public async Task<ActionResult> Login(Logon logon)
{
if (!ModelState.IsValid)
{
return View("Login", logon);
}
try
{
await UserManager.ValidateUser(logon, Response);
// Redirect to the secure area.
if (string.IsNullOrWhiteSpace(logon.RedirectUrl))
{
logon.RedirectUrl = "/";
}
return Json(new { RedirectUrl = logon.RedirectUrl, Status = "OK" });
}
catch (ApiException ex)
{
//No 200 OK result, what went wrong?
HandleBadRequest(ex);
if (!ModelState.IsValid)
{
return Json(new { RedirectUrl = logon.RedirectUrl, Status = "The username or password provided is incorrect." });
}
throw;
}
}
/// <summary>
/// Authenticates a user via the Webapi and creates the associated forms authentication ticket.
/// </summary>
/// <param name="logon">Logon</param>
/// <param name="response">HttpResponseBase</param>
/// <returns>bool</returns>
public static async Task ValidateUser(Logon logon, HttpResponseBase response)
{
var result = await WebApiService.Instance.AuthenticateAsync<SignInResult>(logon.Username, logon.Password);
var getUser = await WebApiService.Instance.GetAsync<UserDto>("Users/Get", result.AccessToken, new { username = logon.Username });
HttpContext.Current.Items.Add("User", new ClientSideUser
{
AccessToken = result.AccessToken,
UserName = result.UserName,
IsSuperUser = getUser.IsSuperUser
});
// Create the authentication ticket with custom user data.
var serializer = new JavaScriptSerializer();
string userData = serializer.Serialize(User);
var expires = result.Expires.LocalDateTime;
var isPersistent = true;
var ticket = new FormsAuthenticationTicket(1,
logon.Username,
DateTime.Now,
expires,
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
var httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
{
Expires = expires,
HttpOnly = true,
Path = FormsAuthentication.FormsCookiePath,
Domain = FormsAuthentication.CookieDomain
};
response.Cookies.Add(httpCookie);
}
