public async Task <IActionResult> Login(UserAccountViewModel acc)
{
if (!ModelState.IsValid)
{
return(View(acc));
}
var(loginSuccess, savedToken) = await AuthorizeWithUsernameAndPasswordAsync(acc.Email, acc.Password);
if (!loginSuccess)
{
ModelState.AddModelError("InvalidLogin", "Username or password is invalid. Please check again.");
return(View(acc));
}
if (acc.RememberLogin)
{
var savingTime = GetCookieOptions(DateTime.Now);
ResponseCookies.Append(Consts.LoginToken, savedToken, savingTime);
ResponseCookies.Append(Consts.Username, acc.Email, savingTime);
}
Session.SetObject(Consts.LoginSession, new LoginedUser(acc.Email));
return(RedirectToAction(nameof(HomeController.Index), ControllerName.Of <HomeController>()));
}
public async Task <IActionResult> Login()
{
var savedtoken = RequestCookies[Consts.LoginToken];
var username = RequestCookies[Consts.Username];
if (!string.IsNullOrWhiteSpace(savedtoken) && !string.IsNullOrWhiteSpace(username))
{
var(loginSuccess, token) = await AuthorizeWithTokenAsync(username, savedtoken);
if (loginSuccess)
{
// Rewrite Cookie
ResponseCookies.Delete(Consts.LoginToken);
ResponseCookies.Delete(Consts.Username);
var savingTime = GetCookieOptions(DateTime.Now);
ResponseCookies.Append(Consts.LoginToken, token, savingTime);
ResponseCookies.Append(Consts.Username, username, savingTime);
// Current login state
Session.SetObject(Consts.LoginSession, new LoginedUser(username));
return(RedirectToAction(nameof(HomeController.Index), ControllerName.Of <HomeController>()));
}
}
return(View());
}
public IActionResult Logout()
{
Session.Remove(Consts.LoginSession);
foreach (var cookie in RequestCookies.Keys)
{
ResponseCookies.Delete(cookie);
}
return(RedirectToAction(nameof(AccountController.Login), ControllerName.Of <AccountController>()));
}
public void OnAuthorization(AuthorizationFilterContext context)
{
//var requestCookies = context.HttpContext.Request.Cookies;
//if (!requestCookies.ContainsKey(Consts.LoginToken) || !requestCookies.ContainsKey(Consts.Username))
//{
// context.HttpContext.Session.Remove(Consts.LoginSession);
//}
var sessionUser = context.HttpContext.Session.GetObject <LoginedUser>(Consts.LoginSession);
if (sessionUser == null)
{
context.Result = new RedirectToActionResult(nameof(AccountController.Login), ControllerName.Of <AccountController>(), null);
}
}
