예제 #1
0
        public async Task <IActionResult> Auth([FromForm(Name = "AuthCode")] string code)
        {
            int delaySeconds = 5 * this.securityService.AdminLoginFailedAttempts;
            await Task.Delay(delaySeconds * 1000);

            if (!string.IsNullOrEmpty(code) && code == Authenticator.GeneratePin(this.configuration["AdminLoginAuthenticator:SecretKey"]))
            {
                string[] cookieValues = CookiesFunctions.GenerateAdminLoginCookieValues(
                    configuration["AdminLoginAuthenticator:CookieFormat"],
                    new string[] { this.HttpContext.Request.Headers["User-Agent"], DateTime.Now.Year.ToString() },
                    configuration["AdminLoginAuthenticator:SecretIndexes"]);

                CookieOptions options = new CookieOptions();
                options.Expires     = DateTime.Now.AddHours(2);
                options.HttpOnly    = true;
                options.IsEssential = true;
                options.Secure      = true;
                Response.Cookies.Append(cookieValues[0], cookieValues[1], options);

                return(RedirectToAction("Login", "AdminAccount", new { Area = "Admin" }));
            }

            this.securityService.IncrementAdminLoginFailedAttempts();

            return(NotFound());
        }
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            var configuration     = (IConfiguration)context.HttpContext.RequestServices.GetService(typeof(IConfiguration));
            var hostingEnvornment = (IHostingEnvironment)context.HttpContext.RequestServices.GetService(typeof(IHostingEnvironment));

            string[] cookieValues = CookiesFunctions.GenerateAdminLoginCookieValues(
                configuration["AdminLoginAuthenticator:CookieFormat"],
                new string[] { context.HttpContext.Request.Headers["User-Agent"], DateTime.Now.Year.ToString() },
                configuration["AdminLoginAuthenticator:SecretIndexes"]);

            if (!hostingEnvornment.IsDevelopment() || Convert.ToBoolean(configuration["AdminLoginAuthenticator:ShowForTestPurposes"]))
            {
                if (!(context.HttpContext.Request.Cookies.ContainsKey(cookieValues[0]) || context.HttpContext.Request.Cookies[cookieValues[0]] == cookieValues[1]))
                {
                    context.Result = new NotFoundResult();

                    return;
                }
            }

            base.OnActionExecuting(context);
        }