._staticObjects = staticObjects;
this._timeout = timeout;
this._newSession = newSession;
this._cookieMode = cookieMode;
this._mode = mode;
this._isReadonly = isReadonly;
}
internal HttpSessionStateContainer(SessionStateModule stateModule, string id, ISessionStateItemCollection sessionItems, HttpStaticObjectsCollection staticObjects, int timeout, bool newSession, HttpCookieMode cookieMode, SessionStateMode mode, bool isReadonly)
{
this._stateModule = stateModule;
this._id = id;
this._sessionItems = sessionItems;
this._staticObjects = staticObjects;
this._timeout = timeout;
this._newSession = newSession;
this._cookieMode = cookieMode;
this._mode = mode;
this._isReadonly = isReadonly;
}
public static void Initialize()
{
if (initialized)
{
return;
}
lock (locker)
{
if (initialized)
{
return;
}
AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.GetSection(authConfigPath);
FormsAuthenticationConfiguration config = section.Forms;
cookieName = config.Name;
#if NET_4_0
Timeout = config.Timeout;
#endif
timeout = (int)config.Timeout.TotalMinutes;
cookiePath = config.Path;
protection = config.Protection;
requireSSL = config.RequireSSL;
slidingExpiration = config.SlidingExpiration;
cookie_domain = config.Domain;
cookie_mode = config.Cookieless;
cookies_supported = true; /* XXX ? */
#if NET_4_0
if (!String.IsNullOrEmpty(default_url))
{
default_url = MapUrl(default_url);
}
else
#endif
default_url = MapUrl(config.DefaultUrl);
enable_crossapp_redirects = config.EnableCrossAppRedirects;
#if NET_4_0
if (!String.IsNullOrEmpty(login_url))
{
login_url = MapUrl(login_url);
}
else
#endif
login_url = MapUrl(config.LoginUrl);
initialized = true;
}
}
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
// RedirectWithDetection if we need to
internal void RedirectWithDetectionIfRequired(string redirectPath, HttpCookieMode cookieMode)
{
Init();
////////////////////////////////////////////////////////////
// Step 1: Check if config wants us to do a challenge-reponse
if (cookieMode != HttpCookieMode.AutoDetect)
{
return;
}
////////////////////////////////////////////////////////////
// Step 2: Check browser caps
if (!_Context.Request.Browser.Cookies || !_Context.Request.Browser.SupportsRedirectWithCookie)
{
return;
}
////////////////////////////////////////////////////////////
// Step 3: Check header
string cookieDetectHeader = GetCookieValue('X');
if (cookieDetectHeader != null && cookieDetectHeader == "1")
{
return;
}
////////////////////////////////////////////////////////////
// Step 4: see if the client sent any cookies
string cookieHeader = _Context.Request.Headers["Cookie"];
if (!String.IsNullOrEmpty(cookieHeader))
{
return;
}
////////////////////////////////////////////////////////////
// Step 5: See if we already did a challenge-reponse
string qs = _Context.Request.QueryString[s_AutoDetectName];
if (qs != null && qs == s_AutoDetectValue) // Yes, we have done a challenge-response
// No cookies present => no cookie support
{
SetCookieValue('X', "1");
return;
}
////////////////////////////////////////////////////////////
// Do a challenge response
RedirectWithDetection(redirectPath);
}
public void Init(HttpApplication app)
{
bool flag = false;
SessionStateSection sessionState = RuntimeConfig.GetAppConfig().SessionState;
