diff --git a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/InstallAction.cs b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/InstallAction.cs
index b7dc2fad..36f8d2d3 100644
--- a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/InstallAction.cs
+++ b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/InstallAction.cs
@@ -88,6 +88,8 @@ namespace WebsitePanel.Setup
SwitchServer2AspNet40,
SwitchEntServer2AspNet40,
SwitchWebPortal2AspNet40,
+ ConfigureSecureSessionModuleInWebConfig,
+ UpdatePortalSessionValidationKey
}
public class InstallAction
diff --git a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/StringUtils.cs b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/StringUtils.cs
new file mode 100644
index 00000000..3cb13828
--- /dev/null
+++ b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/StringUtils.cs
@@ -0,0 +1,19 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace WebsitePanel.Setup.Common
+{
+ public class StringUtils
+ {
+ public static string GenerateRandomString(int length)
+ {
+ RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
+ byte[] data = new byte[length];
+ crypto.GetNonZeroBytes(data);
+ return BitConverter.ToString(data).Replace("-", "").ToLowerInvariant();
+ }
+ }
+}
diff --git a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal.cs b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal.cs
index cada0de3..b64297ff 100644
--- a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal.cs
+++ b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal.cs
@@ -217,6 +217,10 @@ namespace WebsitePanel.Setup
action.Description = "Updating site settings...";
page3.Actions.Add(action);
+ action = new InstallAction(ActionTypes.UpdatePortalSessionValidationKey);
+ action.Description = "Generate session validation key...";
+ page3.Actions.Add(action);
+
action = new InstallAction(ActionTypes.UpdateConfig);
action.Description = "Updating system configuration...";
page3.Actions.Add(action);
diff --git a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal20.cs b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal20.cs
index 2419d5dc..2187ba95 100644
--- a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal20.cs
+++ b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal20.cs
@@ -31,8 +31,9 @@ namespace WebsitePanel.Setup
{
return UpdateBase(obj,
minimalInstallerVersion: "2.0.0",
- versionToUpgrade: "1.2.1",
- updateSql: false);
+ versionsToUpgrade: "1.2.1",
+ updateSql: false,
+ versionSpecificAction: new InstallAction(ActionTypes.ConfigureSecureSessionModuleInWebConfig));
}
}
}
diff --git a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/WebsitePanel.Setup.csproj b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/WebsitePanel.Setup.csproj
index 3ce91c9d..6b9d839d 100644
--- a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/WebsitePanel.Setup.csproj
+++ b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/WebsitePanel.Setup.csproj
@@ -133,6 +133,7 @@
+
diff --git a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Wizard/ExpressInstallPage.cs b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Wizard/ExpressInstallPage.cs
index be97f333..301dc11a 100644
--- a/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Wizard/ExpressInstallPage.cs
+++ b/WebsitePanel.Installer/Sources/WebsitePanel.Setup/Wizard/ExpressInstallPage.cs
@@ -258,6 +258,12 @@ namespace WebsitePanel.Setup
case ActionTypes.AddCustomErrorsPage:
AddCustomErrorsPage();
break;
+ case ActionTypes.ConfigureSecureSessionModuleInWebConfig:
+ ConfigureSecureSessionModuleInWebConfig();
+ break;
+ case ActionTypes.UpdatePortalSessionValidationKey:
+ UpdatePortalSessionValidationKey();
+ break;
}
}
this.progressBar.Value = 100;
@@ -281,6 +287,87 @@ namespace WebsitePanel.Setup
Wizard.GoNext();
}
+ private void ConfigureSecureSessionModuleInWebConfig()
+ {
+ try
