public static void OnAuthenticate( HttpContext context )
{
if (!CheckRequireAuthentication(context))
return;
var ticketCookie = HttpContext.Current.Request.Cookies[AuthenticationTicketTokenKey];
var ticketHeader = HttpContext.Current.Request.Headers["X-" + AuthenticationTicketTokenKey];
var rememberCookie = HttpContext.Current.Request.Cookies[RememberMeKey];
var rememberHeader = HttpContext.Current.Request.Headers["X-" + RememberMeKey];
var sessionCookie = HttpContext.Current.Request.Cookies[SessionIdKey];
var sessionHeader = HttpContext.Current.Request.Headers["X-" + SessionIdKey];
var rememberMe = false;
if (rememberCookie != null && !String.IsNullOrWhiteSpace(rememberCookie.Value))
Boolean.TryParse(rememberCookie.Value, out rememberMe);
else if (!String.IsNullOrWhiteSpace(rememberHeader))
Boolean.TryParse(rememberHeader, out rememberMe);
var ipAddress = context.Request.UserHostAddress;
if ((ticketCookie == null || string.IsNullOrWhiteSpace(ticketCookie.Value))
&& string.IsNullOrWhiteSpace(ticketHeader))
{
Guid anonSessionId;
if ((sessionCookie == null || string.IsNullOrWhiteSpace(sessionCookie.Value))
&& string.IsNullOrWhiteSpace(sessionHeader))
{
anonSessionId = Guid.NewGuid();
}
else
{
anonSessionId = Guid.Parse(sessionHeader ?? sessionCookie.Value);
}
var anon = new UserPrincipal(); //anonymous
anon.Identity.Ticket.UserSession.RenewalToken = anonSessionId;
anon.Identity.Ticket.IPAddress = ipAddress;
SecurityContextManager.CurrentUser = anon;
return;
}
var identity = UserManager.AuthenticateUser(ticketHeader ?? ticketCookie.Value, rememberMe ? UserSessionDurationType.Extended : UserSessionDurationType.PublicComputer, ipAddress, new ExecutionResults());
var principal = new UserPrincipal(identity);
SecurityContextManager.CurrentUser = principal;
if (ImpersonationEnabled && !principal.IsAnonymous && principal.IsInAnyRole(UserManager.Provider.ImpersonationAllowedRoles))
{ //check for impersonation
HttpCookie impersonatedUserCookie = context.Request.Cookies[ImpersonationKey];
var impersonatedHeader = context.Request.Headers["X-" + ImpersonationKey];
if (!String.IsNullOrWhiteSpace(impersonatedHeader) ||
(impersonatedUserCookie != null && !string.IsNullOrEmpty(impersonatedUserCookie.Value)))
{
var impersonatedUser = UserManager.GetUserByName(impersonatedHeader ?? impersonatedUserCookie.Value);
if (impersonatedUser != null)
{
principal = new UserPrincipal(new UserIdentity(impersonatedUser.UserID, impersonatedUser.Name, identity));
SecurityContextManager.CurrentUser = principal;
}
}
}
}