protected void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args) { HttpRequest request = args.Context.Request; HttpResponse response = args.Context.Response; HttpCookie authenticationCookie = request.Cookies[FormsAuthentication.FormsCookieName]; // Anybody logged in? if (authenticationCookie != null) { // Check that the user has a valid account and if so update their last login time. FormsAuthenticationTicket ticket = null; try { ticket = FormsAuthentication.Decrypt(authenticationCookie.Value); } catch (Exception ex) { ticket = null; } // Does the cookie contain a valid cookie? if (ticket != null) { // Are we dealing with an old cookie, the expiry of which is not the same as the timeout period in the settings? // If so, update the cookie with the new settings if ((ticket.Expiration - ticket.IssueDate) != FormsAuthentication.Timeout) { // Create new cookie with new settings HttpCookie newCookie = FormsAuthentication.GetAuthCookie(ticket.Name, ticket.IsPersistent); // Copy over the current user data FormsAuthenticationTicket newTicket = FormsAuthentication.Decrypt(newCookie.Value); newTicket = new FormsAuthenticationTicket(newTicket.Version, newTicket.Name, newTicket.IssueDate, newTicket.Expiration, newTicket.IsPersistent, ticket.UserData); // Update the cookie and add it to request newCookie.Value = FormsAuthentication.Encrypt(newTicket); response.Cookies.Add(newCookie); } // Check the user's state every day DateTime now = DateTime.UtcNow.AddMinutes(10); // 10 minutes error buffer if (ticket.Expired || (ticket.Expiration.ToUniversalTime() - now) <= (now - ticket.IssueDate.ToUniversalTime())) { WebSite.Models.User user = WebSite.Helpers.Authentication.Authentication.GetCurrentUser(); if (user != null) { // Update the user's last login time IDatabaseContext database = System.Web.Mvc.DependencyResolver.Current.GetService <DatabaseContext>(); if (database != null) { user.LastLoginDate = DateTime.UtcNow; database.SaveChanges(); } } } } } }
protected override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); // Skip check for validity of the user if the controller or action has an Authorize attribute on it if (filterContext.ActionDescriptor.IsDefined(typeof(AuthorizeAttribute), inherit: true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AuthorizeAttribute), inherit: true)) { // If the specific action is being marked as anonymous, then we still want to perform our validation, because marking the action as // anonymous might prevent the authorization logic to check the user's account validity if (!filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true)) { return; } } // For all authenticated requests, ensure the user has valid status if (Request.IsAuthenticated) { // Get current user WebSite.Models.User currentUser = Authentication.GetCurrentUserEagerlyLoaded(); if (currentUser != null) { if (!currentUser.HasValidStatus(allowExpiredTrials: false, allowSuspendedPayments: false)) { // The user has invalid status, forward them to the members page so that they can resolve the issue. filterContext.Result = this.RedirectToAction("Index", "Members"); } } } }