Isline Framework Series 12-using session, cookies, and security support

Today to introduce support for session and cookies in the IsLine.HttpContent.HttpContentProvider namespace.

This is a commonly used component in the Isline framework, which enables you to provide a unified cookie configuration attribute for a whole-site program, such as Cookie encryption, whether to httponly, whether to open HTTPS security options, and the default scope. Cookieprovider is a class in the namespace that, when initialized, automatically loads the cookie node configuration in the Web.config file, which is loaded on the entire Web site after successful reading, and these properties do not need to appear in the program.

Web.comfig node Configuration:

Add the following configuration between </configSections> and <appSettings>:

Code

<IsLine.HttpContent.Configuration>
　　 <Cookie>
　　　 <Cryptography>False</Cryptography>
　　　 <IsHttpOnly>True</IsHttpOnly>
　　　 <IsSecure>False</IsSecure>
　　　 <Domain>Default</Domain>
　　 </Cookie>
　 </IsLine.HttpContent.Configuration>

Add the following nodes between <configSections> and </configSections>:

<sectionGroup　name="IsLine.HttpContent.Configuration">
　　　　　　　　 <section　name="Cookie"　type="IsLine.Data.Configuration.SuitConfig"/>
　　　　　 </sectionGroup>

You can then use this provider in your program. In the <IsLine.HttpContent.Configuration> node, cryptography indicates whether the encryption of the cookie is enabled, it has true and fasle two values, and if the value is true, When you create a new or updated cookie, provider automatically enables the encrypting method under the IsLine.Security.Cryptography namespace to be encrypted, and when the cookie is read, Provider will automatically enable the decrypting method under the IsLine.Security.Cryptography namespace for decryption, which is described later on IsLine.Security.Cryptography information. When encrypting and decrypting, the seed string is used, and the seed is added to the node for configuration in Web.config:

<add key= "IsLine.Security.Configuration.TokenKey" value= "Isline"/>

Once configured, the value of the cryptography node can be true, and the cookie information on the hard disk is already encrypted.

Ishttponly corresponds to the HttpOnly property of the cookie, which indicates whether the user cookie can be obtained only on the server side, and if this value is true, then Javascript, Flash, and other client methods will not be able to obtain the cookie. This requires IE6 SP1 version of the browser support.

Issecure corresponds to the secure property of the cookie, and if this property is true, then the cookie can only be transmitted through HTTPS or another security protocol, which is not valid in HTTP. Having the secure attribute does not mean that other people cannot see the cookies stored locally by your machine, only that the cookies are encrypted with the data transfer process between the Web server, and that the cookie files stored locally are not encrypted. If you want to encrypt a locally stored cookie, set the cryptography node to true.

Domain corresponds to the domain property of the cookie, which indicates the scope of the cookie. For example, there is a site www.abc.com, Then added a similar isline.abc.com site, in order to implement the Web site cookie sharing, you need to reset the domain of the cookie, then the domain value can be set to abc.com, so that based on the ABC.com site can share cookies.

This is the convenience of cookieprovider, just need simple configuration, you can the whole station cookie Unified management!

Cookieprovider also implements the capability interface, but unlike the cache class, it implements only the Ibasecapability interface:

public　class　CookieProvider　:　IBaseCapability
　　 {
　　　　 public　CookieProvider()
　　　　 {
　　　　　　 //
　　　　　　 //　TODO:　在此处添加构造函数逻辑
　　　　　　 //
　　　　 }
}