public CookieIdentity(AuthenticationCookie cookie)
{
if (cookie == null)
{
throw new ArgumentNullException("cookie");
}
_cookie = cookie;
}
public CookieIdentity(AuthenticationCookie cookie)
{
if (cookie == null)
{
throw new ArgumentNullException("cookie");
}
_cookie = cookie;
}
public void SetCookie(string email, string username, bool persistent = false, string[] roles = null, byte[] tag = null)
{
var cookie = new AuthenticationCookie(0, Guid.NewGuid(), persistent, email, username, roles, tag);
using (var protector = new CookieProtector(_configuration))
{
var httpCookie = new HttpCookie(_configuration.CookieName, protector.Protect(cookie.Serialize()))
{
HttpOnly = true,
Secure = _configuration.RequireSSL,
};
if (persistent)
{
httpCookie.Expires = cookie.IssueDate + _configuration.Timeout;
}
_context.Response.Cookies.Add(httpCookie);
}
}
public void SetCookie(string email, string username, bool persistent = false, string[] roles = null, byte[] tag = null)
{
var cookie = new AuthenticationCookie(0, Guid.NewGuid(), persistent, email, username, roles, tag);
using (var protector = new CookieProtector(_configuration))
{
var httpCookie = new HttpCookie(_configuration.CookieName, protector.Protect(cookie.Serialize()))
{
HttpOnly = true,
Secure = _configuration.RequireSSL,
};
if (persistent)
{
httpCookie.Expires = cookie.IssueDate + _configuration.Timeout;
}
_context.Response.Cookies.Add(httpCookie);
}
}
private void OnAuthenticateRequest(object sender, EventArgs e)
{
var context = ((HttpApplication)sender).Context;
var cookie = context.Request.Cookies[_configuration.CookieName];
if (cookie != null)
{
var protector = new CookieProtector(_configuration);
try
{
byte[] data;
var cookieData = protector.Validate(cookie.Value, out data);
var authenticationCookie = AuthenticationCookie.Deserialize(data);
if (!authenticationCookie.IsExpired(_configuration.Timeout))
{
context.User = authenticationCookie.GetPrincipal();
RenewCookieIfExpiring(context, protector, authenticationCookie);
}
}
catch
{
// do not leak any information if an exception was thrown.
// simply don't set the context.User property.
}
finally
{
if (protector != null)
{
protector.Dispose();
}
}
}
if (IsLoginPage(context.Request))
{
context.SkipAuthorization = true;
}
}
private void RenewCookieIfExpiring(HttpContext context, CookieProtector protector, AuthenticationCookie authenticationCookie)
{
if (!_configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(_configuration.Timeout.Ticks / 2)))
{
return;
}
authenticationCookie.Renew();
context.Response.Cookies.Remove(_configuration.CookieName);
var newCookie = new HttpCookie(_configuration.CookieName, protector.Protect(authenticationCookie.Serialize()))
{
HttpOnly = true,
Secure = _configuration.RequireSSL,
};
if (authenticationCookie.Persistent)
{
newCookie.Expires = authenticationCookie.IssueDate + _configuration.Timeout;
}
context.Response.Cookies.Add(newCookie);
}
private void RenewCookieIfExpiring(HttpContext context, CookieProtector protector, AuthenticationCookie authenticationCookie)
{
if (!_configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(_configuration.Timeout.Ticks / 2)))
{
return;
}
authenticationCookie.Renew();
context.Response.Cookies.Remove(_configuration.CookieName);
var newCookie = new HttpCookie(_configuration.CookieName, protector.Protect(authenticationCookie.Serialize()))
{
HttpOnly = true,
Secure = _configuration.RequireSSL,
};
if (authenticationCookie.Persistent)
{
newCookie.Expires = authenticationCookie.IssueDate + _configuration.Timeout;
}
context.Response.Cookies.Add(newCookie);
}