/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
// Initialize this
/// <devdoc>
/// Initializes FormsAuthentication by reading
/// configuration and getting the cookie values and encryption keys for the given
/// application.
/// </devdoc>
public static void Initialize()
{
if (_Initialized)
{
return;
}
lock (_lockObject) {
if (_Initialized)
{
return;
}
AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication;
settings.ValidateAuthenticationMode();
_FormsName = settings.Forms.Name;
_RequireSSL = settings.Forms.RequireSSL;
_SlidingExpiration = settings.Forms.SlidingExpiration;
if (_FormsName == null)
{
_FormsName = CONFIG_DEFAULT_COOKIE;
}
_Protection = settings.Forms.Protection;
_Timeout = (int)settings.Forms.Timeout.TotalMinutes;
_FormsCookiePath = settings.Forms.Path;
_LoginUrl = settings.Forms.LoginUrl;
if (_LoginUrl == null)
{
_LoginUrl = "login.aspx";
}
_DefaultUrl = settings.Forms.DefaultUrl;
if (_DefaultUrl == null)
{
_DefaultUrl = "default.aspx";
}
_CookieMode = settings.Forms.Cookieless;
_CookieDomain = settings.Forms.Domain;
_EnableCrossAppRedirects = settings.Forms.EnableCrossAppRedirects;
_TicketCompatibilityMode = settings.Forms.TicketCompatibilityMode;
_cookieSameSite = settings.Forms.CookieSameSite;
_Initialized = true;
}
}
public static void Initialize()
{
if (!_Initialized)
{
lock (_lockObject)
{
if (!_Initialized)
{
AuthenticationSection authentication = RuntimeConfig.GetAppConfig().Authentication;
authentication.ValidateAuthenticationMode();
_FormsName = authentication.Forms.Name;
_RequireSSL = authentication.Forms.RequireSSL;
_SlidingExpiration = authentication.Forms.SlidingExpiration;
if (_FormsName == null)
{
_FormsName = ".ASPXAUTH";
}
_Protection = authentication.Forms.Protection;
_Timeout = (int)authentication.Forms.Timeout.TotalMinutes;
_FormsCookiePath = authentication.Forms.Path;
_LoginUrl = authentication.Forms.LoginUrl;
if (_LoginUrl == null)
{
_LoginUrl = "login.aspx";
}
_DefaultUrl = authentication.Forms.DefaultUrl;
if (_DefaultUrl == null)
{
_DefaultUrl = "default.aspx";
}
_CookieMode = authentication.Forms.Cookieless;
_CookieDomain = authentication.Forms.Domain;
_EnableCrossAppRedirects = authentication.Forms.EnableCrossAppRedirects;
_TicketCompatibilityMode = authentication.Forms.TicketCompatibilityMode;
_Initialized = true;
}
}
}
}
private static bool InternalAuthenticate(String name, String password)
{
//////////////////////////////////////////////////////////////////////
// Step 1: Make sure we are initialized
if (name == null || password == null)
{
return(false);
}
Initialize();
//////////////////////////////////////////////////////////////////////
// Step 2: Get the user database
AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication;
settings.ValidateAuthenticationMode();
FormsAuthenticationUserCollection Users = settings.Forms.Credentials.Users;
// Hashtable hTable = settings.Credentials;
if (Users == null)
{
return(false);
}
//////////////////////////////////////////////////////////////////////
// Step 3: Get the (hashed) password for this user
FormsAuthenticationUser u = Users[name.ToLower(CultureInfo.InvariantCulture)];
if (u == null)
{
return(false);
}
String pass = (String)u.Password;
if (pass == null)
{
return(false);
}
//////////////////////////////////////////////////////////////////////
// Step 4: Hash the given password
String encPassword;
#pragma warning disable 618 // HashPasswordForStorignInConfigFile is now obsolete
switch (settings.Forms.Credentials.PasswordFormat)
{
case FormsAuthPasswordFormat.SHA256:
encPassword = HashPasswordForStoringInConfigFile(password, "sha256");
break;
case FormsAuthPasswordFormat.SHA384:
encPassword = HashPasswordForStoringInConfigFile(password, "sha384");
break;
case FormsAuthPasswordFormat.SHA512:
encPassword = HashPasswordForStoringInConfigFile(password, "sha512");
break;
case FormsAuthPasswordFormat.SHA1:
encPassword = HashPasswordForStoringInConfigFile(password, "sha1");
break;
case FormsAuthPasswordFormat.MD5:
encPassword = HashPasswordForStoringInConfigFile(password, "md5");
break;
case FormsAuthPasswordFormat.Clear:
encPassword = password;
break;
default:
return(false);
}
#pragma warning restore 618
//////////////////////////////////////////////////////////////////////
// Step 5: Compare the hashes
return(String.Compare(encPassword,
pass,
((settings.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear)
? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
== 0);
}