private async Task Authenticae(IOwinContext context)
        {
            var cookie = context.Request.Cookies[Configuration.CookieName];

            if (cookie == null)
            {
                return;
            }

            var protector = new CookieProtector(Configuration);

            try
            {
                byte[] data;
                if (!protector.Validate(cookie, out data))
                {
                    return;
                }

                var authenticationCookie = AuthenticationCookie.Deserialize(data);
                if (authenticationCookie.IsExpired(Configuration.Timeout))
                {
                    return;
                }

                var principal = authenticationCookie.GetPrincipal();

                var identity = principal.Identity as CookieIdentity;
                if (identity == null)
                {
                    return;
                }

                var user = await GetUser(context, identity.Name);

                if (user != null && user.AuthenticationToken == identity.AuthenticationToken)
                {
                    context.Request.User = ApplicationPrincipal <TUser> .Create(user);

                    RenewCookieIfExpiring(context.Response, protector, authenticationCookie);
                }
            }
            catch
            {
                // do not leak any information if an exception was thrown; simply don't set the IPrincipal.
            }
            finally
            {
                protector.Dispose();
            }
        }
Exemplo n.º 2
0
        public bool Authenticate()
        {
            var cookie = httpContext.Request.Cookies[Configuration.CookieName];

            if (cookie != null)
            {
                var protector = new CookieProtector(Configuration);
                try
                {
                    byte[] data;
                    if (protector.Validate(cookie.Value, out data))
                    {
                        var authenticationCookie = AuthenticationCookie.Deserialize(data);
                        if (authenticationCookie.IsExpired(Configuration.Timeout))
                        {
                            return(false);
                        }

                        var principal = authenticationCookie.GetPrincipal();

                        var identity = principal.Identity as CookieIdentity;
                        if (identity == null)
                        {
                            return(false);
                        }

                        var user = GetUser(httpContext, identity.Name);
                        if (user != null && user.AuthenticationToken == identity.AuthenticationToken)
                        {
                            httpContext.User = ApplicationPrincipal <TUser> .Create(user);

                            RenewCookieIfExpiring(httpContext, protector, authenticationCookie);
                        }
                    }

                    return(true);
                }
                catch
                {
                    // do not leak any information if an exception was thrown; simply don't set the context.LumenUser property.
                }
                finally
                {
                    protector.Dispose();
                }
            }

            return(false);
        }