public virtual Task <UserModel> Login(UserModel loginModel) { if (loginModel == null || string.IsNullOrEmpty(loginModel.UserName) || string.IsNullOrEmpty(loginModel.Password)) { return(Task.FromResult <UserModel>(null)); } var accessLogModel = new { Ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString(), Username = loginModel.UserName, Password = loginModel.Password }; _accessLogger.Info($"{Newtonsoft.Json.JsonConvert.SerializeObject(accessLogModel)}"); if (!_userDAO.ValidatePassword(loginModel.UserName, loginModel.Password)) { return(Task.FromResult <UserModel>(null)); } UserDBModel userModel = _userDAO.GetUser(loginModel.UserName); Random random = new Random(); var byteArray = new byte[256]; random.NextBytes(byteArray); string cookie = Sha256HashUtils.ComputeSha256Hash(byteArray); string inrole = userModel.Role > 0 ? "1" : "0"; if (userModel.Role > 50) { inrole = "100"; } string allCookie = $"{EncoderUtils.Base64Encode(loginModel.UserName)}-{cookie}-{inrole}"; if (!_userDAO.SaveSession(cookie, DateTime.UtcNow.AddDays(1))) { return(Task.FromResult <UserModel>(null)); } loginModel.Password = null; loginModel.Cookie = allCookie; loginModel.Status = "ok"; _httpContextAccessor.HttpContext.Response.Cookies.Append(AUTH_COOKIE, loginModel.Cookie, new CookieOptions { Expires = DateTime.Now.AddDays(3), HttpOnly = false }); return(Task.FromResult(loginModel)); }
public override string CreateCookie(UserDBModel user, HttpContext context) { Random random = new Random(); var byteArray = new byte[256]; random.NextBytes(byteArray); string cookieHash = Sha256HashUtils.ComputeSha256Hash(byteArray); string inrole = user.Role.ToString(); if (user.Role > ADMIN_ROLE) { inrole = ADMIN_ROLE_COOKIE_VALUE; } IUserDAO userDAO = context.RequestServices.GetRequiredService <IUserDAO>(); bool saveSessionResult = userDAO.SaveSession(cookieHash, DateTime.UtcNow.Add(COOKIE_VALID_FOR)); if (!saveSessionResult) { return(null); } string allCookie = string.Format(COOKIE_FORMAT, EncoderUtils.Base64Encode(user.UserName), cookieHash, inrole); string encodedCookie = _protector.Protect(allCookie); CookieOptions cookieOptions = new CookieOptions { Expires = DateTime.UtcNow.AddDays(1) }; context.Response.Cookies.Append(COOKIE_KEY, encodedCookie, cookieOptions); return(encodedCookie); }