+ {
+ string webConfigPath = Path.Combine(Wizard.SetupVariables.InstallationFolder, "web.config");
+ Log.WriteStart("Web.config file is being updated");
+ // Ensure the web.config exists
+ if (!File.Exists(webConfigPath))
+ {
+ Log.WriteInfo(string.Format("File {0} not found", webConfigPath));
+ return;
+ }
+ // Load web.config
+ XmlDocument doc = new XmlDocument();
+ doc.Load(webConfigPath);
+
+ // add node:
+ //
+ //
+ //
+ //
+ //
+ //
+ // ... or for IIS 6:
+ //
+ //
+ //
+ //
+ //
+ //
+ bool iis6 = false;
+ XmlElement webServer = doc.SelectSingleNode("configuration/system.webServer") as XmlElement;
+ if (webServer == null)
+ {
+ // this is IIS 6
+ webServer = doc.SelectSingleNode("configuration/system.web") as XmlElement;
+ iis6 = true;
+ }
+
+ if (webServer != null)
+ {
+ var modules = doc.CreateElement(iis6 ? "httpModules" : "modules");
+ webServer.AppendChild(modules);
+ var sessionModule = doc.CreateElement("add");
+ sessionModule.SetAttribute("name", "SecureSession");
+ sessionModule.SetAttribute("type", "WebsitePanel.WebPortal.SecureSessionModule");
+ modules.AppendChild(sessionModule);
+ }
+
+ // update /system.web/httpRuntime element
+ var httpRuntime = doc.SelectSingleNode("configuration/system.web/httpRuntime") as XmlElement;
+ if (httpRuntime != null)
+ httpRuntime.SetAttribute("enableVersionHeader", "false");
+
+ // add:
+ //
+ //
+ //
+ var appSettings = doc.SelectSingleNode("configuration/appSettings");
+ if (appSettings != null)
+ {
+ var sessionKey = doc.CreateElement("add");
+ sessionKey.SetAttribute("name", "SessionValidationKey");
+ sessionKey.SetAttribute("value", StringUtils.GenerateRandomString(16));
+ appSettings.AppendChild(sessionKey);
+ }
+
+ // save changes have been made
+ doc.Save(webConfigPath);
+ //
+ Log.WriteEnd("Web.config has been updated");
+ }
+ catch (Exception ex)
+ {
+ if (Utils.IsThreadAbortException(ex))
+ return;
+ Log.WriteError("Could not update web.config file", ex);
+ throw;
+ }
+ }
+
private void SwitchWebPortal2AspNet40(InstallAction action, Setup.SetupVariables setupVariables)
{
var sam = new WebPortalActionManager(setupVariables);
@@ -2570,6 +2657,44 @@ namespace WebsitePanel.Setup
}
}
+ private void UpdatePortalSessionValidationKey()
+ {
+ try
+ {
+ string installFolder = Wizard.SetupVariables.InstallationFolder;
+ string path = Path.Combine(installFolder, "web.config");
+
+ if (!File.Exists(path))
+ {
+ Log.WriteInfo(string.Format("File {0} not found", path));
+ return;
+ }
+
+ Log.WriteStart("Updating configuration file (session validation key)");
+ XmlDocument doc = new XmlDocument();
+ doc.Load(path);
+
+ XmlElement sessionKey = doc.SelectSingleNode("configuration/appSettings/add[@key='SessionValidationKey']") as XmlElement;
+ if (sessionKey == null)
+ {
+ Log.WriteInfo("SessionValidationKey setting not found");
+ return;
+ }
+
+ sessionKey.SetAttribute("value", StringUtils.GenerateRandomString(16));
+ doc.Save(path);
+ Log.WriteEnd("Updated configuration file");
+ InstallLog.AppendLine("- Updated session validation key in the configuration file");
+ }
+ catch (Exception ex)
+ {
+ if (Utils.IsThreadAbortException(ex))
+ return;
+ Log.WriteError("Configuration file update error", ex);
+ throw;
+ }
+ }
+
private void SetServiceSettings()
{
try
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config b/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config
index 06fdc34e..497e9620 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config
@@ -4,7 +4,7 @@
-
+
@@ -48,8 +48,8 @@
-
-
-
+
+
+
\ No newline at end of file
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/Web6.config b/WebsitePanel/Sources/WebsitePanel.WebPortal/Web6.config
index 7a3bf6bf..065ea852 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/Web6.config
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/Web6.config
@@ -4,6 +4,7 @@
+
@@ -56,6 +57,9 @@
+
+
+