private AppContext CreateKnownUser(CookieIdentity cookieIdentity) { List <Organisation> organisations; var organisation = GetActiveOrganisation(cookieIdentity.Email, out organisations); if (organisation != null) { _session.SetOrganisation(organisation); var user = _getUserByEmailAddressQuery.Invoke(new GetUserByEmailAddressRequest { EmailAddress = cookieIdentity.Email, OrganisationId = organisation.Id }).User; if (user != null) { var appContext = new AppContext(); user.ActiveOrganisation = organisation; user.Organisations = organisations; user.OrganisationId = organisation.Id; appContext.Authentication = _authenticationManager; appContext.CurrentUser = user; appContext.AuthenticationStatus = HttpContext.Current.Request.IsAuthenticated ? AuthenticationStatus.Authenticated : AuthenticationStatus.NotAuthenticated; return(appContext); } } return(CreateAnonymousUser()); }
public AppContext Create() { try { AppContext appContext = AppContext.GetFromHttpContext(); if (appContext == null) { var impersonationStatus = _impersonationManager.CurrentStatus; //GT: ideally we'd like to have a record of *who* is impersonating, but this would // mean loading the impersonating user, which would mean we'd need to set the // org on the session twice, which kind of breaks the security model. // If we really wanted this information, we could set it into the ImpersonationStatus // when starting the impersonation if (impersonationStatus.Impersonating) { var impersonatedIdentity = new CookieIdentity { HasUserProfile = true, Email = impersonationStatus.EmailAddress, }; appContext = CreateKnownUser(impersonatedIdentity); appContext.Impersonated = true; } else { var currentAuthenticationIdentity = _authenticationManager.GetCurrentUser(); appContext = currentAuthenticationIdentity.HasUserProfile ? CreateKnownUser(currentAuthenticationIdentity) : CreateAnonymousUser(); } AppContext.AddToHttpContext(appContext); } return(appContext); } catch (Exception ex) { //exceptions thrown here cause an exception in the WindsorControllerFactory when the controller is released //hence the true exception is masked in the event log. Hence we explicitly log the exception in here before throwing it //TODO: get to the bottom of the actual problem! Error(ex); throw; } }
/// <summary> /// Creates an identity cookie for our guest and returns their new identity /// </summary> /// <returns></returns> public CookieIdentity SignInGuest() { //create the new anonymous identity var authenticationIdentity = new CookieIdentity { RememberMe = false, Email = CoreConstants.Authentication.GuestUserName, HasUserProfile = false }; //update the identity cookie _cookieManager.Set(CoreConstants.Authentication.IdentityCookieName, authenticationIdentity.Encode(), DateTime.MaxValue); //remove the current user from the http context AppContext.RemoveFromHttpContext(); return(authenticationIdentity); }
/// <summary> /// Method should only be invoked for users who have just successfully logged into the site /// </summary> /// <param name="email">the email they logged in with (could be username or email address)</param> public void SignIn(string email) { FormsAuthentication.SetAuthCookie(email, true); var authenticationIdentity = new CookieIdentity { RememberMe = true, Email = email, HasUserProfile = true, }; _cookieManager.Set( CoreConstants.Authentication.IdentityCookieName, authenticationIdentity.Encode(), authenticationIdentity.RememberMe ? DateTime.MaxValue : (DateTime?)null); //remove the current user from the http context AppContext.RemoveFromHttpContext(); }
public CookieIdentity GetCurrentUser() { var name = HttpContext.Current.User.Identity.Name; var authCookie = _cookieManager.Get(CoreConstants.Authentication.IdentityCookieName); if (name.IsNullOrEmpty() || authCookie.IsNullOrEmpty()) { return(SignInGuest()); } var authIdentity = CookieIdentity.Decode(authCookie); //make sure the identity cookie has not been hacked if (authIdentity.Email.ToLowerInvariant().Trim() == name.ToLowerInvariant().Trim()) { return(authIdentity); } return(SignInGuest()); }
public static CookieIdentity Decode(string cookieValue) { ArgumentValidation.NotEmpty(cookieValue, "cookieValue"); NameValueCollection cookieValues = HttpUtility.ParseQueryString(cookieValue); if (cookieValues.Get(CoreConstants.Authentication.HasUserProfile) != null && cookieValues.Get(CoreConstants.Authentication.RememberMe) != null && cookieValues.Get(CoreConstants.Authentication.Email) != null) { var identity = new CookieIdentity { HasUserProfile = cookieValues[CoreConstants.Authentication.HasUserProfile] == "true", RememberMe = cookieValues[CoreConstants.Authentication.RememberMe] == "true", Email = cookieValues[CoreConstants.Authentication.Email] }; return(identity); } return(null); }