예제 #1
0
        public Task Invoke(IDictionary <string, object> env)
        {
            var request  = new OwinRequest(env);
            var response = new OwinResponse(env);

            // The forms auth module has a bug where it null refs on a null Extra
            var headers = request.Get <IDictionary <string, string[]> >(Owin.Types.OwinConstants.RequestHeaders);

            var    cookies = request.GetCookies();
            string cookieValue;

            if (cookies != null && cookies.TryGetValue("jabbr.id", out cookieValue))
            {
                AuthenticationTicket ticket = _ticketHandler.Unprotect(cookieValue);
                if (ticket != null && ticket.Extra == null)
                {
                    var extra = new AuthenticationExtra();
                    extra.IsPersistent = true;
                    extra.IssuedUtc    = DateTime.UtcNow;
                    extra.ExpiresUtc   = DateTime.UtcNow.AddDays(30);

                    var newTicket = new AuthenticationTicket(ticket.Identity, extra);

                    var cookieBuilder = new StringBuilder();
                    foreach (var cookie in cookies)
                    {
                        string value = cookie.Value;

                        if (cookie.Key == "jabbr.id")
                        {
                            // Create a new ticket preserving the identity of the user
                            // so they don't get logged out
                            value = _ticketHandler.Protect(newTicket);
                            response.AddCookie("jabbr.id", value, new CookieOptions
                            {
                                Expires  = extra.ExpiresUtc.Value.UtcDateTime,
                                HttpOnly = true
                            });
                        }

                        if (cookieBuilder.Length > 0)
                        {
                            cookieBuilder.Append(";");
                        }

                        cookieBuilder.Append(cookie.Key)
                        .Append("=")
                        .Append(Uri.EscapeDataString(value));
                    }

                    headers["Cookie"] = new[] { cookieBuilder.ToString() };
                }
            }

            return(_next(env));
        }
예제 #2
0
        protected bool ValidateCorrelationId(AuthenticationExtra extra, ILogger logger)
        {
            var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;

            string correlationCookie;

            if (!Request.GetCookies().TryGetValue(
                    correlationKey,
                    out correlationCookie))
            {
                logger.WriteWarning(string.Format("{0} cookie not found", correlationKey));
                return(false);
            }

            Response.DeleteCookie(correlationKey);

            string correlationExtra;

            if (!extra.Properties.TryGetValue(
                    correlationKey,
                    out correlationExtra))
            {
                logger.WriteWarning(string.Format("{0} state property not found", correlationKey));
                return(false);
            }

            extra.Properties.Remove(correlationKey);

            if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
            {
                logger.WriteWarning(string.Format("{0} correlation cookie and state property mismatch", correlationKey));
                return(false);
            }

            return(true);
        }