/// <summary>
/// Gets the current username by decrypting the cookie. If FormsAuthentication is disabled or
/// there is no logged in user, this returns an empty string.
/// </summary>
public override string GetLoggedInUserName(HttpContextBase context)
{
if (context == null || context.Request == null || context.Request.Cookies == null)
{
return("");
}
bool isFormsAuthEnabled = FormsAuthenticationWrapper.IsEnabled();
if (isFormsAuthEnabled)
{
string cookieName = FormsAuthenticationWrapper.CookieName();
if (!string.IsNullOrEmpty(cookieName) && context.Request.Cookies[cookieName] != null)
{
string cookie = context.Request.Cookies[cookieName].Value;
if (!string.IsNullOrEmpty(cookie))
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie);
if (ticket != null)
{
return(ticket.Name);
}
}
}
}
return("");
}
/// <summary>
/// Authenticates the user with the specified email.
/// </summary>
/// <param name="email">The email address or username of the user.</param>
/// <param name="password">The password.</param>
/// <returns>
/// true if the authentication was sucessful;false otherwise.
/// </returns>
/// <exception cref="SecurityException">An databaseerror occurred while authenticating the user.</exception>
public override bool Authenticate(string email, string password)
{
try
{
User user = UserRepository.GetUserByEmail(email);
if (user != null)
{
if (user.Password == User.HashPassword(password, user.Salt))
{
bool isFormsAuthEnabled = FormsAuthenticationWrapper.IsEnabled();
if (isFormsAuthEnabled)
{
FormsAuthentication.SetAuthCookie(user.Id.ToString(), true);
}
return(true);
}
}
return(false);
}
catch (DatabaseException ex)
{
throw new SecurityException(ex, "An error occurred authentication user {0}", email);
}
}
/// <summary>
/// Signs the user out with (typically with <see cref="FormsAuthentication"/>).
/// </summary>
public override void Logout()
{
bool isFormsAuthEnabled = FormsAuthenticationWrapper.IsEnabled();
if (isFormsAuthEnabled)
{
FormsAuthentication.SignOut();
}
}