lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

#19229: Isolating cookies when using url prefix based multi-tenancy

Browse Source 
Work Item: 19229

--HG--
branch : 1.x
extra : rebase_source : 77fdb5648c647bfd019afd25f02b9e318489f821
This commit is contained in:
Sebastien Ros
2013-06-21 10:39:03 -07:00
parent 49e8b2f6b5
commit a87a3327ef
1 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Orchard/Security/Providers/FormsAuthenticationService.cs
View File

@@ -1,6 +1,7 @@
using System; using System;
using System.Web; using System.Web;
using System.Web.Security; using System.Web.Security;
using Orchard.Environment.Configuration;
using Orchard.Logging; using Orchard.Logging;
using Orchard.ContentManagement; using Orchard.ContentManagement;
using Orchard.Mvc; using Orchard.Mvc;
@@ -8,13 +9,15 @@ using Orchard.Services;
namespace Orchard.Security.Providers { namespace Orchard.Security.Providers {
public class FormsAuthenticationService : IAuthenticationService { public class FormsAuthenticationService : IAuthenticationService {
private readonly ShellSettings _settings;
private readonly IClock _clock; private readonly IClock _clock;
private readonly IContentManager _contentManager; private readonly IContentManager _contentManager;
private readonly IHttpContextAccessor _httpContextAccessor; private readonly IHttpContextAccessor _httpContextAccessor;
private IUser _signedInUser; private IUser _signedInUser;
private bool _isAuthenticated = false; private bool _isAuthenticated;
public FormsAuthenticationService(IClock clock, IContentManager contentManager, IHttpContextAccessor httpContextAccessor) { public FormsAuthenticationService(ShellSettings settings, IClock clock, IContentManager contentManager, IHttpContextAccessor httpContextAccessor) {
_settings = settings;
_clock = clock; _clock = clock;
_contentManager = contentManager; _contentManager = contentManager;
_httpContextAccessor = httpContextAccessor; _httpContextAccessor = httpContextAccessor;
@@ -43,10 +46,24 @@ namespace Orchard.Security.Providers {
var encryptedTicket = FormsAuthentication.Encrypt(ticket); var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) {
cookie.HttpOnly = true; HttpOnly = true,
cookie.Secure = FormsAuthentication.RequireSSL; Secure = FormsAuthentication.RequireSSL,
cookie.Path = FormsAuthentication.FormsCookiePath; Path = FormsAuthentication.FormsCookiePath
};
var httpContext = _httpContextAccessor.Current();
if (!String.IsNullOrEmpty(_settings.RequestUrlPrefix)) {
var cookiePath = httpContext.Request.ApplicationPath;
if (cookiePath != null && cookiePath.Length > 1) {
cookiePath += '/';
}
cookiePath += _settings.RequestUrlPrefix;
cookie.Path = cookiePath;
}
if (FormsAuthentication.CookieDomain != null) { if (FormsAuthentication.CookieDomain != null) {
cookie.Domain = FormsAuthentication.CookieDomain; cookie.Domain = FormsAuthentication.CookieDomain;
} }
@@ -54,8 +71,7 @@ namespace Orchard.Security.Providers {
if (createPersistentCookie) { if (createPersistentCookie) {
cookie.Expires = ticket.Expiration; cookie.Expires = ticket.Expiration;
} }
var httpContext = _httpContextAccessor.Current();
httpContext.Response.Cookies.Add(cookie); httpContext.Response.Cookies.Add(cookie);
_isAuthenticated = true; _isAuthenticated = true;