/// <summary>
/// MVC and private use only.
/// </summary>
public static void SetFormsAuthCookieAndUser(User user, IdentityProvider identityProvider = null)
{
if (AppRequestState.Instance.ImpersonatorExists)
{
UserImpersonationStatics.SetCookie(user);
}
else
{
// If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout.
var authenticationDuration = identityProvider is LocalIdentityProvider local && local.AuthenticationTimeoutMinutes.HasValue
?
TimeSpan.FromMinutes(local.AuthenticationTimeoutMinutes.Value)
: user.Role.RequiresEnhancedSecurity
? TimeSpan.FromMinutes(12)
: SessionDuration;
var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes);
AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket));
}
AppRequestState.Instance.SetUser(user);
if (identityProvider != null)
{
AppRequestState.AddNonTransactionalModificationMethod(() => SetUserLastIdentityProvider(identityProvider));
}
else
{
AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(identityProviderCookieName));
}
}
/// <summary>
/// The second item in the returned tuple will be (1) null if impersonation is not taking place, (2) a tuple with a null user if impersonation is taking
/// place with an impersonator who doesn't correspond to a user, or (3) a tuple containing the impersonator.
/// </summary>
internal static Tuple <User, Tuple <User> > GetUserAndImpersonatorFromRequest()
{
var userLazy = new Func <User>[]
{
() => {
var cookie = CookieStatics.GetCookie(FormsAuthStatics.FormsAuthCookieName);
if (cookie == null)
{
return(null);
}
var ticket = FormsAuthStatics.GetFormsAuthTicket(cookie);
return(ticket != null?GetUser(int.Parse(ticket.Name), false) : null);
},
() => {
var identity = HttpContext.Current.User.Identity;
return(identity.IsAuthenticated && identity.AuthenticationType == CertificateAuthenticationModule.CertificateAuthenticationType
? GetUser(identity.Name)
: null);
}
}.Select(i => new Lazy <User>(i)).FirstOrDefault(i => i.Value != null);
var user = userLazy != null ? userLazy.Value : null;
if ((user != null && user.Role.CanManageUsers) || !ConfigurationStatics.IsLiveInstallation)
{
var cookie = CookieStatics.GetCookie(UserImpersonationStatics.CookieName);
if (cookie != null)
{
return(Tuple.Create(cookie.Value.Any() ? GetUser(int.Parse(cookie.Value), false) : null, Tuple.Create(user)));
}
}
return(Tuple.Create(user, (Tuple <User>)null));
}
internal static void SetCookie(User userBeingImpersonated)
{
AppRequestState.AddNonTransactionalModificationMethod(
() => CookieStatics.SetCookie(
CookieName,
userBeingImpersonated?.UserId.ToString() ?? "",
null,
EwfConfigurationStatics.AppSupportsSecureConnections,
true));
}
// User’s last identity provider
internal static IdentityProvider GetUserLastIdentityProvider()
{
var cookie = CookieStatics.GetCookie(identityProviderCookieName);
// Ignore the cookie if the existence of a user has changed since that could mean the user timed out.
return(cookie != null && cookie.Value[0] == (AppTools.User != null ? '+' : '-')
? UserManagementStatics.IdentityProviders.SingleOrDefault(
identityProvider => string.Equals(
identityProvider is LocalIdentityProvider ? "Local" :
identityProvider is SamlIdentityProvider saml ? saml.EntityId : throw new ApplicationException("identity provider"),
cookie.Value.Substring(1),
StringComparison.Ordinal))
: null);
}
// Log-Out
/// <summary>
/// Do not call if the system does not implement the forms authentication capable user management provider.
/// </summary>
public static void LogOutUser()
{
if (AppRequestState.Instance.ImpersonatorExists)
{
UserImpersonationStatics.SetCookie(null);
}
else
{
AppRequestState.AddNonTransactionalModificationMethod(clearFormsAuthCookie);
}
AppRequestState.Instance.SetUser(null);
AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(identityProviderCookieName));
}
// Cookie Updating
internal static void UpdateFormsAuthCookieIfNecessary()
{
var cookie = CookieStatics.GetCookie(FormsAuthCookieName);
if (cookie == null)
{
return;
}
var ticket = GetFormsAuthTicket(cookie);
if (ticket != null)
{
var newTicket = FormsAuthentication.RenewTicketIfOld(ticket);
if (newTicket != ticket)
{
setFormsAuthCookie(newTicket);
}
}
else
{
clearFormsAuthCookie();
}
}
private static void clearFormsAuthCookie()
{
AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(FormsAuthCookieName));
}
private static string[] verifyTestCookie()
{
return(CookieStatics.GetCookie(testCookieName) == null ? new[] { Translation.YourBrowserHasCookiesDisabled } : new string[0]);
}
private static void setCookie(string name, string value)
{
AppRequestState.AddNonTransactionalModificationMethod(
() => CookieStatics.SetCookie(name, value, null, EwfConfigurationStatics.AppSupportsSecureConnections, true));
}
// Client-side functionality verification
internal static bool TestCookieMissing() => CookieStatics.GetCookie(testCookieName) == null;
private static void clearFormsAuthCookie()
{
CookieStatics.ClearCookie(userCookieName);
}
private static void setCookie(string name, string value)
{
CookieStatics.SetCookie(name, value, null, EwfConfigurationStatics.AppSupportsSecureConnections, true);
}
