The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

UserCheckModule.cs 4.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Web;
  5. using System.Web.Mvc;
  6. using System.Web.Security;
  7. using Teknik.Areas.Error.Controllers;
  8. using Teknik.Areas.Users.Utility;
  9. using Teknik.Models;
  10. using Teknik.Security;
  11. using Teknik.Utilities;
  12. namespace Teknik.Modules
  13. {
  14. public class UserCheckModule : IHttpModule
  15. {
  16. public void Dispose()
  17. {
  18. }
  19. public void Init(HttpApplication context)
  20. {
  21. context.PostAuthenticateRequest += OnPostAuthenticateRequestHandlerExecute;
  22. }
  23. private void OnPostAuthenticateRequestHandlerExecute(object sender, EventArgs e)
  24. {
  25. HttpContext context = HttpContext.Current;
  26. string username = string.Empty;
  27. bool hasAuthToken = false;
  28. if (context.Request != null)
  29. {
  30. if (context.Request.Headers.HasKeys())
  31. {
  32. string auth = context.Request.Headers["Authorization"];
  33. if (!string.IsNullOrEmpty(auth))
  34. {
  35. string[] parts = auth.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
  36. string type = string.Empty;
  37. string value = string.Empty;
  38. if (parts.Length > 0)
  39. {
  40. type = parts[0].ToLower();
  41. }
  42. if (parts.Length > 1)
  43. {
  44. value = parts[1];
  45. }
  46. using (TeknikEntities entities = new TeknikEntities())
  47. {
  48. // Get the user information based on the auth type
  49. switch (type)
  50. {
  51. case "basic":
  52. KeyValuePair<string, string> authCreds = StringHelper.ParseBasicAuthHeader(value);
  53. bool tokenValid = UserHelper.UserTokenCorrect(entities, authCreds.Key, authCreds.Value);
  54. if (tokenValid)
  55. {
  56. // it's valid, so let's update it's Last Used date
  57. UserHelper.UpdateTokenLastUsed(entities, authCreds.Key, authCreds.Value, DateTime.Now);
  58. // Set the username
  59. username = authCreds.Key;
  60. }
  61. break;
  62. default:
  63. break;
  64. }
  65. }
  66. }
  67. }
  68. }
  69. // Check if they have a Forms Auth cookie
  70. if (FormsAuthentication.CookiesSupported == true && !hasAuthToken)
  71. {
  72. if (context.Request.Cookies[FormsAuthentication.FormsCookieName] != null)
  73. {
  74. //let us take out the username now
  75. username = FormsAuthentication.Decrypt(context.Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
  76. }
  77. }
  78. context.User = new TeknikPrincipal(username);
  79. // Check to see if we need to logout this user
  80. if (context.User != null && context.User.Identity.IsAuthenticated)
  81. {
  82. TeknikPrincipal user = (context.User as TeknikPrincipal);
  83. // Is the user banned?
  84. if (user?.Info.AccountStatus == AccountStatus.Banned)
  85. {
  86. // Get cookie
  87. HttpCookie authCookie = UserHelper.CreateAuthCookie(user.Identity.Name, false, context.Request.Url.Host.GetDomain(), context.Request.IsLocal);
  88. // Signout
  89. FormsAuthentication.SignOut();
  90. context.Session?.Abandon();
  91. // Destroy Cookies
  92. authCookie.Expires = DateTime.Now.AddYears(-1);
  93. context.Response.Cookies.Add(authCookie);
  94. // Reset the context user
  95. context.User = new TeknikPrincipal(string.Empty);
  96. }
  97. }
  98. }
  99. }
  100. }