zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Session validation key support added into installer

Browse source
This commit is contained in:
feodor_fitsner 2012-09-13 18:20:44 -07:00
parent 0e9f10d63d
commit 72f545fd6b
8 changed files with 162 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/InstallAction.cs
View file

@ -88,6 +88,8 @@ namespace WebsitePanel.Setup
SwitchServer2AspNet40, SwitchServer2AspNet40,
SwitchEntServer2AspNet40, SwitchEntServer2AspNet40,
SwitchWebPortal2AspNet40, SwitchWebPortal2AspNet40,
ConfigureSecureSessionModuleInWebConfig,
UpdatePortalSessionValidationKey
} }
public class InstallAction public class InstallAction

19
WebsitePanel.Installer/Sources/WebsitePanel.Setup/Common/StringUtils.cs Normal file
View file

@ -0,0 +1,19 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace WebsitePanel.Setup.Common
{
public class StringUtils
{
public static string GenerateRandomString(int length)
{
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
byte[] data = new byte[length];
crypto.GetNonZeroBytes(data);
return BitConverter.ToString(data).Replace("-", "").ToLowerInvariant();
}
}
}

4
WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal.cs
View file

@ -217,6 +217,10 @@ namespace WebsitePanel.Setup
action.Description = "Updating site settings..."; action.Description = "Updating site settings...";
page3.Actions.Add(action); page3.Actions.Add(action);
action = new InstallAction(ActionTypes.UpdatePortalSessionValidationKey);
action.Description = "Generate session validation key...";
page3.Actions.Add(action);
action = new InstallAction(ActionTypes.UpdateConfig); action = new InstallAction(ActionTypes.UpdateConfig);
action.Description = "Updating system configuration..."; action.Description = "Updating system configuration...";
page3.Actions.Add(action); page3.Actions.Add(action);

5
WebsitePanel.Installer/Sources/WebsitePanel.Setup/Portal20.cs
View file

@ -31,8 +31,9 @@ namespace WebsitePanel.Setup
{ {
return UpdateBase(obj, return UpdateBase(obj,
minimalInstallerVersion: "2.0.0", minimalInstallerVersion: "2.0.0",
versionToUpgrade: "1.2.1", versionsToUpgrade: "1.2.1",
updateSql: false); updateSql: false,
versionSpecificAction: new InstallAction(ActionTypes.ConfigureSecureSessionModuleInWebConfig));
} }
} }
} }

1
WebsitePanel.Installer/Sources/WebsitePanel.Setup/WebsitePanel.Setup.csproj
View file

@ -133,6 +133,7 @@
<Compile Include="Common\SqlProcess.cs" /> <Compile Include="Common\SqlProcess.cs" />
<Compile Include="Common\SqlUtils.cs" /> <Compile Include="Common\SqlUtils.cs" />
<Compile Include="Common\ServerItem.cs" /> <Compile Include="Common\ServerItem.cs" />
<Compile Include="Common\StringUtils.cs" />
<Compile Include="Common\Utils.cs" /> <Compile Include="Common\Utils.cs" />
<Compile Include="Common\WebException.cs" /> <Compile Include="Common\WebException.cs" />
<Compile Include="Common\WebUtils.cs" /> <Compile Include="Common\WebUtils.cs" />

