Signing in using Owin Cookie middleware

dpaquette · Nov 29, 2014 · 6fdd6bd · 6fdd6bd
1 parent be03b88
commit 6fdd6bd
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 14 deletions.
diff --git a/src/BugTracker.Web/BugTracker.Web.csproj b/src/BugTracker.Web/BugTracker.Web.csproj
@@ -48,6 +48,10 @@
     <Reference Include="Microsoft.Owin">
       <HintPath>..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.Owin.Host.SystemWeb, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.3.0.0\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Owin.Security">
       <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
     </Reference>
@@ -728,6 +732,7 @@
     <Compile Include="BasePage.cs">
       <SubType>ASPXCodeBehind</SubType>
     </Compile>
+    <Compile Include="btnet\BtnetClaimTypes.cs" />
     <Compile Include="btnet\SQLString.cs" />
     <Compile Include="categories.aspx.cs">
       <DependentUpon>categories.aspx</DependentUpon>

diff --git a/src/BugTracker.Web/btnet/BtnetClaimTypes.cs b/src/BugTracker.Web/btnet/BtnetClaimTypes.cs
@@ -0,0 +1,14 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+
+namespace btnet
+{
+    public class BtnetClaimTypes
+    {
+        public const string UserId = "us_id";
+        public const string OrganizationId = "us_org";
+
+    }
+}
diff --git a/src/BugTracker.Web/btnet/security.cs b/src/BugTracker.Web/btnet/security.cs
@@ -10,6 +10,7 @@ Distributed under the terms of the GNU General Public License
 using System.IO;
 using System.Text.RegularExpressions;
 using System.Collections.Generic;
+using System.Security.Claims;
 
 namespace btnet
 {
@@ -199,6 +200,24 @@ left outer join project_user_xref
 			}
 		}
 
+        public static void SignIn(HttpRequest request, string username)
+        {
+            SQLString sql = new SQLString("select us_id, us_username, us_org from users where us_username = @us");
+            sql = sql.AddParameterWithValue("us", username);
+            DataRow dr = btnet.DbUtil.get_datarow(sql);
+
+            var claims = new List<Claim>
+            {
+                new Claim(BtnetClaimTypes.UserId, Convert.ToString(dr["us_id"])),
+                new Claim(ClaimTypes.Name, Convert.ToString(dr["us_username"])),
+                new Claim(BtnetClaimTypes.OrganizationId, Convert.ToString(dr["us_org"]))
+            };
+
+            var identity = new ClaimsIdentity(claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role);
+            var owinContext = request.GetOwinContext();
+            owinContext.Authentication.SignIn(identity);
+        }
+
 		///////////////////////////////////////////////////////////////////////
 		public static void create_session(HttpRequest Request, HttpResponse Response, int userid, string username, string NTLM)
 		{

diff --git a/src/BugTracker.Web/default.aspx.cs b/src/BugTracker.Web/default.aspx.cs
@@ -126,34 +126,26 @@ public void Page_Load(Object sender, EventArgs e)
         ///////////////////////////////////////////////////////////////////////
         void on_logon()
         {
-
+            var username = user.Value;
             string auth_mode = Util.get_setting("WindowsAuthentication", "0");
             if (auth_mode != "0")
             {
-                if (user.Value.Trim() == "")
+                if (username.Trim() == "")
                 {
                     btnet.Util.redirect("loginNT.aspx", Request, Response);
                 }
             }
 
-            bool authenticated = btnet.Authenticate.check_password(user.Value, pw.Value);
+            bool authenticated = btnet.Authenticate.check_password(username, pw.Value);
 
             if (authenticated)
             {
-                sql = new SQLString("select us_id from users where us_username = @us");
-                sql = sql.AddParameterWithValue("us", user.Value);
+                sql = new SQLString("select us_id, us_username, us_org from users where us_username = @us");
+                sql = sql.AddParameterWithValue("us", username);
                 DataRow dr = btnet.DbUtil.get_datarow(sql);
                 if (dr != null)
                 {
-                    int us_id = (int)dr["us_id"];
-
-                    btnet.Security.create_session(
-                        Request,
-                        Response,
-                        us_id,
-                        user.Value,
-                        "0");
-
+                    btnet.Security.SignIn(Request, username);
                     btnet.Util.redirect(Request, Response);
                 }
                 else

diff --git a/src/BugTracker.Web/packages.config b/src/BugTracker.Web/packages.config
@@ -7,6 +7,7 @@
   <package id="Microsoft.AspNet.Razor" version="3.2.2" targetFramework="net45" />
   <package id="Microsoft.AspNet.WebPages" version="3.2.2" targetFramework="net45" />
   <package id="Microsoft.Owin" version="3.0.0" targetFramework="net45" />
+  <package id="Microsoft.Owin.Host.SystemWeb" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Security" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Security.Cookies" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />