📄 securitymodule.cs
字号:
namespace PowerEasy.Web.HttpModule
{
using PowerEasy.Accessories;
using PowerEasy.Common;
using PowerEasy.Components;
using PowerEasy.UserManage;
using PowerEasy.Web;
using PowerEasy.Web.Configuration;
using System;
using System.Diagnostics;
using System.Globalization;
using System.Security.Cryptography;
using System.Web;
using System.Web.Configuration;
using System.Web.Security;
public class SecurityModule : IHttpModule
{
private const string ADMIN_LOGINURL = "Login.aspx";
private const string DEFAULT_MANAGEPATH = "admin";
private static FileVersionInfo fvInfo = FileVersionInfo.GetVersionInfo(Assembly.GetExecutingAssembly().Location);
private NoCheckAdminLoginElement m_NoCheckAdminLoginSection;
private NoCheckUrlReferrerElement m_NoCheckUrlReferrerSection;
private void Application_AuthenticateRequest(object sender, EventArgs e)
{
FormsAuthenticationTicket ticket = null;
HttpApplication application = (HttpApplication) sender;
HttpContext context = application.Context;
string name = FormsAuthentication.FormsCookieName + "AdminCookie";
ticket = ExtractTicketFromCookie(context, name);
if (ticket != null)
{
SlidingExpiration(context, ticket, name);
AdminPrincipal principal = AdminPrincipal.CreatePrincipal(ticket);
if (principal.Identity.IsAuthenticated)
{
principal.AdministratorInfo = Administrators.GetAdministratorByAdminName(principal.AdminName);
principal.Roles = RoleMembers.GetRoleIdListByAdminId(principal.AdministratorInfo.AdminId);
PEContext.Current.Admin = principal;
}
}
}
private void Application_BeginRequest(object source, EventArgs e)
{
string str = WebConfigurationManager.AppSettings["Version"];
HttpContext context = ((HttpApplication) source).Context;
if ((string.IsNullOrEmpty(str) && context.Request.Url.GetLeftPart(UriPartial.Path).EndsWith(".aspx", StringComparison.OrdinalIgnoreCase)) && (context.Request.Url.ToString().IndexOf("Install") < 0))
{
context.Response.Redirect("~/Install/Default.aspx", true);
}
string productVersion = fvInfo.ProductVersion;
string str3 = DataBaseHandle.CurrentVersion();
if ((str3 == "99.99.99.99") && (str == "0.9.8.0"))
{
str3 = "0.9.8.0";
}
if ((productVersion.Length == 7) && (str3.Length == 7))
{
productVersion = productVersion.Remove(productVersion.Length - 2, 2);
str3 = str3.Remove(str3.Length - 2, 2);
if ((string.IsNullOrEmpty(str3) || (DataConverter.CLng(str3.Replace(".", "")) < DataConverter.CLng(productVersion.Replace(".", "")))) && (context.Request.Url.GetLeftPart(UriPartial.Path).EndsWith(".aspx", StringComparison.OrdinalIgnoreCase) && (context.Request.Url.ToString().IndexOf("Install") < 0)))
{
context.Response.Redirect("~/Install/Upgrade.aspx", true);
}
}
}
private void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication) sender;
HttpContext context = application.Context;
HttpRequest request = application.Request;
string managePath = GetManagePath();
string accessingurl = request.AppRelativeCurrentExecutionFilePath.ToLower(CultureInfo.CurrentCulture);
if (managePath != "admin")
{
if (PowerEasy.Web.Utility.AccessingPath(accessingurl, "~/admin/"))
{
PowerEasy.Web.Utility.ResponseFileNotFound();
}
if (PowerEasy.Web.Utility.AccessingPath(accessingurl, "~/" + managePath + "/"))
{
accessingurl = accessingurl.Replace("~/" + managePath + "/", "~/admin/");
}
}
if (PowerEasy.Web.Utility.AccessingPath(accessingurl, "~/admin/"))
{
if ((this.m_NoCheckAdminLoginSection.Mode != NoCheckType.All) && this.NeedCheckAdminLogin(accessingurl))
{
string str3 = "~/" + managePath + "/";
str3 = request.AppRelativeCurrentExecutionFilePath.Substring(0, str3.Length);
if (!PEContext.Current.Admin.Identity.IsAuthenticated)
{
context.Response.Redirect(str3 + "Login.aspx", true);
}