if (!this.s_oneTimeInit)
{
s_lock.AcquireWriterLock();
try
{
if (!this.s_oneTimeInit)
{
this.InitModuleFromConfig(app, sessionState);
flag = true;
if (!CheckTrustLevel(sessionState))
{
s_trustLevelInsufficient = true;
}
s_timeout = (int)sessionState.Timeout.TotalMinutes;
s_useHostingIdentity = sessionState.UseHostingIdentity;
if ((sessionState.Mode == SessionStateMode.InProc) && this._usingAspnetSessionIdManager)
{
s_allowInProcOptimization = true;
}
if (((sessionState.Mode != SessionStateMode.Custom) && (sessionState.Mode != SessionStateMode.Off)) && !sessionState.RegenerateExpiredSessionId)
{
s_allowDelayedStateStoreItemCreation = true;
}
s_configExecutionTimeout = RuntimeConfig.GetConfig().HttpRuntime.ExecutionTimeout;
s_configRegenerateExpiredSessionId = sessionState.RegenerateExpiredSessionId;
s_configCookieless = sessionState.Cookieless;
s_configMode = sessionState.Mode;
this.s_oneTimeInit = true;
}
}
finally
{
s_lock.ReleaseWriterLock();
}
}
if (!flag)
{
this.InitModuleFromConfig(app, sessionState);
}
if (s_trustLevelInsufficient)
{
throw new HttpException(System.Web.SR.GetString("Session_state_need_higher_trust"));
}
}
/// <summary>
/// Initialize the module
/// </summary>
/// <param name="app"></param>
public void Init(HttpApplication app)
{
bool initModuleCalled = false;
if (!s_oneTimeInit)
{
lock (LockObject)
{
if (!s_oneTimeInit)
{
s_config = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
if (s_config == null)
{
throw new ConfigurationErrorsException(string.Format(SR.Error_Occured_Reading_Config_Secion, "system.web/sessionState"));
}
InitModuleFromConfig(app, s_config);
initModuleCalled = true;
s_timeout = (int)s_config.Timeout.TotalMinutes;
var section = ConfigurationManager.GetSection("system.web/httpRuntime") as HttpRuntimeSection;
if (section == null)
{
throw new ConfigurationErrorsException(string.Format(SR.Error_Occured_Reading_Config_Secion, "system.web/httpRuntime"));
}
s_configExecutionTimeout = section.ExecutionTimeout;
s_configRegenerateExpiredSessionId = s_config.RegenerateExpiredSessionId;
s_configCookieless = s_config.Cookieless;
s_configMode = s_config.Mode;
if (!s_pollIntervalRegLookedUp)
{
LookUpRegForPollInterval();
}
// The last thing to set in this if-block.
s_oneTimeInit = true;
}
}
}
if (!initModuleCalled)
{
InitModuleFromConfig(app, s_config);
}
}
SessionStateModule _stateModule; // used for optimized InProc session id callback
public HttpSessionStateContainer(
String id,
ISessionStateItemCollection sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
: this(null, id, sessionItems, staticObjects, timeout, newSession, cookieMode, mode, isReadonly)
{
if (id == null)
{
throw new ArgumentNullException("id");
}
}
public MySessionState(string id,
ISessionStateItemCollection sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
{
pId = id;
pSessionItems = sessionItems;
pStaticObjects = staticObjects;
pTimeout = timeout;
pNewSession = newSession;
pCookieMode = cookieMode;
pMode = mode;
pIsReadonly = isReadonly;
}
public MySessionState(string id,
ISessionStateItemCollection sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
{
pId = id;
pSessionItems = sessionItems;
pStaticObjects = staticObjects;
pTimeout = timeout;
pNewSession = newSession;
pCookieMode = cookieMode;
