public bool ValidateCookie(HttpRequest httpRequest, HeaderCookie headerCookie) { if (headerCookie.Secure != null && headerCookie.Secure == true && httpRequest.UsesSsl == false) { return(false); } if (headerCookie.Path != null && httpRequest.Path.StartsWith(headerCookie.Path) == false) { return(false); } if (headerCookie.Expires != null && DateTimeOffset.Now > headerCookie.Expires) { return(false); } if (headerCookie.Domain == null) { return(true); } var cookieHosts = headerCookie.Domain.Split('.'); var requestHosts = httpRequest.ServerDomain.Split('.'); var ok = true; for (var i = cookieHosts.Length; i >= 0; i--) { var cookieHost = cookieHosts[i]; if (cookieHost == "*") { break; } if (requestHosts.Length - 1 < i) { ok = false; break; } var requestHost = requestHosts[i]; if (requestHost == cookieHost) { continue; } ok = false; break; } return(ok); }
public bool ValidateCookie(HttpRequest httpRequest, HeaderCookie headerCookie) { if (headerCookie.Secure != null && headerCookie.Secure == true && httpRequest.UsesSsl == false) { return false; } if (headerCookie.Path != null && httpRequest.Path.StartsWith(headerCookie.Path) == false) { return false; } if (headerCookie.Expires != null && DateTimeOffset.Now > headerCookie.Expires) { return false; } if (headerCookie.Domain == null) return true; var cookieHosts = headerCookie.Domain.Split('.'); var requestHosts = httpRequest.ServerDomain.Split('.'); var ok = true; for (var i = cookieHosts.Length; i >= 0; i--) { var cookieHost = cookieHosts[i]; if (cookieHost == "*") { break; } if (requestHosts.Length - 1 < i) { ok = false; break; } var requestHost = requestHosts[i]; if (requestHost == cookieHost) continue; ok = false; break; } return ok; }
public IEnumerable<HeaderCookie> ReadCookieHeaders(NameValueCollection headers) { for (var i = headers.Count - 1; i >= 0; i--) { var header = headers[i]; var delimPosition = header.IndexOf(':'); if (delimPosition < 0) continue; // no ':' - invalid header - skip if (delimPosition == header.Length) continue; // no any value - invalid header - skip var key = header.Substring(0, delimPosition); if (key != _contants.SetCookie) continue; var value = header.Substring(delimPosition + 1, header.Length - delimPosition - 1); if (string.IsNullOrWhiteSpace(value)) continue; // empty value - invalid header - skip var headerCookie = new HeaderCookie(); foreach (var token in value.Split(';').Select(x => x.Trim())) { var tokenKeyValue = token.Split('=').Select(x => x.Trim()).ToArray(); var tokenKey = tokenKeyValue.FirstOrDefault(); if (string.IsNullOrWhiteSpace(tokenKey)) continue; switch (tokenKey.ToLowerInvariant()) { case "httponly": headerCookie.HttpOnly = true; break; case "secure": headerCookie.Secure = true; break; case "expires": { if (tokenKeyValue.Length != 2) { continue; } var tokenValue = tokenKeyValue[1]; DateTimeOffset expires; if (DateTimeOffset.TryParseExact( tokenValue, "R", CultureInfo.InvariantCulture, DateTimeStyles.None, out expires) == false) { continue; } headerCookie.Expires = expires; } break; case "domain": { if (tokenKeyValue.Length != 2) continue; var tokenValue = tokenKeyValue[1]; headerCookie.Domain = tokenValue; } break; case "path": { if (tokenKeyValue.Length != 2) continue; var tokenValue = tokenKeyValue[1]; headerCookie.Path = tokenValue; } break; default: { if (tokenKeyValue.Length != 2) continue; var tokenValue = tokenKeyValue[1]; headerCookie.Key = tokenKey; headerCookie.Value = tokenValue; } break; } yield return headerCookie; } } }
public IEnumerable <HeaderCookie> ReadCookieHeaders(NameValueCollection headers) { for (var i = headers.Count - 1; i >= 0; i--) { var header = headers[i]; var delimPosition = header.IndexOf(':'); if (delimPosition < 0) { continue; // no ':' - invalid header - skip } if (delimPosition == header.Length) { continue; // no any value - invalid header - skip } var key = header.Substring(0, delimPosition); if (key != _contants.SetCookie) { continue; } var value = header.Substring(delimPosition + 1, header.Length - delimPosition - 1); if (string.IsNullOrWhiteSpace(value)) { continue; // empty value - invalid header - skip } var headerCookie = new HeaderCookie(); foreach (var token in value.Split(';').Select(x => x.Trim())) { var tokenKeyValue = token.Split('=').Select(x => x.Trim()).ToArray(); var tokenKey = tokenKeyValue.FirstOrDefault(); if (string.IsNullOrWhiteSpace(tokenKey)) { continue; } switch (tokenKey.ToLowerInvariant()) { case "httponly": headerCookie.HttpOnly = true; break; case "secure": headerCookie.Secure = true; break; case "expires": { if (tokenKeyValue.Length != 2) { continue; } var tokenValue = tokenKeyValue[1]; DateTimeOffset expires; if (DateTimeOffset.TryParseExact( tokenValue, "R", CultureInfo.InvariantCulture, DateTimeStyles.None, out expires) == false) { continue; } headerCookie.Expires = expires; } break; case "domain": { if (tokenKeyValue.Length != 2) { continue; } var tokenValue = tokenKeyValue[1]; headerCookie.Domain = tokenValue; } break; case "path": { if (tokenKeyValue.Length != 2) { continue; } var tokenValue = tokenKeyValue[1]; headerCookie.Path = tokenValue; } break; default: { if (tokenKeyValue.Length != 2) { continue; } var tokenValue = tokenKeyValue[1]; headerCookie.Key = tokenKey; headerCookie.Value = tokenValue; } break; } yield return(headerCookie); } } }