The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

UserAuthModule.cs 4.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Web;
  5. using System.Web.Mvc;
  6. using System.Web.Security;
  7. using Teknik.Areas.Error.Controllers;
  8. using Teknik.Areas.Users.Utility;
  9. using Teknik.Models;
  10. using Teknik.Security;
  11. using Teknik.Utilities;
  12. namespace Teknik.Modules
  13. {
  14. public class UserAuthModule : IHttpModule
  15. {
  16. public void Dispose()
  17. {
  18. }
  19. public void Init(HttpApplication context)
  20. {
  21. context.PostAuthenticateRequest += OnPostAuthenticateRequestHandlerExecute;
  22. }
  23. private void OnPostAuthenticateRequestHandlerExecute(object sender, EventArgs e)
  24. {
  25. HttpContext context = HttpContext.Current;
  26. string username = string.Empty;
  27. bool hasAuthToken = false;
  28. if (context.Request.Headers.HasKeys())
  29. {
  30. string auth = context.Request.Headers["Authorization"];
  31. if (!string.IsNullOrEmpty(auth))
  32. {
  33. string[] parts = auth.Split(new char[] {' '}, StringSplitOptions.RemoveEmptyEntries);
  34. string type = string.Empty;
  35. string value = string.Empty;
  36. if (parts.Length > 0)
  37. {
  38. type = parts[0].ToLower();
  39. }
  40. if (parts.Length > 1)
  41. {
  42. value = parts[1];
  43. }
  44. using (TeknikEntities entities = new TeknikEntities())
  45. {
  46. // Get the user information based on the auth type
  47. switch (type)
  48. {
  49. case "basic":
  50. KeyValuePair<string, string> authCreds = StringHelper.ParseBasicAuthHeader(value);
  51. bool tokenValid = UserHelper.UserTokenCorrect(entities, authCreds.Key, authCreds.Value);
  52. if (tokenValid)
  53. {
  54. // it's valid, so let's update it's Last Used date
  55. UserHelper.UpdateTokenLastUsed(entities, authCreds.Key, authCreds.Value, DateTime.Now);
  56. // Set the username
  57. username = authCreds.Key;
  58. }
  59. break;
  60. default:
  61. break;
  62. }
  63. }
  64. }
  65. }
  66. // Check if they have a Forms Auth cookie
  67. if (FormsAuthentication.CookiesSupported == true && !hasAuthToken)
  68. {
  69. if (context.Request.Cookies[FormsAuthentication.FormsCookieName] != null)
  70. {
  71. //let us take out the username now
  72. username = FormsAuthentication.Decrypt(context.Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
  73. }
  74. }
  75. context.User = new TeknikPrincipal(username);
  76. // Check to see if we need to logout this user
  77. if (context.User != null && context.User.Identity.IsAuthenticated)
  78. {
  79. TeknikPrincipal user = (context.User as TeknikPrincipal);
  80. // Is the user banned?
  81. if (user?.Info.AccountStatus == AccountStatus.Banned)
  82. {
  83. // Get cookie
  84. HttpCookie authCookie = UserHelper.CreateAuthCookie(user.Identity.Name, false, context.Request.Url.Host.GetDomain(), context.Request.IsLocal);
  85. // Signout
  86. FormsAuthentication.SignOut();
  87. context.Session?.Abandon();
  88. // Destroy Cookies
  89. authCookie.Expires = DateTime.Now.AddYears(-1);
  90. context.Response.Cookies.Add(authCookie);
  91. // Reset the context user
  92. context.User = new TeknikPrincipal(string.Empty);
  93. }
  94. }
  95. }
  96. }
  97. }