public Identity(IEnumerable<Claim> claims, User user, Session session) { User = user; Session = session; Claims = claims.Select(c => c.Name).ToArray(); }
private Task<dynamic> PostAuth(dynamic parameters, CancellationToken ct) { return Task<dynamic>.Factory.StartNew(() => { string userName; string password; // First, accept auth value from HTTP basic auth if (Request.Headers.Authorization.Any()) { // https://en.wikipedia.org/wiki/Basic_access_authentication var headerValue = Request.Headers.Authorization.Split(' '); if (!headerValue[0].Equals("basic", StringComparison.InvariantCultureIgnoreCase)) throw new NotSupportedException("Authorization type must be 'basic'"); var decoded = Encoding.UTF8.GetString(Convert.FromBase64String(headerValue[1])); var splitIndex = decoded.IndexOf(':'); userName = decoded.Substring(0, splitIndex); password = decoded.Substring(splitIndex + 1, decoded.Length - decoded.IndexOf(':') - 1); } else { //If no basic auth data was supplied, pull data from query string or form userName = (string)Request.Query.UserName ?? (string)Request.Form.UserName; password = (string)Request.Query.Password ?? (string)Request.Form.Password; } using (var transaction = _connection.OpenTransaction()) { //Find the user with the given name (and correct password) var userIdentity = ValidateUser(userName, password); if (userIdentity == null) { return Negotiate .WithModel(new {Error = "Incorrect Username Or Password"}) .WithStatusCode(HttpStatusCode.Unauthorized); } //Create or find a session for this user var session = _connection.Select<Session>(s => s.UserId == userIdentity.User.Id).SingleOrDefault(); if (session == null) { session = new Session(userIdentity.User); _connection.Save(session); } //Store session in user identity userIdentity.Session = session; //Save any changes made transaction.Commit(); return Negotiate .WithCookie(CreateCookie(session.SessionKey)) .WithModel(new { SessionKey = session.SessionKey, }); } }, ct); }