mcs/class/System.Web/System.Web.Security/RoleManagerModule.cs

   1 //
   2 // System.Web.Security.RoleManagerModule
   3 //
   4 // Authors:
   5 //      Ben Maurer (bmaurer@users.sourceforge.net)
   6 //
   7 // (C) 2003 Ben Maurer
   8 //
   9
  10 //
  11 // Permission is hereby granted, free of charge, to any person obtaining
  12 // a copy of this software and associated documentation files (the
  13 // "Software"), to deal in the Software without restriction, including
  14 // without limitation the rights to use, copy, modify, merge, publish,
  15 // distribute, sublicense, and/or sell copies of the Software, and to
  16 // permit persons to whom the Software is furnished to do so, subject to
  17 // the following conditions:
  18 //
  19 // The above copyright notice and this permission notice shall be
  20 // included in all copies or substantial portions of the Software.
  21 //
  22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  29 //
  30
  31 #if NET_2_0
  32 using System.ComponentModel;
  33 using System.Collections;
  34 using System.Collections.Specialized;
  35 using System.Security.Principal;
  36 using System.Text;
  37 using System.Threading;
  38 using System.Web.Configuration;
  39
  40 namespace System.Web.Security {
  41         public sealed class RoleManagerModule : IHttpModule
  42         {
  43                 static readonly object getRolesEvent = new object ();
  44
  45                 RoleManagerSection _config = null;
  46                 EventHandlerList events = new EventHandlerList ();
  47
  48                 public event RoleManagerEventHandler GetRoles {
  49                         add { events.AddHandler (getRolesEvent, value); }
  50                         remove { events.RemoveHandler (getRolesEvent, value); }
  51                 }
  52
  53                 public void Dispose ()
  54                 {
  55                 }
  56
  57                 void ClearCookie (HttpApplication app, string cookieName)
  58                 {
  59                         HttpCookie clearCookie = new HttpCookie (_config.CookieName, "");
  60
  61                         clearCookie.Path = _config.CookiePath;
  62                         clearCookie.Expires = DateTime.MinValue;
  63                         clearCookie.Domain = _config.Domain;
  64                         clearCookie.Secure = _config.CookieRequireSSL;
  65                         app.Response.SetCookie (clearCookie);
  66                 }
  67
  68                 void OnPostAuthenticateRequest (object sender, EventArgs args)
  69                 {
  70                         HttpApplication app = (HttpApplication)sender;
  71
  72                         /* if we're disabled, bail out early */
  73                         if (_config == null || !_config.Enabled)
  74                                 return;
  75
  76                         /* allow the user to populate the Role */
  77                         RoleManagerEventHandler eh = events [getRolesEvent] as RoleManagerEventHandler;
  78                         if (eh != null) {
  79                                 RoleManagerEventArgs role_args = new RoleManagerEventArgs (app.Context);
  80
  81                                 eh (this, role_args);
  82
  83                                 if (role_args.RolesPopulated)
  84                                         return;
  85                         }
  86
  87                         RolePrincipal principal;
  88
  89                         HttpCookie cookie = app.Request.Cookies [_config.CookieName];
  90
  91                         IIdentity currentIdentity = app.Context.User.Identity;
  92                         if (app.Request.IsAuthenticated) {
  93                                 if (cookie != null) {
  94                                         if (!_config.CacheRolesInCookie)
  95                                                 cookie = null;
  96                                         else if (_config.CookieRequireSSL && !app.Request.IsSecureConnection) {
  97                                                 cookie = null;
  98                                                 ClearCookie (app, _config.CookieName);
  99                                         }
 100
 101                                 }
 102
 103                                 if (cookie == null || String.IsNullOrEmpty (cookie.Value))
 104                                         principal = new RolePrincipal (currentIdentity);
 105                                 else
 106                                         principal = new RolePrincipal (currentIdentity, cookie.Value);
 107                         }
 108                         else {
 109                                 /* anonymous request */
 110
 111                                 if (cookie != null) {
 112                                         ClearCookie (app, _config.CookieName);
 113                                 }
 114
 115                                 principal = new RolePrincipal (currentIdentity);
 116                         }
 117
 118                         app.Context.User = principal;
 119                         Thread.CurrentPrincipal = principal;
 120                 }
 121
 122                 void OnEndRequest (object sender, EventArgs args)
 123                 {
 124                         HttpApplication app = (HttpApplication)sender;
 125
 126                         /* if we're not enabled or configured to cache
 127                          * cookies, bail out */
 128                         if (_config == null || !_config.Enabled || !_config.CacheRolesInCookie)
 129                                 return;
 130
 131                         /* if the user isn't authenticated, bail
 132                          * out */
 133                         if (!app.Request.IsAuthenticated)
 134                                 return;
 135
 136                         /* if the configuration requires ssl for
 137                          * cookies and we're not on an ssl connection,
 138                          * bail out */
 139                         if (_config.CookieRequireSSL && !app.Request.IsSecureConnection)
 140                                 return;
 141
 142                         RolePrincipal principal = app.Context.User as RolePrincipal;
 143                         if (principal == null) /* just for my sanity */
 144                                 return;
 145
 146                         if (!principal.CachedListChanged)
 147                                 return;
 148
 149                         string ticket = principal.ToEncryptedTicket ();
 150                         if (ticket == null || ticket.Length > 4096) {
 151                                 ClearCookie (app, _config.CookieName);
 152                                 return;
 153                         }
 154
 155                         HttpCookie cookie = new HttpCookie (_config.CookieName, ticket);
 156
 157                         cookie.HttpOnly = true;
 158                         if (!string.IsNullOrEmpty (_config.Domain))
 159                                 cookie.Domain = _config.Domain;
 160                         if (_config.CookieRequireSSL)
 161                                 cookie.Secure = true;
 162                         if (_config.CookiePath.Length > 1) // more than '/'
 163                                 cookie.Path = _config.CookiePath;
 164                         app.Response.SetCookie (cookie);
 165                 }
 166
 167                 public void Init (HttpApplication app)
 168                 {
 169                         _config = (RoleManagerSection) WebConfigurationManager.GetSection ("system.web/roleManager");
 170
 171                         app.PostAuthenticateRequest += OnPostAuthenticateRequest;
 172                         app.EndRequest += OnEndRequest;
 173                 }
 174         }
 175 }
 176 #endif
 177