public Task Invoke(IDictionary <string, object> env)
{
var request = new OwinRequest(env);
var response = new OwinResponse(env);
// The forms auth module has a bug where it null refs on a null Extra
var headers = request.Get <IDictionary <string, string[]> >(Owin.Types.OwinConstants.RequestHeaders);
var cookies = request.GetCookies();
string cookieValue;
if (cookies != null && cookies.TryGetValue("jabbr.id", out cookieValue))
{
AuthenticationTicket ticket = _ticketHandler.Unprotect(cookieValue);
if (ticket != null && ticket.Extra == null)
{
var extra = new AuthenticationExtra();
extra.IsPersistent = true;
extra.IssuedUtc = DateTime.UtcNow;
extra.ExpiresUtc = DateTime.UtcNow.AddDays(30);
var newTicket = new AuthenticationTicket(ticket.Identity, extra);
var cookieBuilder = new StringBuilder();
foreach (var cookie in cookies)
{
string value = cookie.Value;
if (cookie.Key == "jabbr.id")
{
// Create a new ticket preserving the identity of the user
// so they don't get logged out
value = _ticketHandler.Protect(newTicket);
response.AddCookie("jabbr.id", value, new CookieOptions
{
Expires = extra.ExpiresUtc.Value.UtcDateTime,
HttpOnly = true
});
}
if (cookieBuilder.Length > 0)
{
cookieBuilder.Append(";");
}
cookieBuilder.Append(cookie.Key)
.Append("=")
.Append(Uri.EscapeDataString(value));
}
headers["Cookie"] = new[] { cookieBuilder.ToString() };
}
}
return(_next(env));
}
protected void GenerateCorrelationId(AuthenticationExtra extra)
{
var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
var nonceBytes = new byte[32];
Random.GetBytes(nonceBytes);
var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsSecure
};
extra.Properties[correlationKey] = correlationId;
Response.AddCookie(correlationKey, correlationId, cookieOptions);
}
public void ResponseSignIn(FormsResponseSignInContext context)
{
var authResult = new AuthenticationResult
{
Success = true
};
ChatUser loggedInUser = GetLoggedInUser(context.Environment);
var principal = new ClaimsPrincipal(context.Identity);
// Do nothing if it's authenticated
if (principal.IsAuthenticated())
{
EnsurePersistentCookie(context);
return;
}
ChatUser user = _repository.GetUser(principal);
authResult.ProviderName = principal.GetIdentityProvider();
// The user exists so add the claim
if (user != null)
{
if (loggedInUser != null && user != loggedInUser)
{
// Set an error message
authResult.Message = String.Format("This {0} account has already been linked to another user.", authResult.ProviderName);
authResult.Success = false;
// Keep the old user logged in
context.Identity.AddClaim(new Claim(JabbRClaimTypes.Identifier, loggedInUser.Id));
}
else
{
// Login this user
AddClaim(context, user);
}
}
else if (principal.HasRequiredClaims())
{
ChatUser targetUser = null;
// The user doesn't exist but the claims to create the user do exist
if (loggedInUser == null)
{
// New user so add them
user = _membershipService.AddUser(principal);
targetUser = user;
}
else
{
// If the user is logged in then link
_membershipService.LinkIdentity(loggedInUser, principal);
_repository.CommitChanges();
authResult.Message = String.Format("Successfully linked {0} account.", authResult.ProviderName);
targetUser = loggedInUser;
}
AddClaim(context, targetUser);
}
else if (!principal.HasPartialIdentity())
{
// A partial identity means the user needs to add more claims to login
context.Identity.AddClaim(new Claim(JabbRClaimTypes.PartialIdentity, "true"));
}
var response = new OwinResponse(context.Environment);
var cookieOptions = new CookieOptions
{
HttpOnly = true
};
response.AddCookie(Constants.AuthResultCookie,
JsonConvert.SerializeObject(authResult),
cookieOptions);
}