private async Task Authenticae(IOwinContext context)
{
var cookie = context.Request.Cookies[Configuration.CookieName];
if (cookie == null)
{
return;
}
var protector = new CookieProtector(Configuration);
try
{
byte[] data;
if (!protector.Validate(cookie, out data))
{
return;
}
var authenticationCookie = AuthenticationCookie.Deserialize(data);
if (authenticationCookie.IsExpired(Configuration.Timeout))
{
return;
}
var principal = authenticationCookie.GetPrincipal();
var identity = principal.Identity as CookieIdentity;
if (identity == null)
{
return;
}
var user = await GetUser(context, identity.Name);
if (user != null && user.AuthenticationToken == identity.AuthenticationToken)
{
context.Request.User = ApplicationPrincipal <TUser> .Create(user);
RenewCookieIfExpiring(context.Response, protector, authenticationCookie);
}
}
catch
{
// do not leak any information if an exception was thrown; simply don't set the IPrincipal.
}
finally
{
protector.Dispose();
}
}
public bool Authenticate()
{
var cookie = httpContext.Request.Cookies[Configuration.CookieName];
if (cookie != null)
{
var protector = new CookieProtector(Configuration);
try
{
byte[] data;
if (protector.Validate(cookie.Value, out data))
{
var authenticationCookie = AuthenticationCookie.Deserialize(data);
if (authenticationCookie.IsExpired(Configuration.Timeout))
{
return(false);
}
var principal = authenticationCookie.GetPrincipal();
var identity = principal.Identity as CookieIdentity;
if (identity == null)
{
return(false);
}
var user = GetUser(httpContext, identity.Name);
if (user != null && user.AuthenticationToken == identity.AuthenticationToken)
{
httpContext.User = ApplicationPrincipal <TUser> .Create(user);
RenewCookieIfExpiring(httpContext, protector, authenticationCookie);
}
}
return(true);
}
catch
{
// do not leak any information if an exception was thrown; simply don't set the context.LumenUser property.
}
finally
{
protector.Dispose();
}
}
return(false);
}
