FormsAuthentication.Decrypt(String) Method 在.net内部的调用
被 System.Web.Security.FormsAuthenticationModule中的私有方法ExtractTicketFromCookie调用
// System.Web.Security.FormsAuthenticationModule // Token: 0x06004BFC RID: 19452 RVA: 0x001033AC File Offset: 0x001015AC private static FormsAuthenticationTicket ExtractTicketFromCookie(HttpContext context, string name, out bool cookielessTicket) { FormsAuthenticationTicket formsAuthenticationTicket = null; string text = null; bool flag = false; bool flag2 = false; FormsAuthenticationTicket result; try { try { cookielessTicket = CookielessHelperClass.UseCookieless(context, false, FormsAuthentication.CookieMode); if (cookielessTicket) { text = context.CookielessHelper.GetCookieValue('F'); } else { HttpCookie httpCookie = context.Request.Cookies[name]; if (httpCookie != null) { text = httpCookie.Value; } } if (text != null && text.Length > 1) { try { formsAuthenticationTicket = FormsAuthentication.Decrypt(text); } catch { if (cookielessTicket) { context.CookielessHelper.SetCookieValue('F', null); } else { context.Request.Cookies.Remove(name); } flag2 = true; } if (formsAuthenticationTicket == null) { flag2 = true; } if (formsAuthenticationTicket != null && !formsAuthenticationTicket.Expired && (cookielessTicket || !FormsAuthentication.RequireSSL || context.Request.IsSecureConnection)) { return formsAuthenticationTicket; } if (formsAuthenticationTicket != null && formsAuthenticationTicket.Expired) { flag = true; } formsAuthenticationTicket = null; if (cookielessTicket) { context.CookielessHelper.SetCookieValue('F', null); } else { context.Request.Cookies.Remove(name); } } if (FormsAuthentication.EnableCrossAppRedirects) { text = context.Request.QueryString[name]; if (text != null && text.Length > 1) { if (!cookielessTicket && FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect) { cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode); } try { formsAuthenticationTicket = FormsAuthentication.Decrypt(text); } catch { flag2 = true; } if (formsAuthenticationTicket == null) { flag2 = true; } } if (formsAuthenticationTicket == null || formsAuthenticationTicket.Expired) { text = context.Request.Form[name]; if (text != null && text.Length > 1) { if (!cookielessTicket && FormsAuthentication.CookieMode == HttpCookieMode.AutoDetect) { cookielessTicket = CookielessHelperClass.UseCookieless(context, true, FormsAuthentication.CookieMode); } try { formsAuthenticationTicket = FormsAuthentication.Decrypt(text); } catch { flag2 = true; } if (formsAuthenticationTicket == null) { flag2 = true; } } } } if (formsAuthenticationTicket == null || formsAuthenticationTicket.Expired) { if (formsAuthenticationTicket != null && formsAuthenticationTicket.Expired) { flag = true; } result = null; } else { if (FormsAuthentication.RequireSSL && !context.Request.IsSecureConnection) { throw new HttpException(SR.GetString("Connection_not_secure_creating_secure_cookie")); } if (cookielessTicket) { if (formsAuthenticationTicket.CookiePath != "/") { FormsAuthenticationTicket formsAuthenticationTicket2 = FormsAuthenticationTicket.FromUtc(formsAuthenticationTicket.Version, formsAuthenticationTicket.Name, formsAuthenticationTicket.IssueDateUtc, formsAuthenticationTicket.ExpirationUtc, formsAuthenticationTicket.IsPersistent, formsAuthenticationTicket.UserData, "/"); formsAuthenticationTicket = formsAuthenticationTicket2; text = FormsAuthentication.Encrypt(formsAuthenticationTicket); } context.CookielessHelper.SetCookieValue('F', text); string url = FormsAuthentication.RemoveQueryStringVariableFromUrl(context.Request.RawUrl, name); context.Response.Redirect(url); } else { HttpCookie httpCookie2 = new HttpCookie(name, text); httpCookie2.HttpOnly = true; httpCookie2.Path = formsAuthenticationTicket.CookiePath; if (formsAuthenticationTicket.IsPersistent) { httpCookie2.Expires = formsAuthenticationTicket.Expiration; } httpCookie2.Secure = FormsAuthentication.RequireSSL; if (FormsAuthentication.CookieDomain != null) { httpCookie2.Domain = FormsAuthentication.CookieDomain; } httpCookie2.SameSite = FormsAuthentication.CookieSameSite; context.Response.Cookies.Remove(httpCookie2.Name); context.Response.Cookies.Add(httpCookie2); } result = formsAuthenticationTicket; } } finally { if (flag2) { WebBaseEvent.RaiseSystemEvent(null, 4005, 50201); } else if (flag) { WebBaseEvent.RaiseSystemEvent(null, 4005, 50202); } } } catch { throw; } return result; }
// System.Web.Security.FormsAuthenticationModule // Token: 0x06004BF9 RID: 19449 RVA: 0x00102F4C File Offset: 0x0010114C private void OnAuthenticate(FormsAuthenticationEventArgs e) { HttpCookie httpCookie = null; if (this._eventHandler != null) { this._eventHandler(this, e); } if (e.Context.User != null) { return; } if (e.User != null) { e.Context.SetPrincipalNoDemand(e.User); return; } bool flag = false; FormsAuthenticationTicket formsAuthenticationTicket = FormsAuthenticationModule.ExtractTicketFromCookie(e.Context, FormsAuthentication.FormsCookieName, out flag); if (formsAuthenticationTicket == null || formsAuthenticationTicket.Expired) { return; } FormsAuthenticationTicket formsAuthenticationTicket2 = formsAuthenticationTicket; if (FormsAuthentication.SlidingExpiration) { formsAuthenticationTicket2 = FormsAuthentication.RenewTicketIfOld(formsAuthenticationTicket); } e.Context.SetPrincipalNoDemand(new GenericPrincipal(new FormsIdentity(formsAuthenticationTicket2), new string[0])); if (!flag && !formsAuthenticationTicket2.CookiePath.Equals("/")) { httpCookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (httpCookie != null) { httpCookie.Path = formsAuthenticationTicket2.CookiePath; } } if (formsAuthenticationTicket2 != formsAuthenticationTicket) { if (flag && formsAuthenticationTicket2.CookiePath != "/" && formsAuthenticationTicket2.CookiePath.Length > 1) { FormsAuthenticationTicket formsAuthenticationTicket3 = FormsAuthenticationTicket.FromUtc(formsAuthenticationTicket2.Version, formsAuthenticationTicket2.Name, formsAuthenticationTicket2.IssueDateUtc, formsAuthenticationTicket2.ExpirationUtc, formsAuthenticationTicket2.IsPersistent, formsAuthenticationTicket2.UserData, "/"); formsAuthenticationTicket2 = formsAuthenticationTicket3; } string text = FormsAuthentication.Encrypt(formsAuthenticationTicket2, !flag); if (flag) { e.Context.CookielessHelper.SetCookieValue('F', text); e.Context.Response.Redirect(e.Context.Request.RawUrl); return; } if (httpCookie != null) { httpCookie = e.Context.Request.Cookies[FormsAuthentication.FormsCookieName]; } if (httpCookie == null) { httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, text); httpCookie.Path = formsAuthenticationTicket2.CookiePath; } if (formsAuthenticationTicket2.IsPersistent) { httpCookie.Expires = formsAuthenticationTicket2.Expiration; } httpCookie.Value = text; httpCookie.Secure = FormsAuthentication.RequireSSL; httpCookie.HttpOnly = true; if (FormsAuthentication.CookieDomain != null) { httpCookie.Domain = FormsAuthentication.CookieDomain; } httpCookie.SameSite = FormsAuthentication.CookieSameSite; e.Context.Response.Cookies.Remove(httpCookie.Name); e.Context.Response.Cookies.Add(httpCookie); } }
OnEnter调用了OnAuthenticate
