public ContentResult GetSignInAuthTicket(string Email, string AuthToken)
{
String Json = "";
Member Member = Members.GetByEmail(Email);
AuthMemberTicket _AuthMemberTicket = AuthMemberTickets.GetByMemberToken(Member.MemberID, AuthToken);
// Check does session exists for requested token. If doesn't return emty object, so client will be redirected to sign in page.
if (_AuthMemberTicket.AuthMemberTicketID <= 0)
{
Json = SingInAuthTickets.JsonItem(
new SingInAuthTicket()
{
MemberName = "",
MemberEmail = "",
EncrytedTicket = "",
IsPersistant = 0,
}
);
}
else
{
string CookieName = FormsAuthentication.FormsCookieName;
string CookiePath = FormsAuthentication.FormsCookiePath;
int IsPersistent = _AuthMemberTicket.IsPersistent;
AuthMemberToken _ticketMemberSession = new AuthMemberToken()
{
MemberID = Member.MemberID,
MemberEmail = Member.Email,
MemberName = Member.Name,
Token = AuthToken,
Domain = Request.Url.DnsSafeHost
};
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
Member.Email,
DateTime.Now,
_AuthMemberTicket.Expiration,
IsPersistent == 1 ? true : false,
ToJson(_ticketMemberSession),
CookiePath);
string cookieEncrypted = FormsAuthentication.Encrypt(authTicket);
Json = SingInAuthTickets.JsonItem(
new SingInAuthTicket()
{
MemberName = Member.Name,
MemberEmail = Member.Email,
EncrytedTicket = cookieEncrypted,
IsPersistant = IsPersistent
}
);
}
return(Content(Json, TypeJson));
}
private string SignInMember(String Name, Member Member, bool RememberMe, String ReturnUrl, string SocialComment = "")
{
Session["MemberProfile"] = new MemberProfile(Member);
string CookieName = FormsAuthentication.FormsCookieName;
string CookiePath = FormsAuthentication.FormsCookiePath;
if (AppSession.Parameters.GeneralCookieName.Value.Length > 0)
CookieName = AppSession.Parameters.GeneralCookieName.Value;
bool isCookiePersistent = RememberMe;
FormsAuthentication.Initialize();
AuthMemberTicket _authMemberTicket = AuthMemberTickets.GetLastByMember(Member.MemberID);
if (_authMemberTicket.Expiration <= DateTime.Now)
{
_authMemberTicket.Delete();
_authMemberTicket.AuthMemberTicketID = 0;
}
AuthMemberToken _ticketMemberSession = new AuthMemberToken()
{
MemberID = Member.MemberID,
MemberEmail = Member.Email,
MemberName = Member.Name,
Token = _authMemberTicket.AuthMemberTicketID > 0 ? _authMemberTicket.Token : StringTool.RandomString(64)
};
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
Member.Email,
DateTime.Now,
DateTime.Now + FormsAuthentication.Timeout,
isCookiePersistent,
ToJson(_ticketMemberSession),
CookiePath);
string cookieEncrypted = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(CookieName, cookieEncrypted);
if (isCookiePersistent)
authCookie.Expires = authTicket.Expiration;
// In order to keep not empty UserData for auth ticket.
// http://stackoverflow.com/questions/12642516/formsauthenticationticket-isnt-storing-userdata
if (AppSession.Parameters.GeneralDomainName.Value.Length > 0 && AppSession.Parameters.GeneralDomainName.Value != "localhost")
authCookie.Domain = AppSession.Parameters.GeneralDomainName.Value;
authCookie.HttpOnly = true;
authCookie.Path = CookiePath;
Response.Cookies.Add(authCookie);
AuditEvent.AppEventSuccess(Profile.Member.Email, SocialComment + " " + String.Format(AuditEvent.MemberLoggedIn, Member.Name, Member.Email));
Member.UpdateLoginTime();
String RedirectTo = "";
if (AppSession.ReturnUrl != null && AppSession.ReturnUrl.Length > 0)
RedirectTo = AppSession.ReturnUrl;
else
RedirectTo = RedirectToAfterLogin(ReturnUrl);
if (AppSession.ReturnUrl != null && AppSession.ReturnUrl.Length > 0)
{
//////////////////////////////////////////////////////////////////////////
// Needs to create session for cross domain auth.
//////////////////////////////////////////////////////////////////////////
if (AppSession.SignUpDomain != null && AppSession.SignUpDomain.Length > 0)
{
Uri signInDomain = new Uri(AppSession.ReturnUrl);
signInDomain = new Uri(AppSession.ReturnUrl);
if (signInDomain.Host.Trim().ToLower().IndexOf(AppSession.Parameters.GeneralDomainName.Value.Trim().ToLower()) == -1)
RedirectTo = PrepareCrossDomainAuthToken(Member, RememberMe, ReturnUrl, signInDomain.DnsSafeHost, signInDomain.Port, AppSession.SignInUrl, _ticketMemberSession);
}
}
if (_authMemberTicket.AuthMemberTicketID <= 0)
{
_authMemberTicket = new AuthMemberTicket()
{
Token = _ticketMemberSession.Token,
MemberID = Member.MemberID,
IssueDate = authTicket.IssueDate,
Expiration = authTicket.Expiration,
IsPersistent = (authTicket.IsPersistent == true ? 1 : 0)
};
_authMemberTicket.Save();
}
return RedirectTo;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// http://stackoverflow.com/questions/342378/cross-domain-login-how-to-login-a-user-automatically-when-transferred-from-one
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
private string PrepareCrossDomainAuthToken(Member Member, bool RememberMe, String ReturnUrl, string Host, int Port, string SignInUrl, AuthMemberToken AuthMemberToken, string SocialComment = "")
{
String RedirectTo = "";
if (AppSession.ReturnUrl != null && AppSession.ReturnUrl.Length > 0)
RedirectTo = AppSession.ReturnUrl;
else
RedirectTo = RedirectToAfterLogin(ReturnUrl);
String returnUrl = RedirectTo;
RedirectTo = String.Format("http://{0}:{1}{2}", Host, Port, SignInUrl);
RedirectTo += (RedirectTo.IndexOf("?") > 0 ? "&" : "?") + "BackUrl=" + HttpUtility.UrlEncode(returnUrl);
RedirectTo += (RedirectTo.IndexOf("?") > 0 ? "&" : "?") + "p1=" + HttpUtility.UrlEncode(StringTool.Encrypt(AuthMemberToken.Token)) + "&p2=" + HttpUtility.UrlEncode(StringTool.Encrypt(Member.Email));
return RedirectTo;
}
