/// <summary> /// Create cookies. /// </summary> /// <param name="username">Username.</param> /// <param name="authArea">Authenticate area.</param> /// <param name="timeout">Enable timespan.</param> /// <returns></returns> public static string CreateCookies(string username, string authArea, TimeSpan timeout) { ALEXFWCookiesToken token = new ALEXFWCookiesToken(); token.Username = username; token.ExpiredDate = DateTime.Now.Add(timeout); byte[] data; if (authArea == null) { data = Encoding.UTF8.GetBytes(token.Username).Concat(BitConverter.GetBytes(token.ExpiredDate.ToBinary())).ToArray(); } else { data = Encoding.UTF8.GetBytes(token.Username).Concat(BitConverter.GetBytes(token.ExpiredDate.ToBinary())).Concat(Encoding.UTF8.GetBytes(authArea)).ToArray(); } token.NewSalt(); token.Signature = GetTokenSignature(data, token.Salt); BinaryFormatter formatter = new BinaryFormatter(); MemoryStream stream = new MemoryStream(); formatter.Serialize(stream, token); data = stream.ToArray(); stream.Dispose(); return(HttpServerUtility.UrlTokenEncode(data)); }
/// <summary> /// Verify cookie. /// </summary> /// <param name="cookieValue">Cookie value.</param> /// <param name="authArea">Authenticate area.</param> /// <param name="username">Username.</param> /// <param name="expiredDate">Expired date.</param> /// <returns></returns> public static bool VerifyCookie(string cookieValue, string authArea, out string username, out DateTime expiredDate) { username = null; expiredDate = DateTime.MinValue; byte[] data; try { data = HttpServerUtility.UrlTokenDecode(cookieValue); BinaryFormatter formatter = new BinaryFormatter(); MemoryStream stream = new MemoryStream(data); ALEXFWCookiesToken token = (ALEXFWCookiesToken)formatter.Deserialize(stream); stream.Dispose(); if (token.Signature.Length != 20) { return(false); } if (token.ExpiredDate < DateTime.Now) { return(false); } if (token.Username == null) { return(false); } if (authArea == null) { data = token.GetTokenData(); } else { data = token.GetTokenData().Concat(Encoding.UTF8.GetBytes(authArea)).ToArray(); } if (!VerifyToken(data, token.Salt, token.Signature)) { return(false); } username = token.Username; expiredDate = token.ExpiredDate; return(true); } catch { return(false); } }