public async Task<ValidateResult> Validate(HttpRequestBase request, HttpResponseBase response)
{
request.ThrowIfNull("request");
response.ThrowIfNull("response");
if (!String.IsNullOrEmpty(request.ContentType))
{
try
{
var contentType = new ContentType(request.ContentType);
if (String.Equals(contentType.MediaType, "application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) || String.Equals(contentType.MediaType, "multipart/form-data", StringComparison.OrdinalIgnoreCase))
{
ValidationResult validationResult = await _antiCsrfNonceValidator.ValidateAsync(request);
ResponseResult responseResult = await _antiCsrfResponseGenerator.GetResponseAsync(validationResult);
if (responseResult.ResultType == ResponseResultType.ResponseGenerated)
{
return ValidateResult.ResponseGenerated(responseResult.Response);
}
}
}
catch (FormatException)
{
}
}
await _antiCsrfCookieManager.ConfigureCookieAsync(request, response);
return ValidateResult.RequestValidated();
}
public bool CanMapType(HttpRequestBase request, Type parameterType)
{
request.ThrowIfNull("request");
parameterType.ThrowIfNull("parameterType");
return request.ContentType == "application/json" && _parameterTypeMatchDelegate(parameterType);
}
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey)
{
httpRequest.ThrowIfNull("httpRequest");
httpResponse.ThrowIfNull("httpResponse");
suggestedResponse.ThrowIfNull("suggestedResponse");
StatusAndSubStatusCode statusCode = suggestedResponse.StatusCode;
if (!_statusCodes.Contains(statusCode))
{
return ResponseHandlerResult.ResponseNotHandled();
}
AcceptHeader[] acceptHeaders = AcceptHeader.ParseMany(httpRequest.Headers["Accept"]).ToArray();
if (acceptHeaders.Any() && !acceptHeaders.Any(arg => arg.MediaTypeMatches("text/plain")))
{
return ResponseHandlerResult.ResponseNotHandled();
}
Response response = new Response(statusCode)
.TextPlain()
.Content(String.Format("{0} {1}", statusCode.StatusDescription, statusCode.StatusDescription.Length > 0 ? String.Format("({0})", statusCode.StatusDescription) : ""));
response.CachePolicy.NoClientCaching();
new CacheResponse(response).WriteResponse(httpResponse);
httpResponse.TrySkipIisCustomErrors = true;
return ResponseHandlerResult.ResponseWritten();
}
public ResponseResult GetResponse(HttpRequestBase request, IEnumerable<RouteMatchResult> routeMatchResults)
{
request.ThrowIfNull("request");
routeMatchResults.ThrowIfNull("routeMatchResults");
return ResponseResult.ResponseGenerated(Response.NotFound());
}
public bool CanMapType(HttpRequestBase request, Type parameterType)
{
request.ThrowIfNull("request");
parameterType.ThrowIfNull("parameterType");
return parameterType.ImplementsInterface<IConvertible>();
}
public Cookie RenewTicket(HttpRequestBase request)
{
request.ThrowIfNull("request");
HttpCookie cookie = GetRequestCookie(request);
if (cookie == null)
{
return null;
}
FormsAuthenticationTicket ticket;
try
{
ticket = System.Web.Security.FormsAuthentication.Decrypt(cookie.Value);
}
catch (ArgumentException)
{
return null;
}
if (ticket == null || ticket.Expired)
{
return null;
}
if (!_configuration.SlidingExpiration)
{
return new Cookie(cookie);
}
ticket = System.Web.Security.FormsAuthentication.RenewTicketIfOld(ticket);
return ticket != null ? GenerateTicket(ticket.Expiration, ticket.UserData) : null;
}
public bool CanMapType(HttpRequestBase request, Type parameterType)
{
request.ThrowIfNull("request");
parameterType.ThrowIfNull("parameterType");
