/// <summary>
/// assigns the auth-cookie to user
/// </summary>
public static void FormsAuthLogin(string userName, bool rememberMe, HttpContext context)
{
LoginUtils.ResetBruteForceCounter(context);
if (!rememberMe)
{
FormsAuthentication.SetAuthCookie(userName, false);
}
else
{
FormsAuthentication.Initialize();
DateTime expires = DateTime.Now.AddDays(20);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
userName,
DateTime.Now,
expires, // value of time out property
true, // Value of IsPersistent property
String.Empty,
FormsAuthentication.FormsCookiePath);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie authCookie = new HttpCookie(
FormsAuthentication.FormsCookieName,
encryptedTicket);
authCookie.Expires = expires;
HttpContext.Current.Response.Cookies.Add(authCookie);
}
}
public static bool VerifyAutoLogin(string username, string pswHash, string email, string userHash, string sharedSecret, out string result, Func <int> addUserMethod)
{
result = "";
if (LoginUtils.IsBruteForce(System.Web.HttpContext.Current, true))
{
return(false);
}
if (username == null) //username not passed - get out
{
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
return(false);
}
if (pswHash == null && (email == null || userHash == null)) //pswHash not passwed AND email/userHash not passed - get out
{
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
return(false);
}
//logging in an existing user with his password hash
if (pswHash != null)
{
int userId;
string password;
if (UserHelpers.GetUserIdAndPswByUsername(username, Instance.CurrentInstanceID, out userId, out password))
{
if (CryptoUtils.MD5Hash(password).ToLower() == pswHash.ToLower() || password.ToLower() == pswHash.ToLower())
{
UserHelpers.CurrentUserID = userId;
LoginUtils.ResetBruteForceCounter(System.Web.HttpContext.Current, true);
LoginUtils.FormsAuthLogin(username, false, System.Web.HttpContext.Current);
return(true);
}
else
{
result = "Invalid parameters passed. Wait 5 minutes and try again.";
}
}
else
{
result = "Invalid parameters passed. Wait 5 minutes and try again.";
}
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
return(false);
}
//logging in a user (either new or existing) with the app "shared secret"
if (email != null && userHash != null)
{
if (string.IsNullOrEmpty(sharedSecret))
{
result = "No shared key specified.";
return(false);
}
string computedHash = CryptoUtils.MD5Hash(username + email + sharedSecret);
if (userHash.ToLower() != computedHash.ToLower())
{
LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
result = "Invalid parameters passed. Wait 5 minutes and try again.";
return(false);
}
int userId = UserHelpers.GetUserIDByUsername(username, Instance.CurrentInstanceID);
if (userId == 0) //user not found - lets add him (call delegate)
{
try
{
userId = addUserMethod();
}
catch (Exception ex)
{
result = ex.Message;
return(false);
}
}
UserHelpers.CurrentUserID = userId;
LoginUtils.ResetBruteForceCounter(System.Web.HttpContext.Current, true);
LoginUtils.FormsAuthLogin(username, false, System.Web.HttpContext.Current);
return(true);
}
return(false);
}