private static Tuple <string, string, string> getNameAndDomainAndPath(string name, string domain, string path, bool omitNamePrefix) { var defaultAttributes = EwfConfigurationStatics.AppConfiguration.DefaultCookieAttributes; var defaultBaseUrl = new Uri(EwfApp.GetDefaultBaseUrl(false)); domain = domain ?? defaultAttributes.Domain ?? ""; // It's important that the cookie path not end with a slash. If it does, Internet Explorer will not transmit the cookie if the user requests the root URL // of the application without a trailing slash, e.g. integration.redstapler.biz/Todd. One justification for adding a trailing slash to the cookie path is // http://stackoverflow.com/questions/2156399/restful-cookie-path-fails-in-ie-without-trailing-slash. path = path ?? defaultAttributes.Path; path = path != null ? "/" + path : defaultBaseUrl.AbsolutePath; // Ensure that the domain and path of the cookie are in scope for both the request URL and resource URL. These two URLs can be different on shortcut URL // requests, requests that transfer to the log-in page, etc. var requestUrls = new List <string> { AppRequestState.Instance.Url }; if (EwfPage.Instance != null) { requestUrls.Add(EwfPage.Instance.InfoAsBaseType.GetUrl(false, false, true)); } foreach (var url in requestUrls) { var uri = new Uri(url); if (domain.Any() && !("." + uri.Host).EndsWith("." + domain)) { throw new ApplicationException("The cookie domain of \"{0}\" is not in scope for \"{1}\".".FormatWith(domain, url)); } if (path != "/" && !(uri.AbsolutePath + "/").StartsWith(path + "/")) { throw new ApplicationException("The cookie path of \"{0}\" is not in scope for \"{1}\".".FormatWith(path, url)); } } if (!domain.Any()) { var requestHosts = requestUrls.Select(i => new Uri(i).Host); if (requestHosts.Distinct().Count() > 1) { throw new ApplicationException( "The cookie domain could arbitrarily be either {0} depending upon the request URL.".FormatWith( StringTools.ConcatenateWithDelimiter(" or ", requestHosts.ToArray()))); } } return(Tuple.Create((omitNamePrefix ? "" : defaultAttributes.NamePrefix ?? "") + name, domain, path)); }
internal string GetUrl(bool ensureUserCanAccessResource, bool ensureResourceNotDisabled, bool makeAbsolute) { var url = buildUrl() + uriFragmentIdentifier.PrependDelimiter("#"); if (ensureUserCanAccessResource && !UserCanAccessResource) { throw new ApplicationException("GetUrl was called for a resource that the authenticated user cannot access. The URL would have been " + url + "."); } if (ensureResourceNotDisabled && AlternativeMode is DisabledResourceMode) { throw new ApplicationException("GetUrl was called for a resource that is disabled. The URL would have been " + url + "."); } if (makeAbsolute) { url = url.Replace("~", EwfApp.GetDefaultBaseUrl(ShouldBeSecureGivenCurrentRequest)); } return(url); }