public static DraftUser AuthenticateRequest(HttpRequestBase request, int?userId = null) { DraftUser toRet = null; if (request.Cookies["DraftUser"] == null || String.IsNullOrWhiteSpace(request.Cookies["DraftUser"].Value)) { throw new DraftAuthenticationException("No session"); } try { String base64Encoded = DraftAuthentication.UnescapeToken(request.Cookies["DraftUser"].Value); byte[] bytes = Convert.FromBase64String(base64Encoded); byte[] decryptedBytes = MachineKey.Unprotect(bytes); String final = Encoding.Unicode.GetString(decryptedBytes); toRet = new JavaScriptSerializer().Deserialize <DraftUser>(final); } catch (Exception ex) { throw new DraftAuthenticationException("Authentication Failed", ex); } if (toRet.Expires < DateTime.UtcNow) { throw new DraftAuthenticationException(toRet.Username, toRet.Expires, "Authentication Expired"); } if (userId.HasValue && toRet.ID != userId.Value) { throw new DraftAuthenticationException("Unauthorized User"); } return(toRet); }
public static DraftUser AuthenticateCredentials(String username, String password, HttpResponseBase response) { if (String.IsNullOrWhiteSpace(username) || String.IsNullOrWhiteSpace(password)) { throw new DraftAuthenticationException("Invalid credentials"); } DraftUser user = DraftObj.GetUser(username, password); if (user == null) { throw new DraftAuthenticationException("Invalid username or password"); } if (response != null) { String rawString = new JavaScriptSerializer().Serialize(user); byte[] rawBytes = Encoding.Unicode.GetBytes(rawString); byte[] encryptedBytes = MachineKey.Protect(rawBytes); response.Cookies["DraftUser"].Value = DraftAuthentication.EscapeToken(Convert.ToBase64String(encryptedBytes)); response.Cookies["DraftUser"].Expires = DateTime.Now.AddDays(1); } return(user); }