public AuthenticationResult Authenticate(string customer, string userName, string password, bool persistent, string visitorAddress)
{
AuthenticationResult result = ValidateInput(userName, password);
if (!result.Success)
{
return(result);
}
string passwordHash = GetCryptographicHash(password);
T user = userProvider.AuthenticateUser(customer, userName, passwordHash);
if (user == null)
{
return(new AuthenticationResult(false, "Unable to login using the specified credentials.", null));
}
if (!IsAuthorizedVisitor(user, visitorAddress))
{
return(new AuthenticationResult(false, "Credentials do not allow login from your current IP address.", null));
}
CurrentPrincipal = new CodeworksPrincipal <T>(userName, userProvider.GetRoles(user), user);
// remember to change CookieParameterCount if you change parameter count here
string cookieData = String.Format("{0}|{1}|{2}", CurrentIdentity.Name, customer, CurrentPrincipal.AllRoles);
persistenceProvider.SetAuthCookie(1, userName, DateTime.Now.AddMonths(1), persistent, cookieData);
// TODO create an audit log entry for the current request
return(new AuthenticationResult(true, null, null));
}
public void CookieAuthenticate(string visitorAddress)
{
HttpCookie cookie = persistenceProvider.GetAuthCookie();
if (cookie != null)
{
string userName;
string userData = persistenceProvider.GetAuthCookieValue(out userName);
string[] cookieData = userData.Split('|');
// extract data from cookie
bool isValid = cookieData.Length == CookieParameterCount &&
!string.IsNullOrEmpty(cookieData[0]) &&
cookieData[0] == userName &&
IsAuthorizedVisitor(cookieData[1], cookieData[0], visitorAddress);
if (isValid)
{
string customer = cookieData[1];
string[] roles = cookieData[2].Split(',');
T user = userProvider.GetUser(customer, userName);
CurrentPrincipal = new CodeworksPrincipal <T>(userName, roles, user);
}
}
}