Browse Source

Added Vary: Origin header

tags/3.0.0
Teknikode 1 year ago
parent
commit
61e0204361
4 changed files with 4 additions and 68 deletions
  1. 0
    65
      Teknik/Global.asax.cs
  2. 1
    1
      Teknik/Modules/UserAuthModule.cs
  3. 1
    1
      Teknik/Teknik.csproj
  4. 2
    1
      Teknik/Web.config

+ 0
- 65
Teknik/Global.asax.cs View File

@@ -77,71 +77,6 @@ namespace Teknik
}
}

//protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
//{
// // We support both Auth Tokens and Cookie Authentication

// // Username and Roles for the current user
// string username = string.Empty;
// bool hasAuthToken = false;
// if (Request != null)
// {
// if (Request.Headers.HasKeys())
// {
// string auth = Request.Headers["Authorization"];
// if (!string.IsNullOrEmpty(auth))
// {
// string[] parts = auth.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
// string type = string.Empty;
// string value = string.Empty;
// if (parts.Length > 0)
// {
// type = parts[0].ToLower();
// }
// if (parts.Length > 1)
// {
// value = parts[1];
// }

// using (TeknikEntities entities = new TeknikEntities())
// {
// // Get the user information based on the auth type
// switch (type)
// {
// case "basic":
// KeyValuePair<string, string> authCreds = StringHelper.ParseBasicAuthHeader(value);

// bool tokenValid = UserHelper.UserTokenCorrect(entities, authCreds.Key, authCreds.Value);
// if (tokenValid)
// {
// // it's valid, so let's update it's Last Used date
// UserHelper.UpdateTokenLastUsed(entities, authCreds.Key, authCreds.Value, DateTime.Now);

// // Set the username
// username = authCreds.Key;
// }
// break;
// default:
// break;
// }
// }
// }
// }
// }

// if (FormsAuthentication.CookiesSupported == true && !hasAuthToken)
// {
// if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
// {
// //let us take out the username now
// username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
// }
// }

// HttpContext.Current.User = new TeknikPrincipal(username);
//}

protected void Application_Error(object sender, EventArgs e)
{
Exception exception = null;

Teknik/Modules/UserCheckModule.cs → Teknik/Modules/UserAuthModule.cs View File

@@ -12,7 +12,7 @@ using Teknik.Utilities;

namespace Teknik.Modules
{
public class UserCheckModule : IHttpModule
public class UserAuthModule : IHttpModule
{
public void Dispose()
{

+ 1
- 1
Teknik/Teknik.csproj View File

@@ -310,7 +310,7 @@
<Compile Include="Areas\Vault\ViewModels\VaultItemViewModel.cs" />
<Compile Include="Attributes\TeknikAuthorizeAttribute.cs" />
<Compile Include="Hubs\IRCClientHub.cs" />
<Compile Include="Modules\UserCheckModule.cs" />
<Compile Include="Modules\UserAuthModule.cs" />
<Compile Include="Security\ITeknikPrincipal.cs" />
<Compile Include="Security\TeknikPrincipal.cs" />
<Compile Include="Filters\CORSActionFilter.cs" />

+ 2
- 1
Teknik/Web.config View File

@@ -55,7 +55,7 @@
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<add name="PerfModule" type="Teknik.Modules.PerformanceMonitorModule, Teknik" />
<add name="UserCheckModule" type="Teknik.Modules.UserCheckModule, Teknik" />
<add name="UserAuthModule" type="Teknik.Modules.UserAuthModule, Teknik" />
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules>
@@ -134,6 +134,7 @@
<add name="Access-Control-Allow-Headers" value="Authorization, Accept, Origin, Content-Type, X-Requested-With, Connection, Transfer-Encoding" />
<add name="strict-transport-security" value="max-age=31536000; includeSubdomains; preload" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="Vary" value="Origin"/>
</customHeaders>
</httpProtocol>
<httpErrors errorMode="Detailed" />

Loading…
Cancel
Save