被 System.Web.Security.FormsAuthenticationModule中的私有方法ExtractTicketFromCookie调用
// System.Web.Security.FormsAuthenticationModule // Token: 0x06004BFC RID: 19452 RVA: 0x001033AC File Offset: 0x001015AC private static FormsAuthenticationTicket ExtractTicketFromCookie(HttpContext context, string name, out bool cookielessTicket) { FormsAuthenticationTicket formsAuthenticationTicket = null; string text = null; bool flag = false; bool flag2 = false; FormsAuthenticationTicket result; try { try { cookielessTicket = CookielessHelperClass.UseCookieless(context, false, FormsAuthentication.CookieMode); if (cookielessTicket) { text = context.CookielessHelper.GetCookieValue('F'); } else { HttpCookie httpCookie = context.Request.Cookies[name]; if (httpCookie != null) { text = httpCookie.Value; } } if (text != null && text.Length > 1) { try { formsAuthenticationTicket = FormsAuthentication.Decrypt(text); } catch { if (cookielessTicket) { context.CookielessHelper.SetCookieValue('F', null); } else { context.Request.Cookies.Remove(name); } flag2 = true; } if (formsAuthenticationTicket == null) { flag2 = true; } if (formsAuthenticationTicket != null && !formsAuthenticationTicket.Expired && (cookielessTicket || !FormsAuthentication.RequireSSL || context.Request.IsSecureConnection)) { return formsAuthenticationTicket; } if (formsAuthenticationTicket != null && formsAuthenticationTicket.Expired) { flag = true; } formsAuthenticationTicket = null; if (cookielessTicket) { context.CookielessHelper.SetCookieValue('F', null); } else { context.Request.Cookies.Remove(name); } } if (FormsAuthentication.EnableCrossAppRedirects) { text = context.Request.QueryString[name]; if (text != null && text.Length > 1) { if (!cookielessTicket && FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect) { cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode); } try { formsAuthenticationTicket = FormsAuthentication.Decrypt(text); } catch { flag2 = true; } if (formsAuthenticationTicket == null) { flag2 = true; } } if (formsAuthenticationTicket == null || formsAuthenticationTicket.Expired) { text = context.Request.Form[name]; if (text != null && text.Length > 1) { if (!cookielessTicket && FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect) { cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode); } try { formsAuthenticationTicket = FormsAuthentication.Decrypt(text); } catch { flag2 = true; } if (formsAuthenticationTicket == null) { flag2 = true; } } } } if (formsAuthenticationTicket == null || formsAuthenticationTicket.Expired) { if (formsAuthenticationTicket != null && formsAuthenticationTicket.Expired) { flag = true; } result = null; } else { if (FormsAuthentication.RequireSSL && !context.Request.IsSecureConnection) { throw new HttpException(SR.GetString("Connection_not_secure_creating_secure_cookie")); } if (cookielessTicket) { if (formsAuthenticationTicket.CookiePath != "/") { FormsAuthenticationTicket formsAuthenticationTicket2 = FormsAuthenticationTicket.FromUtc(formsAuthenticationTicket.Version, formsAuthenticationTicket.Name, formsAuthenticationTicket.IssueDateUtc, formsAuthenticationTicket.ExpirationUtc, formsAuthenticationTicket.IsPersistent, formsAuthenticationTicket.UserData, "/"); formsAuthenticationTicket = formsAuthenticationTicket2; text = FormsAuthentication.Encrypt(formsAuthenticationTicket); } context.CookielessHelper.SetCookieValue('F', text); string url = FormsAuthentication.RemoveQueryStringVariableFromUrl(context.Request.RawUrl, name); context.Response.Redirect(url); } else { HttpCookie httpCookie2 = new HttpCookie(name, text); httpCookie2.HttpOnly = true; httpCookie2.Path = formsAuthenticationTicket.CookiePath; if (formsAuthenticationTicket.IsPersistent) { httpCookie2.Expires = formsAuthenticationTicket.Expiration; } httpCookie2.Secure = FormsAuthentication.RequireSSL; if (FormsAuthentication.CookieDomain != null) { httpCookie2.Domain = FormsAuthentication.CookieDomain; } httpCookie2.SameSite = FormsAuthentication.CookieSameSite; context.Response.Cookies.Remove(httpCookie2.Name); context.Response.Cookies.Add(httpCookie2); } result = formsAuthenticationTicket; } } finally { if (flag2) { WebBaseEvent.RaiseSystemEvent(null, 4005, 50201); } else if (flag) { WebBaseEvent.RaiseSystemEvent(null, 4005, 50202); } } } catch { throw; } return result; }
