public void Login(int userId, int tenantId, string username, bool isPersistent, bool hasSessionStorage) { var previousLoginId = httpCookie.IsAnonymous ? null : httpCookie.LoginId; userCookie = new UserAccessibleLoginCookieValue { UserId = userId, Username = username, CSRFToken = SecureTokenGenerator.Instance.GenerateCSRFToken() }; mobileLoginInfo = new MobileLoginInfo { UserId = userId, TenantId = tenantId, IsPersistent = isPersistent }; httpCookie = new HttpOnlyLoginCookieValue { LoginId = MobileLoginReadWriter.Write(configuration.EncryptKey, mobileLoginInfo) }; if (hasSessionStorage) { CreateMobileLoginInfo(httpCookie.LoginId, previousLoginId); } csrfToken = userCookie.CSRFToken; dirty = true; }
public LoginInfo(MobileLoginConfiguration configuration) { this.configuration = configuration; csrfToken = null; httpCookie = new HttpOnlyLoginCookieValue(); userCookie = new UserAccessibleLoginCookieValue(); mobileLoginInfo = new MobileLoginInfo { TenantId = configuration.DefaultTenantId }; dirty = false; }
public static MobileLoginInfo Read(string key, string loginInfo) { string decryptedLoginInfo = SymmCryptHelper.DecryptWithAES128(key, loginInfo); string[] parts = decryptedLoginInfo.Split('|'); var info = new MobileLoginInfo(); info.UserId = Base64.IntFromBase64(parts[0]); info.TenantId = Base64.IntFromBase64(parts[1]); info.IsPersistent = Convert.ToBoolean(Base64.IntFromBase64(parts[2])); return(info); }
public void Logout() { userCookie = new UserAccessibleLoginCookieValue(); httpCookie = new HttpOnlyLoginCookieValue(); mobileLoginInfo = new MobileLoginInfo { TenantId = configuration.DefaultTenantId }; csrfToken = userCookie.CSRFToken; dirty = true; }
public void Validate(bool ignoreCSRFToken) { if (!ignoreCSRFToken && csrfToken == null) // Unacceptable { throw new InvalidLoginException("Invalid CSRF request"); } if (httpCookie == null || userCookie == null) { Anonymize(); } if (!ValidSignature()) { // Downgrade to anonymous cookies. // You might be wondering why we let the guy go as anonymous // we do this so that when we change the cookie format // users can upgrade their login cookies by logging in again. Anonymize(); } if (!ignoreCSRFToken && !csrfToken.SlowEquals(userCookie.CSRFToken)) // Unaceptable { throw new InvalidLoginException("Invalid CSRF request"); } if (!IsAnonymous) { mobileLoginInfo = MobileLoginReadWriter.Read(configuration.EncryptKey, httpCookie.LoginId); } else { mobileLoginInfo = new MobileLoginInfo { TenantId = configuration.DefaultTenantId }; } if (userCookie.UserId != mobileLoginInfo.UserId) { throw new InvalidLoginException("Inconsistent Login Info"); } }
public static string Write(string key, MobileLoginInfo loginInfo) { string encoded = string.Join("|", Base64.ToBase64(loginInfo.UserId), Base64.ToBase64(loginInfo.TenantId), Base64.ToBase64(Convert.ToInt32(loginInfo.IsPersistent))); return(SymmCryptHelper.EncryptWithAES128(key, encoded)); }