protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { AuthenticationHeaderValue authValue = request.Headers.Authorization; if (authValue != null && !String.IsNullOrWhiteSpace(authValue.Parameter)) { Credentials parsedCredentials = ParseAuthorizationHeader(authValue.Parameter); if (parsedCredentials != null) { var id = new BjaIdentity(parsedCredentials.Username, null);//TODO: look up more info on user var user = new CustomPrincipal(id); System.Web.HttpContext.Current.User = user; Thread.CurrentPrincipal = user; } } return base.SendAsync(request, cancellationToken) .ContinueWith(task => { var response = task.Result; if (response.StatusCode == HttpStatusCode.Unauthorized && !response.Headers.Contains(BasicAuthResponseHeader)) { response.Headers.Add(BasicAuthResponseHeader , BasicAuthResponseHeaderValue); } return response; }); }
void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { var authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null && !string.IsNullOrEmpty(authCookie.Value)) { var authTicket = FormsAuthentication.Decrypt(authCookie.Value); if (authTicket == null || authTicket.Expired) return; var id = new BjaIdentity(authTicket.Name, authTicket.UserData); var user = new CustomPrincipal(id); Context.User = user; Thread.CurrentPrincipal = user; HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(CookieName); if (cookie == null) { cookie = new HttpCookie(CookieName); cookie.Value = "yes"; cookie.Expires = DateTime.Now.AddDays(1d); Response.Cookies.Add(cookie); } else if (!id.IsAuthenticated) { Response.Cookies.Remove(CookieName); FormsAuthentication.SignOut(); } } }