C# (CSharp) Sholo.Web.Security.Analysis RequestAnalysis примеры использования

Пример #1

Файл: CookieMonster.ascx.cs Проект: scottt732/SholoWebSecurity

    protected void Page_Load(object sender, EventArgs e)
    {
        preAnalyzer = RequestAnalyzer.RetrieveAnalysis(RequestLifecyclePhase.BeginRequest);
        postAnalyzer = RequestAnalyzer.AnalyzeRequest(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName], RequestLifecyclePhase.ProcessRequest, true);

        if (!Page.IsPostBack)
        {
            BindFields();
        }
        ValidateFields();
    }

Пример #2

Файл: RequestAnalyzer.cs Проект: scottt732/SholoWebSecurity

 /// <summary>
 /// Performs a comparison of analyses taken a different points in the request processing pipeline
 /// </summary>
 /// <param name="before">The prior analysis</param>
 /// <param name="after">The current analysis</param>
 /// <returns>A conclusion derived from the analysis change</returns>
 public static ComparisonResult Compare(RequestAnalysis before, RequestAnalysis after)
 {
     if (before.RequestIsMalicious || after.RequestIsMalicious)
     {
         return ComparisonResult.MaliciousRequest;
     }
     if (before.RequestIsAuthenticated && after.RequestIsAuthenticated)
     {
         return ComparisonResult.AuthenticatedRequest;
     }
     if (before.RequestIsAuthenticated && !after.RequestIsAuthenticated)
     {
         return ComparisonResult.LogoutRequest;
     }
     if (!before.RequestIsAuthenticated && !after.RequestIsAuthenticated && before.FormsAuthenticationCookieResult.IsExpired)
     {
         return ComparisonResult.LogoutRequest;
     }
     if (!before.RequestIsAuthenticated && after.RequestIsAuthenticated)
     {
         return ComparisonResult.LoginRequest;
     }
     return ComparisonResult.UnauthenticatedRequest;
 }

Пример #3

Файл: RequestAnalyzer.cs Проект: scottt732/SholoWebSecurity

        /// <summary>
        /// Creates a new instance of a FormsAuthenticationCookieAnalyzer
        /// </summary>
        /// <param name="formsAuthenticationCookie">The formsAuthenticationCookie to inspect</param>
        /// <param name="requestPhase">The phase of the request procesisng lifecycle from which the analysis is being requested</param>
        /// <param name="saveToContext">Whether or not to save the result of the analysis to the HttpContext.Current.Items collection</param>
        public static RequestAnalysis AnalyzeRequest(HttpCookie formsAuthenticationCookie, RequestLifecyclePhase? requestPhase, bool saveToContext)
        {
            EnhancedSecurity.Initialize();

            ContextInformation context = new ContextInformation();
            FormsAuthenticationCookieAnalysis formsAuthenticationCookieResult = AnalyzeFormsAuthenticationCookie(formsAuthenticationCookie);
            FormsAuthenticationTicketAnalysis formsAuthenticationTicketResult;
            UserAuthenticationTicketAnalysis userAuthenticationTicketResult;

            if (UserAuthentication.Enabled)
            {
                formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, true, requestPhase);
                userAuthenticationTicketResult = AnalyzeServerAuthenticationTicket(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, UserAuthentication.EnforceClientHostAddressValidation);
            }
            else
            {
                formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, false, requestPhase);
                userAuthenticationTicketResult = new UserAuthenticationTicketAnalysis();
            }

            RequestAnalysis result = new RequestAnalysis(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, userAuthenticationTicketResult);
            if (saveToContext)
            {
                string contextKey = "Analysis:" + requestPhase.ToString();
                HttpContext.Current.Items[contextKey] = result;
            }

            return result;
        }