public async Task <IActionResult> Auth([FromForm(Name = "AuthCode")] string code)
{
int delaySeconds = 5 * this.securityService.AdminLoginFailedAttempts;
await Task.Delay(delaySeconds * 1000);
if (!string.IsNullOrEmpty(code) && code == Authenticator.GeneratePin(this.configuration["AdminLoginAuthenticator:SecretKey"]))
{
string[] cookieValues = CookiesFunctions.GenerateAdminLoginCookieValues(
configuration["AdminLoginAuthenticator:CookieFormat"],
new string[] { this.HttpContext.Request.Headers["User-Agent"], DateTime.Now.Year.ToString() },
configuration["AdminLoginAuthenticator:SecretIndexes"]);
CookieOptions options = new CookieOptions();
options.Expires = DateTime.Now.AddHours(2);
options.HttpOnly = true;
options.IsEssential = true;
options.Secure = true;
Response.Cookies.Append(cookieValues[0], cookieValues[1], options);
return(RedirectToAction("Login", "AdminAccount", new { Area = "Admin" }));
}
this.securityService.IncrementAdminLoginFailedAttempts();
return(NotFound());
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var configuration = (IConfiguration)context.HttpContext.RequestServices.GetService(typeof(IConfiguration));
var hostingEnvornment = (IHostingEnvironment)context.HttpContext.RequestServices.GetService(typeof(IHostingEnvironment));
string[] cookieValues = CookiesFunctions.GenerateAdminLoginCookieValues(
configuration["AdminLoginAuthenticator:CookieFormat"],
new string[] { context.HttpContext.Request.Headers["User-Agent"], DateTime.Now.Year.ToString() },
configuration["AdminLoginAuthenticator:SecretIndexes"]);
if (!hostingEnvornment.IsDevelopment() || Convert.ToBoolean(configuration["AdminLoginAuthenticator:ShowForTestPurposes"]))
{
if (!(context.HttpContext.Request.Cookies.ContainsKey(cookieValues[0]) || context.HttpContext.Request.Cookies[cookieValues[0]] == cookieValues[1]))
{
context.Result = new NotFoundResult();
return;
}
}
base.OnActionExecuting(context);
}
