protected void Page_Load(object sender, EventArgs e) { preAnalyzer = RequestAnalyzer.RetrieveAnalysis(RequestLifecyclePhase.BeginRequest); postAnalyzer = RequestAnalyzer.AnalyzeRequest(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName], RequestLifecyclePhase.ProcessRequest, true); if (!Page.IsPostBack) { BindFields(); } ValidateFields(); }
/// <summary> /// Performs a comparison of analyses taken a different points in the request processing pipeline /// </summary> /// <param name="before">The prior analysis</param> /// <param name="after">The current analysis</param> /// <returns>A conclusion derived from the analysis change</returns> public static ComparisonResult Compare(RequestAnalysis before, RequestAnalysis after) { if (before.RequestIsMalicious || after.RequestIsMalicious) { return ComparisonResult.MaliciousRequest; } if (before.RequestIsAuthenticated && after.RequestIsAuthenticated) { return ComparisonResult.AuthenticatedRequest; } if (before.RequestIsAuthenticated && !after.RequestIsAuthenticated) { return ComparisonResult.LogoutRequest; } if (!before.RequestIsAuthenticated && !after.RequestIsAuthenticated && before.FormsAuthenticationCookieResult.IsExpired) { return ComparisonResult.LogoutRequest; } if (!before.RequestIsAuthenticated && after.RequestIsAuthenticated) { return ComparisonResult.LoginRequest; } return ComparisonResult.UnauthenticatedRequest; }
/// <summary> /// Creates a new instance of a FormsAuthenticationCookieAnalyzer /// </summary> /// <param name="formsAuthenticationCookie">The formsAuthenticationCookie to inspect</param> /// <param name="requestPhase">The phase of the request procesisng lifecycle from which the analysis is being requested</param> /// <param name="saveToContext">Whether or not to save the result of the analysis to the HttpContext.Current.Items collection</param> public static RequestAnalysis AnalyzeRequest(HttpCookie formsAuthenticationCookie, RequestLifecyclePhase? requestPhase, bool saveToContext) { EnhancedSecurity.Initialize(); ContextInformation context = new ContextInformation(); FormsAuthenticationCookieAnalysis formsAuthenticationCookieResult = AnalyzeFormsAuthenticationCookie(formsAuthenticationCookie); FormsAuthenticationTicketAnalysis formsAuthenticationTicketResult; UserAuthenticationTicketAnalysis userAuthenticationTicketResult; if (UserAuthentication.Enabled) { formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, true, requestPhase); userAuthenticationTicketResult = AnalyzeServerAuthenticationTicket(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, UserAuthentication.EnforceClientHostAddressValidation); } else { formsAuthenticationTicketResult = AnalyzeFormsAuthenticationTicket(formsAuthenticationCookieResult, false, requestPhase); userAuthenticationTicketResult = new UserAuthenticationTicketAnalysis(); } RequestAnalysis result = new RequestAnalysis(context, formsAuthenticationCookieResult, formsAuthenticationTicketResult, userAuthenticationTicketResult); if (saveToContext) { string contextKey = "Analysis:" + requestPhase.ToString(); HttpContext.Current.Items[contextKey] = result; } return result; }