pMode = mode;
pIsReadonly = isReadonly;
}
internal HttpSessionStateContainer(
SessionStateModule stateModule,
string id,
ISessionStateItemCollection sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly) {
_stateModule = stateModule;
_id = id; // If null, it means we're delaying session id reading
_sessionItems = sessionItems;
_staticObjects = staticObjects;
_timeout = timeout;
_newSession = newSession;
_cookieMode = cookieMode;
_mode = mode;
_isReadonly = isReadonly;
}
internal HttpSessionStateContainer(
SessionStateModule stateModule,
string id,
ISessionStateItemCollection sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
{
_stateModule = stateModule;
_id = id; // If null, it means we're delaying session id reading
_sessionItems = sessionItems;
_staticObjects = staticObjects;
_timeout = timeout;
_newSession = newSession;
_cookieMode = cookieMode;
_mode = mode;
_isReadonly = isReadonly;
}
public static void Initialize()
{
if (!_Initialized)
{
lock (_lockObject)
{
if (!_Initialized)
{
AuthenticationSection authentication = RuntimeConfig.GetAppConfig().Authentication;
authentication.ValidateAuthenticationMode();
_FormsName = authentication.Forms.Name;
_RequireSSL = authentication.Forms.RequireSSL;
_SlidingExpiration = authentication.Forms.SlidingExpiration;
if (_FormsName == null)
{
_FormsName = ".ASPXAUTH";
}
_Protection = authentication.Forms.Protection;
_Timeout = (int)authentication.Forms.Timeout.TotalMinutes;
_FormsCookiePath = authentication.Forms.Path;
_LoginUrl = authentication.Forms.LoginUrl;
if (_LoginUrl == null)
{
_LoginUrl = "login.aspx";
}
_DefaultUrl = authentication.Forms.DefaultUrl;
if (_DefaultUrl == null)
{
_DefaultUrl = "default.aspx";
}
_CookieMode = authentication.Forms.Cookieless;
_CookieDomain = authentication.Forms.Domain;
_EnableCrossAppRedirects = authentication.Forms.EnableCrossAppRedirects;
_TicketCompatibilityMode = authentication.Forms.TicketCompatibilityMode;
_Initialized = true;
}
}
}
}
public HttpSessionStateContainer (string id,
ISessionStateItemCollection sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
{
if (id == null)
throw new ArgumentNullException ("id");
this.sessionItems = sessionItems;
this.id = id;
this.staticObjects = staticObjects;
this.timeout = timeout;
this.newSession = newSession;
this.cookieMode = cookieMode;
this.mode = mode;
this.isReadOnly = isReadonly;
this.isCookieless = cookieMode == HttpCookieMode.UseUri;
}
//
// IHttpModule.Init
//
public void Init(HttpApplication app)
{
// Add event handlers.
app.AcquireRequestState += new EventHandler(this.OnAcquireRequestState);
app.ReleaseRequestState += new EventHandler(this.OnReleaseRequestState);
app.EndRequest += new EventHandler(this.OnEndRequest);
// Create a SessionIDManager.
pSessionIDManager = new SessionIDManager();
pSessionIDManager.Initialize();
// If not already initialized, initialize timer and configuration.
if (!pInitialized)
{
lock (typeof(LockFreeSessionStateModule))
{
if (!pInitialized)
{
// Create a Timer to invoke the ExpireCallback method based on
// the pTimerSeconds value (e.g. every 10 seconds).
pTimer = new Timer(new TimerCallback(this.ExpireCallback),
null,
0,
pTimerSeconds * 1000);
// Get the configuration section and set timeout and CookieMode values.
