/// <summary> /// Called when the security stamp has been verified. /// </summary> /// <param name="user">The user who has been verified.</param> /// <param name="context">The <see cref="CookieValidatePrincipalContext"/>.</param> /// <returns>A task.</returns> protected virtual async Task SecurityStampVerified(TUser user, CookieValidatePrincipalContext context) { var newPrincipal = await SignInManager.CreateUserPrincipalAsync(user); if (Options.OnRefreshingPrincipal != null) { var replaceContext = new SecurityStampRefreshingPrincipalContext { CurrentPrincipal = context.Principal, NewPrincipal = newPrincipal }; // Note: a null principal is allowed and results in a failed authentication. await Options.OnRefreshingPrincipal(replaceContext); newPrincipal = replaceContext.NewPrincipal; } // REVIEW: note we lost login authentication method context.ReplacePrincipal(newPrincipal); context.ShouldRenew = true; if (!context.Options.SlidingExpiration) { // On renewal calculate the new ticket length relative to now to avoid // extending the expiration. context.Properties.IssuedUtc = Clock.UtcNow; } }
/// <summary> /// Validates a security stamp of an identity as an asynchronous operation, and rebuilds the identity if the validation succeeds, otherwise rejects /// the identity. /// </summary> /// <param name="context">The context containing the <see cref="System.Security.Claims.ClaimsPrincipal"/> /// and <see cref="Http.Authentication.AuthenticationProperties"/> to validate.</param> /// <returns>The <see cref="Task"/> that represents the asynchronous validation operation.</returns> public virtual async Task ValidateAsync(CookieValidatePrincipalContext context) { var currentUtc = DateTimeOffset.UtcNow; if (context.Options != null && _clock != null) { currentUtc = _clock.UtcNow; } var issuedUtc = context.Properties.IssuedUtc; // Only validate if enough time has elapsed var validate = (issuedUtc == null); if (issuedUtc != null) { var timeElapsed = currentUtc.Subtract(issuedUtc.Value); validate = timeElapsed > _options.ValidationInterval; } if (validate) { var user = await _signInManager.ValidateSecurityStampAsync(context.Principal); if (user != null) { var newPrincipal = await _signInManager.CreateUserPrincipalAsync(user); if (_options.OnRefreshingPrincipal != null) { var replaceContext = new SecurityStampRefreshingPrincipalContext { CurrentPrincipal = context.Principal, NewPrincipal = newPrincipal }; // Note: a null principal is allowed and results in a failed authentication. await _options.OnRefreshingPrincipal(replaceContext); newPrincipal = replaceContext.NewPrincipal; } // REVIEW: note we lost login authentication method context.ReplacePrincipal(newPrincipal); context.ShouldRenew = true; } else { context.RejectPrincipal(); await _signInManager.SignOutAsync(); } } }
/// <summary> /// Called when the security stamp has been verified. /// </summary> /// <param name="user">The user who has been verified.</param> /// <param name="context">The <see cref="CookieValidatePrincipalContext"/>.</param> /// <returns>A task.</returns> protected virtual async Task SecurityStampVerified(TUser user, CookieValidatePrincipalContext context) { var newPrincipal = await SignInManager.CreateUserPrincipalAsync(user); if (Options.OnRefreshingPrincipal != null) { var replaceContext = new SecurityStampRefreshingPrincipalContext { CurrentPrincipal = context.Principal, NewPrincipal = newPrincipal }; // Note: a null principal is allowed and results in a failed authentication. await Options.OnRefreshingPrincipal(replaceContext); newPrincipal = replaceContext.NewPrincipal; } // REVIEW: note we lost login authentication method context.ReplacePrincipal(newPrincipal); context.ShouldRenew = true; }