public static string EncryptCookie(int tenant, Guid userid, string login = null, string password = null)
{
var settingsTenant = TenantCookieSettings.GetForTenant(tenant);
var expires = settingsTenant.IsDefault() ? DateTime.UtcNow.AddYears(1) : DateTime.UtcNow.AddMinutes(settingsTenant.LifeTime);
var settingsUser = TenantCookieSettings.GetForUser(tenant, userid);
return(EncryptCookie(tenant, userid, login, password, settingsTenant.Index, expires, settingsUser.Index));
}
public static string EncryptCookie(int tenant, Guid userid)
{
var settingsTenant = TenantCookieSettings.GetForTenant(tenant);
var expires = TenantCookieSettings.GetExpiresTime(tenant);
var settingsUser = TenantCookieSettings.GetForUser(tenant, userid);
return(EncryptCookie(tenant, userid, settingsTenant.Index, expires, settingsUser.Index));
}
public static void ResetUserCookie()
{
var settings = TenantCookieSettings.GetForUser(SecurityContext.CurrentAccount.ID);
settings.Index = settings.Index + 1;
TenantCookieSettings.SetForUser(SecurityContext.CurrentAccount.ID, settings);
var cookie = SecurityContext.AuthenticateMe(SecurityContext.CurrentAccount.ID);
SetCookies(CookiesType.AuthKey, cookie);
}
public static void ResetUserCookie(Guid?userId = null)
{
var settings = TenantCookieSettings.GetForUser(userId ?? SecurityContext.CurrentAccount.ID);
settings.Index = settings.Index + 1;
TenantCookieSettings.SetForUser(userId ?? SecurityContext.CurrentAccount.ID, settings);
if (!userId.HasValue)
{
var cookie = SecurityContext.AuthenticateMe(SecurityContext.CurrentAccount.ID);
SetCookies(CookiesType.AuthKey, cookie);
}
}
public static void ResetUserCookie(Guid?userId = null)
{
var currentUserId = SecurityContext.CurrentAccount.ID;
var tenant = TenantProvider.CurrentTenantID;
var settings = TenantCookieSettings.GetForUser(userId ?? currentUserId);
settings.Index = settings.Index + 1;
TenantCookieSettings.SetForUser(userId ?? currentUserId, settings);
DbLoginEventsManager.LogOutAllActiveConnections(tenant, userId ?? currentUserId);
if (!userId.HasValue)
{
AuthenticateMeAndSetCookies(tenant, currentUserId, MessageAction.LoginSuccess);
}
}
public static bool AuthenticateMe(string cookie)
{
if (!string.IsNullOrEmpty(cookie))
{
int tenant;
Guid userid;
string login;
string password;
int indexTenant;
DateTime expire;
int indexUser;
if (cookie.Equals("Bearer", StringComparison.InvariantCulture))
{
var ipFrom = string.Empty;
var address = string.Empty;
if (HttpContext.Current != null)
{
var request = HttpContext.Current.Request;
ipFrom = "from " + (request.Headers["X-Forwarded-For"] ?? request.UserHostAddress);
address = "for " + request.GetUrlRewriter();
}
log.InfoFormat("Empty Bearer cookie: {0} {1}", ipFrom, address);
}
else if (CookieStorage.DecryptCookie(cookie, out tenant, out userid, out login, out password, out indexTenant, out expire, out indexUser))
{
if (tenant != CoreContext.TenantManager.GetCurrentTenant().TenantId)
{
return(false);
}
var settingsTenant = TenantCookieSettings.GetForTenant(tenant);
if (indexTenant != settingsTenant.Index)
{
return(false);
}
if (expire != DateTime.MaxValue && expire < DateTime.UtcNow)
{
return(false);
}
try
{
if (userid != Guid.Empty)
{
var settingsUser = TenantCookieSettings.GetForUser(userid);
if (indexUser != settingsUser.Index)
{
return(false);
}
AuthenticateMe(new UserAccount(new UserInfo {
ID = userid
}, tenant));
}
else
{
AuthenticateMe(login, password);
}
return(true);
}
catch (InvalidCredentialException ice)
{
log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}, login {4}, pass {5}",
ice.Message, cookie, tenant, userid, login, password);
}
catch (SecurityException se)
{
log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}, login {4}, pass {5}",
se.Message, cookie, tenant, userid, login, password);
}
catch (Exception err)
{
log.ErrorFormat("Authenticate error: cookie {0}, tenant {1}, userid {2}, login {3}, pass {4}: {5}",
cookie, tenant, userid, login, password, err);
}
}
else
{
var ipFrom = string.Empty;
var address = string.Empty;
if (HttpContext.Current != null)
{
var request = HttpContext.Current.Request;
address = "for " + request.GetUrlRewriter();
ipFrom = "from " + (request.Headers["X-Forwarded-For"] ?? request.UserHostAddress);
}
log.WarnFormat("Can not decrypt cookie: {0} {1} {2}", cookie, ipFrom, address);
}
}
return(false);
}
public static bool AuthenticateMe(string cookie)
{
if (!string.IsNullOrEmpty(cookie))
{
int tenant;
Guid userid;
string login;
string password;
int indexTenant;
DateTime expire;
int indexUser;
if (CookieStorage.DecryptCookie(cookie, out tenant, out userid, out login, out password, out indexTenant, out expire, out indexUser))
{
if (tenant != CoreContext.TenantManager.GetCurrentTenant().TenantId)
{
return(false);
}
var settingsTenant = TenantCookieSettings.GetForTenant(tenant);
if (!settingsTenant.IsDefault() && indexTenant != settingsTenant.Index)
{
return(false);
}
if (expire != DateTime.MaxValue && expire < DateTime.UtcNow)
{
return(false);
}
try
{
if (userid != Guid.Empty)
{
var settingsUser = TenantCookieSettings.GetForUser(userid);
if (!settingsUser.IsDefault() && indexUser != settingsUser.Index)
{
return(false);
}
AuthenticateMe(new UserAccount(new UserInfo {
ID = userid
}, tenant));
}
else
{
AuthenticateMe(login, password);
}
return(true);
}
catch (InvalidCredentialException ice)
{
log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}, login {4}, pass {5}",
ice.Message, cookie, tenant, userid, login, password);
}
catch (SecurityException se)
{
log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}, login {4}, pass {5}",
se.Message, cookie, tenant, userid, login, password);
}
catch (Exception err)
{
log.ErrorFormat("Authenticate error: cookie {0}, tenant {1}, userid {2}, login {3}, pass {4}: {5}",
cookie, tenant, userid, login, password, err);
}
}
else
{
log.WarnFormat("Can not decrypt cookie: {0}", cookie);
}
}
return(false);
}