protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthenticated = base.AuthorizeCore(httpContext); if (isAuthenticated) { string cookieName = FormsAuthentication.FormsCookieName; if (httpContext.Request.Cookies == null || httpContext.Request.Cookies[cookieName] == null) { return(false); } var authCookie = httpContext.Request.Cookies[cookieName]; var authTicket = FormsAuthentication.Decrypt(authCookie.Value); // This is where you can read the userData part of the authentication // cookie and fetch the token var tokenInformation = JsonConvert.DeserializeObject <LoginResult>(authTicket.UserData); if (authTicket.Expired) { try { tokenInformation = AdminService.Instance.AuthenticateAsync <LoginResult>(tokenInformation.RefreshToken).Result; authTicket = new FormsAuthenticationTicket( 2, authTicket.Name, tokenInformation.Issued.UtcDateTime, tokenInformation.Expires.UtcDateTime, authTicket.IsPersistent, JsonConvert.SerializeObject(tokenInformation)); httpContext.Response.Cookies[FormsAuthentication.FormsCookieName].Value = FormsAuthentication.Encrypt(authTicket); } catch (ApiException) { return(false); } } IPrincipal userPrincipal = new ApiPrincipal( new ApiIdentity( authTicket.Name, tokenInformation.AccessToken, tokenInformation.RefreshToken), tokenInformation.Role); // Inject the custom principal in the HttpContext httpContext.User = userPrincipal; } return(isAuthenticated); }
protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthenticated = base.AuthorizeCore(httpContext); if (isAuthenticated) { string cookieName = FormsAuthentication.FormsCookieName; if (httpContext.Request.Cookies == null || httpContext.Request.Cookies[cookieName] == null) { return false; } var authCookie = httpContext.Request.Cookies[cookieName]; var authTicket = FormsAuthentication.Decrypt(authCookie.Value); // This is where you can read the userData part of the authentication // cookie and fetch the token var tokenInformation = JsonConvert.DeserializeObject<LoginResult>(authTicket.UserData); if (authTicket.Expired) { try { tokenInformation = AdminService.Instance.AuthenticateAsync<LoginResult>(tokenInformation.RefreshToken).Result; authTicket = new FormsAuthenticationTicket( 2, authTicket.Name, tokenInformation.Issued.UtcDateTime, tokenInformation.Expires.UtcDateTime, authTicket.IsPersistent, JsonConvert.SerializeObject(tokenInformation)); httpContext.Response.Cookies[FormsAuthentication.FormsCookieName].Value = FormsAuthentication.Encrypt(authTicket); } catch (ApiException) { return false; } } IPrincipal userPrincipal = new ApiPrincipal( new ApiIdentity( authTicket.Name, tokenInformation.AccessToken, tokenInformation.RefreshToken), tokenInformation.Role); // Inject the custom principal in the HttpContext httpContext.User = userPrincipal; } return isAuthenticated; }