if (PEContext.Current.Admin.AdministratorInfo.IsNull)
{
context.Response.Redirect(str3 + "Login.aspx", true);
}
if (!PEContext.Current.Admin.AdministratorInfo.EnableMultiLogin && (PEContext.Current.Admin.AdministratorInfo.RndPassword != PEContext.Current.Admin.RndPassword))
{
PowerEasy.Web.Utility.WriteErrMsg(PowerEasy.Web.Utility.GetGlobalErrorString("MultiAdminLoginSystem"), str3 + "Login.aspx");
}
}
if ((this.m_NoCheckUrlReferrerSection.Mode != NoCheckType.All) && this.NeedCheckUrlReferrer(accessingurl))
{
if ((request.UrlReferrer == null) || (request.UrlReferrer.Host.Length <= 0))
{
PowerEasy.Web.Utility.WriteErrMsg(PowerEasy.Web.Utility.GetGlobalErrorString("UrlReferrerIsNull"), string.Empty);
}
else if (!string.Equals(request.Url.Host, request.UrlReferrer.Host, StringComparison.CurrentCultureIgnoreCase))
{
PowerEasy.Web.Utility.WriteErrMsg(PowerEasy.Web.Utility.GetGlobalErrorString("UrlReferrerIsOuter"), string.Empty);
}
}
if (managePath != "admin")
{
if (accessingurl.EndsWith("/"))
{
accessingurl = accessingurl + "Index.aspx";
}
context.RewritePath(accessingurl + request.Url.Query);
}
}
}
public void Dispose()
{
}
private static FormsAuthenticationTicket ExtractTicketFromCookie(HttpContext context, string name)
{
FormsAuthenticationTicket ticket = null;
string encryptedTicket = null;
HttpCookie cookie = context.Request.Cookies[name];
if (cookie != null)
{
encryptedTicket = cookie.Value;
}
if ((encryptedTicket != null) && (encryptedTicket.Length > 1))
{
try
{
ticket = FormsAuthentication.Decrypt(encryptedTicket);
}
catch (ArgumentException exception1)
{
if (exception1 != null)
{
return null;
}
}
catch (CryptographicException)
{
context.Request.Cookies.Remove(name);
}
if (ticket != null)
{
if (SiteConfig.SiteOption.TicketTime == 0)
{
return ticket;
}
if (!ticket.Expired)
{
return ticket;
}
}
}
return null;
}
private static string GetManagePath()
{
return SiteConfig.SiteOption.ManageDir.ToLower(CultureInfo.CurrentCulture);
}
public void Init(HttpApplication context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
SecuritySection section = (SecuritySection) WebConfigurationManager.GetSection("powereasy.web/security");
this.m_NoCheckUrlReferrerSection = section.NoCheckUrlReferrer;
this.m_NoCheckAdminLoginSection = section.NoCheckAdminLogin;
context.BeginRequest += new EventHandler(this.Application_BeginRequest);
context.AuthenticateRequest += new EventHandler(this.Application_AuthenticateRequest);
context.PostAuthenticateRequest += new EventHandler(this.Application_PostAuthenticateRequest);
}
private bool NeedCheckAdminLogin(string currentPage)
{
return (this.m_NoCheckAdminLoginSection.Page[currentPage] == null);
}
private bool NeedCheckUrlReferrer(string currentPage)
{
return (this.m_NoCheckUrlReferrerSection.Page[currentPage] == null);
}
private static void SlidingExpiration(HttpContext context, FormsAuthenticationTicket ticket, string cookieName)
{
FormsAuthenticationTicket ticket2 = null;
if (FormsAuthentication.SlidingExpiration)
{
ticket2 = FormsAuthentication.RenewTicketIfOld(ticket);
}
else
{
ticket2 = ticket;
}
string str = FormsAuthentication.Encrypt(ticket2);
HttpCookie cookie = context.Request.Cookies[cookieName];
if (cookie == null)
{
cookie = new HttpCookie(cookieName, str);
cookie.Path = ticket2.CookiePath;
}
if (ticket.IsPersistent)
{
cookie.Expires = ticket2.Expiration;
}
cookie.Value = str;
cookie.Secure = FormsAuthentication.RequireSSL;
cookie.HttpOnly = true;
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
context.Response.Cookies.Remove(cookie.Name);
context.Response.Cookies.Add(cookie);
}
public string ModuleName
{
get
{
return "SecurityModule";
}
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -