Adding a cookie validation interface to block disabled accounts

AppHarbor.Web.Security/AppHarbor.Web.Security.csproj

@@ -1,63 +1,64 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProductVersion>8.0.30703</ProductVersion>
-    <SchemaVersion>2.0</SchemaVersion>
-    <ProjectGuid>{BA59E36D-677F-4F70-94DF-C75C8860F67B}</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>AppHarbor.Web.Security</RootNamespace>
-    <AssemblyName>AppHarbor.Web.Security</AssemblyName>
-    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="System" />
-    <Reference Include="System.Configuration" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.Web" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="AuthenticationCookie.cs" />
-    <Compile Include="ConfigFileAuthenticationConfiguration.cs" />
-    <Compile Include="CookieAuthenticationModule.cs" />
-    <Compile Include="CookieAuthenticator.cs" />
-    <Compile Include="CookieIdentity.cs" />
-    <Compile Include="CookieProtector.cs" />
-    <Compile Include="Encryption.cs" />
-    <Compile Include="IAuthenticator.cs" />
-    <Compile Include="ICookieAuthenticationConfiguration.cs" />
-    <Compile Include="KeyedHashValidation.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="StringExtensions.cs" />
-    <Compile Include="SymmetricEncryption.cs" />
-    <Compile Include="Validation.cs" />
-  </ItemGroup>
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProductVersion>8.0.30703</ProductVersion>
+    <SchemaVersion>2.0</SchemaVersion>
+    <ProjectGuid>{BA59E36D-677F-4F70-94DF-C75C8860F67B}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>AppHarbor.Web.Security</RootNamespace>
+    <AssemblyName>AppHarbor.Web.Security</AssemblyName>
+    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Configuration" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Web" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="AuthenticationCookie.cs" />
+    <Compile Include="ConfigFileAuthenticationConfiguration.cs" />
+    <Compile Include="CookieAuthenticationModule.cs" />
+    <Compile Include="CookieAuthenticator.cs" />
+    <Compile Include="CookieIdentity.cs" />
+    <Compile Include="CookieProtector.cs" />
+    <Compile Include="Encryption.cs" />
+    <Compile Include="IAuthenticator.cs" />
+    <Compile Include="ICookieAuthenticationConfiguration.cs" />
+    <Compile Include="ICookieValidator.cs" />
+    <Compile Include="KeyedHashValidation.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="StringExtensions.cs" />
+    <Compile Include="SymmetricEncryption.cs" />
+    <Compile Include="Validation.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">
   </Target>
   <Target Name="AfterBuild">
   </Target>
-  -->
+  -->
 </Project>

AppHarbor.Web.Security/CookieAuthenticationModule.cs

@@ -6,7 +6,8 @@ namespace AppHarbor.Web.Security
 {
 	public sealed class CookieAuthenticationModule : IHttpModule
 	{
-		private readonly ICookieAuthenticationConfiguration _configuration;
+		private readonly ICookieAuthenticationConfiguration _configuration;
+        private readonly ICookieValidator  _validator;
 
 		public CookieAuthenticationModule()
 			: this(new ConfigFileAuthenticationConfiguration())
@@ -16,8 +17,15 @@ public CookieAuthenticationModule()
 		public CookieAuthenticationModule(ICookieAuthenticationConfiguration configuration)
 		{
 			_configuration = configuration;
-		}
-
+		}
+
+        public CookieAuthenticationModule(ICookieAuthenticationConfiguration configuration,
+                                    ICookieValidator  validator)
+        {
+            _configuration = configuration;
+            _validator = validator;
+
+        }
 		private void OnAuthenticateRequest(object sender, EventArgs e)
 		{
 			var context = ((HttpApplication)sender).Context;
@@ -29,8 +37,14 @@ private void OnAuthenticateRequest(object sender, EventArgs e)
 				{
 					byte[] data;
 					var cookieData = protector.Validate(cookie.Value, out data);
-					var authenticationCookie = AuthenticationCookie.Deserialize(data);
-					if (!authenticationCookie.IsExpired(_configuration.Timeout))
+					var authenticationCookie = AuthenticationCookie.Deserialize(data);
+
+                    bool isCookieValid = true;
+                    if (_validator != null)
+                        isCookieValid = _validator.IsCookieValid(authenticationCookie);
+
+					if (isCookieValid && !authenticationCookie.IsExpired(_configuration.Timeout))
+
 					{
 						context.User = authenticationCookie.GetPrincipal();
 						RenewCookieIfExpiring(context, protector, authenticationCookie);

AppHarbor.Web.Security/ICookieValidator.cs

@@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+namespace AppHarbor.Web.Security
+{
+    public interface ICookieValidator
+    {
+        bool IsCookieValid(AuthenticationCookie cookie);
+    }
+}