public override void OnResultExecuting(ResultExecutingContext filterContext) { base.OnResultExecuting(filterContext); var controller = filterContext.Controller as RestrictedControllerBase; if (controller != null && controller.SecurityToken != null) { var auth = TokenSerializer.GetCookieFromToken(RegenerateToken(controller.SecurityToken)); if (filterContext.HttpContext.Request.IsLocal) //local development overrides { controller.Logger.Info("Local development - not using a secure cookie"); auth.Domain = "localhost"; auth.Secure = false; } filterContext.HttpContext.Response.Cookies.Add(auth); } }
//TODO: log failures public void OnAuthorization(AuthorizationContext filterContext) { bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true); if (!skipAuthorization) { var authCookie = filterContext.HttpContext.Request.Cookies["auth"]; if (authCookie == null) { RedirectToLogin(filterContext, "No auth cookie in request"); return; } var token = TokenSerializer.GetTokenFromCookie(authCookie); token.IpAddress = filterContext.HttpContext.Request.UserHostAddress; if (TokenHasher.IsExpired(token)) { RedirectToLogin(filterContext, "Token is expired"); return; } if (!TokenHasher.IsValid(token)) { RedirectToLogin(filterContext, string.Format("Token is invalid for {0}|{1}|{2} from {3}", token.UserId, token.RoleName, token.LocationId, token.IpAddress)); return; } if (!Roles.Split(',').Contains(token.RoleName)) { RedirectToLogin(filterContext, string.Format("{0} is an invalid role", token.RoleName)); return; } var controller = filterContext.Controller as RestrictedControllerBase; if (controller != null) { controller.SecurityToken = token; controller.Logger.DebugFormat("Authentication passed for {0} from {1}", token.UserId, token.IpAddress); } } }