public void Set(HttpContext context, AuthenticationSessionViewModel sessionViewModel) { var cipherSession = _cryptographyService.Encrypt(sessionViewModel, _encryptionKey); var session = Encoding.UTF8.GetBytes(cipherSession); context.Session.Set(_sessionName, session); }
public async Task <ApiResult <SignInViewModel> > SignIn(SignInViewModel model) { var signInResult = await _userRepository.SignIn(model); var result = new ApiResult <SignInViewModel>(); if (!signInResult.Success && signInResult.MessageType != MessageType.Success) { result.Success = false; result.Data = null; result.Info = signInResult.Info; result.Message = signInResult.Message; result.MessageType = signInResult.MessageType; return(result); } var timeSpan = model.RememberMe ? TimeSpan.FromDays(30) : TimeSpan.FromHours(1); var maxAge = model.RememberMe ? TimeSpan.FromDays(180) : TimeSpan.FromDays(1); var cookie = new AuthenticationCookieViewModel() { PhoneNumber = signInResult.Data.PhoneNumber, UserId = signInResult.Data.Id, Password = signInResult.Data.Password, RememberMe = model.RememberMe, MaxAgeDateTime = DateTime.Now.Add(maxAge) }; var cookieOptions = new CookieOptions() { Expires = DateTimeOffset.Now.Add(timeSpan), MaxAge = maxAge, }; _authenticationCookieService.Set(HttpContext, cookie, cookieOptions); var session = new AuthenticationSessionViewModel() { UserId = signInResult.Data.Id, UserFullName = signInResult.Data.Fullname }; _authentcationSessionService.Set(HttpContext, session); result.Success = true; result.Data = signInResult.Data; result.Info = signInResult.Info; result.Message = signInResult.Message; result.MessageType = signInResult.MessageType; return(result); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.HttpContext.Session.TryGetValue(_isAuthenticationChecked, out var boolBytes)) { var boolString = Encoding.UTF8.GetString(boolBytes); if (bool.Parse(boolString)) { return; } } var userId = 0; try { if (_grantType == AuthorizeLevel.AllowAnanymos) { return; } var path = _httpContextAccessor.HttpContext.Request.Path.Value; var authSession = _authSessionService.Get(_httpContext); var authCookie = _authCookieService.Get(_httpContext); if (authSession == null || !_authorizeService.CheckUserSession(authSession)) { if (authCookie == null || !_authorizeService.CheckUserCookie(authCookie)) { filterContext.Result = new RedirectResult("/Account/LogIn?returnUrl=" + path); return; } else { var phoneNumber = authCookie.PhoneNumber; var password = authCookie.Password; var user = _authorizeService.GetUser(phoneNumber: phoneNumber, password); if (user != null) { var session = new AuthenticationSessionViewModel() { UserId = user.Id, UserFullName = user.Fullname }; _authSessionService.Update(_httpContext, session); authSession = _authSessionService.Get(_httpContext); userId = user.Id; } else { throw new UnauthorizedAccessException(); //filterContext.Result = new RedirectResult("/Account/Logout"); //return; } } } else if (authCookie == null) // both of User Session is NOT null but User Cookie is null { _authSessionService.Remove(_httpContext); filterContext.Result = new RedirectToActionResult("SignIn", "User", new { area = "Account" }); return; } else // User Session and User Cookie isn't null { userId = authCookie.UserId; } if (_grantType == AuthorizeLevel.LogedIn) { return; } var areaTitle = string.Empty; try { areaTitle = filterContext.RouteData.DataTokens["Full"].ToString(); } catch (Exception e) { // Do nothing } var controllerTitle = filterContext.RouteData.Values["Controller"].ToString(); var actionTitle = filterContext.RouteData.Values["Action"].ToString(); var hasAccess = _authorizeService.CheckUserPermision(areaTitle: areaTitle, controllerTitle: controllerTitle, actionTitle: actionTitle, userId: userId); if (!hasAccess) { throw new UnauthorizedAccessException(); } _authCookieService.AddExpireTime(_httpContext); } catch (UnauthorizedAccessException) { if (IsAjaxRequest()) { filterContext.Result = userId == 0 ? new JsonResult(new { HttpStatusCode.Unauthorized }) : new JsonResult(new { HttpStatusCode.Forbidden }); } else { filterContext.HttpContext.Response.StatusCode = userId == 0 ? (int)System.Net.HttpStatusCode.Unauthorized : (int)System.Net.HttpStatusCode.Forbidden; } } catch (Exception) { if (IsAjaxRequest()) { filterContext.Result = new JsonResult(new { HttpStatusCode.InternalServerError }); } else { filterContext.HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError; } } finally { if (_grantPriority == GrantPriority.Override) { if (filterContext.HttpContext.Session.TryGetValue(_isAuthenticationChecked, out var buffer)) { var converted = bool.Parse(Encoding.UTF8.GetString(buffer)); if (converted) { } else { var trueString = bool.TrueString; var bytes = Encoding.UTF8.GetBytes(trueString); filterContext.HttpContext.Session.Set(_isAuthenticationChecked, bytes); } } else { var trueString = bool.TrueString; var bytes = Encoding.UTF8.GetBytes(trueString); filterContext.HttpContext.Session.Set(_isAuthenticationChecked, bytes); } } } }
public bool CheckUserSession(AuthenticationSessionViewModel authenticationSession) { return(authenticationSession != null); }
public void Update(HttpContext context, AuthenticationSessionViewModel sessionViewModel) { Remove(context); Set(context, sessionViewModel); }