protected Guid GetTokenIdFromCookie(string cookieName, string appName) { if (Request.Cookies.AllKeys.Contains(cookieName)) { var cookie = Request.Cookies[cookieName]; if (cookie != null) { byte[] guidBytes = MachineKeyHelper.Unprotect(cookie.Value, this.User, appName); Guid guid = new Guid(guidBytes); return(guid); } } return(Guid.Empty); }
protected string RefreshToken(string cookieName, string cookieProtectionApp, string tokenProtectionApp) { Guid tokenId = GetTokenIdFromCookie(cookieName, cookieProtectionApp); if (!Guid.Empty.Equals(tokenId)) { using (IBGoodMusicRepository repo = new BGoodMusic.EFDAL.BGoodMusicDBContext()) { var userInfo = repo.GetUserInfoItem(tokenId); if (userInfo != null) { string token = MachineKeyHelper.UnprotectTo1252String(userInfo.Token, this.User, tokenProtectionApp); return(token); } } } return(null); }
protected bool GetRefreshTokenAndSave(string code, string adfsAuthUserId, Uri callbackUri, string cookieName, string protectionApp, StringBuilder msg) { var ctx = new AuthenticationContext(Startup.Config.ADFS_URL_adfs, false); var cred = new ClientCredential(adfsAuthUserId, "NotASecret"); var response = ctx.AcquireTokenByAuthorizationCode(code, callbackUri, cred); if (response == null) { msg.AppendLine("Response null"); } else { msg.AppendLine("Got response"); if (!string.IsNullOrWhiteSpace(response.AccessToken)) { msg.AppendLine(" - Got Access Token"); } if (string.IsNullOrWhiteSpace(response.RefreshToken)) { msg.AppendLine(" - No Refresh Token"); } else { string nameId = null; string protectedToken = null; Guid tokenId = Guid.Empty; msg.AppendFormat(" - Got Refresh Token len={1}{0} -- starts with \"{2}\"{0}", Environment.NewLine, response.RefreshToken.Length, response.RefreshToken.Substring(0, 10)); SSC.ClaimsPrincipal cp = this.User as SSC.ClaimsPrincipal; if (cp != null) { nameId = cp.GetNameIdentiferValue(); if (!string.IsNullOrWhiteSpace(nameId)) { protectedToken = MachineKeyHelper.Protect1252(response.RefreshToken, cp, protectionApp); string unprotectedToken = MachineKeyHelper.UnprotectTo1252String(protectedToken, this.User, protectionApp); if (response.RefreshToken != unprotectedToken) { msg.AppendFormat(" - Protect / Unprotect different.{0}... token len = {1}, start=\"{2}\"{0}... token len = {3}, start = \"{4}\"{0}", Environment.NewLine, response.RefreshToken.Length, response.RefreshToken.Substring(0, 20), unprotectedToken.Length, unprotectedToken.Substring(0, 20)); } if (string.IsNullOrWhiteSpace(nameId)) { msg.Append(" ** could not get Name Identifier **"); } if (string.IsNullOrWhiteSpace(protectedToken)) { msg.Append(" ** could not protect token **"); } if (!string.IsNullOrWhiteSpace(nameId)) { using (IBGoodMusicRepository repo = new BGoodMusic.EFDAL.BGoodMusicDBContext()) { tokenId = repo.AddNewUserInfo(nameId, protectedToken); if (Guid.Empty.Equals(tokenId)) { msg.Append(" ** failed to create UserInfo **"); } } } if (!Guid.Empty.Equals(tokenId)) { var tokenIdCookie = new HttpCookie(cookieName) { Domain = "localhost", HttpOnly = true, Path = "/demo/", Secure = true, Value = MachineKeyHelper.Protect(tokenId.ToByteArray(), cp, protectionApp) }; Response.Cookies.Add(tokenIdCookie); return(true); } } } } } return(false); }
/// <summary> /// Unprotects the protected value. /// </summary> /// /// <param name="value"> /// Value to unprotect. /// </param> /// /// <param name="salt"> /// Additional input to unprotect the value. /// </param> /// /// <returns> /// The clear value. /// </returns> public static string Unprotect(string protectedValue, string salt = null) { return(MachineKeyHelper.Unprotect(protectedValue, salt)); }
/// <summary> /// Protects the value. /// </summary> /// /// <param name="value"> /// Value to protect. /// </param> /// /// <param name="salt"> /// Additional input to protect the value. /// </param> /// /// <returns> /// The protected value. /// </returns> public static string Protect(string cookieValue, string salt = null) { return(MachineKeyHelper.Protect(cookieValue, salt)); }