public ContentResult GetSignInAuthTicket(string Email, string AuthToken) { String Json = ""; Member Member = Members.GetByEmail(Email); AuthMemberTicket _AuthMemberTicket = AuthMemberTickets.GetByMemberToken(Member.MemberID, AuthToken); // Check does session exists for requested token. If doesn't return emty object, so client will be redirected to sign in page. if (_AuthMemberTicket.AuthMemberTicketID <= 0) { Json = SingInAuthTickets.JsonItem( new SingInAuthTicket() { MemberName = "", MemberEmail = "", EncrytedTicket = "", IsPersistant = 0, } ); } else { string CookieName = FormsAuthentication.FormsCookieName; string CookiePath = FormsAuthentication.FormsCookiePath; int IsPersistent = _AuthMemberTicket.IsPersistent; AuthMemberToken _ticketMemberSession = new AuthMemberToken() { MemberID = Member.MemberID, MemberEmail = Member.Email, MemberName = Member.Name, Token = AuthToken, Domain = Request.Url.DnsSafeHost }; FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, Member.Email, DateTime.Now, _AuthMemberTicket.Expiration, IsPersistent == 1 ? true : false, ToJson(_ticketMemberSession), CookiePath); string cookieEncrypted = FormsAuthentication.Encrypt(authTicket); Json = SingInAuthTickets.JsonItem( new SingInAuthTicket() { MemberName = Member.Name, MemberEmail = Member.Email, EncrytedTicket = cookieEncrypted, IsPersistant = IsPersistent } ); } return(Content(Json, TypeJson)); }
private string SignInMember(String Name, Member Member, bool RememberMe, String ReturnUrl, string SocialComment = "") { Session["MemberProfile"] = new MemberProfile(Member); string CookieName = FormsAuthentication.FormsCookieName; string CookiePath = FormsAuthentication.FormsCookiePath; if (AppSession.Parameters.GeneralCookieName.Value.Length > 0) CookieName = AppSession.Parameters.GeneralCookieName.Value; bool isCookiePersistent = RememberMe; FormsAuthentication.Initialize(); AuthMemberTicket _authMemberTicket = AuthMemberTickets.GetLastByMember(Member.MemberID); if (_authMemberTicket.Expiration <= DateTime.Now) { _authMemberTicket.Delete(); _authMemberTicket.AuthMemberTicketID = 0; } AuthMemberToken _ticketMemberSession = new AuthMemberToken() { MemberID = Member.MemberID, MemberEmail = Member.Email, MemberName = Member.Name, Token = _authMemberTicket.AuthMemberTicketID > 0 ? _authMemberTicket.Token : StringTool.RandomString(64) }; FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, Member.Email, DateTime.Now, DateTime.Now + FormsAuthentication.Timeout, isCookiePersistent, ToJson(_ticketMemberSession), CookiePath); string cookieEncrypted = FormsAuthentication.Encrypt(authTicket); HttpCookie authCookie = new HttpCookie(CookieName, cookieEncrypted); if (isCookiePersistent) authCookie.Expires = authTicket.Expiration; // In order to keep not empty UserData for auth ticket. // http://stackoverflow.com/questions/12642516/formsauthenticationticket-isnt-storing-userdata if (AppSession.Parameters.GeneralDomainName.Value.Length > 0 && AppSession.Parameters.GeneralDomainName.Value != "localhost") authCookie.Domain = AppSession.Parameters.GeneralDomainName.Value; authCookie.HttpOnly = true; authCookie.Path = CookiePath; Response.Cookies.Add(authCookie); AuditEvent.AppEventSuccess(Profile.Member.Email, SocialComment + " " + String.Format(AuditEvent.MemberLoggedIn, Member.Name, Member.Email)); Member.UpdateLoginTime(); String RedirectTo = ""; if (AppSession.ReturnUrl != null && AppSession.ReturnUrl.Length > 0) RedirectTo = AppSession.ReturnUrl; else RedirectTo = RedirectToAfterLogin(ReturnUrl); if (AppSession.ReturnUrl != null && AppSession.ReturnUrl.Length > 0) { ////////////////////////////////////////////////////////////////////////// // Needs to create session for cross domain auth. ////////////////////////////////////////////////////////////////////////// if (AppSession.SignUpDomain != null && AppSession.SignUpDomain.Length > 0) { Uri signInDomain = new Uri(AppSession.ReturnUrl); signInDomain = new Uri(AppSession.ReturnUrl); if (signInDomain.Host.Trim().ToLower().IndexOf(AppSession.Parameters.GeneralDomainName.Value.Trim().ToLower()) == -1) RedirectTo = PrepareCrossDomainAuthToken(Member, RememberMe, ReturnUrl, signInDomain.DnsSafeHost, signInDomain.Port, AppSession.SignInUrl, _ticketMemberSession); } } if (_authMemberTicket.AuthMemberTicketID <= 0) { _authMemberTicket = new AuthMemberTicket() { Token = _ticketMemberSession.Token, MemberID = Member.MemberID, IssueDate = authTicket.IssueDate, Expiration = authTicket.Expiration, IsPersistent = (authTicket.IsPersistent == true ? 1 : 0) }; _authMemberTicket.Save(); } return RedirectTo; }
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // http://stackoverflow.com/questions/342378/cross-domain-login-how-to-login-a-user-automatically-when-transferred-from-one //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// private string PrepareCrossDomainAuthToken(Member Member, bool RememberMe, String ReturnUrl, string Host, int Port, string SignInUrl, AuthMemberToken AuthMemberToken, string SocialComment = "") { String RedirectTo = ""; if (AppSession.ReturnUrl != null && AppSession.ReturnUrl.Length > 0) RedirectTo = AppSession.ReturnUrl; else RedirectTo = RedirectToAfterLogin(ReturnUrl); String returnUrl = RedirectTo; RedirectTo = String.Format("http://{0}:{1}{2}", Host, Port, SignInUrl); RedirectTo += (RedirectTo.IndexOf("?") > 0 ? "&" : "?") + "BackUrl=" + HttpUtility.UrlEncode(returnUrl); RedirectTo += (RedirectTo.IndexOf("?") > 0 ? "&" : "?") + "p1=" + HttpUtility.UrlEncode(StringTool.Encrypt(AuthMemberToken.Token)) + "&p2=" + HttpUtility.UrlEncode(StringTool.Encrypt(Member.Email)); return RedirectTo; }