public ActionResult Create(UserModel model) { if (ModelState.IsValid) { bool badName, badEmail; var user = MembershipService.CreateAccount(model.Name, model.Nickname, model.Password, model.Email, model.Description, out badName, out badEmail); if (user != null) { if (Token != null) { return RedirectToAction("Detail", "Account", new { name = user.Name }); } var auth = MembershipService.CreateAuthorization(user.ID, Token.AuthorizationExpires, Request.UserHostAddress); Token = new Token(auth.AuthCode, user.ID, user.Name, user.Nickname, user.IsSystemAdministrator); return RedirectToStartPage(); } if (badName) ModelState.AddModelError("Name", SR.Account_AccountAlreadyExists); if (badEmail) ModelState.AddModelError("Email", SR.Account_EmailAlreadyExists); } return View(model); }
public ActionResult Login(LoginModel model, string returnUrl) { var user = MembershipService.Login(model.ID, model.Password); if (user != null) { var auth = MembershipService.CreateAuthorization(user.ID, Token.AuthorizationExpires, Request.UserHostAddress); Token = new Token(auth.AuthCode, user.ID, user.Name, user.Nickname, user.IsSystemAdministrator); return RedirectToStartPage(returnUrl); } ModelState.AddModelError("", SR.Account_LoginFailed); ViewBag.ReturnUrl = returnUrl; return View(model); }
protected override void OnAuthorization(AuthorizationContext filterContext) { try { var cookie = Request.Cookies[AuthKey]; if (cookie != null) { var bytes = Convert.FromBase64String(cookie.Value); var guid = new Guid(bytes); var token = GetCachedToken(guid.ToString()) ?? MembershipService.GetToken(guid); if (token != null && !token.Expired && (token.RenewIfNeed() || token.LastIp != Request.UserHostAddress)) { token.LastIp = Request.UserHostAddress; MembershipService.UpdateAuthorization(token.AuthCode, token.Expires, token.LastIp); } // else // DO NOT set token = null here Token = token; } } catch { Token = null; } base.OnAuthorization(filterContext); }
public ActionResult Change(ChangePasswordModel model, string name) { if (string.IsNullOrEmpty(name)) name = Token.Username; var isAdmin = Token.IsSystemAdministrator && !string.Equals(name, Token.Username, StringComparison.OrdinalIgnoreCase); if (ModelState.IsValid) { var user = MembershipService.Login(isAdmin ? Token.Username : name, model.OldPassword); if (user != null) { MembershipService.SetPassword(name, model.NewPassword); if (!isAdmin) { var auth = MembershipService.CreateAuthorization(user.ID, Token.AuthorizationExpires, Request.UserHostAddress); Token = new Token(auth.AuthCode, user.ID, user.Name, user.Nickname, user.IsSystemAdministrator); } return RedirectToAction("Detail", "Account", new { name }); } ModelState.AddModelError("OldPassword", SR.Account_OldPasswordError); } return View(model); }
private void CacheToken(Token token) { if (token != null) HttpRuntime.Cache.Insert(token.AuthCode.ToString(), token, null, token.Expires, Cache.NoSlidingExpiration); }