private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { try { var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie == null) { return; } var encTicket = authCookie.Value; if (String.IsNullOrEmpty(encTicket)) { return; } var ticket = FormsAuthentication.Decrypt(encTicket); var securityUtilities = new SecurityUtilities(); var identity = securityUtilities.FormsAuthTicketToIdentity(ticket); var principal = new GenericPrincipal(identity, identity.Roles); HttpContext.Current.User = principal; Thread.CurrentPrincipal = principal; } catch (Exception ex) { } }
public void OnAuthorization(AuthorizationContext filterContext) { try { var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; var encTicket = authCookie?.Value; if (String.IsNullOrEmpty(encTicket)) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "Account" }, { "action", "SignIn" } }); return; } var ticket = FormsAuthentication.Decrypt(encTicket); var securityUtilities = new SecurityUtilities(); var identity = securityUtilities.FormsAuthTicketToIdentity(ticket); var principal = new GenericPrincipal(identity, identity.Roles); HttpContext.Current.User = principal; Thread.CurrentPrincipal = principal; } catch { // ignored } }
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { try { var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie == null) { return; } var encTicket = authCookie.Value; if (String.IsNullOrEmpty(encTicket)) { return; } var ticket = FormsAuthentication.Decrypt(encTicket); // bileti çöz. var securityUtilities = new SecurityUtilities(); var identity = securityUtilities.FormsAuthTicketToIdentity(ticket); // Çözülmüþ ticket'dan identity oluþturuyoruz. var principal = new GenericPrincipal(identity, identity.Roles); // principal oluþturuyoruz. HttpContext.Current.User = principal; // Web'de kullaným için. Thread.CurrentPrincipal = principal; // Back-end' de kullaným için. } catch (Exception) { } }
//erişebilir oldugu zamn private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { try { //FormsAuthentication.FormsCookieName isminle bir cookie oluşturacagımız soylemsıtık var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; //bos sa dondur if (authCookie == null) { return; } var encticket = authCookie.Value; //bos sa dondur if (String.IsNullOrEmpty(encticket)) { return; } var ticket = FormsAuthentication.Decrypt(encticket); var securityUrlities = new SecurityUtilities(); var identity = securityUrlities.FormsAuthTicketToIdentity(ticket); var principal = new GenericPrincipal(identity, identity.Roles); //backend ve fronted tarafında erişim işlemleri için HttpContext.Current.User = principal; Thread.CurrentPrincipal = principal; } catch (Exception) { } }
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { //Web için gerekli olan cookie de ki bilgileri alıp role karşılaştırması ile principal oluşturduk artık kullanıcımızın bilgilerine erişebiliriz. try { var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie == null) { return; } var encTicket = authCookie.Value; if (String.IsNullOrEmpty(encTicket)) { return; } var ticket = FormsAuthentication.Decrypt(encTicket); var securityUtilities = new SecurityUtilities(); var identity = securityUtilities.FormsAuthTicketToIdentity(ticket); var principal = new GenericPrincipal(identity, identity.Roles); HttpContext.Current.User = principal; Thread.CurrentPrincipal = principal; } catch (Exception) { } }
protected override void OnActionExecuting(ActionExecutingContext filterContext) { // ... log stuff before execution if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated == false) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Account" }, { "action", "Index" } }); return; } try { var authCookie = HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie == null) { return; } var encTicket = authCookie.Value; if (string.IsNullOrEmpty(encTicket)) { return; } var ticket = FormsAuthentication.Decrypt(encTicket); var securityUtilies = new SecurityUtilities(); var identity = securityUtilies.FormsAuthTicketToIdentity(ticket); var principal = new GenericPrincipal(identity, identity.Roles); if (!string.IsNullOrEmpty(identity.Name) && !string.IsNullOrEmpty(identity.Email)) { IUserService userService = IstanceFactory.GetIstance <IUserService>(); var result = userService.GetByUserForId(identity.Id); if (result != null) { _BaseUser = new User { FirstName = result.FirstName, LastName = result.LastName, Email = identity.Email, Id = result.Id }; ViewBag.UserFirstName = _BaseUser.FirstName; ViewBag.UserLastName = _BaseUser.LastName; } } } catch (Exception) { } }
////herhangi bir sayfaya istek(request geldiğinde) çalışır //kişinin authantikasyon bilgilerine erişebildiği zamana karşılık gelir private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { try { //AuthenticationHelper classında cookieye değer atamıştık.bunu burda kullanıyoruz.---> HttpContext.Current.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie == null) { return; } var encTicket = authCookie.Value;//şifreli veri if (String.IsNullOrEmpty(encTicket)) { return; } //şifreli veriyi çözüyoruz var ticket = FormsAuthentication.Decrypt(encTicket); //şifreli ticket verisini önce çözüyoruz daha sonra SecurityUtilities helper classı yardımıyla Identity classına atama(doldurma) işlemi yapıyoruz var securityUtlities = new SecurityUtilities(); var identity = securityUtlities.FormsAuthTicketToIdentity(ticket); var principal = new GenericPrincipal(identity, identity.Roles); //System.Threading.Thread.CurrentPrincipal.IsInRole(roles[i]) //SecuredOperationAspect classında yukarıdaki gibi bir kullanım yapmıştık.Bunu aşağıda dolduruyoruz //Mvc arayüzünde kullanabilmek için HttpContext.Current.User = principal; //web uygulamalarında(MVC,ASP.NET GİBİ) kullanabilmek için böyle bir atama yapıyoruz. //Backendde kullabilmek için (Business katmanında kullanabiliriz) Thread.CurrentPrincipal = principal; //backend içinse böyle bir atama yapıyoruz.Örneğin masaüstü yazılım yada mobile uyglama gibi sistemlerde authentication işlemlerde kullanabilmek için. } catch (Exception) { } }
//Kiþinin authentication bilgilerinin ulaþýlabilir olduðu zamana denk gelen metot private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { //sisteme hata verdirmeye çalýþan hackleme iþlemleri vs için defensive programing try { var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie == null) { return; } var encTicket = authCookie.Value; if (string.IsNullOrEmpty(encTicket)) { return; } var ticket = FormsAuthentication.Decrypt(encTicket); //Þimdi bu ticketi alýp securityutilitiesi kullanarak identitye çevirmemiz lazým var securityUtilities = new SecurityUtilities(); var identity = securityUtilities.FormsAuthTicketToIdentity(ticket); //Kullanýýcý için bir id oluþturma? var principal = new GenericPrincipal(identity, identity.Roles); //Mvc için User HttpContext.Current.User = principal; //Backendde bunu kullanabilsin diye(mesela business için) Thread.CurrentPrincipal = principal; } catch (Exception) { throw; } }