private void OnEnter(object source, EventArgs eventArgs) { this._fOnEnterCalled = true; HttpApplication httpApplication = (HttpApplication)source; HttpContext context = httpApplication.Context; this.OnAuthenticate(new FormsAuthenticationEventArgs(context)); CookielessHelperClass cookielessHelper = context.CookielessHelper; if (AuthenticationConfig.AccessingLoginPage(context, FormsAuthentication.LoginUrl)) { context.SetSkipAuthorizationNoDemand(true, false); cookielessHelper.RedirectWithDetectionIfRequired(null, FormsAuthentication.CookieMode); } if (!context.SkipAuthorization) { context.SetSkipAuthorizationNoDemand(AssemblyResourceLoader.IsValidWebResourceRequest(context), false); } }
Init的代码里面把OnEnter方法注册给了HttpApplication的AuthenticateRequest事件
public event EventHandler AuthenticateRequest;/// <summary>Initializes the <see cref="T:System.Web.Security.FormsAuthenticationModule" /> object.</summary> /// <param name="app">The current <see cref="T:System.Web.HttpApplication" /> instance. </param> // Token: 0x06004BF8 RID: 19448 RVA: 0x00102EF4 File Offset: 0x001010F4 public void Init(HttpApplication app) { if (!FormsAuthenticationModule._fAuthChecked) { FormsAuthenticationModule._fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Forms); FormsAuthenticationModule._fAuthChecked = true; } if (FormsAuthenticationModule._fAuthRequired) { FormsAuthentication.Initialize(); app.AuthenticateRequest += this.OnEnter; app.EndRequest += this.OnLeave; } }
Occurs when a security module has established the identity of the user.
Remarks
The AuthenticateRequest event signals发信号 that the configured authentication mechanism has authenticated the current request.
Subscribing to the AuthenticateRequest event ensures that the request will be authenticated before processing the attached module or event handler.
FormsAuthentication.Initialize();
public static void Initialize() { if (FormsAuthentication._Initialized) { return; } object lockObject = FormsAuthentication._lockObject; lock (lockObject) { if (!FormsAuthentication._Initialized) { AuthenticationSection authentication = RuntimeConfig.GetAppConfig().Authentication; authentication.ValidateAuthenticationMode(); FormsAuthentication._FormsName = authentication.Forms.Name; FormsAuthentication._RequireSSL = authentication.Forms.RequireSSL; FormsAuthentication._SlidingExpiration = authentication.Forms.SlidingExpiration; if (FormsAuthentication._FormsName == null) { FormsAuthentication._FormsName = ".ASPXAUTH"; } FormsAuthentication._Protection = authentication.Forms.Protection; FormsAuthentication._Timeout = (int)authentication.Forms.Timeout.TotalMinutes; FormsAuthentication._FormsCookiePath = authentication.Forms.Path; FormsAuthentication._LoginUrl = authentication.Forms.LoginUrl; if (FormsAuthentication._LoginUrl == null) { FormsAuthentication._LoginUrl = "login.aspx"; } FormsAuthentication._DefaultUrl = authentication.Forms.DefaultUrl; if (FormsAuthentication._DefaultUrl == null) { FormsAuthentication._DefaultUrl = "default.aspx"; } FormsAuthentication._CookieMode = authentication.Forms.Cookieless; FormsAuthentication._CookieDomain = authentication.Forms.Domain; FormsAuthentication._EnableCrossAppRedirects = authentication.Forms.EnableCrossAppRedirects; FormsAuthentication._TicketCompatibilityMode = authentication.Forms.TicketCompatibilityMode; FormsAuthentication._cookieSameSite = authentication.Forms.CookieSameSite; FormsAuthentication._Initialized = true; } } }