return true;
}
public bool CanMapType(HttpRequestBase request, Type parameterType)
{
request.ThrowIfNull("request");
parameterType.ThrowIfNull("parameterType");
return _parameterTypeMatchDelegate(parameterType);
}
public MapResult Map(HttpRequestBase request, Type type, MethodInfo method, ParameterInfo parameter)
{
request.ThrowIfNull("request");
type.ThrowIfNull("type");
method.ThrowIfNull("method");
parameter.ThrowIfNull("parameter");
Type parameterType = parameter.ParameterType;
var reader = new StreamReader(request.InputStream, request.ContentEncoding);
string json = reader.ReadToEnd();
object jsonModel;
try
{
jsonModel = JsonConvert.DeserializeObject(json, parameterType, _serializerSettings);
}
catch (Exception exception)
{
if (_errorHandling == DataConversionErrorHandling.ThrowException)
{
throw new ApplicationException(String.Format("Request content could not be deserialized to '{0}'.", parameterType.FullName), exception);
}
jsonModel = parameterType.GetDefaultValue();
}
return MapResult.ValueMapped(jsonModel);
}
public MapResult Map(HttpRequestBase request, Type modelType, PropertyInfo property)
{
request.ThrowIfNull("request");
modelType.ThrowIfNull("modelType");
property.ThrowIfNull("property");
return MapResult.ValueMapped(property.PropertyType.GetDefaultValue());
}
public Task<MapResult> MapAsync(HttpRequestBase request, Type modelType, PropertyInfo property)
{
request.ThrowIfNull("request");
modelType.ThrowIfNull("modelType");
property.ThrowIfNull("property");
return MapResult.ValueMapped(property.PropertyType.GetDefaultValue()).AsCompletedTask();
}
public MapResult Map(HttpRequestBase request, Type type, MethodInfo method, ParameterInfo parameter)
{
request.ThrowIfNull("request");
type.ThrowIfNull("type");
method.ThrowIfNull("method");
parameter.ThrowIfNull("parameter");
return MapResult.ValueMapped(parameter.ParameterType.GetDefaultValue());
}
public IEnumerable<object> GetParameterValues(HttpRequestBase request, Type type, MethodInfo method)
{
request.ThrowIfNull("request");
type.ThrowIfNull("type");
method.ThrowIfNull("method");
ParameterInfo[] parameterInfos = method.GetParameters();
var parameterValues = new List<object>();
foreach (ParameterInfo parameterInfo in parameterInfos)
{
Type parameterType = parameterInfo.ParameterType;
string parameterName = parameterInfo.Name;
Type currentParameterType = parameterType;
do
{
bool mapped = false;
foreach (IParameterMapper parameterMapper in _parameterMappers.Where(arg => arg.CanMapType(request, parameterType)))
{
MapResult mapResult = parameterMapper.Map(request, type, method, parameterInfo);
if (mapResult.ResultType == MapResultType.ValueNotMapped)
{
continue;
}
parameterValues.Add(mapResult.Value);
mapped = true;
break;
}
if (mapped)
{
break;
}
currentParameterType = currentParameterType.BaseType;
} while (currentParameterType != null);
if (currentParameterType == null)
{
throw new ApplicationException(
String.Format(
"No request parameter mapper was found for parameter '{0} {1}' of '{2}.{3}'.",
parameterType.FullName,
parameterName,
type.FullName,
method.Name));
}
}
return parameterValues;
}
public MatchResult MatchesRequest(HttpRequestBase request)
{
request.ThrowIfNull("request");
MatchResult[] matchResults = _restrictions.Select(arg => arg.MatchesRequest(request)).ToArray();
MatchResult matchingMatchResult = matchResults.FirstOrDefault(arg => arg.ResultType == MatchResultType.RestrictionMatched);
return matchingMatchResult != null
