/// <summary>
/// Inspects the environment and checks to see if this is a POST containing the HTML form fields in the login.html page.
/// </summary>
/// <param name="environment"></param>
/// <param name="formsAuthenticationProvider"></param>
public LoginContext(IDictionary<string, object> environment, FormsAuthenticationProvider formsAuthenticationProvider)
{
_environment = environment;
Request = new OwinRequest(environment);
Response = new OwinResponse(environment);
_formsAuthenticationProvider = formsAuthenticationProvider;
_responseStream = Response.Body;
var requestContentType = Request.GetHeader("Content-Type");
_isFormUrlEncodedPost = Request.Method == "POST" && !string.IsNullOrEmpty(requestContentType) && requestContentType.StartsWith("application/x-www-form-urlencoded");
if (_isFormUrlEncodedPost && Request.Body != null)
{
_formData = Request.ReadForm().Result;
var username = _formData["login_username"];
var password = _formData["login_password"];
var rememberMe = _formData["remember_me"] != null && _formData["remember_me"] == "yes";
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
environment["formsauthn.username"] = username;
environment["formsauthn.password"] = password;
environment["formsauthn.remember"] = rememberMe;
}
}
}
public static IAppBuilder UseProcessLoginPostback(this IAppBuilder builder, FormsAuthenticationProvider formsAuthenticationProvider)
{
if (builder == null)
{
throw new ArgumentNullException("builder");
}
return builder.Use(typeof(LoginFormMiddleware), formsAuthenticationProvider);
}
public LoginFormMiddleware(Func<IDictionary<string, object>, Task> next, FormsAuthenticationProvider formsAuthenticationProvider)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (formsAuthenticationProvider == null)
{
throw new ArgumentNullException("formsAuthenticationProvider");
}
_next = next;
_formsAuthenticationProvider = formsAuthenticationProvider;
}
public void Configuration(IAppBuilder builder)
{
var rootDirectory = Environment.CurrentDirectory;
var loginDirectory = Path.Combine(rootDirectory, "login");
var fs = new PhysicalFileSystem(rootDirectory);
var loginFs = new PhysicalFileSystem(loginDirectory);
var dfo = new DefaultFilesOptions();
dfo.DefaultFileNames.Add("index.html");
dfo.FileSystem = fs;
var sfo = new StaticFileOptions
{
FileSystem = fs
};
var loginSfo = new StaticFileOptions
{
FileSystem = loginFs
};
builder.SetDataProtectionProvider(new DpapiDataProtectionProvider());
var formsAuthenticationProvider = new FormsAuthenticationProvider();
formsAuthenticationProvider.OnValidateLogin = context =>
{
Console.WriteLine("Validating Login");
Console.WriteLine("================");
Console.WriteLine(" Context.AuthType: " + context.AuthenticationType);
Console.WriteLine(" Context.Identity: " + (context.Identity != null ? context.Identity.Name : "Not set"));
Console.WriteLine(" Context.Environment:");
var response = new OwinResponse(context.Environment);
if (LoginContext.GetIsLoginRequest(context.Environment))
{
// Need to retrieve username and password from environment b/c it doesn't
// come through in the context (even though the context constructor accepts them)
var username = context.Environment["formsauthn.username"].ToString();
var password = context.Environment["formsauthn.password"].ToString();
var remember = bool.Parse(context.Environment["formsauthn.remember"].ToString());
Console.WriteLine(" Request.Username: "******" Request.Password: "******" Request.Remember: " + remember);
if (username == password)
{
var identity = new ClaimsIdentity(
new GenericIdentity(username, context.AuthenticationType),
new[]
{
new Claim(ClaimTypes.IsPersistent, remember.ToString())
}
);
// I assumed that this would take care of populating the cookie for me... but not so much.
context.Signin(identity);
var msg = "Access granted.";
Console.WriteLine(msg);
var msgBytes = Encoding.UTF8.GetBytes(msg);
return response.Body.WriteAsync(msgBytes, 0, msgBytes.Length);
}
else
{
var msg = "Access denied. Try with username=password";
Console.WriteLine(msg);
var msgBytes = Encoding.UTF8.GetBytes(msg);
return response.Body.WriteAsync(msgBytes, 0, msgBytes.Length);
}
}
else
{
foreach (var item in context.Environment)
{
Console.WriteLine(" {0}={1}",
item.Key,
item.Value != null
? (item.Value is string ? (string) item.Value : item.Value.GetType().FullName)
: "Not set"
);
}
}
return response.Body.WriteAsync(new byte[] { }, 0, 0);
};
builder.UseFormsAuthentication(
new FormsAuthenticationOptions
{
CookieHttpOnly = true,
CookieName = "AuthCookie",
CookiePath = "/",
CookieSecure = false,
LoginPath = "/login/",
ExpireTimeSpan = TimeSpan.FromHours(1),
ReturnUrlParameter = "returnUrl",
SlidingExpiration = true,
Provider = formsAuthenticationProvider
}
);
builder.UseApplicationSignInCookie();
builder.UseDefaultFiles(dfo);
builder.UseErrorPage();
builder.MapPath("/login", loginBuilder => loginBuilder.UseProcessLoginPostback(formsAuthenticationProvider).UseStaticFiles(loginSfo));
builder.UseDenyAnonymous().UseStaticFiles(sfo);
}
