public string RequestLoginApproval()
{
var las = new LoginApprovalSession {
RequesterIpAddress = this.httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString(),
RequesterUserAgent = this.httpContextAccessor.HttpContext.Request.Headers?["User-Agent"],
Expiration = DateTime.Now.Add(this.options.Timeout)
};
return(this.sessionStore.Create(las));
}
/// <summary>
/// Saves the specified session to store.
/// </summary>
/// <param name="las">The session to be stored.</param>
/// <exception cref="ArgumentNullException">las</exception>
/// <exception cref="ArgumentException">Duplicate session ID</exception>
protected override void Save(LoginApprovalSession las)
{
if (las == null)
{
throw new ArgumentNullException(nameof(las));
}
lock (this.saveLock) {
if (this.Find(las.SessionId) != null)
{
throw new ArgumentException("Duplicate session ID");
}
this.store.Add(las);
}
}
private const int SESSION_ID_LENGTH = 32; // 32 bytes = 256 bits
/// <summary>Creates the specified session.</summary>
/// <param name="las">The session.</param>
/// <returns>ID of newly created session</returns>
/// <exception cref="ArgumentNullException">session</exception>
public virtual string Create(LoginApprovalSession las)
{
if (las == null)
{
throw new ArgumentNullException(nameof(las));
}
// Create new session ID
var lasidRaw = new byte[SESSION_ID_LENGTH];
var rng = System.Security.Cryptography.RandomNumberGenerator.Create();
rng.GetBytes(lasidRaw);
las.SessionId = string.Join(string.Empty, lasidRaw.Select(x => x.ToString("X2")));
// Save to store
this.Save(las);
// Return generated session ID
return(las.SessionId);
}
/// <summary> /// Saves the specified session to store. /// </summary> /// <param name="las">The session to be stored.</param> protected abstract void Save(LoginApprovalSession las);