? MatchResult.RestrictionMatched(matchingMatchResult.MatchedRestrictions)
: MatchResult.RestrictionNotMatched(Enumerable.Empty<IRestriction>(), matchResults.SelectMany(arg => arg.UnmatchedRestrictions));
}
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey)
{
httpRequest.ThrowIfNull("httpRequest");
httpResponse.ThrowIfNull("httpResponse");
suggestedResponse.ThrowIfNull("suggestedResponse");
var cacheResponse = new CacheResponse(suggestedResponse);
cacheResponse.WriteResponse(httpResponse);
return ResponseHandlerResult.ResponseWritten();
}
public Task ConfigureCookieAsync(HttpRequestBase request, HttpResponseBase response)
{
request.ThrowIfNull("request");
response.ThrowIfNull("response");
string cookieName = _configuration.CookieName;
string sessionId = request.Cookies.AllKeys.Contains(cookieName) ? request.Cookies[cookieName].Value : _guidFactory.Random().ToString("N");
response.Cookies.Remove(cookieName);
var cookie = new HttpCookie(cookieName, sessionId) { HttpOnly = true };
response.Cookies.Add(cookie);
return Task.Factory.Empty();
}
public Task<AuthenticationResult> AuthenticateAsync(HttpRequestBase request, HttpResponseBase response, Routing.Route route)
{
request.ThrowIfNull("request");
response.ThrowIfNull("response");
route.ThrowIfNull("route");
if (!_helper.IsTicketValid(request))
{
return AuthenticationResult.AuthenticationFailed.AsCompletedTask();
}
Cookie cookie = _helper.RenewTicket(request);
response.Cookies.Remove(cookie.Name);
response.Cookies.Add(cookie.GetHttpCookie());
return AuthenticationResult.AuthenticationSucceeded.AsCompletedTask();
}
public Task ConfigureCookieAsync(HttpRequestBase request, HttpResponseBase response)
{
request.ThrowIfNull("request");
response.ThrowIfNull("response");
if (request.Cookies.AllKeys.Contains(_configuration.CookieName))
{
response.Cookies.Set(request.Cookies[_configuration.CookieName]);
return Task.Factory.Empty();
}
string sessionId = _guidFactory.Random().ToString("N");
var cookie = new HttpCookie(_configuration.CookieName, sessionId) { HttpOnly = true };
response.Cookies.Add(cookie);
return Task.Factory.Empty();
}
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey)
{
httpRequest.ThrowIfNull("httpRequest");
httpResponse.ThrowIfNull("httpResponse");
suggestedResponse.ThrowIfNull("suggestedResponse");
StatusAndSubStatusCode statusCode = suggestedResponse.StatusCode;
if (!_statusCodes.Contains(statusCode))
{
return ResponseHandlerResult.ResponseNotHandled();
}
AcceptHeader[] acceptHeaders = AcceptHeader.ParseMany(httpRequest.Headers["Accept"]).ToArray();
if (acceptHeaders.Any() && !acceptHeaders.Any(arg => arg.MediaTypeMatches("text/html")))
{
return ResponseHandlerResult.ResponseNotHandled();
}
const string format = @"<!DOCTYPE html>
<html>
<head>
<title>{0}</title>
<style>h1 {{ margin: 0; padding: 0; }}</style>
</head>
<body>
<h1>{0}</h1>
<hr/>
HTTP {1}{2}
</body>
</html>";
Response response = new Response(statusCode)
.TextHtml()
.Content(String.Format(format, statusCode.StatusDescription, statusCode.StatusCode, statusCode.SubStatusCode == 0 ? "" : "." + statusCode.SubStatusCode));
response.CachePolicy.NoClientCaching();
new CacheResponse(response).WriteResponse(httpResponse);
httpResponse.TrySkipIisCustomErrors = true;
return ResponseHandlerResult.ResponseWritten();
}
public MapResult Map(HttpRequestBase request, Type type, MethodInfo method, ParameterInfo parameter)
{
request.ThrowIfNull("request");
