Пример #1
0
        //-----------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>
        ///     Checks whether or not the Key in the CID parameter for this page is valid (this computer based on the AnonID) and the time stamp is current
        ///     If the key should be extracted from the Page URL parameters, just set the encryptedKey to null...
        /// </summary>
        protected bool KeyIsValid(StringBuilder encryptedKey)
        {
            bool keyIsValid = false;

            try {
                // 11-May-2016 - the MGLEncryption.Decrypt method throws a serious level 9 error if no key is provided.
                // It is better to catch this here and simply return false as this is just due to people not using the tool correctly (or trying to cut corners)
                if (encryptedKey != null && encryptedKey.Length > 0)
                {
                    //-----a----- Decrypt the key ...
                    encryptedKey = MGLEncryption.DeHTMLifyString(encryptedKey);
                    StringBuilder decryptedKey = MGLEncryption.Decrypt(encryptedKey);

                    //-----b----- Pull out the anon ID
                    StringBuilder anonID = new StringBuilder(decryptedKey.ToString().Substring(1, 36));
                    StringBuilder dtStr  = new StringBuilder(decryptedKey.ToString().Substring(38, 19));

                    //-----c----- now check that the dt is within tolerances
                    DateTime dt;
                    DateTime.TryParse(dtStr.ToString(), out dt);

                    TimeSpan ts = DateTime.Now.Subtract(dt);

                    //-----d----- get the anonvalue cookie again ...
                    string tempValue = DefaultAnonID;
                    if (Request.Cookies["AnonID"] != null)
                    {
                        tempValue = Request.Cookies["AnonID"].Value;
                    }

                    //-----e----- So then finally, do the validation on two fronts
                    //      a. that the elapsed time span is more than 0 and less than 10 seconds and
                    //      b. that the anonID is correct
                    keyIsValid = (ts.TotalSeconds >= 0 && ts.TotalSeconds < 10) && MGLEncryption.AreEqual(anonID, new StringBuilder(tempValue));
                }
            } catch (Exception ex) {
                Logger.LogError(8, "Problem checking if the authorisation key in the login page is valid.  This is serious!  The specific error was: " + ex.ToString());
            }

            return(keyIsValid);
        }