Click or drag to resize
SecurityHelper Class
Contains methods for ensuring security
Inheritance Hierarchy
SystemObject
  CMS.HelpersSecurityHelper

Namespace: CMS.Helpers
Assembly: CMS.Helpers (in CMS.Helpers.dll) Version: 10.0.0
Syntax
C#
public static class SecurityHelper

The SecurityHelper type exposes the following members.

Fields
  NameDescription
Public fieldStatic memberEMAIL_CONFIRMATION_DATETIME_FORMAT
Date time format used in e-mail confirmation hashing methods.
Public fieldStatic memberRegSquerBrackets
Regular expression for replacing square brackets from like expressions.
Public fieldStatic memberSESSION_TOKEN_HEADER
HTTP header which can contain session token.
Top
Properties
  NameDescription
Public propertyStatic memberPbkdf2IterationsCount
Iterations count used within Rfc2898DeriveBytes. More iterations will generate more resistant hashes to brute-force attacks, however performance issues might arise when set to high.
Top
Methods
  NameDescription
Public methodStatic memberEnsureCertificateSecurity
If some module allows acceptation of untrusted or expired certificate, this method registers certificate validation callback.
Public methodStatic memberGenerateConfirmationEmailHash
Generates hash for confirmation email which approves certain action (subscription to forum, password change, ...).
Public methodStatic memberGetMD5Hash
Returns SHA2 hash for input data.
Public methodStatic memberGetPBKDF2Hash
Returns PBKDF2 hash for password. Rfc2898DeriveBytes implements PBKDF2 with HMACSHA1 (hard coded in the class).
Public methodStatic memberGetSecondsToShowScreenLockAction
Gets the time period when client should contact server to check ScreenLock state.
Public methodStatic memberGetSecurityAccessEnum
Gets the SecurityAccessEnum equivalent of the permission information from the given forum access encoded info.
Public methodStatic memberGetSHA1Hash
Returns the SHA1 hash byte array for given password string.
Public methodStatic memberGetSHA2Hash
Returns SHA2 hash for input data.
Public methodStatic memberHandleClickjacking
Adds protection against clickjacking - adding headers works only in integrated mode
Public methodStatic memberCheckPasswordPolicy(String, String)
Check password policy for specified password
Public methodStatic memberCheckPasswordPolicy(String, String, Int32, Int32, String)
Check password policy for specified password
Public methodStatic memberIsAutoCompleteEnabledForLogin
Returns whether Autocomplete is enabled for login usernames.
Public methodStatic memberIsScreenLockEnabled
Returns whether ScreenLock feature is enabled for given site.
Public methodStatic memberIsXFrameOptionsExcluded
Returns whether given path is excluded from adding X-Frame-Options HTTP header.
Public methodStatic memberLogScreenLockAction
Logs the call of this method as request for ScreenLock feature.
Public methodStatic memberSetSecurityAccessEnum
Gets the integer equivalent of the permission information specified by the SecurityAccessEnum.
Public methodStatic memberTryParseBasicAuthorizationHeader
Tries to parse Authorization header (Basic Authentication). Retrieves both username and password from header if parsing succeeded.
Public methodStatic memberValidateCertificate
Returns true if current request should be excluded from checking Otherwise return real value
Public methodStatic memberValidateConfirmationEmailHash
Returns whether hash for confirmation email is valid.
Public methodStatic memberValidateSessionToken
Validates if session token is equal given token. In case that session doesn't contain token returns true.
Public methodStatic memberVerifyPBKDF2Hash
Returns true in case given password matches given PBKDF2 hash.
Top
See Also