type.ThrowIfNull("type");
method.ThrowIfNull("method");
parameter.ThrowIfNull("parameter");
Type parameterType = parameter.ParameterType;
string parameterName = parameter.Name;
string field = request.QueryString.AllKeys.LastOrDefault(arg => String.Equals(arg, parameterName, _caseSensitive ? StringComparison.Ordinal : StringComparison.OrdinalIgnoreCase));
if (field == null)
{
return MapResult.ValueNotMapped();
}
IConvertible value = request.QueryString[field];
object convertedValue;
try
{
convertedValue = value.ToType(parameterType, CultureInfo.InvariantCulture);
}
catch (Exception exception)
{
if (_errorHandling == DataConversionErrorHandling.ThrowException)
{
throw new ApplicationException(
String.Format(
"Value for query string field '{0}' could not be converted to parameter '{1} {2}' of '{3}.{4}'.",
field,
parameterType.FullName,
parameterName,
type.FullName,
method.Name),
exception);
}
convertedValue = parameterType.GetDefaultValue();
}
return MapResult.ValueMapped(convertedValue);
}
public async Task<ValidationResult> ValidateAsync(HttpRequestBase request)
{
request.ThrowIfNull("request");
if (!_configuration.Enabled)
{
return ValidationResult.ValidationDisabled;
}
bool isPostNeedingValidation = (String.Equals(request.HttpMethod, "POST", StringComparison.OrdinalIgnoreCase) && _configuration.ValidateHttpPost);
bool isPutNeedingValidation = (String.Equals(request.HttpMethod, "PUT", StringComparison.OrdinalIgnoreCase) && _configuration.ValidateHttpPut);
bool isDeleteNeedingValidation = (String.Equals(request.HttpMethod, "DELETE", StringComparison.OrdinalIgnoreCase) && _configuration.ValidateHttpDelete);
if (!isPostNeedingValidation && !isPutNeedingValidation && !isDeleteNeedingValidation)
{
return ValidationResult.ValidationSkipped;
}
if (!request.Form.AllKeys.Contains(_configuration.FormFieldName))
{
return ValidationResult.FormFieldMissing;
}
if (!request.Cookies.AllKeys.Contains(_configuration.CookieName))
{
return ValidationResult.CookieMissing;
}
Guid nonce;
if (!Guid.TryParse(request.Form[_configuration.FormFieldName], out nonce))
{
return ValidationResult.FormFieldInvalid;
}
HttpCookie cookie = request.Cookies[_configuration.CookieName];
Guid sessionId;
if (!Guid.TryParse(cookie.Value, out sessionId))
{
return ValidationResult.CookieInvalid;
}
return await _nonceRepository.ExistsAsync(sessionId, nonce, _systemClock.UtcDateTime) ? ValidationResult.NonceValid : ValidationResult.NonceInvalid;
}
public ResponseResult GetResponse(HttpRequestBase request, IEnumerable<RouteMatchResult> routeMatchResults)
{
request.ThrowIfNull("request");
routeMatchResults.ThrowIfNull("routeMatchResults");
routeMatchResults = routeMatchResults.ToArray();
RouteMatchResult[] matchedResults = routeMatchResults.Where(arg => arg.MatchResult.ResultType == MatchResultType.RouteMatched).ToArray();
if (matchedResults.Any())
{
int maximumMatchedRestrictions = matchedResults.Max(arg => arg.MatchResult.MatchedRestrictions.Count());
RouteMatchResult[] bestMatches = matchedResults.Where(arg => arg.MatchResult.MatchedRestrictions.CountEqual(maximumMatchedRestrictions)).ToArray();
if (bestMatches.Length > 1)
{
return ResponseResult.ResponseGenerated(Response.MultipleChoices());
}
if (bestMatches.Length == 1)
{
RouteMatchResult bestMatch = bestMatches[0];
AuthenticateResult authenticateResult = bestMatch.Route.Authenticate(request);
if (authenticateResult.ResultType == AuthenticateResultType.AuthenticationFailed)
