SecurityUtility

Namespace: ASPSecurityKit
Assembly: ASPSecurityKit.dll

Summary

Implements utility methods required by security operations as defined by the ISecurityUtility.

Constructors

#ctor(errorResource)

Summary

Initializes a new instance of the SecurityUtility class.

Parameters
Name Type Description
errorResource ASPSecurityKit.IErrorMessageResourceProvider The error resource.

Properties

OpResultToHttpStatusCodeMapper

Summary

Gets or sets a dictionary that defines mappings as to which OpResult represents what HTTP status code.

Remarks

The default mappings are: OpResult.Success = 200. OpResult.Redirect = 302. OpResult.InvalidInput, OpResult.InvalidPassword, OpResult.AlreadyExists, OpResult.DoNotExist, OpResult.OutOfAllowableRange, OpResult.DBDeletionDenied, OpResult.XssDetected = 400. OpResult.Unauthenticated, OpResult.NotMultiFactored, OpResult.PasswordBlocked, OpResult.IpDenied, OpResult.OriginDenied, OpResult.InvalidSiteKeyUse = 401. OpResult.Suspended, OpResult.NotVerified, OpResult.Unauthorized, OpResult.Disabled, OpResult.PasswordExpired, OpResult.MustEnableMFA, OpResult.NotAllowedDuringImpersonation = 403. Anything else = 500.

Methods

NewSecret()

Summary

Creates a random secret.

Returns

The random secret.

Parameters

This method has no parameters.

Remarks

RNGCryptoServiceProvider is used to initialize a 32 bytes of random secret value and the same is returned as base64 encoded string (of roughly 44 characters in length).

FromUnixTime(elapsedSeconds)

Summary

Gets the DateTime value representing the specified Unix time. A Unix time is expressed in seconds elapsed since 1970-01-01 12:00:00 AM.

Returns

The DateTime value representing the specified Unix time.

Parameters
Name Type Description
elapsedSeconds System.String A Unix time value expressed in seconds elapsed since 1970-01-01 12:00:00 AM.
Exceptions
Type Description
System.ArgumentNullException When elapsedSeconds is null or whitespace.
System.FormatException When elapsedSeconds is not a valid integer.

IsSlidRecently(expiration,slideByMinutes,updateIntervalInMinutes)

Summary

Determines whether the specified expiration time was slid recently.

Returns

true if the specified expiration time was slid recently; otherwise, false.

Parameters
Name Type Description
expiration System.Nullable{System.DateTime} The expiration time.
slideByMinutes System.Int32 The time in minutes the expiration is set to slide by.
updateIntervalInMinutes System.Int32 The time in minutes after which the expiration time should be slid. The default is one (1 minute).

IsValidHost(host,pattern)

Summary

Determines whether the given host is valid for the specified pattern.

Returns

true if the given host is valid for the specified pattern; otherwise, false.

Parameters
Name Type Description
host System.String The host.
pattern System.String The pattern.
Exceptions
Type Description
System.ArgumentNullException When host or pattern is null or whitespace.
Remarks

In this implementation the match is case-insensitive. The pattern only supports asterisk () to indicate ‘Any zero or more characters’ ('.' regular expression equivalent). Override it to extend further.

OpResultToStatusCode(result)

Summary

Gets an HTTP status code representing the specified operation result. Multiple results can be represented by the same HTTP status code as the former represents a precise reason of failure (“why”) while the latter represents the outcome (“what”).

Returns

The HTTP status code representing the specified operation result.

Parameters
Name Type Description
result ASPSecurityKit.OpResult The operation result.
Remarks

The implementations should expose a public mapper dictionary and use that to perform mapping as the default one does using OpResultToHttpStatusCodeMapper. This way consuming applications can extend/override the mappings as per requirements.

GetErrorMessage(result,message,isDevelopmentEnvironment,internalServerError)

Summary

Gets the appropriate message to be returned to the caller in case of an error depending on the environment and error status code. See remarks for more details.

Returns

The appropriate error message to be returned to the caller.

Parameters
Name Type Description
result ASPSecurityKit.OpResult The operation result (error code).
message System.String The actual error message.
isDevelopmentEnvironment System.Boolean Indicates whether the current runtime environment is development.
internalServerError System.String Optional. Specifies the generic error message to be returned in case the actual error message (message) cannot be revealed to the caller. The default implementation uses InternalServerError.
Remarks

The error specified by the message is returned if either result is true or result represents an HTTP status code other than 500 (determined by calling OpResultToStatusCode); otherwise, internalServerError is returned.