/// <summary>Occurs when a security module has established the identity of the user.</summary> // Token: 0x14000003 RID: 3 // (add) Token: 0x06000710 RID: 1808 RVA: 0x0000D497 File Offset: 0x0000B697 // (remove) Token: 0x06000711 RID: 1809 RVA: 0x0000D4A6 File Offset: 0x0000B6A6 public event EventHandler AuthenticateRequest { add { this.AddSyncEventHookup(HttpApplication.EventAuthenticateRequest, value, RequestNotification.AuthenticateRequest); } remove { this.RemoveSyncEventHookup(HttpApplication.EventAuthenticateRequest, value, RequestNotification.AuthenticateRequest); } }
下面三个方法都是HttpApplication里面的
// Token: 0x06000706 RID: 1798 RVA: 0x0000D2E5 File Offset: 0x0000B4E5 internal void AddSyncEventHookup(object key, Delegate handler, RequestNotification notification) { this.AddSyncEventHookup(key, handler, notification, false); } // Token: 0x06000709 RID: 1801 RVA: 0x0000D338 File Offset: 0x0000B538 private void AddSyncEventHookup(object key, Delegate handler, RequestNotification notification, bool isPostNotification) { this.ThrowIfEventBindingDisallowed(); this.Events.AddHandler(key, handler); if (this.IsContainerInitalizationAllowed) { PipelineModuleStepContainer moduleContainer = this.GetModuleContainer(this.CurrentModuleCollectionKey); if (moduleContainer != null) { HttpApplication.SyncEventExecutionStep step = new HttpApplication.SyncEventExecutionStep(this, (EventHandler)handler); moduleContainer.AddEvent(notification, isPostNotification, step); } } } /// <summary>Gets the list of event handler delegates that process all application events.</summary> /// <returns>An <see cref="T:System.ComponentModel.EventHandlerList" /> that contains the names of the event handler delegates.</returns> // Token: 0x17000302 RID: 770 // (get) Token: 0x060006E6 RID: 1766 RVA: 0x0000CD42 File Offset: 0x0000AF42 protected EventHandlerList Events { get { if (this._events == null) { this._events = new EventHandlerList(); } return this._events; } }
FormsAuthenticationModule.Init(HttpApplication) Method
/// <summary>Initializes the <see cref="T:System.Web.Security.FormsAuthenticationModule" /> object.</summary> /// <param name="app">The current <see cref="T:System.Web.HttpApplication" /> instance. </param> // Token: 0x06004BF8 RID: 19448 RVA: 0x00102EF4 File Offset: 0x001010F4 public void Init(HttpApplication app) { if (!FormsAuthenticationModule._fAuthChecked) { FormsAuthenticationModule._fAuthRequired = (AuthenticationConfig.Mode == AuthenticationMode.Forms); FormsAuthenticationModule._fAuthChecked = true; } if (FormsAuthenticationModule._fAuthRequired) { FormsAuthentication.Initialize(); app.AuthenticateRequest += this.OnEnter; app.EndRequest += this.OnLeave; } }
Remarks
This method is not intended to be called from application code.
The Init method ensures that the FormsAuthenticationModule is included in the processing of the AuthenticateRequest and EndRequest events.
Init方法是在下面的方法中被调用的
// System.Web.HttpApplication // Token: 0x0600078F RID: 1935 RVA: 0x0000EF6C File Offset: 0x0000D16C private void InitModulesCommon() { int count = this._moduleCollection.Count; for (int i = 0; i < count; i++) { this._currentModuleCollectionKey = this._moduleCollection.GetKey(i); this._moduleCollection[i].Init(this); } this._currentModuleCollectionKey = null; this.InitAppLevelCulture(); }
作者:Chuck Lu GitHub |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
2019-07-17 Chrome Development Tool: [VM] file from javascript
2019-07-17 Forcepoint
2019-07-17 ASP.NET Web Optimization Framework
2017-07-17 常用快捷键
2017-07-17 Track Active Item in Solution Explorer
2015-07-17 Learning WCF Chapter2 Service Contracts
2015-07-17 Learning WCF Chapter2 WCF Contracts and Serialization