// System.Web.Security.FormsAuthenticationModule // Token: 0x06004BF9 RID: 19449 RVA: 0x00102F4C File Offset: 0x0010114C private void OnAuthenticate(FormsAuthenticationEventArgs e) { HttpCookie httpCookie = null; if (this._eventHandler != null) { this._eventHandler(this, e); } if (e.Context.User != null) { return; } if (e.User != null) { e.Context.SetPrincipalNoDemand(e.User); return; } bool flag = false; FormsAuthenticationTicket formsAuthenticationTicket = FormsAuthenticationModule.ExtractTicketFromCookie(e.Context, FormsAuthentication.FormsCookieName, out flag); if (formsAuthenticationTicket == null || formsAuthenticationTicket.Expired) { return; } FormsAuthenticationTicket formsAuthenticationTicket2 = formsAuthenticationTicket; if (FormsAuthentication.SlidingExpiration) { formsAuthenticationTicket2 = FormsAuthentication.RenewTicketIfOld(formsAuthenticationTicket); } e.Context.SetPrincipalNoDemand(new GenericPrincipal(new FormsIdentity(formsAuthenticationTicket2), new string[0])); if (!flag && !formsAuthenticationTicket2.CookiePath.Equals("/")) { httpCookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (httpCookie != null) { httpCookie.Path = formsAuthenticationTicket2.CookiePath; } } if (formsAuthenticationTicket2 != formsAuthenticationTicket) { if (flag && formsAuthenticationTicket2.CookiePath != "/" && formsAuthenticationTicket2.CookiePath.Length > 1) { FormsAuthenticationTicket formsAuthenticationTicket3 = FormsAuthenticationTicket.FromUtc(formsAuthenticationTicket2.Version, formsAuthenticationTicket2.Name, formsAuthenticationTicket2.IssueDateUtc, formsAuthenticationTicket2.ExpirationUtc, formsAuthenticationTicket2.IsPersistent, formsAuthenticationTicket2.UserData, "/"); formsAuthenticationTicket2 = formsAuthenticationTicket3; } string text = FormsAuthentication.Encrypt(formsAuthenticationTicket2, !flag); if (flag) { e.Context.CookielessHelper.SetCookieValue('F', text); e.Context.Response.Redirect(e.Context.Request.RawUrl); return; } if (httpCookie != null) { httpCookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; } if (httpCookie == null) { httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, text); httpCookie.Path = formsAuthenticationTicket2.CookiePath; } if (formsAuthenticationTicket2.IsPersistent) { httpCookie.Expires = formsAuthenticationTicket2.Expiration; } httpCookie.Value = text; httpCookie.Secure = FormsAuthentication.RequireSSL; httpCookie.HttpOnly = true; if (FormsAuthentication.CookieDomain != null) { httpCookie.Domain = FormsAuthentication.CookieDomain; } httpCookie.SameSite = FormsAuthentication.CookieSameSite; e.Context.Response.Cookies.Remove(httpCookie.Name); e.Context.Response.Cookies.Add(httpCookie); } }
OnEnter调用了OnAuthenticate
private void OnEnter(object source, EventArgs eventArgs) { this._fOnEnterCalled = true; HttpApplication httpApplication = (HttpApplication)source; HttpContext context = httpApplication.Context; this.OnAuthenticate(new FormsAuthenticationEventArgs(context)); CookielessHelperClass cookielessHelper = context.CookielessHelper; if (AuthenticationConfig.AccessingLoginPage(context, FormsAuthentication.LoginUrl)) { context.SetSkipAuthorizationNoDemand(true, false); cookielessHelper.RedirectWithDetectionIfRequired(null, FormsAuthentication.CookieMode); } if (!context.SkipAuthorization) { context.SetSkipAuthorizationNoDemand(AssemblyResourceLoader.IsValidWebResourceRequest(context), false); } }
Init的代码里面把OnEnter方法注册给了HttpApplication的AuthenticateRequest事件
public event EventHandler AuthenticateRequest;/// <summary>Initializes the <see cref="T:System.Web.Security.FormsAuthenticationModule" /> object.</summary> /// <param name="app">The current <see cref="T:System.Web.HttpApplication" /> instance. </param> // Token: 0x06004BF8 RID: 19448 RVA: 0x00102EF4 File Offset: 0x001010F4 public void Init(HttpApplication app) { if (!FormsAuthenticationModule._fAuthChecked) { FormsAuthenticationModule._fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Forms); FormsAuthenticationModule._fAuthChecked = true; } if (FormsAuthenticationModule._fAuthRequired) { FormsAuthentication.Initialize(); app.AuthenticateRequest += this.OnEnter; app.EndRequest += this.OnLeave; } }
Occurs when a security module has established the identity of the user.
Remarks
The AuthenticateRequest event signals发信号 that the configured authentication mechanism has authenticated the current request.
Subscribing to the AuthenticateRequest event ensures that the request will be authenticated before processing the attached module or event handler.
