protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
var identity = new UserIdentity(UserAccountHelper.GetUser(ticket.Name));
var principal = new UserPrincipal(identity);
HttpContext.Current.User = principal;
}
}
public bool Authenticate(string userName, string password)
{
UserInfo user = GetUserInfo(userName);
// Check if the provided user is found in the database. If not tell the user that the user account provided
// does not exist in the database.
try
{
user = GetUserInfo(userName);
if (null == user)
//throw new ApplicationException("The requested user could not be found.");
throw new userNotFoundException();
}
catch (Exception ex)
{
//throw new ApplicationException("The requested user could not be found.", ex);
throw new userNotFoundException("", ex);
}
// If the user account is disabled then we dont need to allow login instead we need to throw an exception
// stating that the account is disabled.
if (user.Disabled == true)
throw new disabledUserException();
//throw new ApplicationException("The user account is currently disabled. Please contact your administrator.");
// Check if the passwords match
if (user.Password == HashPassword(password))
{
//Add the current Identity and Principal to the current thread.
var identity = new UserIdentity(user);
var principal = new UserPrincipal(identity);
Thread.CurrentPrincipal = principal;
return true;
}
else
{
//throw new ApplicationException("The supplied user name and password do not match.");
throw new unmatchingUsernameAndPasswordException();
}
return false;
}