public AllowCrossOriginFilter(
ICacheManager cacheManager,
ISignals signals,
ISiteService siteService,
ISslSettingsProvider sslSettingsProvider)
{
_cacheManager = cacheManager;
_signals = signals;
_siteService = siteService;
_sslSettingsProvider = sslSettingsProvider;
var settings = _cacheManager.Get(AllowCrossOriginSettingsPart.SettingsCacheKey, true, context => {
context.Monitor(_signals.When(AllowCrossOriginSettingsPart.SettingsCacheKey));
var part = _siteService.GetSiteSettings().As <AllowCrossOriginSettingsPart>();
return(part);
});
if (settings != null)
{
RemoveXFrameHeaderFrontEnd = settings.RemoveXFrameHeaderFrontEnd;
RemoveXFrameHeaderBackEnd = settings.RemoveXFrameHeaderBackEnd;
SameSiteModeSetting = settings.CookieSameSiteMode;
}
RequireSSL = new Lazy <bool>(() => _sslSettingsProvider.GetRequiresSSL());
}
private HttpCookie CreateCookieFromTicket(FormsAuthenticationTicket ticket)
{
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true,
Secure = _sslSettingsProvider.GetRequiresSSL(),
Path = FormsAuthentication.FormsCookiePath
};
var httpContext = _httpContextAccessor.Current();
if (!String.IsNullOrEmpty(_settings.RequestUrlPrefix))
{
cookie.Path = GetCookiePath(httpContext);
}
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
return(cookie);
}
public void SignIn(IUser user, bool createPersistentCookie)
{
var now = _clock.UtcNow.ToLocalTime();
// The cookie user data is "{userName.Base64};{tenant}".
// The username is encoded to Base64 to prevent collisions with the ';' seprarator.
var userData = String.Concat(user.UserName.ToBase64(), ";", _settings.Name);
var ticket = new FormsAuthenticationTicket(
_cookieVersion,
user.UserName,
now,
now.Add(ExpirationTimeSpan),
createPersistentCookie,
userData,
FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true,
Secure = _sslSettingsProvider.GetRequiresSSL(),
Path = FormsAuthentication.FormsCookiePath
};
var httpContext = _httpContextAccessor.Current();
if (!String.IsNullOrEmpty(_settings.RequestUrlPrefix))
{
cookie.Path = GetCookiePath(httpContext);
}
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
if (createPersistentCookie)
{
cookie.Expires = ticket.Expiration;
}
httpContext.Response.Cookies.Add(cookie);
_isAuthenticated = true;
_isNonTomeltUser = false;
_signedInUser = user;
}
public void SignIn(IUser user, bool createPersistentCookie)
{
var now = _clock.UtcNow.ToLocalTime();
// the cookie user data is {userId};{tenant}
var userData = String.Concat(Convert.ToString(user.Id), ";", _settings.Name);
var ticket = new FormsAuthenticationTicket(
1 /*version*/,
user.UserName,
now,
now.Add(ExpirationTimeSpan),
createPersistentCookie,
userData,
FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true,
Secure = _sslSettingsProvider.GetRequiresSSL(),
Path = FormsAuthentication.FormsCookiePath
};
var httpContext = _httpContextAccessor.Current();
if (!String.IsNullOrEmpty(_settings.RequestUrlPrefix))
{
cookie.Path = GetCookiePath(httpContext);
}
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
if (createPersistentCookie)
{
cookie.Expires = ticket.Expiration;
}
httpContext.Response.Cookies.Add(cookie);
_isAuthenticated = true;
_signedInUser = user;
}