FormsAuthentication.Initialize();
public static void Initialize() { if (FormsAuthentication._Initialized) { return; } object lockObject = FormsAuthentication._lockObject; lock (lockObject) { if (!FormsAuthentication._Initialized) { AuthenticationSection authentication = RuntimeConfig.GetAppConfig().Authentication; authentication.ValidateAuthenticationMode(); FormsAuthentication._FormsName = authentication.Forms.Name; FormsAuthentication._RequireSSL = authentication.Forms.RequireSSL; FormsAuthentication._SlidingExpiration = authentication.Forms.SlidingExpiration; if (FormsAuthentication._FormsName == null) { FormsAuthentication._FormsName = ".ASPXAUTH"; } FormsAuthentication._Protection = authentication.Forms.Protection; FormsAuthentication._Timeout = (int)authentication.Forms.Timeout.TotalMinutes; FormsAuthentication._FormsCookiePath = authentication.Forms.Path; FormsAuthentication._LoginUrl = authentication.Forms.LoginUrl; if (FormsAuthentication._LoginUrl == null) { FormsAuthentication._LoginUrl = "login.aspx"; } FormsAuthentication._DefaultUrl = authentication.Forms.DefaultUrl; if (FormsAuthentication._DefaultUrl == null) { FormsAuthentication._DefaultUrl = "default.aspx"; } FormsAuthentication._CookieMode = authentication.Forms.Cookieless; FormsAuthentication._CookieDomain = authentication.Forms.Domain; FormsAuthentication._EnableCrossAppRedirects = authentication.Forms.EnableCrossAppRedirects; FormsAuthentication._TicketCompatibilityMode = authentication.Forms.TicketCompatibilityMode; FormsAuthentication._cookieSameSite = authentication.Forms.CookieSameSite; FormsAuthentication._Initialized = true; } } }
/// <summary>Occurs when a security module has established the identity of the user.</summary> // Token: 0x14000003 RID: 3 // (add) Token: 0x06000710 RID: 1808 RVA: 0x0000D497 File Offset: 0x0000B697 // (remove) Token: 0x06000711 RID: 1809 RVA: 0x0000D4A6 File Offset: 0x0000B6A6 public event EventHandler AuthenticateRequest { add { this.AddSyncEventHookup(HttpApplication.EventAuthenticateRequest, value, RequestNotification.AuthenticateRequest); } remove { this.RemoveSyncEventHookup(HttpApplication.EventAuthenticateRequest, value, RequestNotification.AuthenticateRequest); } }
下面三个方法都是HttpApplication里面的
// Token: 0x06000706 RID: 1798 RVA: 0x0000D2E5 File Offset: 0x0000B4E5 internal void AddSyncEventHookup(object key, Delegate handler, RequestNotification notification) { this.AddSyncEventHookup(key, handler, notification, false); } // Token: 0x06000709 RID: 1801 RVA: 0x0000D338 File Offset: 0x0000B538 private void AddSyncEventHookup(object key, Delegate handler, RequestNotification notification, bool isPostNotification) { this.ThrowIfEventBindingDisallowed(); this.Events.AddHandler(key, handler); if (this.IsContainerInitalizationAllowed) { PipelineModuleStepContainer moduleContainer = this.GetModuleContainer(this.CurrentModuleCollectionKey); if (moduleContainer != null) { HttpApplication.SyncEventExecutionStep step = new HttpApplication.SyncEventExecutionStep(this, (EventHandler)handler); moduleContainer.AddEvent(notification, isPostNotification, step); } } } /// <summary>Gets the list of event handler delegates that process all application events.</summary> /// <returns>An <see cref="T:System.ComponentModel.EventHandlerList" /> that contains the names of the event handler delegates.</returns> // Token: 0x17000302 RID: 770 // (get) Token: 0x060006E6 RID: 1766 RVA: 0x0000CD42 File Offset: 0x0000AF42 protected EventHandlerList Events { get { if (this._events == null) { this._events = new EventHandlerList(); } return this._events; } }
FormsAuthenticationModule.Init(HttpApplication) Method
/// <summary>Initializes the <see cref="T:System.Web.Security.FormsAuthenticationModule" /> object.</summary> /// <param name="app">The current <see cref="T:System.Web.HttpApplication" /> instance. </param> // Token: 0x06004BF8 RID: 19448 RVA: 0x00102EF4 File Offset: 0x001010F4 public void Init(HttpApplication app) { if (!FormsAuthenticationModule._fAuthChecked) { FormsAuthenticationModule._fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Forms); FormsAuthenticationModule._fAuthChecked = true; } if (FormsAuthenticationModule._fAuthRequired) { FormsAuthentication.Initialize(); app.AuthenticateRequest += this.OnEnter; app.EndRequest += this.OnLeave; } }
Remarks
This method is not intended to be called from application code.
The Init method ensures that the FormsAuthenticationModule is included in the processing of the AuthenticateRequest and EndRequest events.
Init方法是在下面的方法中被调用的
// System.Web.HttpApplication // Token: 0x0600078F RID: 1935 RVA: 0x0000EF6C File Offset: 0x0000D16C private void InitModulesCommon() { int count = this._moduleCollection.Count; for (int i = 0; i < count; i++) { this._currentModuleCollectionKey = this._moduleCollection.GetKey(i); this._moduleCollection[i].Init(this); } this._currentModuleCollectionKey = null; this.InitAppLevelCulture(); }