public IActionResult Login([FromForm] string secret) { AuthSessionCookie asc = new AuthSessionCookie(); asm.Login(secret, out asc.ID, out asc.ExpiresUtc); if (asc.ID == null) { return(StatusCode(401, "Your secret is wrong.")); } var copt = new CookieOptions { Expires = new DateTimeOffset(asc.ExpiresUtc), HttpOnly = false, IsEssential = true, SameSite = SameSiteMode.Lax, }; Response.Cookies.Append(authCookieName, asc.ToJson(), copt); return(StatusCode(200, "OK")); }
protected override Task <AuthenticateResult> HandleAuthenticateAsync() { string authCookieJson = Request.Cookies[AuthController.AuthCookieName]; if (authCookieJson == null) { return(fail("No authentication cookie.")); } AuthSessionCookie asc = null; try { asc = AuthSessionCookie.FromJson(authCookieJson); } catch { } if (asc == null) { return(fail("Invalid authentication cookie.")); } asc.ExpiresUtc = asm.Check(asc.ID); if (asc.ExpiresUtc == DateTime.MinValue) { return(fail("Session expired.")); } var copt = new CookieOptions { Expires = new DateTimeOffset(asc.ExpiresUtc), HttpOnly = false, IsEssential = true, SameSite = SameSiteMode.Lax, }; Response.Cookies.Append(AuthController.AuthCookieName, asc.ToJson(), copt); var claims = new[] { new Claim("SessionId", asc.ID), }; var claimsIdentity = new ClaimsIdentity(claims, nameof(XieAuthenticationHandler)); var ticket = new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), Scheme.Name); return(Task.FromResult(AuthenticateResult.Success(ticket))); }