Configuration cfg =
WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
pConfig = (SessionStateSection)cfg.GetSection("system.web/sessionState");
pTimeout = (int)pConfig.Timeout.TotalMinutes;
pCookieMode = pConfig.Cookieless;
pInitialized = true;
}
}
}
}
internal void RedirectWithDetectionIfRequired(string redirectPath, HttpCookieMode cookieMode)
{
this.Init();
if ((cookieMode == HttpCookieMode.AutoDetect) && (this._Context.Request.Browser.Cookies && this._Context.Request.Browser.SupportsRedirectWithCookie))
{
string cookieValue = this.GetCookieValue('X');
if ((cookieValue == null) || (cookieValue != "1"))
{
string str2 = this._Context.Request.Headers["Cookie"];
if (string.IsNullOrEmpty(str2))
{
string str3 = this._Context.Request.QueryString["AspxAutoDetectCookieSupport"];
if ((str3 != null) && (str3 == "1"))
{
this.SetCookieValue('X', "1");
}
else
{
this.RedirectWithDetection(redirectPath);
}
}
}
}
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Static functions
private static void Initialize()
{
if (s_Initialized)
{
return;
}
lock (s_InitLock) {
if (s_Initialized)
{
return;
}
AnonymousIdentificationSection settings = RuntimeConfig.GetAppConfig().AnonymousIdentification;
s_Enabled = settings.Enabled;
s_CookieName = settings.CookieName;
s_CookiePath = settings.CookiePath;
s_CookieTimeout = (int)settings.CookieTimeout.TotalMinutes;
s_RequireSSL = settings.CookieRequireSSL;
s_SlidingExpiration = settings.CookieSlidingExpiration;
s_Protection = settings.CookieProtection;
s_CookieMode = settings.Cookieless;
s_Domain = settings.Domain;
s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification");
if (s_CookieTimeout < 1)
{
s_CookieTimeout = 1;
}
if (s_CookieTimeout > 60 * 24 * 365 * 2)
{
s_CookieTimeout = 60 * 24 * 365 * 2; // 2 years
}
s_Initialized = true;
}
}
public HttpSessionStateContainer(string id,
ISessionStateItemCollection sessionItems,
HttpStaticObjectsCollection staticObjects,
int timeout,
bool newSession,
HttpCookieMode cookieMode,
SessionStateMode mode,
bool isReadonly)
{
if (id == null)
{
throw new ArgumentNullException("id");
}
this.sessionItems = sessionItems;
this.id = id;
this.staticObjects = staticObjects;
this.timeout = timeout;
this.newSession = newSession;
this.cookieMode = cookieMode;
this.mode = mode;
this.isReadOnly = isReadonly;
this.isCookieless = cookieMode == HttpCookieMode.UseUri;
}
public void SetCookieMode(HttpCookieMode val)
{
_cookieMode = val;
}
public static void Initialize()
{
if (!_Initialized)
{
lock (_lockObject)
{
if (!_Initialized)
{
AuthenticationSection authentication = RuntimeConfig.GetAppConfig().Authentication;
authentication.ValidateAuthenticationMode();
_FormsName = authentication.Forms.Name;
_RequireSSL = authentication.Forms.RequireSSL;
_SlidingExpiration = authentication.Forms.SlidingExpiration;
if (_FormsName == null)
{
_FormsName = ".ASPXAUTH";
}
_Protection = authentication.Forms.Protection;
_Timeout = (int) authentication.Forms.Timeout.TotalMinutes;
_FormsCookiePath = authentication.Forms.Path;
_LoginUrl = authentication.Forms.LoginUrl;
if (_LoginUrl == null)
{
_LoginUrl = "login.aspx";
}
_DefaultUrl = authentication.Forms.DefaultUrl;
if (_DefaultUrl == null)
{
_DefaultUrl = "default.aspx";
}
_CookieMode = authentication.Forms.Cookieless;
_CookieDomain = authentication.Forms.Domain;
_EnableCrossAppRedirects = authentication.Forms.EnableCrossAppRedirects;
_TicketCompatibilityMode = authentication.Forms.TicketCompatibilityMode;
_Initialized = true;
}
}
}
}
public static void Main()
{
// <Snippet1>
// Get the Web application configuration.
System.Configuration.Configuration configuration =
System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(
"/aspnetTest");
// Get the section.
AuthenticationSection authenticationSection =
(AuthenticationSection)configuration.GetSection(
"system.web/authentication");
// </Snippet1>
// <Snippet2>
AuthenticationSection newauthenticationSection =
new AuthenticationSection();
// </Snippet2>
// <Snippet3>
// Get the current Passport property.
PassportAuthentication currentPassport =
authenticationSection.Passport;
// Get the Passport redirect URL.
string passRedirectUrl =
currentPassport.RedirectUrl;
// </Snippet3>
// <Snippet4>
// Get the current Mode property.
