-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
Copy pathFormsAuthenticationService.cs
135 lines (115 loc) · 4.61 KB
/
FormsAuthenticationService.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
using System;
using System.Web;
using System.Web.Security;
using SmartStore.Core;
using SmartStore.Core.Domain.Customers;
using SmartStore.Services.Customers;
namespace SmartStore.Services.Authentication
{
/// <summary>
/// Authentication service
/// </summary>
public partial class FormsAuthenticationService : IAuthenticationService
{
private readonly HttpContextBase _httpContext;
private readonly ICustomerService _customerService;
private readonly CustomerSettings _customerSettings;
private readonly TimeSpan _expirationTimeSpan;
private Customer _cachedCustomer;
/// <summary>
/// Ctor
/// </summary>
/// <param name="httpContext">HTTP context</param>
/// <param name="customerService">Customer service</param>
/// <param name="customerSettings">Customer settings</param>
public FormsAuthenticationService(HttpContextBase httpContext, ICustomerService customerService, CustomerSettings customerSettings)
{
this._httpContext = httpContext;
this._customerService = customerService;
this._customerSettings = customerSettings;
this._expirationTimeSpan = FormsAuthentication.Timeout;
}
public virtual void SignIn(Customer customer, bool createPersistentCookie)
{
var now = DateTime.UtcNow.ToLocalTime();
var ticket = new FormsAuthenticationTicket(
1 /*version*/,
_customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
now,
now.Add(_expirationTimeSpan),
createPersistentCookie,
_customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.HttpOnly = true;
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
cookie.Secure = FormsAuthentication.RequireSSL;
cookie.Path = FormsAuthentication.FormsCookiePath;
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
_httpContext.Response.Cookies.Add(cookie);
_cachedCustomer = customer;
}
public virtual void SignOut()
{
_cachedCustomer = null;
FormsAuthentication.SignOut();
}
public virtual Customer GetAuthenticatedCustomer()
{
if (_cachedCustomer != null)
return _cachedCustomer;
if (_httpContext == null || _httpContext.Request == null || !_httpContext.Request.IsAuthenticated || _httpContext.User == null)
return null;
Customer customer = null;
FormsIdentity formsIdentity = null;
SmartStoreIdentity smartNetIdentity = null;
if ((formsIdentity = _httpContext.User.Identity as FormsIdentity) != null)
{
customer = GetAuthenticatedCustomerFromTicket(formsIdentity.Ticket);
}
else if ((smartNetIdentity = _httpContext.User.Identity as SmartStoreIdentity) != null)
{
customer = _customerService.GetCustomerById(smartNetIdentity.CustomerId);
}
if (customer != null && customer.Active && !customer.Deleted && customer.IsRegistered())
{
if (customer.LastLoginDateUtc == null)
{
try
{
// This is most probably the very first "login" after registering. Delete the
// ASP.NET anonymous id cookie so that a new guest account can be created
// upon signing out.
System.Web.Security.AnonymousIdentificationModule.ClearAnonymousIdentifier();
}
finally
{
customer.LastLoginDateUtc = DateTime.UtcNow;
_customerService.UpdateCustomer(customer);
}
}
_cachedCustomer = customer;
}
return _cachedCustomer;
}
public virtual Customer GetAuthenticatedCustomerFromTicket(FormsAuthenticationTicket ticket)
{
if (ticket == null)
throw new ArgumentNullException("ticket");
var usernameOrEmail = ticket.UserData;
if (String.IsNullOrWhiteSpace(usernameOrEmail))
return null;
var customer = _customerSettings.UsernamesEnabled
? _customerService.GetCustomerByUsername(usernameOrEmail)
: _customerService.GetCustomerByEmail(usernameOrEmail);
return customer;
}
}
}