{
return ResponseResult.ResponseGenerated(authenticateResult.FailedResponse ?? Response.Unauthorized());
}
IResponse response = bestMatch.Route.ProcessResponse(request);
if (response == null)
{
throw new ApplicationException("A matching route was found but it returned a null response.");
}
return ResponseResult.ResponseGenerated(response, bestMatch.MatchResult.CacheKey);
}
}
return ResponseResult.ResponseNotGenerated();
}
public Task<MapResult> MapAsync(HttpRequestBase request, Type modelType, PropertyInfo property)
{
request.ThrowIfNull("request");
modelType.ThrowIfNull("modelType");
property.ThrowIfNull("property");
Type propertyType = property.PropertyType;
string propertyName = property.Name;
string field = request.QueryString.AllKeys.LastOrDefault(arg => String.Equals(arg, propertyName, _caseSensitive ? StringComparison.Ordinal : StringComparison.OrdinalIgnoreCase));
if (field == null)
{
return MapResult.ValueNotMapped().AsCompletedTask();
}
IConvertible value = request.QueryString[field];
object convertedValue;
try
{
convertedValue = value.ToType(propertyType, CultureInfo.InvariantCulture);
}
catch (Exception exception)
{
if (_errorHandling == DataConversionErrorHandling.ThrowException)
{
throw new ApplicationException(
String.Format(
"Value of query string field '{0}' could not be converted to property '{1} {2}' of type '{3}'.",
field,
propertyType.FullName,
propertyName,
modelType.FullName),
exception);
}
convertedValue = propertyType.GetDefaultValue();
}
return MapResult.ValueMapped(convertedValue).AsCompletedTask();
}
public AuthenticationResult Authenticate(HttpRequestBase request, Route route)
{
request.ThrowIfNull("request");
route.ThrowIfNull("route");
HttpCookie cookie = request.Cookies[_cookieName];
if (cookie == null)
{
return AuthenticationResult.AuthenticationFailed;
}
try
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
return ticket.Expired ? AuthenticationResult.AuthenticationFailed : AuthenticationResult.AuthenticationSucceeded;
}
catch (ArgumentException)
{
return AuthenticationResult.AuthenticationFailed;
}
}
public bool IsTicketValid(HttpRequestBase request)
{
request.ThrowIfNull("request");
HttpCookie cookie = GetRequestCookie(request);
if (cookie == null)
{
return false;
}
FormsAuthenticationTicket ticket;
try
{
ticket = System.Web.Security.FormsAuthentication.Decrypt(cookie.Value);
}
catch (ArgumentException)
{
return false;
}
return ticket != null && !ticket.Expired;
}
public ResponseResult GetResponse(HttpRequestBase request, IEnumerable<RouteMatchResult> routeMatchResults)
{
request.ThrowIfNull("request");
routeMatchResults.ThrowIfNull("routeMatchResults");
RouteMatchResult[] unmatchedResults = routeMatchResults.Where(arg => arg.MatchResult.ResultType == MatchResultType.RouteNotMatched).ToArray();
if (unmatchedResults.Any())
{
RouteMatchResult[] unmatchedResultsThatMatchedOnUrlRelativePath = unmatchedResults.Where(arg1 => RouteMatchedUrlRelativePath(arg1.MatchResult)).ToArray();
int minimumUnmatchedRestrictions = unmatchedResultsThatMatchedOnUrlRelativePath.Any() ? unmatchedResultsThatMatchedOnUrlRelativePath.Min(arg => arg.MatchResult.UnmatchedRestrictions.Count()) : 0;
RouteMatchResult[] closestMatches = unmatchedResultsThatMatchedOnUrlRelativePath.Where(arg => arg.MatchResult.UnmatchedRestrictions.Count() == minimumUnmatchedRestrictions).ToArray();
if (closestMatches.Length == 1)
{
RouteMatchResult closestMatch = closestMatches[0];
