public Task Invoke(IDictionary <string, object> environment)
{
var context = new LoginContext(environment, _formsAuthenticationProvider);
if (LoginContext.GetIsLoginRequest(environment))
{
return(context.ProcessLogin());
}
return(_next(environment));
}
public void Configuration(IAppBuilder builder)
{
var rootDirectory = Environment.CurrentDirectory;
var loginDirectory = Path.Combine(rootDirectory, "login");
var fs = new PhysicalFileSystem(rootDirectory);
var loginFs = new PhysicalFileSystem(loginDirectory);
var dfo = new DefaultFilesOptions();
dfo.DefaultFileNames.Add("index.html");
dfo.FileSystem = fs;
var sfo = new StaticFileOptions
{
FileSystem = fs
};
var loginSfo = new StaticFileOptions
{
FileSystem = loginFs
};
builder.SetDataProtectionProvider(new DpapiDataProtectionProvider());
var formsAuthenticationProvider = new FormsAuthenticationProvider();
formsAuthenticationProvider.OnValidateLogin = context =>
{
Console.WriteLine("Validating Login");
Console.WriteLine("================");
Console.WriteLine(" Context.AuthType: " + context.AuthenticationType);
Console.WriteLine(" Context.Identity: " + (context.Identity != null ? context.Identity.Name : "Not set"));
Console.WriteLine(" Context.Environment:");
var response = new OwinResponse(context.Environment);
if (LoginContext.GetIsLoginRequest(context.Environment))
{
// Need to retrieve username and password from environment b/c it doesn't
// come through in the context (even though the context constructor accepts them)
var username = context.Environment["formsauthn.username"].ToString();
var password = context.Environment["formsauthn.password"].ToString();
var remember = bool.Parse(context.Environment["formsauthn.remember"].ToString());
Console.WriteLine(" Request.Username: "******" Request.Password: "******" Request.Remember: " + remember);
if (username == password)
{
var identity = new ClaimsIdentity(
new GenericIdentity(username, context.AuthenticationType),
new[]
{
new Claim(ClaimTypes.IsPersistent, remember.ToString())
}
);
// I assumed that this would take care of populating the cookie for me... but not so much.
context.Signin(identity);
var msg = "Access granted.";
Console.WriteLine(msg);
var msgBytes = Encoding.UTF8.GetBytes(msg);
return(response.Body.WriteAsync(msgBytes, 0, msgBytes.Length));
}
else
{
var msg = "Access denied. Try with username=password";
Console.WriteLine(msg);
var msgBytes = Encoding.UTF8.GetBytes(msg);
return(response.Body.WriteAsync(msgBytes, 0, msgBytes.Length));
}
}
else
{
foreach (var item in context.Environment)
{
Console.WriteLine(" {0}={1}",
item.Key,
item.Value != null
? (item.Value is string?(string)item.Value: item.Value.GetType().FullName)
: "Not set"
);
}
}
return(response.Body.WriteAsync(new byte[] { }, 0, 0));
};
builder.UseFormsAuthentication(
new FormsAuthenticationOptions
{
CookieHttpOnly = true,
CookieName = "AuthCookie",
CookiePath = "/",
CookieSecure = false,
LoginPath = "/login/",
ExpireTimeSpan = TimeSpan.FromHours(1),
ReturnUrlParameter = "returnUrl",
SlidingExpiration = true,
Provider = formsAuthenticationProvider
}
);
builder.UseApplicationSignInCookie();
builder.UseDefaultFiles(dfo);
builder.UseErrorPage();
builder.MapPath("/login", loginBuilder => loginBuilder.UseProcessLoginPostback(formsAuthenticationProvider).UseStaticFiles(loginSfo));
builder.UseDenyAnonymous().UseStaticFiles(sfo);
}