protected virtual void HandleNonSecureRequest(AuthorizationContext context) { if (context.HttpContext.Request.HttpMethod != HttpMethod.Get) throw Error.SecureConnectionRequired(); string url = "https://" + context.HttpContext.Request.Url.Host + context.HttpContext.Request.RawUrl; context.Cancel = true; context.Result = new RedirectResult(url); }
protected virtual string CreateRedirectionUrl(AuthorizationContext context) { if (String.IsNullOrEmpty(_redirectTo)) return null; string url = _redirectTo; string query = String.Empty; if (!String.IsNullOrEmpty(_parameterName)) query = String.Concat( (_redirectTo.IndexOf('?') > -1) ? "&" : "?", _parameterName, "=", Uri.EscapeUriString(context.HttpContext.Request.Url.PathAndQuery) ); return url + query; }
public void OnAuthorization(AuthorizationContext context) { Precondition.Require(context, () => Error.ArgumentNull("context")); string value = context.HttpContext.Request.Parameters.Form.GetValue<string>(FieldName); if (String.IsNullOrEmpty(value)) throw Error.RequestValidationError(); RequestValidationToken current = RequestValidationToken.Create(context.HttpContext, Value); RequestValidationToken token = RequestValidationToken.Create(value); if(!token.IsValid(current)) throw Error.RequestValidationError(); if (_timeout > 0 && (DateTime.Now - token.CreationDate).TotalMinutes > _timeout) throw Error.RequestValidationError(); }
protected virtual bool RedirectAllowed(AuthorizationContext context, string url) { if (String.IsNullOrEmpty(url)) return false; if (context.Context.IsChild) return false; if (context.HttpContext.Request.IsAjaxRequest) return false; return true; }
public void OnAuthorization(AuthorizationContext context) { Precondition.Require(context, () => Error.ArgumentNull("context")); if (Validate(context.HttpContext)) { HttpCachePolicyBase cachePolicy = context.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidationHandler, null); } else { context.Cancel = true; string url = CreateRedirectionUrl(context); if (RedirectAllowed(context, url)) context.Result = new RedirectResult(url); else context.Result = DefaultResult; } }
public void OnAuthorization(AuthorizationContext context) { Precondition.Require(context, () => Error.ArgumentNull("context")); if (!context.HttpContext.Request.IsSecureConnection) HandleNonSecureRequest(context); }
protected virtual AuthorizationContext InvokeAuthorizationFilters( ControllerContext context, ActionDescriptor descriptor, ICollection<IAuthorizationFilter> filters) { Precondition.Require(context, () => Error.ArgumentNull("context")); Precondition.Require(descriptor, () => Error.ArgumentNull("descriptor")); Precondition.Require(filters, () => Error.ArgumentNull("filters")); AuthorizationContext filterContext = new AuthorizationContext(context, descriptor); foreach (IAuthorizationFilter filter in filters) { filter.OnAuthorization(filterContext); if (filterContext.Cancel) break; } return filterContext; }
void IAuthorizationFilter.OnAuthorization(AuthorizationContext context) { OnAuthorization(context); }
/// <summary> /// Method called when authorization occurs. /// </summary> /// <param name="context">Contains information about the current request and action</param> protected virtual void OnAuthorization(AuthorizationContext context) { }