public TUser SignIn(HttpResponseMessage response, string login, string password, bool rememberMe, string clientIpAddress) { if (!loginBruteForceProtector.CheckAttemptAllowed(clientIpAddress)) { throw new IpBanException(); } if (!passwordBruteForceProtector.CheckAttemptAllowed(login)) { throw new LoginBanException(); } AuthenticationResult <TUser> userAuthenticationResult; try { userAuthenticationResult = authenticationProvider.Authenticate(login, password); } catch (LoginNotFoundException) { loginBruteForceProtector.AddFailAttempt(clientIpAddress); passwordBruteForceProtector.AddFailAttempt(login); throw; } catch (WrongLoginPasswordException) { loginBruteForceProtector.AddFailAttempt(clientIpAddress); passwordBruteForceProtector.AddFailAttempt(login); throw; } loginBruteForceProtector.ClearAttemptsForIp(clientIpAddress); passwordBruteForceProtector.ClearAttemptsForIp(login); webApiAuthenticationCookieManager.SetTokenCookie(response, userAuthenticationResult.EncryptedBase64EncodedToken, rememberMe); log.Info($"User authenticated. login: {login}, userId: {userAuthenticationResult.User}"); return(userAuthenticationResult.User); }
public void SignIn(HttpContextBase httpContext, string login, string password, bool rememberMe) { var ip = httpContext.Request.UserHostAddress; if (!loginBruteForceProtector.CheckAttemptAllowed(ip)) { throw new IpBanException(); } if (!passwordBruteForceProtector.CheckAttemptAllowed(login)) { throw new LoginBanException(); } AuthenticationResult <TUser> userAuthenticationResult; try { userAuthenticationResult = authenticationProvider.Authenticate(login, password); } catch (LoginNotFoundException) { loginBruteForceProtector.AddFailAttempt(ip); passwordBruteForceProtector.AddFailAttempt(login); throw; } catch (WrongLoginPasswordException) { loginBruteForceProtector.AddFailAttempt(ip); passwordBruteForceProtector.AddFailAttempt(login); throw; } loginBruteForceProtector.ClearAttemptsForIp(ip); passwordBruteForceProtector.ClearAttemptsForIp(login); authenticationCookieManager.SetTokenCookie(httpContext, userAuthenticationResult.EncryptedBase64EncodedToken, rememberMe); log.Info(string.Format("User authenticated. login: {0}, userId: {1}", login, userAuthenticationResult.User.UserId)); }