protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) { if (FormsAuthentication.CookiesSupported == true) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); if (!authTicket.Expired) { //userUID is the authTicket name string userUID = authTicket.Name; JVKCache jvkCache = new JVKCache(); JVKUserPrivateData jvkUserPrivateData = jvkCache.GetJVKUserPrivateData(userUID); JVKUser jvkUser = jvkCache.GetJVKUser(userUID); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(jvkUserPrivateData.userUID, "Forms"), jvkUser.userPermits.Split(',')); System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User; /* * ///// NOTE ///// * 1. there are 2 security contexts - Thread.CurrentPrincipal and Context.User * 2. need to keep Thread.CurrentPrincipal in sync with Context.User * 3. Thread.CurrentPrincipal is used in declarative role checks using PrincipalPermissionAttributes */ } } } }
public BaseController() { ViewBag.jvkUserName = string.Empty; //set up logging _logger = LogManager.GetCurrentClassLogger(); JVKCache jvkCache = new JVKCache(); //todo //set up central cache for lookup tables, this cache will be used by all users //jvkCache.lookups //lookups has sub-objects like roles, permits, role-permits, cities, states, countries, etc. ... objects that are used in the applications // //get menu string from cache ViewBag.stringMenu = jvkCache.GetMenuString(); //get user private data string userUID = System.Web.HttpContext.Current.User.Identity.Name; //get user data fro cache if (userUID != null && userUID.Trim().Length > 0) { jvkUserPrivateData = jvkCache.GetJVKUserPrivateData(userUID); jvkUser = jvkCache.GetJVKUser(userUID); ViewBag.jvkUserName = jvkUserPrivateData.firstName + " " + jvkUserPrivateData.lastName; } }
public ActionResult Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { JVKUserPrivateData jvkUserPrivateData = new JVKUserPrivateData(); JVKUser jvkUser = new JVKUser(); JVKCache jvkCache = new JVKCache(); UnitOfWork uow = new UnitOfWork(); var recordUser = uow.UserRepository.GetRecordsByFilter(c => c.StatusFlag == StatusConstant.Active && c.LoginID == model.LoginID).SingleOrDefault(); if (recordUser != null) { //verify password if (model.Password == "password") //if (System.Web.Helpers.Crypto.VerifyHashedPassword(recordUser.PasswordHash, model.Password)) { //remove jvkUserPrivateData and jvsUser from cache jvkCache.RemoveFromCache("jvsUserData" + recordUser.UserUID); jvkCache.RemoveFromCache("jvsUser" + recordUser.UserUID); jvkUserPrivateData = jvkCache.GetJVKUserPrivateData(recordUser.UserUID); jvkUser = jvkCache.GetJVKUser(recordUser.UserUID); //clear all existing cookies Response.Cookies.Clear(); //set authentication cookie int sessionCookieTimeout = Convert.ToInt32(System.Configuration.ConfigurationManager.AppSettings["sessionCookieTimeout"]); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, jvkUser.userCookieToken, DateTime.Now, DateTime.Now.AddMinutes(sessionCookieTimeout), false, jvkUser.userRoleIds); HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket)); //add cookie to the response stream Response.Cookies.Add(authCookie); if (Url.IsLocalUrl(returnUrl)) { return(Redirect(returnUrl)); } else { return(RedirectToAction("Index", "Home")); } } else { ///// login failed ///// //cross controller call, put in TempData instead of ViewBag TempData["alertBox"] = new BootstrapAlertBox(AlertType.Success, "Login failed. Try again."); return(RedirectToAction("Index", "Home")); } } } // If we got this far, something failed, redisplay form return(View(model)); }
public ActionResult LogOff() { JVKCache jvkCache = new JVKCache(); //remove jvkUserPrivateData and jvsUser from cache jvkCache.RemoveFromCache("jvsUserData" + jvkUserPrivateData.userUID); jvkCache.RemoveFromCache("jvsUser" + jvkUserPrivateData.userUID); FormsAuthentication.SignOut(); return(RedirectToAction("Index", "Home")); }