public async Task<ActionResult> Login(Logon logon) { if (!ModelState.IsValid) { return View("Login", logon); } try { await UserManager.ValidateUser(logon, Response); // Redirect to the secure area. if (string.IsNullOrWhiteSpace(logon.RedirectUrl)) { logon.RedirectUrl = "/"; } return Json(new { RedirectUrl = logon.RedirectUrl, Status = "OK" }); } catch (ApiException ex) { //No 200 OK result, what went wrong? HandleBadRequest(ex); if (!ModelState.IsValid) { return Json(new { RedirectUrl = logon.RedirectUrl, Status = "The username or password provided is incorrect." }); } throw; } }
/// <summary> /// Authenticates a user via the Webapi and creates the associated forms authentication ticket. /// </summary> /// <param name="logon">Logon</param> /// <param name="response">HttpResponseBase</param> /// <returns>bool</returns> public static async Task ValidateUser(Logon logon, HttpResponseBase response) { var result = await WebApiService.Instance.AuthenticateAsync<SignInResult>(logon.Username, logon.Password); var getUser = await WebApiService.Instance.GetAsync<UserDto>("Users/Get", result.AccessToken, new { username = logon.Username }); HttpContext.Current.Items.Add("User", new ClientSideUser { AccessToken = result.AccessToken, UserName = result.UserName, IsSuperUser = getUser.IsSuperUser }); // Create the authentication ticket with custom user data. var serializer = new JavaScriptSerializer(); string userData = serializer.Serialize(User); var expires = result.Expires.LocalDateTime; var isPersistent = true; var ticket = new FormsAuthenticationTicket(1, logon.Username, DateTime.Now, expires, isPersistent, userData, FormsAuthentication.FormsCookiePath); // Encrypt the ticket. string encTicket = FormsAuthentication.Encrypt(ticket); // Create the cookie. var httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket) { Expires = expires, HttpOnly = true, Path = FormsAuthentication.FormsCookiePath, Domain = FormsAuthentication.CookieDomain }; response.Cookies.Add(httpCookie); }