mcs/class/System.Web/System.Web.Security/FormsAuthenticationModule.cs

   1 //
   2 // System.Web.Security.FormsAuthenticationModule
   3 //
   4 // Authors:
   5 //      Gonzalo Paniagua Javier (gonzalo@ximian.com)
   6 //
   7 // (C) 2002 Ximian, Inc (http://www.ximian.com)
   8 //
   9
  10 using System;
  11 using System.Security.Principal;
  12 using System.Text;
  13 using System.Web;
  14 using System.Web.Configuration;
  15 using System.Web.Util;
  16
  17 namespace System.Web.Security
  18 {
  19         public sealed class FormsAuthenticationModule : IHttpModule
  20         {
  21                 bool noForms;
  22
  23                 public void Dispose ()
  24                 {
  25                 }
  26
  27                 public void Init (HttpApplication app)
  28                 {
  29                         app.AuthenticateRequest += new EventHandler (OnAuthenticateRequest);
  30                         app.EndRequest += new EventHandler (OnEndRequest);
  31                 }
  32
  33                 void OnAuthenticateRequest (object sender, EventArgs args)
  34                 {
  35                         HttpApplication app = (HttpApplication) sender;
  36                         HttpContext context = app.Context;
  37                         AuthConfig config = (AuthConfig) context.GetConfig ("system.web/authentication");
  38                         if (config.Mode != AuthenticationMode.Forms) {
  39                                 noForms = true;
  40                                 return;
  41                         }
  42
  43                         string cookieName = config.CookieName;
  44                         string cookiePath = config.CookiePath;
  45                         string loginPage = config.LoginUrl;
  46
  47                         string appVPath = context.Request.ApplicationPath;
  48                         string reqPath = context.Request.Path;
  49                         if (reqPath.StartsWith (appVPath))
  50                                 reqPath = reqPath.Substring (appVPath.Length);
  51
  52                         context.SkipAuthorization = (reqPath == loginPage);
  53
  54                         FormsAuthenticationEventArgs formArgs = new FormsAuthenticationEventArgs (context);
  55                         if (Authenticate != null)
  56                                 Authenticate (this, formArgs);
  57
  58                         bool contextUserNull = (context.User == null);
  59                         if (formArgs.User != null || !contextUserNull) {
  60                                 if (contextUserNull)
  61                                         context.User = formArgs.User;
  62                                 return;
  63                         }
  64
  65                         HttpCookie cookie = context.Request.Cookies [cookieName];
  66                         if (cookie == null || (cookie.Expires != DateTime.MinValue && cookie.Expires < DateTime.Now))
  67                                 return;
  68
  69                         FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt (cookie.Value);
  70                         FormsAuthentication.RenewTicketIfOld (ticket);
  71                         context.User = new GenericPrincipal (new FormsIdentity (ticket), new string [0]);
  72
  73                         cookie.Value = FormsAuthentication.Encrypt (ticket);
  74                         cookie.Path = cookiePath;
  75                         if (ticket.IsPersistent)
  76                                 cookie.Expires = ticket.Expiration;
  77
  78                         context.Response.Cookies.Add (cookie);
  79                 }
  80
  81                 void OnEndRequest (object sender, EventArgs args)
  82                 {
  83                         if (noForms)
  84                                 return;
  85
  86                         HttpApplication app = (HttpApplication) sender;
  87                         HttpContext context = app.Context;
  88                         if (context.Response.StatusCode != 401 || context.Request.QueryString ["ReturnUrl"] != null)
  89                                 return;
  90
  91                         AuthConfig config = (AuthConfig) context.GetConfig ("system.web/authentication");
  92                         StringBuilder login = new StringBuilder ();
  93                         login.Append (UrlUtils.Combine (context.Request.ApplicationPath, config.LoginUrl));
  94                         login.AppendFormat ("?ReturnUrl={0}", HttpUtility.UrlEncode (context.Request.RawUrl));
  95                         context.Response.Redirect (login.ToString ());
  96                 }
  97
  98                 public event FormsAuthenticationEventHandler Authenticate;
  99         }
 100 }
 101