public static HttpCookie CreateCookie(string identifier, out Guid authenticationToken, bool persistent = false)
{
using (var protector = new CookieProtector(Configuration))
{
authenticationToken = Guid.NewGuid();
var authenticationCookie = new AuthenticationCookie(0, authenticationToken, persistent, identifier);
return(authenticationCookie.CreateHttpCookie(protector, Configuration));
}
}
private ActionResult AuthSucceeded(string userName, string userTimezoneOffset, InMemoryUser user)
{
var syncEveryTime = "true".Equals(MetadataProvider.GlobalProperty("ldap.synceverytime"));
if (syncEveryTime)
{
user.DBUser = UserManager.SyncLdapUser(user.DBUser, _ldapManager.IsLdapSetup());
}
AuthenticationCookie.SetSessionCookie(userName, userTimezoneOffset, Response);
Response.Redirect(FormsAuthentication.GetRedirectUrl(userName, false));
System.Threading.Thread.CurrentPrincipal = user;
return(null);
}
private async Task Authenticae(IOwinContext context)
{
var cookie = context.Request.Cookies[Configuration.CookieName];
if (cookie == null)
{
return;
}
var protector = new CookieProtector(Configuration);
try
{
byte[] data;
if (!protector.Validate(cookie, out data))
{
return;
}
var authenticationCookie = AuthenticationCookie.Deserialize(data);
if (authenticationCookie.IsExpired(Configuration.Timeout))
{
return;
}
var principal = authenticationCookie.GetPrincipal();
var identity = principal.Identity as CookieIdentity;
if (identity == null)
{
return;
}
var user = await GetUser(context, identity.Name);
if (user != null && user.AuthenticationToken == identity.AuthenticationToken)
{
context.Request.User = ApplicationPrincipal <TUser> .Create(user);
RenewCookieIfExpiring(context.Response, protector, authenticationCookie);
}
}
catch
{
// do not leak any information if an exception was thrown; simply don't set the IPrincipal.
}
finally
{
protector.Dispose();
}
}
public bool Authenticate()
{
var cookie = httpContext.Request.Cookies[Configuration.CookieName];
if (cookie != null)
{
var protector = new CookieProtector(Configuration);
try
{
byte[] data;
if (protector.Validate(cookie.Value, out data))
{
var authenticationCookie = AuthenticationCookie.Deserialize(data);
if (authenticationCookie.IsExpired(Configuration.Timeout))
{
return(false);
}
var principal = authenticationCookie.GetPrincipal();
var identity = principal.Identity as CookieIdentity;
if (identity == null)
{
return(false);
}
var user = GetUser(httpContext, identity.Name);
if (user != null && user.AuthenticationToken == identity.AuthenticationToken)
{
httpContext.User = ApplicationPrincipal <TUser> .Create(user);
RenewCookieIfExpiring(httpContext, protector, authenticationCookie);
}
}
return(true);
}
catch
{
// do not leak any information if an exception was thrown; simply don't set the context.LumenUser property.
}
finally
{
protector.Dispose();
}
}
return(false);
}
public static HttpCookie CreateHttpCookie(this AuthenticationCookie authenticationCookie, CookieProtector protector, ConfigFileAuthenticationConfiguration configuration)
{
var cookie = new HttpCookie(configuration.CookieName, protector.Protect(authenticationCookie.Serialize()))
{
HttpOnly = true,
Secure = configuration.RequireSSL,
};
if (authenticationCookie.Persistent)
{
cookie.Expires = authenticationCookie.IssueDate + configuration.Timeout;
}
return(cookie);
}
private async Task OnSigningIn(CookieSigningInContext context)
{
if (!string.IsNullOrWhiteSpace(context.Properties.GetTokenValue(TOKEN_NAME)))
{
return;
}
var userId = GetUserId(context.Principal);
var cookieId = Guid.NewGuid();
var cookie = new AuthenticationCookie(userId, cookieId, context.Properties.ExpiresUtc.Value);
var db = context.HttpContext.RequestServices.GetRequiredService <ApplicationDbContext>();
await db.AuthenticationCookies.AddAsync(cookie);
await db.SaveChangesAsync();
context.Properties.StoreTokens(new[] { new AuthenticationToken()
{
Name = TOKEN_NAME, Value = cookieId.ToString()
} });
}
public ActionResult SignInReturningUserData(string userName, string password, string userTimezoneOffset)
{
userName = userName.ToLower();
var user = SecurityFacade.GetInstance().Login(userName, password, userTimezoneOffset);
if (user == null)
{
// We must end the response right now
// otherwise the forms auth module will
// intercept the response "in-flight"
// and swap it for a 302.
Response.StatusCode = (int)HttpStatusCode.Unauthorized;
Response.End();
// This result will never be
// written to the response.
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
AuthenticationCookie.SetPersistentCookie(userName, userTimezoneOffset, Response);
return(Json(new UserReturningData(user)));
}
private static void RenewCookieIfExpiring(HttpContextBase context, CookieProtector protector, AuthenticationCookie authenticationCookie)
{
if (!Configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(Configuration.Timeout.Ticks / 2)))
{
return;
}
authenticationCookie.Renew();
context.Response.Cookies.Remove(Configuration.CookieName);
var newCookie = authenticationCookie.CreateHttpCookie(protector, Configuration);
context.Response.Cookies.Add(newCookie);
}
private static void RenewCookieIfExpiring(IOwinResponse response, CookieProtector protector, AuthenticationCookie authenticationCookie)
{
if (!Configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(Configuration.Timeout.Ticks / 2)))
{
return;
}
authenticationCookie.Renew();
response.Cookies.Delete(Configuration.CookieName);
var newCookie = authenticationCookie.CreateHttpCookie(protector, Configuration);
response.Cookies.Append(Configuration.CookieName, newCookie.Value, new CookieOptions
{
Domain = newCookie.Domain,
Expires = newCookie.Expires,
HttpOnly = newCookie.HttpOnly,
Path = newCookie.Path,
Secure = newCookie.Secure
});
}
