public string GetEnvironmentName(IDotvvmRequestContext context) { var owinContext = context.GetOwinContext(); var environmentName = owinContext?.Get <string>(HostingConstants.HostAppModeKey); return(string.IsNullOrWhiteSpace(environmentName) ? "Production" : environmentName); }
/// <summary> /// Called when a request is being authorized. The authorization fails if: a) no user is associated with the request; /// b) the user is not authenticated; c) the user is not in any of the authorized <see cref="Roles" />. /// </summary> /// <param name="context">The request context.</param> /// <param name="appliedOn">The object which can contain [NotAuthorizedAttribute] that could suppress it.</param> protected virtual void Authorize(IDotvvmRequestContext context, object appliedOn) { if (!CanBeAuthorized(appliedOn)) { return; } var owinContext = context.GetOwinContext(); if (!IsUserAuthenticated(owinContext) || !IsUserAuthorized(owinContext)) { HandleUnauthorizedRequest(owinContext); } }
private byte[] GetOrCreateSessionId(IDotvvmRequestContext context, bool canGenerate = true) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var sessionIdCookieName = GetSessionIdCookieName(context); if (string.IsNullOrWhiteSpace(sessionIdCookieName)) { throw new FormatException("Configured SessionIdCookieName is missing or empty."); } // Construct protector with purposes var protector = this.protectionProvider.Create(PURPOSE_SID); // Get cookie value var sidCookieValue = cookieManager.GetRequestCookie(context.GetOwinContext(), sessionIdCookieName); if (!string.IsNullOrWhiteSpace(sidCookieValue)) { // Try to read from cookie try { var protectedSid = Convert.FromBase64String(sidCookieValue); var sid = protector.Unprotect(protectedSid); return(sid); } catch (Exception ex) { // Incorrect Base64 formatting of crypto protection error // Generate new one or thow error if can't if (!canGenerate) { throw new CorruptedCsrfTokenException("Value of the SessionID cookie is corrupted or has been tampered with.", ex); } // else suppress error and generate new SID } } // No SID - generate and protect new one if (canGenerate) { var rng = new System.Security.Cryptography.RNGCryptoServiceProvider(); var sid = new byte[SID_LENGTH]; rng.GetBytes(sid); var protectedSid = protector.Protect(sid); // Save to cookie sidCookieValue = Convert.ToBase64String(protectedSid); cookieManager.AppendResponseCookie( context.GetOwinContext(), sessionIdCookieName, // Configured cookie name sidCookieValue, // Base64-encoded SID value new Microsoft.Owin.CookieOptions { HttpOnly = true, // Don't allow client script access Secure = context.HttpContext.Request.IsHttps // If request goes trough HTTPS, mark as secure only }); // Return newly generated SID return(sid); } else { throw new SecurityException("SessionID cookie is missing, so can't verify CSRF token."); } }
/// <summary> /// Gets the Authentication functionality available on the current request. /// </summary> /// <param name="context">The request context.</param> public static IAuthenticationManager GetAuthentication(this IDotvvmRequestContext context) => context.GetOwinContext().Authentication;
public CancellationToken GetCancellationToken(IDotvvmRequestContext context) { return(context.GetOwinContext().Request.CallCancelled); }