IRestriction[] unmatchedRestrictions = closestMatch.MatchResult.UnmatchedRestrictions.ToArray();
MethodRestriction[] methodRestrictions = unmatchedRestrictions.OfType<MethodRestriction>().ToArray();
if (methodRestrictions.Any())
{
IEnumerable<string> methods = methodRestrictions
.Select(arg => arg.Method)
.Distinct(StringComparer.OrdinalIgnoreCase)
.OrderBy(arg => arg);
return ResponseResult.ResponseGenerated(Response.MethodNotAllowed().Header("Allow", String.Join(", ", methods)));
}
IEnumerable<HeaderRestriction<AcceptHeader>> acceptHeaderRestrictions = unmatchedRestrictions.OfType<HeaderRestriction<AcceptHeader>>();
if (acceptHeaderRestrictions.Any())
{
return ResponseResult.ResponseGenerated(Response.NotAcceptable());
}
IEnumerable<HeaderRestriction<AcceptCharsetHeader>> acceptCharsetHeaderRestrictions = unmatchedRestrictions.OfType<HeaderRestriction<AcceptCharsetHeader>>();
if (acceptCharsetHeaderRestrictions.Any())
{
return ResponseResult.ResponseGenerated(Response.NotAcceptable());
}
IEnumerable<HeaderRestriction<AcceptEncodingHeader>> acceptEncodingHeaderRestrictions = unmatchedRestrictions.OfType<HeaderRestriction<AcceptEncodingHeader>>();
if (acceptEncodingHeaderRestrictions.Any())
{
return ResponseResult.ResponseGenerated(Response.NotAcceptable());
}
IEnumerable<HeaderRestriction<ContentEncodingHeader>> contentEncodingHeaderRestrictions = unmatchedRestrictions.OfType<HeaderRestriction<ContentEncodingHeader>>();
if (contentEncodingHeaderRestrictions.Any())
{
return ResponseResult.ResponseGenerated(Response.UnsupportedMediaType());
}
}
}
return ResponseResult.ResponseNotGenerated();
}
public ResponseHandlerResult HandleResponse(HttpRequestBase httpRequest, HttpResponseBase httpResponse, IResponse suggestedResponse, ICache cache, string cacheKey)
{
httpRequest.ThrowIfNull("request");
httpResponse.ThrowIfNull("httpResponse");
suggestedResponse.ThrowIfNull("suggestedResponse");
if (!suggestedResponse.CachePolicy.HasPolicy || cache == null || cacheKey == null)
{
return ResponseHandlerResult.ResponseNotHandled();
}
CacheItem cacheItem = cache.Get(cacheKey);
string responseETag = suggestedResponse.CachePolicy.ETag;
#region If-Match precondition header
IfMatchHeader[] ifMatchHeaders = IfMatchHeader.ParseMany(httpRequest.Headers["If-Match"]).ToArray();
// Only consider If-Match headers if response status code is 2xx or 412
if (ifMatchHeaders.Any() && ((suggestedResponse.StatusCode.StatusCode >= 200 && suggestedResponse.StatusCode.StatusCode <= 299) || suggestedResponse.StatusCode.StatusCode == 412))
{
// Return 412 if no If-Match header matches the response ETag
// Return 412 if an "If-Match: *" header is present and the response has no ETag
if (ifMatchHeaders.All(arg => arg.EntityTag.Value != responseETag) ||
(responseETag == null && ifMatchHeaders.Any(arg => arg.EntityTag.Value == "*")))
{
return WriteResponse(httpResponse, Response.PreconditionFailed());
}
}
#endregion
#region If-None-Match precondition header
IfNoneMatchHeader[] ifNoneMatchHeaders = IfNoneMatchHeader.ParseMany(httpRequest.Headers["If-None-Match"]).ToArray();
if (ifNoneMatchHeaders.Any())
{
// Return 304 if an If-None-Match header matches the response ETag and the request method was GET or HEAD
// Return 304 if an "If-None-Match: *" header is present, the response has an ETag and the request method was GET or HEAD
// Return 412 if an "If-None-Match: *" header is present, the response has an ETag and the request method was not GET or HEAD
