1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
//------------------------------------------------------------------------------
// <copyright file="AuthenticationConfig.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
/*
* AuthenticationConfigHandler class
*
* Copyright (c) 1999 Microsoft Corporation
*/
namespace System.Web.Configuration {
using System.Runtime.Serialization;
using System.Web.Util;
using System.Collections;
using System.IO;
using System.Security.Principal;
using System.Xml;
using System.Security.Cryptography;
using System.Configuration;
using System.Globalization;
using System.Web.Hosting;
using System.Web.Compilation;
static internal class AuthenticationConfig {
private static AuthenticationMode? s_explicitMode;
internal static AuthenticationMode Mode {
get {
if (s_explicitMode.HasValue) {
return s_explicitMode.Value;
}
else {
AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication;
settings.ValidateAuthenticationMode();
return settings.Mode;
}
}
set {
Debug.Assert(BuildManager.PreStartInitStage == PreStartInitStage.DuringPreStartInit);
Debug.Assert(value == AuthenticationMode.Forms, "Only Forms mode can be set to override config");
s_explicitMode = value;
}
}
internal static String GetCompleteLoginUrl(HttpContext context, String loginUrl) {
if (String.IsNullOrEmpty(loginUrl)) {
return String.Empty;
}
if (UrlPath.IsRelativeUrl(loginUrl)) {
loginUrl = UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, loginUrl);
}
return loginUrl;
}
internal static bool AccessingLoginPage(HttpContext context, String loginUrl) {
if (String.IsNullOrEmpty(loginUrl)) {
return false;
}
loginUrl = GetCompleteLoginUrl(context, loginUrl);
if (String.IsNullOrEmpty(loginUrl)) {
return false;
}
// Ignore query string
int iqs = loginUrl.IndexOf('?');
if (iqs >= 0) {
loginUrl = loginUrl.Substring(0, iqs);
}
String requestPath = context.Request.Path;
if (StringUtil.EqualsIgnoreCase(requestPath, loginUrl)) {
return true;
}
// It could be that loginUrl in config was UrlEncoded (ASURT 98932)
if (loginUrl.IndexOf('%') >= 0) {
String decodedLoginUrl;
// encoding is unknown try UTF-8 first, then request encoding
decodedLoginUrl = HttpUtility.UrlDecode(loginUrl);
if (StringUtil.EqualsIgnoreCase(requestPath, decodedLoginUrl)) {
return true;
}
decodedLoginUrl = HttpUtility.UrlDecode(loginUrl, context.Request.ContentEncoding);
if (StringUtil.EqualsIgnoreCase(requestPath, decodedLoginUrl)) {
return true;
}
}
return false;
}
}
}
|
