SecurityUtility
Members
Namespace: ASPSecurityKit
Assembly: ASPSecurityKit.dll
Summary
Implements utility methods required by security operations as defined by the ISecurityUtility.
Constructors
#ctor(errorResource)
Summary
Initializes a new instance of the SecurityUtility class.
Parameters
| Name | Type | Description |
|---|---|---|
| errorResource | ASPSecurityKit.IErrorMessageResourceProvider | The error resource. |
Properties
OpResultToHttpStatusCodeMapper
Summary
Gets or sets a dictionary that defines mappings as to which OpResult represents what HTTP status code.
Remarks
The default mappings are: OpResult.Success = 200. OpResult.Redirect = 302. OpResult.InvalidInput, OpResult.InvalidPassword, OpResult.AlreadyExists, OpResult.DoNotExist, OpResult.OutOfAllowableRange, OpResult.DBDeletionDenied, OpResult.XssDetected = 400. OpResult.Unauthenticated, OpResult.NotMultiFactored, OpResult.PasswordBlocked, OpResult.IpDenied, OpResult.OriginDenied, OpResult.InvalidSiteKeyUse = 401. OpResult.Suspended, OpResult.NotVerified, OpResult.Unauthorized, OpResult.Disabled, OpResult.PasswordExpired, OpResult.MustEnableMFA, OpResult.NotAllowedDuringImpersonation = 403. Anything else = 500.
Methods
NewSecret()
Summary
Creates a random secret.
Returns
The random secret.
Parameters
This method has no parameters.
Remarks
RNGCryptoServiceProvider is used to initialize a 32 bytes of random secret value and the same is returned as base64 encoded string (of roughly 44 characters in length).
FromUnixTime(elapsedSeconds)
Summary
Gets the DateTime value representing the specified Unix time. A Unix time is expressed in seconds elapsed since 1970-01-01 12:00:00 AM.
Returns
The DateTime value representing the specified Unix time.
Parameters
| Name | Type | Description |
|---|---|---|
| elapsedSeconds | System.String | A Unix time value expressed in seconds elapsed since 1970-01-01 12:00:00 AM. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When elapsedSeconds is null or whitespace. |
| System.FormatException | When elapsedSeconds is not a valid integer. |
IsSlidRecently(expiration,slideByMinutes,updateIntervalInMinutes)
Summary
Determines whether the specified expiration time was slid recently.
Returns
true if the specified expiration time was slid recently; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| expiration | System.Nullable{System.DateTime} | The expiration time. |
| slideByMinutes | System.Int32 | The time in minutes the expiration is set to slide by. |
| updateIntervalInMinutes | System.Int32 | The time in minutes after which the expiration time should be slid. The default is one (1 minute). |
IsValidHost(host,pattern)
Summary
Determines whether the given host is valid for the specified pattern.
Returns
true if the given host is valid for the specified pattern; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| host | System.String | The host. |
| pattern | System.String | The pattern. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When host or pattern is null or whitespace. |
Remarks
In this implementation the match is case-insensitive. The pattern only supports asterisk () to indicate ‘Any zero or more characters’ ('.' regular expression equivalent). Override it to extend further.
OpResultToStatusCode(result)
Summary
Gets an HTTP status code representing the specified operation result. Multiple results can be represented by the same HTTP status code as the former represents a precise reason of failure (“why”) while the latter represents the outcome (“what”).
Returns
The HTTP status code representing the specified operation result.
Parameters
| Name | Type | Description |
|---|---|---|
| result | ASPSecurityKit.OpResult | The operation result. |
Remarks
The implementations should expose a public mapper dictionary and use that to perform mapping as the default one does using OpResultToHttpStatusCodeMapper. This way consuming applications can extend/override the mappings as per requirements.
GetErrorMessage(result,message,isDevelopmentEnvironment,internalServerError)
Summary
Gets the appropriate message to be returned to the caller in case of an error depending on the environment and error status code. See remarks for more details.
Returns
The appropriate error message to be returned to the caller.
Parameters
| Name | Type | Description |
|---|---|---|
| result | ASPSecurityKit.OpResult | The operation result (error code). |
| message | System.String | The actual error message. |
| isDevelopmentEnvironment | System.Boolean | Indicates whether the current runtime environment is development. |
| internalServerError | System.String | Optional. Specifies the generic error message to be returned in case the actual error message (message) cannot be revealed to the caller. The default implementation uses InternalServerError. |
Remarks
The error specified by the message is returned if either result is true or result represents an HTTP status code other than 500 (determined by calling OpResultToStatusCode); otherwise, internalServerError is returned.