Plugins:
- Microsoft.Asp.Net.Identiy.Core
- Microsoft.Asp.Net.Identiy.Owin
- Microsoft.Owin.Security.Cookies
Step #1:
Step #2:
Project/App_Start/Startup.Auth.cs :
public static class MyAuthentication
{
public const String ApplicationCookie = "xyz";
}
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
// need to add UserManager into owin, because this is used in cookie invalidation
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = MyAuthentication.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider(),
CookieName = "abc",
CookieHttpOnly = true,
ExpireTimeSpan = TimeSpan.FromHours(12), // adjust to your needs
});
}
}
Setp #3:
Project/Models/AuthenticationService.cs :
public class AuthenticationService
{
DBDataContext _db = new DBDataContext();
public class AuthenticationResult
{
public AuthenticationResult(string errorMessage = null)
{
ErrorMessage = errorMessage;
}
public String ErrorMessage { get; private set; }
public Boolean IsSuccess => String.IsNullOrEmpty(ErrorMessage);
}
private readonly IAuthenticationManager authenticationManager;
public AuthenticationService(IAuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
public AuthenticationResult SignIn(String username, String password)
{
bool isAuthenticated = false;
User user;
try
{
user = _db.Users.Where(u => u.UserName == username && u.Password == password).FirstOrDefault();
if (user != null)
{
isAuthenticated = true;
}
}
catch (Exception)
{
return new AuthenticationResult("Username or Password is not correct");
}
if (!isAuthenticated)
{
return new AuthenticationResult("Username or Password is not correct");
}
var identity = CreateIdentity(user);
authenticationManager.SignOut(MyAuthentication.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
return new AuthenticationResult();
}
private ClaimsIdentity CreateIdentity(User user)
{
var identity = new ClaimsIdentity(MyAuthentication.ApplicationCookie, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
if (!String.IsNullOrEmpty(user.UserType))
{
identity.AddClaim(new Claim("UserType", user.UserType));
}
return identity;
}
}
Step #4:
Project/Controllers/AcountController.cs :
public class AccountController : ApiController
{
DBDataContext _db = new DBDataContext();
[AllowAnonymous]
[Route("api/user_login")]
[HttpPost]
public int UserLogin(User user)
{
try
{
IAuthenticationManager authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication;
var authService = new AuthenticationService(authenticationManager);
var authenticationResult = authService.SignIn(user.UserName, user.Password);
if (authenticationResult.IsSuccess)
{
if (authenticationResult.UserType == "Admin")
return 1;
else
return 2;
}
return 0;
}
catch (Exception)
{
}
}
[AllowAnonymous]
[Route("api/user_logout")]
[HttpGet]
public int LogOut()
{
try
{
IAuthenticationManager authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication;
authenticationManager.SignOut(MyAuthentication.ApplicationCookie);
return 0;
}
catch (Exception )
{
}
}
}
Step #2:
Project/App_Start/Startup.Auth.cs :
public static class MyAuthentication
{
public const String ApplicationCookie = "xyz";
}
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
// need to add UserManager into owin, because this is used in cookie invalidation
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = MyAuthentication.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider(),
CookieName = "abc",
CookieHttpOnly = true,
ExpireTimeSpan = TimeSpan.FromHours(12), // adjust to your needs
});
}
}
Setp #3:
Project/Models/AuthenticationService.cs :
public class AuthenticationService
{
DBDataContext _db = new DBDataContext();
public class AuthenticationResult
{
public AuthenticationResult(string errorMessage = null)
{
ErrorMessage = errorMessage;
}
public String ErrorMessage { get; private set; }
public Boolean IsSuccess => String.IsNullOrEmpty(ErrorMessage);
}
private readonly IAuthenticationManager authenticationManager;
public AuthenticationService(IAuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
public AuthenticationResult SignIn(String username, String password)
{
bool isAuthenticated = false;
User user;
try
{
user = _db.Users.Where(u => u.UserName == username && u.Password == password).FirstOrDefault();
if (user != null)
{
isAuthenticated = true;
}
}
catch (Exception)
{
return new AuthenticationResult("Username or Password is not correct");
}
if (!isAuthenticated)
{
return new AuthenticationResult("Username or Password is not correct");
}
var identity = CreateIdentity(user);
authenticationManager.SignOut(MyAuthentication.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
return new AuthenticationResult();
}
private ClaimsIdentity CreateIdentity(User user)
{
var identity = new ClaimsIdentity(MyAuthentication.ApplicationCookie, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
if (!String.IsNullOrEmpty(user.UserType))
{
identity.AddClaim(new Claim("UserType", user.UserType));
}
return identity;
}
}
Step #4:
Project/Controllers/AcountController.cs :
public class AccountController : ApiController
{
DBDataContext _db = new DBDataContext();
[AllowAnonymous]
[Route("api/user_login")]
[HttpPost]
public int UserLogin(User user)
{
try
{
IAuthenticationManager authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication;
var authService = new AuthenticationService(authenticationManager);
var authenticationResult = authService.SignIn(user.UserName, user.Password);
if (authenticationResult.IsSuccess)
{
if (authenticationResult.UserType == "Admin")
return 1;
else
return 2;
}
return 0;
}
catch (Exception)
{
}
}
[AllowAnonymous]
[Route("api/user_logout")]
[HttpGet]
public int LogOut()
{
try
{
IAuthenticationManager authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication;
authenticationManager.SignOut(MyAuthentication.ApplicationCookie);
return 0;
}
catch (Exception )
{
}
}
}
No comments:
Post a Comment