c
/
mono
зеркало из https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
							//
// System.Web.Security.RoleManagerModule
//
// Authors:
//	Ben Maurer ([email protected])
//
// (C) 2003 Ben Maurer
//

//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//

#if NET_2_0
using System.Collections;
using System.Collections.Specialized;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Web.Configuration;

namespace System.Web.Security {
	public sealed class RoleManagerModule : IHttpModule {
		RoleManagerSection _config = null;

		public event RoleManagerEventHandler GetRoles;

		public void Dispose ()
		{
		}

		void ClearCookie (HttpApplication app, string cookieName)
		{
			HttpCookie clearCookie = new HttpCookie (_config.CookieName, "");

			clearCookie.Path = _config.CookiePath;
			clearCookie.Expires = DateTime.MinValue;
			clearCookie.Domain = _config.Domain;
			clearCookie.Secure = _config.CookieRequireSSL;
			app.Response.SetCookie (clearCookie);
		}

		void OnPostAuthenticateRequest (object sender, EventArgs args)
		{
			HttpApplication app = (HttpApplication)sender;

			/* if we're disabled, bail out early */
			if (!_config.Enabled)
				return;

			/* allow the user to populate the Role */
			if (GetRoles != null) {
				RoleManagerEventArgs role_args = new RoleManagerEventArgs (app.Context);

				GetRoles (this, role_args);

				if (role_args.RolesPopulated)
					return;
			}

			RolePrincipal principal;

			HttpCookie cookie = app.Request.Cookies [_config.CookieName];

			IIdentity currentIdentity = app.Context.User.Identity;
			if (app.Request.IsAuthenticated) {
				if (cookie != null) {
					if (!_config.CacheRolesInCookie)
						cookie = null;
					else if (_config.CookieRequireSSL && !app.Request.IsSecureConnection) {
						cookie = null;
						ClearCookie (app, _config.CookieName);
					}
						
				}

				if (cookie == null)
					principal = new RolePrincipal (currentIdentity);
				else
					principal = new RolePrincipal (currentIdentity, cookie.Value);
			}
			else {
				/* anonymous request */

				if (cookie != null) {
					ClearCookie (app, _config.CookieName);
				}

				principal = new RolePrincipal (currentIdentity);
			}

			app.Context.User = principal;
			Thread.CurrentPrincipal = principal;
		}

		void OnEndRequest (object sender, EventArgs args)
		{
			HttpApplication app = (HttpApplication)sender;

			/* if we're not enabled or configured to cache
			 * cookies, bail out */
			if (!_config.Enabled || !_config.CacheRolesInCookie)
				return;

			/* if the user isn't authenticated, bail
			 * out */
			if (!app.Request.IsAuthenticated)
				return;

			/* if the configuration requires ssl for
			 * cookies and we're not on an ssl connection,
			 * bail out */
			if (_config.CookieRequireSSL && !app.Request.IsSecureConnection)
				return;

			RolePrincipal principal = app.Context.User as RolePrincipal;
			if (principal == null) /* just for my sanity */
				return;

			if (!principal.CachedListChanged)
				return;

			string ticket = principal.ToEncryptedTicket ();
			if (ticket == null || ticket.Length > 4096) {
				ClearCookie (app, _config.CookieName);
				return;
			}

			HttpCookie cookie = new HttpCookie (_config.CookieName, ticket);

			cookie.HttpOnly = true;
			if (!string.IsNullOrEmpty (_config.Domain))
				cookie.Domain = _config.Domain;
			if (_config.CookieRequireSSL)
				cookie.Secure = true;
			if (_config.CookiePath.Length > 1) // more than '/'
				cookie.Path = _config.CookiePath;
			app.Response.SetCookie (cookie);
		}

		public void Init (HttpApplication app)
		{
			app.PostAuthenticateRequest += OnPostAuthenticateRequest;
			app.EndRequest += OnEndRequest;

			_config = (RoleManagerSection) WebConfigurationManager.GetSection ("system.web/roleManager");
		}
	}
}
#endif