public ActionResult Login(string username, string password) { bool validLogin = StoredProcs.Authors_ValidateLogin(username, password).Execute().Value; if (validLogin) { var author = AuthorModel.GetAuthorBySlug(username); var principal = new AuthorPrincipal(author); var userData = JsonConvert.SerializeObject(principal.ToSerializableModel()); var expiresDate = DateTime.Now.AddMinutes(30); var authTicket = new FormsAuthenticationTicket(1, author.Slug, DateTime.Now, expiresDate, false, userData); string encTicket = FormsAuthentication.Encrypt(authTicket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket) { HttpOnly = true, Expires = expiresDate, Path = FormsAuthentication.FormsCookiePath }; this.Response.Cookies.Add(cookie); var cookieIsAdmin = new HttpCookie("IS_ADMIN", "1") { HttpOnly = false, Expires = expiresDate, Path = FormsAuthentication.FormsCookiePath }; this.Response.Cookies.Add(cookieIsAdmin); return(new RedirectResult(FormsAuthentication.GetRedirectUrl(author.Slug, false))); } return(View()); }
public ActionResult Login(string username, string password) { bool validLogin = DB.Authors_ValidateLogin(username, password).Value; if (validLogin) { var author = AuthorModel.GetAuthorBySlug(username); var principal = new AuthorPrincipal(author); var userData = JsonConvert.SerializeObject(principal.ToSerializableModel()); var issued = DateTime.Now; var expiresDate = issued.AddMinutes(30); var authTicket = new FormsAuthenticationTicket(1, author.Slug, issued, expiresDate, false, userData); string encTicket = FormsAuthentication.Encrypt(authTicket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket) { HttpOnly = true, Expires = expiresDate, Path = FormsAuthentication.FormsCookiePath }; this.Response.Cookies.Add(cookie); var expiresLong = issued.AddYears(2); var cookieIsAdmin = new HttpCookie("IS_ADMIN", "1") { HttpOnly = false, Expires = expiresLong, Path = FormsAuthentication.FormsCookiePath }; this.Response.Cookies.Add(cookieIsAdmin); var ticket = new FormsAuthenticationTicket(1, author.Name, issued, expiresLong, true, "author:" + author.Slug); this.Response.SetCookie(new HttpCookie("tdwtf_token", FormsAuthentication.Encrypt(ticket)) { HttpOnly = true, Expires = expiresLong, Path = FormsAuthentication.FormsCookiePath }); this.Response.SetCookie(new HttpCookie("tdwtf_token_name", author.Name) { HttpOnly = false, Expires = expiresLong, Path = FormsAuthentication.FormsCookiePath }); return(new RedirectResult(FormsAuthentication.GetRedirectUrl(author.Slug, false))); } return(View()); }