125
WebsitePanel.Installer/Sources/WebsitePanel.Setup/Wizard/ExpressInstallPage.cs
View file

@ -258,6 +258,12 @@ namespace WebsitePanel.Setup
case ActionTypes.AddCustomErrorsPage: case ActionTypes.AddCustomErrorsPage:
AddCustomErrorsPage(); AddCustomErrorsPage();
break; break;
case ActionTypes.ConfigureSecureSessionModuleInWebConfig:
ConfigureSecureSessionModuleInWebConfig();
break;
case ActionTypes.UpdatePortalSessionValidationKey:
UpdatePortalSessionValidationKey();
break;
} }
} }
this.progressBar.Value = 100; this.progressBar.Value = 100;
@ -281,6 +287,87 @@ namespace WebsitePanel.Setup
Wizard.GoNext(); Wizard.GoNext();
} }
private void ConfigureSecureSessionModuleInWebConfig()
{
try
{
string webConfigPath = Path.Combine(Wizard.SetupVariables.InstallationFolder, "web.config");
Log.WriteStart("Web.config file is being updated");
// Ensure the web.config exists
if (!File.Exists(webConfigPath))
{
Log.WriteInfo(string.Format("File {0} not found", webConfigPath));
return;
}
// Load web.config
XmlDocument doc = new XmlDocument();
doc.Load(webConfigPath);
// add node:
//<system.webServer>
// <modules>
// <add name="SecureSession" type="WebsitePanel.WebPortal.SecureSessionModule" />
// </modules>
//</system.webServer>
//
// ... or for IIS 6:
//
//<system.web>
// <httpModules>
// <add name="SecureSession" type="WebsitePanel.WebPortal.SecureSessionModule" />
// </httpModules>
//</system.web>
bool iis6 = false;
XmlElement webServer = doc.SelectSingleNode("configuration/system.webServer") as XmlElement;
if (webServer == null)
{
// this is IIS 6
webServer = doc.SelectSingleNode("configuration/system.web") as XmlElement;
iis6 = true;
}
if (webServer != null)
{
var modules = doc.CreateElement(iis6 ? "httpModules" : "modules");
webServer.AppendChild(modules);
var sessionModule = doc.CreateElement("add");
sessionModule.SetAttribute("name", "SecureSession");
sessionModule.SetAttribute("type", "WebsitePanel.WebPortal.SecureSessionModule");
modules.AppendChild(sessionModule);
}
// update /system.web/httpRuntime element
var httpRuntime = doc.SelectSingleNode("configuration/system.web/httpRuntime") as XmlElement;
if (httpRuntime != null)
httpRuntime.SetAttribute("enableVersionHeader", "false");
// add:
//<appSettings>
// <add key="SessionValidationKey" value="XXXXXX" />
//</appSettings>
var appSettings = doc.SelectSingleNode("configuration/appSettings");
if (appSettings != null)
{
var sessionKey = doc.CreateElement("add");
sessionKey.SetAttribute("name", "SessionValidationKey");
sessionKey.SetAttribute("value", StringUtils.GenerateRandomString(16));
appSettings.AppendChild(sessionKey);
}
// save changes have been made
doc.Save(webConfigPath);
//
Log.WriteEnd("Web.config has been updated");
}
catch (Exception ex)
{
if (Utils.IsThreadAbortException(ex))
return;
Log.WriteError("Could not update web.config file", ex);
throw;
}
}
private void SwitchWebPortal2AspNet40(InstallAction action, Setup.SetupVariables setupVariables) private void SwitchWebPortal2AspNet40(InstallAction action, Setup.SetupVariables setupVariables)
{ {
var sam = new WebPortalActionManager(setupVariables); var sam = new WebPortalActionManager(setupVariables);
@ -2570,6 +2657,44 @@ namespace WebsitePanel.Setup
} }
} }
private void UpdatePortalSessionValidationKey()
{
try
{
string installFolder = Wizard.SetupVariables.InstallationFolder;
string path = Path.Combine(installFolder, "web.config");
if (!File.Exists(path))
{
Log.WriteInfo(string.Format("File {0} not found", path));
return;
}
Log.WriteStart("Updating configuration file (session validation key)");
XmlDocument doc = new XmlDocument();
doc.Load(path);
XmlElement sessionKey = doc.SelectSingleNode("configuration/appSettings/add[@key='SessionValidationKey']") as XmlElement;
if (sessionKey == null)
{
Log.WriteInfo("SessionValidationKey setting not found");
return;
}
sessionKey.SetAttribute("value", StringUtils.GenerateRandomString(16));
doc.Save(path);
Log.WriteEnd("Updated configuration file");
InstallLog.AppendLine("- Updated session validation key in the configuration file");
}
catch (Exception ex)
{
if (Utils.IsThreadAbortException(ex))
return;
Log.WriteError("Configuration file update error", ex);
throw;
}
}
private void SetServiceSettings() private void SetServiceSettings()
{ {
try try

