private static void ContextAuthenticateRequest(object sender, EventArgs e)
{
var context = ((HttpApplication)sender).Context;
// FormsAuthCookieName is a custom cookie name based on the current instance.
HttpCookie authCookie = context.Request.Cookies[FormsAuthCookieName];
if (authCookie != null)
{
Blog blog = Blog.CurrentInstance;
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
// for extra security, make sure the UserData matches the current blog instance.
// this would prevent a cookie name change for a forms auth cookie encrypted in
// the same application (different blog) as being valid for this blog instance.
if (authTicket != null && !string.IsNullOrWhiteSpace(authTicket.UserData) && authTicket.UserData.Equals(Blog.CurrentInstance.Id.ToString(), StringComparison.OrdinalIgnoreCase))
{
CustomIdentity identity = new CustomIdentity(authTicket.Name, true);
CustomPrincipal principal = new CustomPrincipal(identity);
context.User = principal;
return;
}
}
// need to create an empty/unauthenticated user to assign to context.User.
CustomIdentity unauthIdentity = new CustomIdentity(string.Empty, false);
CustomPrincipal unauthPrincipal = new CustomPrincipal(unauthIdentity);
context.User = unauthPrincipal;
}