internal void MvcApplication_AuthenticateRequest(object sender, EventArgs e)
{
if (User.IsNotNull())
{
var cookieName = "Example-" + User.Identity.Name;
var authCookie = Request.Cookies[cookieName];
//If an auth cookie has already been created use it for the Principal and identitiy
if (authCookie != null)
{
//Get auth cookie
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
//Create a custom identity based on auth cookie and user role and set as principal for thread
var id = new CustomIdentity(authTicket, true, authTicket.UserData.ToList());
Context.User = new CustomPrincipal(id);
Thread.CurrentPrincipal = Context.User;
}
else
{
//Check request is domain authenticated for windows auth
if (Request.IsAuthenticated)
{
//Get current database session
var session = DependencyResolver.Current.GetService<ISession>();
//Get user from datbase so we can get the users roles
var user = session.Query<User>().SingleOrDefault(x => x.UserName == User.Identity.Name.ToUserName());
CustomIdentity id;
if (user != null)
{
//Create identity from user details
id = new CustomIdentity(User.Identity.Name, true, user.Roles.Select(x => x.RoleName).ToList());
if (id.IsAuthenticated)
{
//Create auth ticket encrypt and add to cookie
var authTicket = new
FormsAuthenticationTicket(1, //version
User.Identity.Name, // user taskName
DateTime.Now, //creation
DateTime.Now.AddMinutes(30), //Expiration
true, //Persistent
id.Roles.ToCommaSeparatedString(),
User.Identity.Name); //since Classic logins don't have a "Friendly Name"
var encTicket = FormsAuthentication.Encrypt(authTicket);
Response.Cookies.Add(new HttpCookie(cookieName, encTicket));
}
}
else
{
//User is not authenticated so create unauthed id with no roles
id = new CustomIdentity(User.Identity.Name, false, new List<string>());
}
//Create principal from identity and set for current thread
Context.User = new CustomPrincipal(id);
Thread.CurrentPrincipal = Context.User;
}
}
}
else
{
//try and use basic auth if this fails this is used for the rest API may replace with token based system at some point.
var authHeader = Request.ServerVariables["HTTP_AUTHORIZATION"];
if (authHeader.IsNotNull())
{
if (authHeader.StartsWith("Basic ", StringComparison.InvariantCultureIgnoreCase))
{
var authParams =
Encoding.Default.GetString(Convert.FromBase64String(authHeader.Substring("Basic ".Length)));
var arr = authParams.Split(':');
var username = arr[0];
//Get current database session
var session = DependencyResolver.Current.GetService<ISession>();
//Get user from datbase so we can get the users roles
var user = session.Query<User>().SingleOrDefault(x => x.UserName == username);
//Create identity from user details
if (user != null)
{
var id = new CustomIdentity(user.UserName, true, user.Roles.Select(x => x.RoleName).ToList());
//Create principal from identity and set for current thread
Context.User = new CustomPrincipal(id);
}
Thread.CurrentPrincipal = Context.User;
}
}
}
}
public CustomPrincipal(CustomIdentity identity)
{
_roles = identity.Roles;
_identity = identity;
}