Example #1
0
        public static DraftUser AuthenticateRequest(HttpRequestBase request, int?userId = null)
        {
            DraftUser toRet = null;

            if (request.Cookies["DraftUser"] == null || String.IsNullOrWhiteSpace(request.Cookies["DraftUser"].Value))
            {
                throw new DraftAuthenticationException("No session");
            }

            try
            {
                String base64Encoded  = DraftAuthentication.UnescapeToken(request.Cookies["DraftUser"].Value);
                byte[] bytes          = Convert.FromBase64String(base64Encoded);
                byte[] decryptedBytes = MachineKey.Unprotect(bytes);
                String final          = Encoding.Unicode.GetString(decryptedBytes);
                toRet = new JavaScriptSerializer().Deserialize <DraftUser>(final);
            }
            catch (Exception ex)
            {
                throw new DraftAuthenticationException("Authentication Failed", ex);
            }

            if (toRet.Expires < DateTime.UtcNow)
            {
                throw new DraftAuthenticationException(toRet.Username, toRet.Expires, "Authentication Expired");
            }

            if (userId.HasValue && toRet.ID != userId.Value)
            {
                throw new DraftAuthenticationException("Unauthorized User");
            }

            return(toRet);
        }
Example #2
0
        public static DraftUser AuthenticateCredentials(String username, String password, HttpResponseBase response)
        {
            if (String.IsNullOrWhiteSpace(username) || String.IsNullOrWhiteSpace(password))
            {
                throw new DraftAuthenticationException("Invalid credentials");
            }
            DraftUser user = DraftObj.GetUser(username, password);

            if (user == null)
            {
                throw new DraftAuthenticationException("Invalid username or password");
            }

            if (response != null)
            {
                String rawString      = new JavaScriptSerializer().Serialize(user);
                byte[] rawBytes       = Encoding.Unicode.GetBytes(rawString);
                byte[] encryptedBytes = MachineKey.Protect(rawBytes);
                response.Cookies["DraftUser"].Value   = DraftAuthentication.EscapeToken(Convert.ToBase64String(encryptedBytes));
                response.Cookies["DraftUser"].Expires = DateTime.Now.AddDays(1);
            }

            return(user);
        }