public static HttpCookie CreateCookie(string identifier, out Guid authenticationToken, bool persistent = false) { using (var protector = new CookieProtector(Configuration)) { authenticationToken = Guid.NewGuid(); var authenticationCookie = new AuthenticationCookie(0, authenticationToken, persistent, identifier); return(authenticationCookie.CreateHttpCookie(protector, Configuration)); } }
private async Task Authenticae(IOwinContext context) { var cookie = context.Request.Cookies[Configuration.CookieName]; if (cookie == null) { return; } var protector = new CookieProtector(Configuration); try { byte[] data; if (!protector.Validate(cookie, out data)) { return; } var authenticationCookie = AuthenticationCookie.Deserialize(data); if (authenticationCookie.IsExpired(Configuration.Timeout)) { return; } var principal = authenticationCookie.GetPrincipal(); var identity = principal.Identity as CookieIdentity; if (identity == null) { return; } var user = await GetUser(context, identity.Name); if (user != null && user.AuthenticationToken == identity.AuthenticationToken) { context.Request.User = ApplicationPrincipal <TUser> .Create(user); RenewCookieIfExpiring(context.Response, protector, authenticationCookie); } } catch { // do not leak any information if an exception was thrown; simply don't set the IPrincipal. } finally { protector.Dispose(); } }
private static void RenewCookieIfExpiring(HttpContextBase context, CookieProtector protector, AuthenticationCookie authenticationCookie) { if (!Configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(Configuration.Timeout.Ticks / 2))) { return; } authenticationCookie.Renew(); context.Response.Cookies.Remove(Configuration.CookieName); var newCookie = authenticationCookie.CreateHttpCookie(protector, Configuration); context.Response.Cookies.Add(newCookie); }
public bool Authenticate() { var cookie = httpContext.Request.Cookies[Configuration.CookieName]; if (cookie != null) { var protector = new CookieProtector(Configuration); try { byte[] data; if (protector.Validate(cookie.Value, out data)) { var authenticationCookie = AuthenticationCookie.Deserialize(data); if (authenticationCookie.IsExpired(Configuration.Timeout)) { return(false); } var principal = authenticationCookie.GetPrincipal(); var identity = principal.Identity as CookieIdentity; if (identity == null) { return(false); } var user = GetUser(httpContext, identity.Name); if (user != null && user.AuthenticationToken == identity.AuthenticationToken) { httpContext.User = ApplicationPrincipal <TUser> .Create(user); RenewCookieIfExpiring(httpContext, protector, authenticationCookie); } } return(true); } catch { // do not leak any information if an exception was thrown; simply don't set the context.LumenUser property. } finally { protector.Dispose(); } } return(false); }
private static void RenewCookieIfExpiring(IOwinResponse response, CookieProtector protector, AuthenticationCookie authenticationCookie) { if (!Configuration.SlidingExpiration || !authenticationCookie.IsExpired(TimeSpan.FromTicks(Configuration.Timeout.Ticks / 2))) { return; } authenticationCookie.Renew(); response.Cookies.Delete(Configuration.CookieName); var newCookie = authenticationCookie.CreateHttpCookie(protector, Configuration); response.Cookies.Append(Configuration.CookieName, newCookie.Value, new CookieOptions { Domain = newCookie.Domain, Expires = newCookie.Expires, HttpOnly = newCookie.HttpOnly, Path = newCookie.Path, Secure = newCookie.Secure }); }
public static HttpCookie CreateHttpCookie(this AuthenticationCookie authenticationCookie, CookieProtector protector, ConfigFileAuthenticationConfiguration configuration) { var cookie = new HttpCookie(configuration.CookieName, protector.Protect(authenticationCookie.Serialize())) { HttpOnly = true, Secure = configuration.RequireSSL, }; if (authenticationCookie.Persistent) { cookie.Expires = authenticationCookie.IssueDate + configuration.Timeout; } return(cookie); }