protected void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
HttpRequest request = args.Context.Request;
HttpResponse response = args.Context.Response;
HttpCookie authenticationCookie = request.Cookies[FormsAuthentication.FormsCookieName];
// Anybody logged in?
if (authenticationCookie != null)
{
// Check that the user has a valid account and if so update their last login time.
FormsAuthenticationTicket ticket = null;
try
{
ticket = FormsAuthentication.Decrypt(authenticationCookie.Value);
}
catch (Exception ex)
{
ticket = null;
}
// Does the cookie contain a valid cookie?
if (ticket != null)
{
// Are we dealing with an old cookie, the expiry of which is not the same as the timeout period in the settings?
// If so, update the cookie with the new settings
if ((ticket.Expiration - ticket.IssueDate) != FormsAuthentication.Timeout)
{
// Create new cookie with new settings
HttpCookie newCookie = FormsAuthentication.GetAuthCookie(ticket.Name, ticket.IsPersistent);
// Copy over the current user data
FormsAuthenticationTicket newTicket = FormsAuthentication.Decrypt(newCookie.Value);
newTicket = new FormsAuthenticationTicket(newTicket.Version, newTicket.Name, newTicket.IssueDate, newTicket.Expiration, newTicket.IsPersistent, ticket.UserData);
// Update the cookie and add it to request
newCookie.Value = FormsAuthentication.Encrypt(newTicket);
response.Cookies.Add(newCookie);
}
// Check the user's state every day
DateTime now = DateTime.UtcNow.AddMinutes(10); // 10 minutes error buffer
if (ticket.Expired || (ticket.Expiration.ToUniversalTime() - now) <= (now - ticket.IssueDate.ToUniversalTime()))
{
WebSite.Models.User user = WebSite.Helpers.Authentication.Authentication.GetCurrentUser();
if (user != null)
{
// Update the user's last login time
IDatabaseContext database = System.Web.Mvc.DependencyResolver.Current.GetService <DatabaseContext>();
if (database != null)
{
user.LastLoginDate = DateTime.UtcNow;
database.SaveChanges();
}
}
}
}
}
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
// Skip check for validity of the user if the controller or action has an Authorize attribute on it
if (filterContext.ActionDescriptor.IsDefined(typeof(AuthorizeAttribute), inherit: true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AuthorizeAttribute), inherit: true))
{
// If the specific action is being marked as anonymous, then we still want to perform our validation, because marking the action as
// anonymous might prevent the authorization logic to check the user's account validity
if (!filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true))
{
return;
}
}
// For all authenticated requests, ensure the user has valid status
if (Request.IsAuthenticated)
{
// Get current user
WebSite.Models.User currentUser = Authentication.GetCurrentUserEagerlyLoaded();
if (currentUser != null)
{
if (!currentUser.HasValidStatus(allowExpiredTrials: false, allowSuspendedPayments: false))
{
// The user has invalid status, forward them to the members page so that they can resolve the issue.
filterContext.Result = this.RedirectToAction("Index", "Members");
}
}
}
}