AuthenticationMode currentMode =
authenticationSection.Mode;
// Set the Mode property to Windows.
authenticationSection.Mode =
AuthenticationMode.Windows;
// </Snippet4>
// <Snippet5>
// Get the current Forms property.
FormsAuthenticationConfiguration currentForms =
authenticationSection.Forms;
// Get the Forms attributes.
string name = currentForms.Name;
string login = currentForms.LoginUrl;
string path = currentForms.Path;
HttpCookieMode cookieLess = currentForms.Cookieless;
bool requireSSL = currentForms.RequireSSL;
bool slidingExpiration = currentForms.SlidingExpiration;
bool enableXappRedirect = currentForms.EnableCrossAppRedirects;
TimeSpan timeout = currentForms.Timeout;
FormsProtectionEnum protection = currentForms.Protection;
string defaultUrl = currentForms.DefaultUrl;
string domain = currentForms.Domain;
// </Snippet5>
}
public void Init(HttpApplication app) {
bool initModuleCalled = false;
SessionStateSection config = RuntimeConfig.GetAppConfig().SessionState;
if (!s_oneTimeInit) {
s_lock.AcquireWriterLock();
try {
if (!s_oneTimeInit) {
InitModuleFromConfig(app, config);
initModuleCalled = true;
if (!CheckTrustLevel(config))
s_trustLevelInsufficient = true;
s_timeout = (int)config.Timeout.TotalMinutes;
s_useHostingIdentity = config.UseHostingIdentity;
// See if we can try InProc optimization. See inline doc of s_allowInProcOptimization
// for details.
if (config.Mode == SessionStateMode.InProc &&
_usingAspnetSessionIdManager) {
s_allowInProcOptimization = true;
}
if (config.Mode != SessionStateMode.Custom &&
config.Mode != SessionStateMode.Off &&
!config.RegenerateExpiredSessionId) {
s_allowDelayedStateStoreItemCreation = true;
}
s_configExecutionTimeout = RuntimeConfig.GetConfig().HttpRuntime.ExecutionTimeout;
s_configRegenerateExpiredSessionId = config.RegenerateExpiredSessionId;
s_configCookieless = config.Cookieless;
s_configMode = config.Mode;
// The last thing to set in this if-block.
s_oneTimeInit = true;
Debug.Trace("SessionStateModuleInit",
"Configuration: _mode=" + config.Mode +
";Timeout=" + config.Timeout +
";CookieMode=" + config.Cookieless +
";SqlConnectionString=" + config.SqlConnectionString +
";StateConnectionString=" + config.StateConnectionString +
";s_allowInProcOptimization=" + s_allowInProcOptimization +
";s_allowDelayedStateStoreItemCreation=" + s_allowDelayedStateStoreItemCreation);
}
}
finally {
s_lock.ReleaseWriterLock();
}
}
if (!initModuleCalled) {
InitModuleFromConfig(app, config);
}
if (s_trustLevelInsufficient) {
throw new HttpException(SR.GetString(SR.Session_state_need_higher_trust));
}
}
private static void Initialize()
{
if (!s_Initialized)
{
lock (s_InitLock)
{
if (!s_Initialized)
{
AnonymousIdentificationSection anonymousIdentification = RuntimeConfig.GetAppConfig().AnonymousIdentification;
s_Enabled = anonymousIdentification.Enabled;
s_CookieName = anonymousIdentification.CookieName;
s_CookiePath = anonymousIdentification.CookiePath;
s_CookieTimeout = (int) anonymousIdentification.CookieTimeout.TotalMinutes;
s_RequireSSL = anonymousIdentification.CookieRequireSSL;
s_SlidingExpiration = anonymousIdentification.CookieSlidingExpiration;
s_Protection = anonymousIdentification.CookieProtection;
s_CookieMode = anonymousIdentification.Cookieless;
s_Domain = anonymousIdentification.Domain;
s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification");
if (s_CookieTimeout < 1)
{
s_CookieTimeout = 1;
}
if (s_CookieTimeout > 0x100a40)
{
s_CookieTimeout = 0x100a40;
}
s_Initialized = true;
}
}
}
}
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
