/// <summary> /// MVC and private use only. /// </summary> public static void SetFormsAuthCookieAndUser(User user, IdentityProvider identityProvider = null) { if (AppRequestState.Instance.ImpersonatorExists) { UserImpersonationStatics.SetCookie(user); } else { // If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout. var authenticationDuration = identityProvider is LocalIdentityProvider local && local.AuthenticationTimeoutMinutes.HasValue ? TimeSpan.FromMinutes(local.AuthenticationTimeoutMinutes.Value) : user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration; var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes); AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket)); } AppRequestState.Instance.SetUser(user); if (identityProvider != null) { AppRequestState.AddNonTransactionalModificationMethod(() => SetUserLastIdentityProvider(identityProvider)); } else { AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(identityProviderCookieName)); } }
/// <summary> /// The second item in the returned tuple will be (1) null if impersonation is not taking place, (2) a tuple with a null user if impersonation is taking /// place with an impersonator who doesn't correspond to a user, or (3) a tuple containing the impersonator. /// </summary> internal static Tuple <User, Tuple <User> > GetUserAndImpersonatorFromRequest() { var userLazy = new Func <User>[] { () => { var cookie = CookieStatics.GetCookie(FormsAuthStatics.FormsAuthCookieName); if (cookie == null) { return(null); } var ticket = FormsAuthStatics.GetFormsAuthTicket(cookie); return(ticket != null?GetUser(int.Parse(ticket.Name), false) : null); }, () => { var identity = HttpContext.Current.User.Identity; return(identity.IsAuthenticated && identity.AuthenticationType == CertificateAuthenticationModule.CertificateAuthenticationType ? GetUser(identity.Name) : null); } }.Select(i => new Lazy <User>(i)).FirstOrDefault(i => i.Value != null); var user = userLazy != null ? userLazy.Value : null; if ((user != null && user.Role.CanManageUsers) || !ConfigurationStatics.IsLiveInstallation) { var cookie = CookieStatics.GetCookie(UserImpersonationStatics.CookieName); if (cookie != null) { return(Tuple.Create(cookie.Value.Any() ? GetUser(int.Parse(cookie.Value), false) : null, Tuple.Create(user))); } } return(Tuple.Create(user, (Tuple <User>)null)); }
internal static void SetCookie(User userBeingImpersonated) { AppRequestState.AddNonTransactionalModificationMethod( () => CookieStatics.SetCookie( CookieName, userBeingImpersonated?.UserId.ToString() ?? "", null, EwfConfigurationStatics.AppSupportsSecureConnections, true)); }
// User’s last identity provider internal static IdentityProvider GetUserLastIdentityProvider() { var cookie = CookieStatics.GetCookie(identityProviderCookieName); // Ignore the cookie if the existence of a user has changed since that could mean the user timed out. return(cookie != null && cookie.Value[0] == (AppTools.User != null ? '+' : '-') ? UserManagementStatics.IdentityProviders.SingleOrDefault( identityProvider => string.Equals( identityProvider is LocalIdentityProvider ? "Local" : identityProvider is SamlIdentityProvider saml ? saml.EntityId : throw new ApplicationException("identity provider"), cookie.Value.Substring(1), StringComparison.Ordinal)) : null); }
// Log-Out /// <summary> /// Do not call if the system does not implement the forms authentication capable user management provider. /// </summary> public static void LogOutUser() { if (AppRequestState.Instance.ImpersonatorExists) { UserImpersonationStatics.SetCookie(null); } else { AppRequestState.AddNonTransactionalModificationMethod(clearFormsAuthCookie); } AppRequestState.Instance.SetUser(null); AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(identityProviderCookieName)); }
// Cookie Updating internal static void UpdateFormsAuthCookieIfNecessary() { var cookie = CookieStatics.GetCookie(FormsAuthCookieName); if (cookie == null) { return; } var ticket = GetFormsAuthTicket(cookie); if (ticket != null) { var newTicket = FormsAuthentication.RenewTicketIfOld(ticket); if (newTicket != ticket) { setFormsAuthCookie(newTicket); } } else { clearFormsAuthCookie(); } }
private static void clearFormsAuthCookie() { AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(FormsAuthCookieName)); }
private static string[] verifyTestCookie() { return(CookieStatics.GetCookie(testCookieName) == null ? new[] { Translation.YourBrowserHasCookiesDisabled } : new string[0]); }
private static void setCookie(string name, string value) { AppRequestState.AddNonTransactionalModificationMethod( () => CookieStatics.SetCookie(name, value, null, EwfConfigurationStatics.AppSupportsSecureConnections, true)); }
// Client-side functionality verification internal static bool TestCookieMissing() => CookieStatics.GetCookie(testCookieName) == null;
private static void clearFormsAuthCookie() { CookieStatics.ClearCookie(userCookieName); }
private static void setCookie(string name, string value) { CookieStatics.SetCookie(name, value, null, EwfConfigurationStatics.AppSupportsSecureConnections, true); }