public virtual async Task <ActionResult> Login(UserLoginModel model) { var user = await UserCore.GetByEmailAndPasswordAsync(model.Email, model.Password).ConfigureAwait(false); if (user == null) { return(RedirectToAction(MVC.Account.Actions.Login())); } var token = await AuthTokenCore.CreateAsync(new AuthToken { UserId = user.Id }).ConfigureAwait(false); HttpContext.Request.Cookies.Clear(); // clear all cookies, to start a fresh session var tkt = new FormsAuthenticationTicket(1, model.Email, DateTime.Now, DateTime.Now.AddMinutes(999), false, $"{token.Id}#{Guid.NewGuid()}#{token.Id}", FormsAuthentication.FormsCookiePath); var cookiestr = FormsAuthentication.Encrypt(tkt); var ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr) { Expires = tkt.Expiration, Path = FormsAuthentication.FormsCookiePath }; Response.Cookies.Add(ck); return(RedirectToAction(MVC.Home.Actions.Index())); }
private static void SetCustomPrincipal(AuthorizationContext filterContext, Guid validationToken) { if (validationToken == Guid.Empty) { SignOutAndSetStatusCode(filterContext); return; } var authToken = Task.Run(async() => await AuthTokenCore.GetAsync(validationToken).ConfigureAwait(false)).GetAwaiter().GetResult(); if (authToken == null) { SignOutAndSetStatusCode(filterContext); return; } var user = Task.Run(async() => await UserCore.GetAsync(authToken.UserId).ConfigureAwait(false)).GetAwaiter().GetResult(); if (user == null) { SignOutAndSetStatusCode(filterContext); return; } var identity = new CustomIdentity(user); var newUser = new CustomPrincipal(identity); //set the custom principal filterContext.HttpContext.User = newUser; }