void OnAuthenticateRequest(object sender, EventArgs args)
{
HttpApplication app = (HttpApplication)sender;
HttpContext context = app.Context;
string cookieName;
string cookiePath;
string loginPage;
bool slidingExpiration;
InitConfig(context);
if (_config == null || _config.Mode != AuthenticationMode.Forms)
{
return;
}
#if NET_2_0
cookieName = _config.Forms.Name;
cookiePath = _config.Forms.Path;
loginPage = _config.Forms.LoginUrl;
slidingExpiration = _config.Forms.SlidingExpiration;
#else
cookieName = _config.CookieName;
cookiePath = _config.CookiePath;
loginPage = _config.LoginUrl;
slidingExpiration = _config.SlidingExpiration;
#endif
if (!VirtualPathUtility.IsRooted(loginPage))
{
loginPage = "~/" + loginPage;
}
string reqPath = String.Empty;
string loginPath = null;
try {
reqPath = context.Request.PhysicalPath;
loginPath = context.Request.MapPath(loginPage);
} catch {} // ignore
context.SkipAuthorization = String.Compare(reqPath, loginPath, RuntimeHelpers.CaseInsensitive, Helpers.InvariantCulture) == 0;
#if NET_2_0
//TODO: need to check that the handler is System.Web.Handlers.AssemblyResourceLoader type
string filePath = context.Request.FilePath;
if (filePath.Length > 15 && String.CompareOrdinal("WebResource.axd", 0, filePath, filePath.Length - 15, 15) == 0)
{
context.SkipAuthorization = true;
}
#endif
FormsAuthenticationEventArgs formArgs = new FormsAuthenticationEventArgs(context);
FormsAuthenticationEventHandler eh = events [authenticateEvent] as FormsAuthenticationEventHandler;
if (eh != null)
{
eh(this, formArgs);
}
bool contextUserNull = (context.User == null);
if (formArgs.User != null || !contextUserNull)
{
if (contextUserNull)
{
context.User = formArgs.User;
}
return;
}
HttpCookie cookie = context.Request.Cookies [cookieName];
if (cookie == null || (cookie.Expires != DateTime.MinValue && cookie.Expires < DateTime.Now))
{
return;
}
FormsAuthenticationTicket ticket = null;
try {
ticket = FormsAuthentication.Decrypt(cookie.Value);
}
catch (ArgumentException) {
// incorrect cookie value, suppress the exception
return;
}
if (ticket == null || (!ticket.IsPersistent && ticket.Expired))
{
return;
}
FormsAuthenticationTicket oldticket = ticket;
if (slidingExpiration)
{
ticket = FormsAuthentication.RenewTicketIfOld(ticket);
}
context.User = new GenericPrincipal(new FormsIdentity(ticket), new string [0]);
if (cookie.Expires == DateTime.MinValue && oldticket == ticket)
{
return;
}
cookie.Value = FormsAuthentication.Encrypt(ticket);
cookie.Path = cookiePath;
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
context.Response.Cookies.Add(cookie);
}