// RedirectWithDetection if we need to
internal void RedirectWithDetectionIfRequired(string redirectPath, HttpCookieMode cookieMode) {
Init();
////////////////////////////////////////////////////////////
// Step 1: Check if config wants us to do a challenge-reponse
if (cookieMode != HttpCookieMode.AutoDetect) {
return;
}
////////////////////////////////////////////////////////////
// Step 2: Check browser caps
if (!_Context.Request.Browser.Cookies || !_Context.Request.Browser.SupportsRedirectWithCookie) {
return;
}
////////////////////////////////////////////////////////////
// Step 3: Check header
string cookieDetectHeader = GetCookieValue('X');
if (cookieDetectHeader != null && cookieDetectHeader == "1") {
return;
}
////////////////////////////////////////////////////////////
// Step 4: see if the client sent any cookies
string cookieHeader = _Context.Request.Headers["Cookie"];
if (!String.IsNullOrEmpty(cookieHeader)) {
return;
}
////////////////////////////////////////////////////////////
// Step 5: See if we already did a challenge-reponse
string qs = _Context.Request.QueryString[s_AutoDetectName];
if (qs != null && qs == s_AutoDetectValue) { // Yes, we have done a challenge-response
// No cookies present => no cookie support
SetCookieValue('X', "1");
return;
}
////////////////////////////////////////////////////////////
// Do a challenge response
RedirectWithDetection(redirectPath);
}
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
// Look at config (<httpCookies>) and (maybe) current request, and return
// whether to use cookie-less feature
internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode) {
////////////////////////////////////////////////////////////
// Step 2: Look at config
switch(cookieMode)
{
case HttpCookieMode.UseUri: // Use cookieless always
return true;
case HttpCookieMode.UseCookies: // Never use cookieless
return false;
case HttpCookieMode.UseDeviceProfile: // Use browser config
if (context == null)
context = HttpContext.Current;
if (context == null)
return false;
bool fRet = (!context.Request.Browser.Cookies ||
!context.Request.Browser.SupportsRedirectWithCookie);
return fRet;
case HttpCookieMode.AutoDetect: // Detect based on whether the client supports cookieless
if (context == null)
context = HttpContext.Current;
if (context == null)
return false;
if (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie) {
return true;
}
//////////////////////////////////////////////////////////////////
// Look in the header
string cookieDetectHeader = context.CookielessHelper.GetCookieValue('X');
if (cookieDetectHeader != null && cookieDetectHeader == "1") {
return true;
}
//////////////////////////////////////////////////
// Step 3a: See if the client sent any (request) cookies
string cookieHeader = context.Request.Headers["Cookie"];
if (!String.IsNullOrEmpty(cookieHeader)) { // Yes, client sent request cookies
return false;
}
//////////////////////////////////////////////////
// Step 3b: See if we have done a challenge-response to detect cookie support
string qs = context.Request.QueryString[s_AutoDetectName];
if (qs != null && qs == s_AutoDetectValue) { // Yes, we have done a challenge-response: No cookies present => no cookie support
context.CookielessHelper.SetCookieValue('X', "1");
return true;
}
//////////////////////////////////////////////////
// Step 3c: Do a challenge-response (redirect) to detect cookie support
if (doRedirect) {
context.CookielessHelper.RedirectWithDetection(null);
}
// Note: if doRedirect==true, execution won't reach here
return false;
default: // Config broken?
