Beispiel #1
0
        public CookieIdentity(AuthenticationCookie cookie)
        {
            if (cookie == null)
            {
                throw new ArgumentNullException("cookie");
            }

            _cookie = cookie;
        }
Beispiel #2
0
        public CookieIdentity(AuthenticationCookie cookie)
        {
            if (cookie == null)
            {
                throw new ArgumentNullException("cookie");
            }

            _cookie = cookie;
        }
Beispiel #3
0
        public void SetCookie(string email, string username, bool persistent = false, string[] roles = null, byte[] tag = null)
        {
            var cookie = new AuthenticationCookie(0, Guid.NewGuid(), persistent, email, username, roles, tag);

            using (var protector = new CookieProtector(_configuration))
            {
                var httpCookie = new HttpCookie(_configuration.CookieName, protector.Protect(cookie.Serialize()))
                {
                    HttpOnly = true,
                    Secure = _configuration.RequireSSL,
                };
                if (persistent)
                {
                    httpCookie.Expires = cookie.IssueDate + _configuration.Timeout;
                }
                _context.Response.Cookies.Add(httpCookie);
            }
        }
Beispiel #4
0
        public void SetCookie(string email, string username, bool persistent = false, string[] roles = null, byte[] tag = null)
        {
            var cookie = new AuthenticationCookie(0, Guid.NewGuid(), persistent, email, username, roles, tag);

            using (var protector = new CookieProtector(_configuration))
            {
                var httpCookie = new HttpCookie(_configuration.CookieName, protector.Protect(cookie.Serialize()))
                {
                    HttpOnly = true,
                    Secure   = _configuration.RequireSSL,
                };
                if (persistent)
                {
                    httpCookie.Expires = cookie.IssueDate + _configuration.Timeout;
                }
                _context.Response.Cookies.Add(httpCookie);
            }
        }
        private void OnAuthenticateRequest(object sender, EventArgs e)
        {
            var context = ((HttpApplication)sender).Context;
            var cookie  = context.Request.Cookies[_configuration.CookieName];

            if (cookie != null)
            {
                var protector = new CookieProtector(_configuration);
                try
                {
                    byte[] data;
                    var    cookieData           = protector.Validate(cookie.Value, out data);
                    var    authenticationCookie = AuthenticationCookie.Deserialize(data);
                    if (!authenticationCookie.IsExpired(_configuration.Timeout))
                    {
                        context.User = authenticationCookie.GetPrincipal();
                        RenewCookieIfExpiring(context, protector, authenticationCookie);
                    }
                }
                catch
                {
                    // do not leak any information if an exception was thrown.
                    // simply don't set the context.User property.
                }
                finally
                {
                    if (protector != null)
                    {
                        protector.Dispose();
                    }
                }
            }

            if (IsLoginPage(context.Request))
            {
                context.SkipAuthorization = true;
            }
        }
        private void RenewCookieIfExpiring(HttpContext context, CookieProtector protector, AuthenticationCookie authenticationCookie)
        {
            if (!_configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(_configuration.Timeout.Ticks / 2)))
            {
                return;
            }
            authenticationCookie.Renew();
            context.Response.Cookies.Remove(_configuration.CookieName);
            var newCookie = new HttpCookie(_configuration.CookieName, protector.Protect(authenticationCookie.Serialize()))
            {
                HttpOnly = true,
                Secure   = _configuration.RequireSSL,
            };

            if (authenticationCookie.Persistent)
            {
                newCookie.Expires = authenticationCookie.IssueDate + _configuration.Timeout;
            }
            context.Response.Cookies.Add(newCookie);
        }
 private void RenewCookieIfExpiring(HttpContext context, CookieProtector protector, AuthenticationCookie authenticationCookie)
 {
     if (!_configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(_configuration.Timeout.Ticks / 2)))
     {
         return;
     }
     authenticationCookie.Renew();
     context.Response.Cookies.Remove(_configuration.CookieName);
     var newCookie = new HttpCookie(_configuration.CookieName, protector.Protect(authenticationCookie.Serialize()))
     {
         HttpOnly = true,
         Secure = _configuration.RequireSSL,
     };
     if (authenticationCookie.Persistent)
     {
         newCookie.Expires = authenticationCookie.IssueDate + _configuration.Timeout;
     }
     context.Response.Cookies.Add(newCookie);
 }