public void Login(int userId, int tenantId, string username, bool isPersistent, bool hasSessionStorage)
{
var previousLoginId = httpCookie.IsAnonymous ? null : httpCookie.LoginId;
userCookie = new UserAccessibleLoginCookieValue {
UserId = userId,
Username = username,
CSRFToken = SecureTokenGenerator.Instance.GenerateCSRFToken()
};
mobileLoginInfo = new MobileLoginInfo {
UserId = userId,
TenantId = tenantId,
IsPersistent = isPersistent
};
httpCookie = new HttpOnlyLoginCookieValue {
LoginId = MobileLoginReadWriter.Write(configuration.EncryptKey, mobileLoginInfo)
};
if (hasSessionStorage)
{
CreateMobileLoginInfo(httpCookie.LoginId, previousLoginId);
}
csrfToken = userCookie.CSRFToken;
dirty = true;
}
public LoginInfo(MobileLoginConfiguration configuration)
{
this.configuration = configuration;
csrfToken = null;
httpCookie = new HttpOnlyLoginCookieValue();
userCookie = new UserAccessibleLoginCookieValue();
mobileLoginInfo = new MobileLoginInfo {
TenantId = configuration.DefaultTenantId
};
dirty = false;
}
public static MobileLoginInfo Read(string key, string loginInfo)
{
string decryptedLoginInfo = SymmCryptHelper.DecryptWithAES128(key, loginInfo);
string[] parts = decryptedLoginInfo.Split('|');
var info = new MobileLoginInfo();
info.UserId = Base64.IntFromBase64(parts[0]);
info.TenantId = Base64.IntFromBase64(parts[1]);
info.IsPersistent = Convert.ToBoolean(Base64.IntFromBase64(parts[2]));
return(info);
}
public void Logout()
{
userCookie = new UserAccessibleLoginCookieValue();
httpCookie = new HttpOnlyLoginCookieValue();
mobileLoginInfo = new MobileLoginInfo {
TenantId = configuration.DefaultTenantId
};
csrfToken = userCookie.CSRFToken;
dirty = true;
}
public void Validate(bool ignoreCSRFToken)
{
if (!ignoreCSRFToken && csrfToken == null) // Unacceptable
{
throw new InvalidLoginException("Invalid CSRF request");
}
if (httpCookie == null || userCookie == null)
{
Anonymize();
}
if (!ValidSignature())
{
// Downgrade to anonymous cookies.
// You might be wondering why we let the guy go as anonymous
// we do this so that when we change the cookie format
// users can upgrade their login cookies by logging in again.
Anonymize();
}
if (!ignoreCSRFToken && !csrfToken.SlowEquals(userCookie.CSRFToken)) // Unaceptable
{
throw new InvalidLoginException("Invalid CSRF request");
}
if (!IsAnonymous)
{
mobileLoginInfo = MobileLoginReadWriter.Read(configuration.EncryptKey, httpCookie.LoginId);
}
else
{
mobileLoginInfo = new MobileLoginInfo {
TenantId = configuration.DefaultTenantId
};
}
if (userCookie.UserId != mobileLoginInfo.UserId)
{
throw new InvalidLoginException("Inconsistent Login Info");
}
}
public static string Write(string key, MobileLoginInfo loginInfo)
{
string encoded = string.Join("|", Base64.ToBase64(loginInfo.UserId), Base64.ToBase64(loginInfo.TenantId), Base64.ToBase64(Convert.ToInt32(loginInfo.IsPersistent)));
return(SymmCryptHelper.EncryptWithAES128(key, encoded));
}
