Session validation key support added into installer

WebsitePanel.Installer/Sources/WebsitePanel.Setup/Wizard/ExpressInstallPage.cs

@@ -258,6 +258,12 @@ namespace WebsitePanel.Setup
 						case ActionTypes.AddCustomErrorsPage:
 							AddCustomErrorsPage();
 							break;
+                        case ActionTypes.ConfigureSecureSessionModuleInWebConfig:
+                            ConfigureSecureSessionModuleInWebConfig();
+                            break;
+                        case ActionTypes.UpdatePortalSessionValidationKey:
+                            UpdatePortalSessionValidationKey();
+                            break;
 					}
 				}
 				this.progressBar.Value = 100;
@@ -281,6 +287,87 @@ namespace WebsitePanel.Setup
 				Wizard.GoNext();
 		}
 
+        private void ConfigureSecureSessionModuleInWebConfig()
+        {
+            try
+            {
+                string webConfigPath = Path.Combine(Wizard.SetupVariables.InstallationFolder, "web.config");
+                Log.WriteStart("Web.config file is being updated");
+                // Ensure the web.config exists
+                if (!File.Exists(webConfigPath))
+                {
+                    Log.WriteInfo(string.Format("File {0} not found", webConfigPath));
+                    return;
+                }
+                // Load web.config
+                XmlDocument doc = new XmlDocument();
+                doc.Load(webConfigPath);
+
+                // add node:
+                //<system.webServer>
+                //  <modules>
+                //    <add name="SecureSession" type="WebsitePanel.WebPortal.SecureSessionModule" />
+                //  </modules>
+                //</system.webServer>
+                //
+                //  ... or for IIS 6:
+                //
+                //<system.web>
+                //  <httpModules>
+                //    <add name="SecureSession" type="WebsitePanel.WebPortal.SecureSessionModule" />
+                //  </httpModules>
+                //</system.web>
+                bool iis6 = false;
+                XmlElement webServer = doc.SelectSingleNode("configuration/system.webServer") as XmlElement;
+                if (webServer == null)
+                {
+                    // this is IIS 6
+                    webServer = doc.SelectSingleNode("configuration/system.web") as XmlElement;
+                    iis6 = true;
+                }
+
+                if (webServer != null)
+                {
+                    var modules = doc.CreateElement(iis6 ? "httpModules" : "modules");
+                    webServer.AppendChild(modules);
+                    var sessionModule = doc.CreateElement("add");
+                    sessionModule.SetAttribute("name", "SecureSession");
+                    sessionModule.SetAttribute("type", "WebsitePanel.WebPortal.SecureSessionModule");
+                    modules.AppendChild(sessionModule);
+                }
+
+                // update /system.web/httpRuntime element
+                var httpRuntime = doc.SelectSingleNode("configuration/system.web/httpRuntime") as XmlElement;
+                if (httpRuntime != null)
+                    httpRuntime.SetAttribute("enableVersionHeader", "false");
+
+                // add:
+                //<appSettings>
+                //    <add key="SessionValidationKey" value="XXXXXX" />
+                //</appSettings>
+                var appSettings = doc.SelectSingleNode("configuration/appSettings");
+                if (appSettings != null)
+                {
+                    var sessionKey = doc.CreateElement("add");
+                    sessionKey.SetAttribute("name", "SessionValidationKey");
+                    sessionKey.SetAttribute("value", StringUtils.GenerateRandomString(16));
+                    appSettings.AppendChild(sessionKey);
+                }
+                
+                // save changes have been made
+                doc.Save(webConfigPath);
+                //
+                Log.WriteEnd("Web.config has been updated");
+            }
+            catch (Exception ex)
+            {
+                if (Utils.IsThreadAbortException(ex))
+                    return;
+                Log.WriteError("Could not update web.config file", ex);
+                throw;
+            }
+        }
+
 		private void SwitchWebPortal2AspNet40(InstallAction action, Setup.SetupVariables setupVariables)
 		{
 			var sam = new WebPortalActionManager(setupVariables);
@@ -2570,6 +2657,44 @@ namespace WebsitePanel.Setup
 			}
 		}
 
+        private void UpdatePortalSessionValidationKey()
+        {
+            try
+            {
+                string installFolder = Wizard.SetupVariables.InstallationFolder;
+                string path = Path.Combine(installFolder, "web.config");
+
+                if (!File.Exists(path))
+                {
+                    Log.WriteInfo(string.Format("File {0} not found", path));
+                    return;
+                }
+
+                Log.WriteStart("Updating configuration file (session validation key)");
+                XmlDocument doc = new XmlDocument();
+                doc.Load(path);
+
+                XmlElement sessionKey = doc.SelectSingleNode("configuration/appSettings/add[@key='SessionValidationKey']") as XmlElement;
+                if (sessionKey == null)
+                {
+                    Log.WriteInfo("SessionValidationKey setting not found");
+                    return;
+                }
+
+                sessionKey.SetAttribute("value", StringUtils.GenerateRandomString(16));
+                doc.Save(path);
+                Log.WriteEnd("Updated configuration file");
+                InstallLog.AppendLine("- Updated session validation key in the configuration file");
+            }
+            catch (Exception ex)
+            {
+                if (Utils.IsThreadAbortException(ex))
+                    return;
+                Log.WriteError("Configuration file update error", ex);
+                throw;
+            }
+        }
+
 		private void SetServiceSettings()
 		{
 			try