public void Config()
{
CarrotSecurityConfig config = CarrotSecurityConfig.GetConfig();
// Configure validation logic for usernames
this.UserValidator = new UserValidator <ApplicationUser>(this)
{
AllowOnlyAlphanumericUserNames = config.UserValidator.AllowOnlyAlphanumericUserNames,
RequireUniqueEmail = config.UserValidator.RequireUniqueEmail
};
// Configure validation logic for passwords
this.PasswordValidator = new PasswordValidator {
RequiredLength = config.PasswordValidator.RequiredLength,
RequireNonLetterOrDigit = config.PasswordValidator.RequireNonLetterOrDigit,
RequireDigit = config.PasswordValidator.RequireDigit,
RequireLowercase = config.PasswordValidator.RequireLowercase,
RequireUppercase = config.PasswordValidator.RequireUppercase,
};
// Configure user lockout defaults
this.UserLockoutEnabledByDefault = config.AdditionalSettings.UserLockoutEnabledByDefault;
this.MaxFailedAccessAttemptsBeforeLockout = config.AdditionalSettings.MaxFailedAccessAttemptsBeforeLockout;
this.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(config.AdditionalSettings.DefaultAccountLockoutTimeSpan);
// Register two factor authentication providers. This application uses Phone and Emails as a step of receiving a code for verifying the user
// You can write your own provider and plug it in here.
this.RegisterTwoFactorProvider("Phone Code", new PhoneNumberTokenProvider <ApplicationUser> {
MessageFormat = "Your security code is {0}"
});
this.RegisterTwoFactorProvider("Email Code", new EmailTokenProvider <ApplicationUser> {
Subject = "Security Code",
BodyFormat = "Your security code is {0}"
});
this.EmailService = new EmailService();
this.SmsService = new SmsService();
var provider = new DpapiDataProtectionProvider(config.AdditionalSettings.DataProtectionProviderAppName);
if (provider != null)
{
this.UserTokenProvider = new DataProtectorTokenProvider <ApplicationUser>(provider.Create("UserToken"))
{
TokenLifespan = TimeSpan.FromDays(7)
};
}
}
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(SecurityDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
app.CreatePerOwinContext <ApplicationRoleManager>(ApplicationRoleManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
CarrotSecurityConfig config = CarrotSecurityConfig.GetConfig();
string loginPath = config.AdditionalSettings.LoginPath;
int expireTimeSpan = config.AdditionalSettings.ExpireTimeSpan;
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString(loginPath),
Provider = new CookieAuthenticationProvider {
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(expireTimeSpan)
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(SecurityDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
app.CreatePerOwinContext <ApplicationRoleManager>(ApplicationRoleManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
CarrotSecurityConfig config = CarrotSecurityConfig.GetConfig();
bool setCookieExpireTimeSpan = config.AdditionalSettings.SetCookieExpireTimeSpan;
string loginPath = config.AdditionalSettings.LoginPath;
double expireTimeSpan = config.AdditionalSettings.ExpireTimeSpan;
double validateInterval = config.AdditionalSettings.ValidateInterval;
if (expireTimeSpan < 5)
{
expireTimeSpan = 5;
}
if (validateInterval < 5)
{
validateInterval = 5;
}
//because otherwise you'll get constantly logged out
if (expireTimeSpan < validateInterval)
{
expireTimeSpan = validateInterval + 1;
}
double cookieLife = (setCookieExpireTimeSpan ? expireTimeSpan : validateInterval) + 2;
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString(loginPath),
Provider = new CookieAuthenticationProvider {
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(validateInterval),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
OnResponseSignIn = (context) => {
context.Properties.IsPersistent = true;
context.Properties.AllowRefresh = true;
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(cookieLife);
}
},
CookieHttpOnly = true,
ExpireTimeSpan = TimeSpan.FromMinutes(expireTimeSpan),
SlidingExpiration = true
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
