/// <summary>
/// Authenticates the host admin.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
/// <param name="persist">if set to <c>true</c> [persist].</param>
/// <returns></returns>
public static bool AuthenticateHostAdmin(string username, string password, bool persist)
{
if (!String.Equals(username, HostInfo.Instance.HostUserName, StringComparison.InvariantCultureIgnoreCase))
{
return(false);
}
if (Config.Settings.UseHashedPasswords)
{
password = HashPassword(password, HostInfo.Instance.Salt);
}
if (!String.Equals(HostInfo.Instance.Password, password, StringComparison.InvariantCultureIgnoreCase))
{
return(false);
}
if (Log.IsDebugEnabled)
{
Log.Debug("SetAuthenticationTicket-HostAdmins for " + username);
}
HttpContextBase httpContext = new HttpContextWrapper(HttpContext.Current);
httpContext.SetAuthenticationTicket(null, username, persist, true, "HostAdmins");
return(true);
}
/// <summary>
/// Authenticates the host admin.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
/// <param name="persist">if set to <c>true</c> [persist].</param>
/// <returns></returns>
public static bool AuthenticateHostAdmin(this HostInfo host, string username, string password, bool persist)
{
if (!host.ValidateHostAdminPassword(username, password))
{
return(false);
}
if (Log.IsDebugEnabled)
{
Log.Debug("SetAuthenticationTicket-HostAdmins for " + username);
}
HttpContextBase httpContext = new HttpContextWrapper(HttpContext.Current);
httpContext.SetAuthenticationTicket(null, username, persist, true, "HostAdmins");
return(true);
}
/// <summary>
/// Check to see if the supplied OpenID claim is valid for the current blog. If so,
/// Set the user's FormsAuthentication Ticket This method will handle passwords for
/// both hashed and non-hashed configurations
/// We're comparing URI objects rather than using simple string compare because
/// functionally equivalent URI's may not pass string comparaisons, e.g.
/// such as http://example.myopenid.com/ and http://example.myopenid.com (trailing /)
/// </summary>
public static bool Authenticate(string claimedIdentifier, bool persist)
{
Blog currentBlog = Config.CurrentBlog;
if (currentBlog == null)
{
return(false);
}
//If the current blog doesn't have a valid OpenID URI, must fail
if (!Uri.IsWellFormedUriString(currentBlog.OpenIdUrl, UriKind.Absolute))
{
return(false);
}
//If the cliamed identifier isn't a valid OpenID URI, must fail
if (!Uri.IsWellFormedUriString(claimedIdentifier, UriKind.Absolute))
{
return(false);
}
var currentBlogClaimUri = new Uri(currentBlog.OpenIdUrl);
var claimedUri = new Uri(claimedIdentifier);
if (claimedUri.Host != currentBlogClaimUri.Host ||
claimedUri.AbsolutePath != currentBlogClaimUri.AbsolutePath ||
claimedUri.Query != currentBlogClaimUri.Query)
{
return(false);
}
if (Log.IsDebugEnabled)
{
Log.Debug("SetAuthenticationTicket-Admins via OpenID for " + currentBlog.UserName);
}
HttpContextBase httpContext = new HttpContextWrapper(HttpContext.Current);
httpContext.SetAuthenticationTicket(currentBlog, currentBlog.UserName, persist, "Admins");
return(true);
}
