public SecurityEnforcer(ISecurityEvaluator securityEvaluator)
{
if (securityEvaluator == null) {
throw new ArgumentNullException("securityEvaluator");
}
_securityEvaluator = securityEvaluator;
}
public SecurityEnforcer(ISecurityEvaluator securityEvaluator)
{
if (securityEvaluator == null)
{
throw new ArgumentNullException("securityEvaluator");
}
_securityEvaluator = securityEvaluator;
}
public void Enrich(HttpResponseBase response, HttpRequestBase request, ISecurityEvaluator securityEvaluator, Settings settings)
{
if (!securityEvaluator.IsSecureConnection(request, settings) || !settings.EnableHsts) {
return;
}
// Add the needed STS header.
response.AddHeader("Strict-Transport-Security", string.Format("max-age={0:f0}", settings.HstsMaxAge));
}
/// <summary>
/// Determines a target URL (if any) for this request, based on the expected security.
/// </summary>
/// <param name="context"></param>
/// <param name="expectedSecurity"></param>
/// <returns></returns>
private string DetermineTargetUrl(HttpContextBase context, RequestSecurity expectedSecurity)
{
// Ensure the request matches the expected security.
Logger.Log("Determining the URI for the expected security.", Logger.LogLevel.Info);
ISecurityEvaluator securityEvaluator = SecurityEvaluatorFactory.Instance.Create(context, _settings);
ISecurityEnforcer securityEnforcer = SecurityEnforcerFactory.Instance.Create(context, securityEvaluator);
string targetUrl = securityEnforcer.GetUriForMatchedSecurityRequest(context.Request, context.Response, expectedSecurity, _settings);
return(targetUrl);
}
public void Enrich(HttpResponseBase response, HttpRequestBase request, ISecurityEvaluator securityEvaluator, Settings settings)
{
if (!securityEvaluator.IsSecureConnection(request, settings) || !settings.EnableHsts)
{
return;
}
// Add the needed STS header.
response.AddHeader("Strict-Transport-Security", string.Format("max-age={0:f0}", settings.HstsMaxAge));
}
/// <summary>
/// Gets a security enforcer.
/// </summary>
/// <returns></returns>
internal ISecurityEnforcer Create(HttpContextBase context, ISecurityEvaluator securityEvaluator)
{
var enforcer = GetCacheValue(context);
if (enforcer != null)
{
return(enforcer);
}
Logger.Log("Creating SecurityEnforcer.");
return(new SecurityEnforcer(securityEvaluator));
}
/// <summary>
/// Enriches the response as needed, based on the expected security and settings.
/// </summary>
/// <param name="context"></param>
/// <param name="settings"></param>
private void EnrichResponse(HttpContextBase context, Settings settings)
{
IEnumerable <IResponseEnricher> enrichers = ResponseEnricherFactory.Instance.GetAll(context);
if (enrichers == null)
{
return;
}
ISecurityEvaluator securityEvaluator = SecurityEvaluatorFactory.Instance.Create(context, _settings);
foreach (var enricher in enrichers)
{
enricher.Enrich(context.Response, context.Request, securityEvaluator, settings);
}
}