8
WebsitePanel/Sources/WebsitePanel.WebPortal/Web.config
View file

@ -4,7 +4,7 @@
<add key="WebPortal.ThemeProvider" value="WebsitePanel.Portal.WebPortalThemeProvider, WebsitePanel.Portal.Modules"/> <add key="WebPortal.ThemeProvider" value="WebsitePanel.Portal.WebPortalThemeProvider, WebsitePanel.Portal.Modules"/>
<add key="WebPortal.PageTitleProvider" value="WebsitePanel.Portal.WebPortalPageTitleProvider, WebsitePanel.Portal.Modules"/> <add key="WebPortal.PageTitleProvider" value="WebsitePanel.Portal.WebPortalPageTitleProvider, WebsitePanel.Portal.Modules"/>
<add key="ChartImageHandler" value="storage=file;timeout=20;" /> <add key="ChartImageHandler" value="storage=file;timeout=20;" />
<add key="SessionValidationKey" value="DAD46D476F85E0198BCA134D7AA5CC1D7" /> <add key="SessionValidationKey" value="DAD46D476F85E0198BCA134D7AA5CC1D7" />
</appSettings> </appSettings>
<system.web> <system.web>
<!-- SiteMap settings --> <!-- SiteMap settings -->
@ -48,8 +48,8 @@
<handlers> <handlers>
<add name="ChartImg" path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" resourceType="Unspecified" preCondition="integratedMode" /> <add name="ChartImg" path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" resourceType="Unspecified" preCondition="integratedMode" />
</handlers> </handlers>
<modules> <modules>
<add name="SecureSession" type="WebsitePanel.WebPortal.SecureSessionModule" /> <add name="SecureSession" type="WebsitePanel.WebPortal.SecureSessionModule" />
</modules> </modules>
</system.webServer> </system.webServer>
</configuration> </configuration>

4
WebsitePanel/Sources/WebsitePanel.WebPortal/Web6.config
View file

@ -4,6 +4,7 @@
<add key="WebPortal.ThemeProvider" value="WebsitePanel.Portal.WebPortalThemeProvider, WebsitePanel.Portal.Modules"/> <add key="WebPortal.ThemeProvider" value="WebsitePanel.Portal.WebPortalThemeProvider, WebsitePanel.Portal.Modules"/>
<add key="WebPortal.PageTitleProvider" value="WebsitePanel.Portal.WebPortalPageTitleProvider, WebsitePanel.Portal.Modules"/> <add key="WebPortal.PageTitleProvider" value="WebsitePanel.Portal.WebPortalPageTitleProvider, WebsitePanel.Portal.Modules"/>
<add key="ChartImageHandler" value="storage=file;timeout=20;" /> <add key="ChartImageHandler" value="storage=file;timeout=20;" />
<add key="SessionValidationKey" value="DAD46D476F85E0198BCA134D7AA5CC1D7" />
</appSettings> </appSettings>
<system.web.extensions> <system.web.extensions>
<scripting> <scripting>
@ -56,6 +57,9 @@
<add verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false"/> <add verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false"/>
<add verb="GET,HEAD,POST" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" /> <add verb="GET,HEAD,POST" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" />
</httpHandlers> </httpHandlers>
<httpModules>
<add name="SecureSession" type="WebsitePanel.WebPortal.SecureSessionModule" />
</httpModules>
<!-- Authentication --> <!-- Authentication -->
<authentication mode="Forms"> <authentication mode="Forms">
<forms name=".WEBSITEPANELPORTALAUTHASPX" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" domain="" enableCrossAppRedirects="false"> <forms name=".WEBSITEPANELPORTALAUTHASPX" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" domain="" enableCrossAppRedirects="false">