return false;
}
}
public void Init(HttpApplication app)
{
bool flag = false;
SessionStateSection sessionState = RuntimeConfig.GetAppConfig().SessionState;
if (!this.s_oneTimeInit)
{
s_lock.AcquireWriterLock();
try
{
if (!this.s_oneTimeInit)
{
this.InitModuleFromConfig(app, sessionState);
flag = true;
if (!CheckTrustLevel(sessionState))
{
s_trustLevelInsufficient = true;
}
s_timeout = (int) sessionState.Timeout.TotalMinutes;
s_useHostingIdentity = sessionState.UseHostingIdentity;
if ((sessionState.Mode == SessionStateMode.InProc) && this._usingAspnetSessionIdManager)
{
s_allowInProcOptimization = true;
}
if (((sessionState.Mode != SessionStateMode.Custom) && (sessionState.Mode != SessionStateMode.Off)) && !sessionState.RegenerateExpiredSessionId)
{
s_allowDelayedStateStoreItemCreation = true;
}
s_configExecutionTimeout = RuntimeConfig.GetConfig().HttpRuntime.ExecutionTimeout;
s_configRegenerateExpiredSessionId = sessionState.RegenerateExpiredSessionId;
s_configCookieless = sessionState.Cookieless;
s_configMode = sessionState.Mode;
this.s_oneTimeInit = true;
}
}
finally
{
s_lock.ReleaseWriterLock();
}
}
if (!flag)
{
this.InitModuleFromConfig(app, sessionState);
}
if (s_trustLevelInsufficient)
{
throw new HttpException(System.Web.SR.GetString("Session_state_need_higher_trust"));
}
}
internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode)
{
switch (cookieMode)
{
case HttpCookieMode.UseUri:
return true;
case HttpCookieMode.UseCookies:
return false;
case HttpCookieMode.AutoDetect:
if (context == null)
{
context = HttpContext.Current;
}
if (context == null)
{
return false;
}
if (context.Request.Browser.Cookies && context.Request.Browser.SupportsRedirectWithCookie)
{
string cookieValue = context.CookielessHelper.GetCookieValue('X');
if ((cookieValue != null) && (cookieValue == "1"))
{
return true;
}
string str2 = context.Request.Headers["Cookie"];
if (string.IsNullOrEmpty(str2))
{
string str3 = context.Request.QueryString["AspxAutoDetectCookieSupport"];
if ((str3 != null) && (str3 == "1"))
{
context.CookielessHelper.SetCookieValue('X', "1");
return true;
}
if (doRedirect)
{
context.CookielessHelper.RedirectWithDetection(null);
}
}
return false;
}
return true;
case HttpCookieMode.UseDeviceProfile:
if (context == null)
{
context = HttpContext.Current;
}
if (context == null)
{
return false;
}
return (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie);
}
return false;
}
internal void RedirectWithDetectionIfRequired(string redirectPath, HttpCookieMode cookieMode)
{
this.Init();
if ((cookieMode == HttpCookieMode.AutoDetect) && (this._Context.Request.Browser.Cookies && this._Context.Request.Browser.SupportsRedirectWithCookie))
{
string cookieValue = this.GetCookieValue('X');
if ((cookieValue == null) || (cookieValue != "1"))
{
string str2 = this._Context.Request.Headers["Cookie"];
if (string.IsNullOrEmpty(str2))
{
string str3 = this._Context.Request.QueryString["AspxAutoDetectCookieSupport"];
if ((str3 != null) && (str3 == "1"))
{
this.SetCookieValue('X', "1");
}
else
{
this.RedirectWithDetection(redirectPath);
}
}
}
}
}
/// <summary>
/// Sets a value that indicates whether the application is configured for cookieless sessions.