if (ifNoneMatchHeaders.Any(arg => arg.EntityTag.Value == responseETag) ||
(ifNoneMatchHeaders.Any(arg => arg.EntityTag.Value == "*") && responseETag != null))
{
if (String.Equals(httpRequest.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase) || String.Equals(httpRequest.HttpMethod, "HEAD", StringComparison.OrdinalIgnoreCase))
{
if (cacheItem != null)
{
cacheItem.Response.CachePolicy.Apply(httpResponse.Cache);
}
else
{
suggestedResponse.CachePolicy.Apply(httpResponse.Cache);
}
return WriteResponse(httpResponse, Response.NotModified());
}
return WriteResponse(httpResponse, Response.PreconditionFailed());
}
}
#endregion
#region If-Modified-Since precondition header
IfModifiedSinceHeader ifModifiedSinceHeader = IfModifiedSinceHeader.Parse(httpRequest.Headers["If-Modified-Since"]);
bool validIfModifiedSinceHttpDate = ifModifiedSinceHeader != null && ifModifiedSinceHeader.HttpDate <= _systemClock.UtcDateTime;
// Only consider an If-Modified-Since header if response status code is 200 and the HTTP-date is valid
if (suggestedResponse.StatusCode.ParsedStatusCode == HttpStatusCode.OK && validIfModifiedSinceHttpDate)
{
// Return 304 if the response was cached before the HTTP-date
if (cacheItem != null && cacheItem.CachedUtcTimestamp < ifModifiedSinceHeader.HttpDate)
{
return WriteResponse(httpResponse, Response.NotModified());
}
}
#endregion
#region If-Unmodified-Since precondition header
IfUnmodifiedSinceHeader ifUnmodifiedSinceHeader = IfUnmodifiedSinceHeader.Parse(httpRequest.Headers["If-Unmodified-Since"]);
bool validIfUnmodifiedSinceHttpDate = ifUnmodifiedSinceHeader != null && ifUnmodifiedSinceHeader.HttpDate <= _systemClock.UtcDateTime;
// Only consider an If-Unmodified-Since header if response status code is 2xx or 412 and the HTTP-date is valid
if (((suggestedResponse.StatusCode.StatusCode >= 200 && suggestedResponse.StatusCode.StatusCode <= 299) || suggestedResponse.StatusCode.StatusCode == 412) && validIfUnmodifiedSinceHttpDate)
{
// Return 412 if the previous response was removed from the cache or was cached again at a later time
if (cacheItem == null || cacheItem.CachedUtcTimestamp >= ifUnmodifiedSinceHeader.HttpDate)
{
return WriteResponse(httpResponse, Response.PreconditionFailed());
}
}
#endregion
#region No server caching
// Do not cache the response when the response sends a non-cacheable status code, or when an Authorization header is present
if (!_cacheableStatusCodes.Contains(suggestedResponse.StatusCode) || httpRequest.Headers["Authorization"] != null)
{
return WriteResponse(httpResponse, suggestedResponse);
}
CacheControlHeader cacheControlHeader = CacheControlHeader.Parse(httpRequest.Headers["Cache-Control"]);
// Do not cache the response if a "Cache-Control: no-cache" or "Cache-Control: no-store" header is present
if (cacheControlHeader != null && (cacheControlHeader.NoCache || cacheControlHeader.NoStore))
{
return WriteResponse(httpResponse, suggestedResponse);
}
IEnumerable<PragmaHeader> pragmaHeader = PragmaHeader.ParseMany(httpRequest.Headers["Pragma"]);
// Do not cache the response if a "Pragma: no-cache" header is present
if (pragmaHeader.Any(arg => String.Equals(arg.Name, "no-cache", StringComparison.OrdinalIgnoreCase)))
{
return WriteResponse(httpResponse, suggestedResponse);
}
#endregion
// Return 504 if the response has not been cached but the client is requesting to receive only a cached response
