// Authors:
// Gonzalo Paniagua Javier (gonzalo@ximian.com)
//
-// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// (C) 2002,2003 Ximian, Inc (http://www.ximian.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.Collections;
+using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Web;
static string cookiePath;
static int timeout;
static FormsProtectionEnum protection;
+ static object locker = new object ();
+#if NET_1_1
+ static bool requireSSL;
+ static bool slidingExpiration;
+#endif
+
+ // same names and order used in xsp
+ static string [] indexFiles = { "index.aspx",
+ "Default.aspx",
+ "default.aspx",
+ "index.html",
+ "index.htm" };
public static bool Authenticate (string name, string password)
{
/* Do nothing */
break;
case FormsAuthPasswordFormat.MD5:
- stored = HashPasswordForStoringInConfigFile (stored, "MD5");
+ password = HashPasswordForStoringInConfigFile (password, "MD5");
break;
case FormsAuthPasswordFormat.SHA1:
- stored = HashPasswordForStoringInConfigFile (stored, "SHA1");
+ password = HashPasswordForStoringInConfigFile (password, "SHA1");
break;
}
Initialize ();
byte [] bytes = MachineKeyConfigHandler.GetBytes (encryptedTicket, encryptedTicket.Length);
- //TODO: decrypt
- string decrypted = WebEncoding.Encoding.GetString (bytes);
+ string decrypted = Encoding.ASCII.GetString (bytes);
FormsAuthenticationTicket ticket = null;
try {
string [] values = decrypted.Split ((char) 1, (char) 2, (char) 3, (char) 4, (char) 5, (char) 6, (char) 7);
if (values.Length != 8)
throw new Exception (values.Length + " " + encryptedTicket);
+
ticket = new FormsAuthenticationTicket (Int32.Parse (values [0]),
values [1],
new DateTime (Int64.Parse (values [2])),
(values [4] == "1"),
values [5],
values [6]);
- } catch (Exception e) {
- throw new ArgumentException ("Invalid encrypted ticket", "encryptedTicket", e);
+ } catch (Exception) {
+ ticket = null;
}
return ticket;
public static HttpCookie GetAuthCookie (string userName, bool createPersistentCookie)
{
- return GetAuthCookie (userName, createPersistentCookie, cookiePath);
+ return GetAuthCookie (userName, createPersistentCookie, null);
}
public static HttpCookie GetAuthCookie (string userName, bool createPersistentCookie, string strCookiePath)
return new HttpCookie (cookieName, Encrypt (ticket), strCookiePath, then);
}
- [MonoTODO]
public static string GetRedirectUrl (string userName, bool createPersistentCookie)
{
- throw new NotImplementedException ();
+ if (userName == null)
+ return null;
+
+ //TODO: what's createPersistentCookie used for?
+ Initialize ();
+ HttpRequest request = HttpContext.Current.Request;
+ string returnUrl = request ["RETURNURL"];
+ if (returnUrl != null)
+ return returnUrl;
+
+ returnUrl = request.ApplicationPath;
+ string apppath = request.PhysicalApplicationPath;
+ bool found = false;
+
+ foreach (string indexFile in indexFiles) {
+ string filePath = Path.Combine (apppath, indexFile);
+ if (File.Exists (filePath)) {
+ returnUrl = UrlUtils.Combine (returnUrl, indexFile);
+ found = true;
+ break;
+ }
+ }
+
+ if (!found)
+ returnUrl = UrlUtils.Combine (returnUrl, "index.aspx");
+
+ return returnUrl;
}
static string GetHexString (string str)
{
- return GetHexString (WebEncoding.Encoding.GetBytes (str));
+ return GetHexString (Encoding.ASCII.GetBytes (str));
}
static string GetHexString (byte [] bytes)
byte [] bytes;
if (String.Compare (passwordFormat, "MD5", true) == 0) {
- bytes = MD5.Create ().ComputeHash (WebEncoding.Encoding.GetBytes (password));
+ bytes = MD5.Create ().ComputeHash (Encoding.ASCII.GetBytes (password));
} else if (String.Compare (passwordFormat, "SHA1", true) == 0) {
- bytes = SHA1.Create ().ComputeHash (WebEncoding.Encoding.GetBytes (password));
+ bytes = SHA1.Create ().ComputeHash (Encoding.ASCII.GetBytes (password));
} else {
throw new ArgumentException ("The format must be either MD5 or SHA1", "passwordFormat");
}
if (initialized)
return;
- lock (typeof (FormsAuthentication)) {
+ lock (locker) {
if (initialized)
return;
timeout = authConfig.Timeout;
cookiePath = authConfig.CookiePath;
protection = authConfig.Protection;
+#if NET_1_1
+ requireSSL = authConfig.RequireSSL;
+ slidingExpiration = authConfig.SlidingExpiration;
+#endif
} else {
cookieName = ".MONOAUTH";
timeout = 30;
cookiePath = "/";
protection = FormsProtectionEnum.All;
+#if NET_1_1
+ slidingExpiration = true;
+#endif
}
initialized = true;
}
}
- [MonoTODO]
public static void RedirectFromLoginPage (string userName, bool createPersistentCookie)
{
- throw new NotImplementedException ();
+ RedirectFromLoginPage (userName, createPersistentCookie, null);
}
- [MonoTODO]
public static void RedirectFromLoginPage (string userName, bool createPersistentCookie, string strCookiePath)
{
- throw new NotImplementedException ();
+ if (userName == null)
+ return;
+
+ Initialize ();
+ SetAuthCookie (userName, createPersistentCookie, strCookiePath);
+ HttpResponse resp = HttpContext.Current.Response;
+ resp.Redirect (GetRedirectUrl (userName, createPersistentCookie), false);
}
- [MonoTODO]
+
public static FormsAuthenticationTicket RenewTicketIfOld (FormsAuthenticationTicket tOld)
{
- throw new NotImplementedException ();
+ if (tOld == null)
+ return null;
+
+ DateTime now = DateTime.Now;
+ TimeSpan toIssue = now - tOld.IssueDate;
+ TimeSpan toExpiration = tOld.Expiration - now;
+ if (toExpiration > toIssue)
+ return tOld;
+
+ FormsAuthenticationTicket tNew = tOld.Clone ();
+ tNew.SetDates (now, now + (tOld.Expiration - tOld.IssueDate));
+ return tNew;
}
public static void SetAuthCookie (string userName, bool createPersistentCookie)
{
+ Initialize ();
SetAuthCookie (userName, createPersistentCookie, cookiePath);
}
return cookiePath;
}
}
+#if NET_1_1
+ public static bool RequireSSL {
+ get {
+ Initialize ();
+ return requireSSL;
+ }
+ }
+
+ public static bool SlidingExpiration {
+ get {
+ Initialize ();
+ return slidingExpiration;
+ }
+ }
+#endif
}
}