public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
var request = context?.Request;
var cookies = request?.Headers.GetCookies().Where(cookie => cookie.HttpOnly == (cookie.Secure && request.RequestUri.Scheme == Uri.UriSchemeHttps)).SelectMany(cookieBag => cookieBag.Cookies);
var authenticationCookie = cookies?.FirstOrDefault(cookie => cookie.Name == AUTHENTICATION_COOKIE_NAME);
var token = authenticationCookie?.Value;
var cacheKey = BuildCacheKey(token);
var cache = HttpContext.Current.Cache;
var cachedUser = cache.Get(cacheKey) as CustomIdentity;
if (token != null)
{
if (cachedUser == null)
{
var config = new SiteConfiguration();
var accountRepo = PersistenceFactory.GetAccountRepo(config);
var user = accountRepo.GetAccountByRecentToken(token);
if (user != null)
{
var customIdentity = new CustomIdentity(user.Username, user.Email, user.AuthToken);
context.Principal = new GenericPrincipal(customIdentity, new string[] { });
cache.Insert(cacheKey, customIdentity);
}
else
{
context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[] { }, context.Request);
}
}
}
if (!(context.Principal?.Identity is CustomIdentity))
{
context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[] { }, context.Request);
}
return(Task.FromResult(0));
}
public AccountController()
{
AccountRepo = PersistenceFactory.GetAccountRepo(new SiteConfiguration());
}