if (cacheItem == null && cacheControlHeader != null && cacheControlHeader.OnlyIfCached)
{
return WriteResponse(httpResponse, Response.GatewayTimeout());
}
if (cacheItem != null)
{
// Write the cached response if no Cache-Control header is present
// Write the cached response if a "Cache-Control: max-age" header is validated
// Write the cached response if a "Cache-Control: max-stale" header is validated
// Write the cached response if a "Cache-Control: min-fresh" header is validated
if (cacheControlHeader == null ||
_systemClock.UtcDateTime - cacheItem.CachedUtcTimestamp <= cacheControlHeader.MaxAge ||
cacheControlHeader.OnlyIfCached ||
cacheItem.ExpiresUtcTimestamp == null ||
_systemClock.UtcDateTime - cacheItem.ExpiresUtcTimestamp.Value <= cacheControlHeader.MaxStale ||
cacheItem.ExpiresUtcTimestamp.Value - _systemClock.UtcDateTime < cacheControlHeader.MinFresh)
{
return WriteResponseInCache(httpResponse, cacheItem);
}
}
bool cacheOnServer = suggestedResponse.CachePolicy.AllowsServerCaching;
var cacheResponse = new CacheResponse(suggestedResponse);
if (cacheOnServer)
{
DateTime expirationUtcTimestamp = suggestedResponse.CachePolicy.ServerCacheExpirationUtcTimestamp != null
? suggestedResponse.CachePolicy.ServerCacheExpirationUtcTimestamp.Value
: _systemClock.UtcDateTime + suggestedResponse.CachePolicy.ServerCacheMaxAge.Value;
cache.Add(cacheKey, cacheResponse, expirationUtcTimestamp);
}
return WriteResponse(httpResponse, cacheResponse);
}
public Task<IResponse> GetFailedAuthenticationResponseAsync(HttpRequestBase request)
{
request.ThrowIfNull("request");
if (_failedAuthenticationRedirectAbsoluteUrlDelegate == null)
{
return new Response().Unauthorized().AsCompletedTask<IResponse>();
}
string absoluteUrl = _failedAuthenticationRedirectAbsoluteUrlDelegate();
Uri url;
if (!Uri.TryCreate(absoluteUrl, UriKind.RelativeOrAbsolute, out url))
{
throw new InvalidOperationException("Invalid failed authentication redirect URL.");
}
if (_returnUrlQueryStringField != null)
{
string returnUrlQueryString = String.Format("{0}={1}", _returnUrlQueryStringField, HttpUtility.UrlEncode(request.RawUrl));
absoluteUrl += (absoluteUrl.IndexOf('?') > -1 ? "&" : "?") + returnUrlQueryString;
}
return (String.Equals(request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase) ? new Response().Found(absoluteUrl) : new Response().SeeOther(absoluteUrl)).AsCompletedTask<IResponse>();
}
public MapResult Map(HttpRequestBase request, Type type, MethodInfo method, ParameterInfo parameter)
{
request.ThrowIfNull("request");
type.ThrowIfNull("type");
method.ThrowIfNull("method");
parameter.ThrowIfNull("parameter");
Type parameterType = parameter.ParameterType;
object model = _container != null ? _container.GetInstance(parameterType) : Activator.CreateInstance(parameterType);
Type modelType = model.GetType();
foreach (PropertyInfo property in modelType.GetProperties(BindingFlags.Public | BindingFlags.Instance))
{
PropertyInfo closureProperty = property;
var mappedValue = _modelPropertyMappers
.Select(arg => new { Mapper = arg, MapResult = arg.Map(request, modelType, closureProperty) })
.FirstOrDefault(arg => arg.MapResult.ResultType == MapResultType.ValueMapped);
if (mappedValue == null)
{
throw new ApplicationException(String.Format("Unable to map property '{0} {1}' of type '{2}'.", property.PropertyType.FullName, property.Name, modelType.FullName));
}
property.SetValue(model, mappedValue.MapResult.Value, null);
}
return MapResult.ValueMapped(model);
}