/// </summary>
/// <param name="cookieMode">The cookie mode.</param>
public void SetCookieMode(HttpCookieMode cookieMode)
{
this.cookieMode = cookieMode;
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Static functions
private static void Initialize() {
if (s_Initialized)
return;
lock(s_InitLock) {
if (s_Initialized)
return;
AnonymousIdentificationSection settings = RuntimeConfig.GetAppConfig().AnonymousIdentification;
s_Enabled = settings.Enabled;
s_CookieName = settings.CookieName;
s_CookiePath = settings.CookiePath;
s_CookieTimeout = (int) settings.CookieTimeout.TotalMinutes;
s_RequireSSL = settings.CookieRequireSSL;
s_SlidingExpiration = settings.CookieSlidingExpiration;
s_Protection = settings.CookieProtection;
s_CookieMode = settings.Cookieless;
s_Domain = settings.Domain;
s_Modifier = Encoding.UTF8.GetBytes("AnonymousIdentification");
if (s_CookieTimeout < 1)
s_CookieTimeout = 1;
if (s_CookieTimeout > 60 * 24 * 365 * 2)
s_CookieTimeout = 60 * 24 * 365 * 2; // 2 years
s_Initialized = true;
}
}
public void SetCookieMode(HttpCookieMode val)
{
}
public static void Initialize ()
{
if (initialized)
return;
lock (locker) {
if (initialized)
return;
AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.GetSection (authConfigPath);
FormsAuthenticationConfiguration config = section.Forms;
cookieName = config.Name;
Timeout = config.Timeout;
timeout = (int)config.Timeout.TotalMinutes;
cookiePath = config.Path;
protection = config.Protection;
requireSSL = config.RequireSSL;
slidingExpiration = config.SlidingExpiration;
cookie_domain = config.Domain;
cookie_mode = config.Cookieless;
cookies_supported = true; /* XXX ? */
if (!String.IsNullOrEmpty (default_url))
default_url = MapUrl (default_url);
else
default_url = MapUrl(config.DefaultUrl);
enable_crossapp_redirects = config.EnableCrossAppRedirects;
if (!String.IsNullOrEmpty (login_url))
login_url = MapUrl (login_url);
else
login_url = MapUrl(config.LoginUrl);
initialized = true;
}
}
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
// Look at config (<httpCookies>) and (maybe) current request, and return
// whether to use cookie-less feature
internal static bool UseCookieless(HttpContext context, bool doRedirect, HttpCookieMode cookieMode)
{
////////////////////////////////////////////////////////////
// Step 2: Look at config
switch (cookieMode)
{
case HttpCookieMode.UseUri: // Use cookieless always
return(true);
case HttpCookieMode.UseCookies: // Never use cookieless
return(false);
case HttpCookieMode.UseDeviceProfile: // Use browser config
if (context == null)
{
context = HttpContext.Current;
}
if (context == null)
{
return(false);
}
bool fRet = (!context.Request.Browser.Cookies ||
!context.Request.Browser.SupportsRedirectWithCookie);
return(fRet);
case HttpCookieMode.AutoDetect: // Detect based on whether the client supports cookieless
if (context == null)
{
context = HttpContext.Current;
}
if (context == null)
{
return(false);
}
if (!context.Request.Browser.Cookies || !context.Request.Browser.SupportsRedirectWithCookie)
{
return(true);
}
//////////////////////////////////////////////////////////////////
// Look in the header
string cookieDetectHeader = context.CookielessHelper.GetCookieValue('X');
if (cookieDetectHeader != null && cookieDetectHeader == "1")
{
return(true);
}
//////////////////////////////////////////////////
// Step 3a: See if the client sent any (request) cookies
string cookieHeader = context.Request.Headers["Cookie"];
if (!String.IsNullOrEmpty(cookieHeader)) // Yes, client sent request cookies
{
return(false);
}
//////////////////////////////////////////////////
// Step 3b: See if we have done a challenge-response to detect cookie support
string qs = context.Request.QueryString[s_AutoDetectName];
if (qs != null && qs == s_AutoDetectValue) // Yes, we have done a challenge-response: No cookies present => no cookie support
{
context.CookielessHelper.SetCookieValue('X', "1");
return(true);
}
//////////////////////////////////////////////////
// Step 3c: Do a challenge-response (redirect) to detect cookie support
if (doRedirect)
{
context.CookielessHelper.RedirectWithDetection(null);
}
// Note: if doRedirect==true, execution won't reach here
return(false);
default: // Config broken?
return(false);
}
}
