public class CheckLoginExpirationFilter : AuthorizeAttribute{ public overri

1. public class CheckLoginExpirationFilter : AuthorizeAttribute
2. {
3. public override void OnAuthorization(AuthorizationContext filterContext)
4. {
5. base.OnAuthorization(filterContext);
6.  
7. if (filterContext.Result is HttpUnauthorizedResult)
8. {
9. string returnUrl = null;
10. if (filterContext.HttpContext.Request.HttpMethod.Equals("GET", StringComparison.CurrentCultureIgnoreCase))
11. returnUrl = filterContext.HttpContext.Request.Url.GetComponents(UriComponents.PathAndQuery, UriFormat.SafeUnescaped);
12.  
13. filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary()
14. {
15. { "client", filterContext.RouteData.Values[ "client" ] },
16. { "controller", "Security" },
17. { "action", "Login" },
18. { "ReturnUrl", returnUrl }
19. });
20. }
21. }
22. }
23.  
24. public class Startup
25. {
26. public void Configuration(IAppBuilder app)
27. {
28. app.UseCookieAuthentication(new CookieAuthenticationOptions
29. {
30. AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
31. LoginPath = new PathString("/Security/Login"),
32. CookieSecure = CookieSecureOption.SameAsRequest,
33. SlidingExpiration = true,
34. CookieName = "Program.Auth",
35. ExpireTimeSpan = TimeSpan.FromSeconds(15)/*FromHours(1)*/,
36. Provider = new CookieAuthenticationProvider { OnApplyRedirect = CustomRedirect }
37. });
38.  
39. // TODO - Figure out what claims type to base this on.
40. AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;
41. }
42.  
43. private static void CustomRedirect(CookieApplyRedirectContext context)
44. {
45. var redirectUrl = context.Options.LoginPath.ToString();
46. if (context.Request.Method == WebRequestMethods.Http.Get)
47. {
48. var returnUrl = context.Request.Path.ToString();
49. if (!string.IsNullOrEmpty(returnUrl) && !returnUrl.Equals("/"))
50. redirectUrl += "?" + context.Options.ReturnUrlParameter + "=" + returnUrl;
51. }
52. else if (context.Request.Method == WebRequestMethods.Http.Post)
53. {
54. //TODO: add toastr message showing that the post did not succeed
55. }
56. context.Response.Redirect(redirectUrl + "?tbn=inactive");
57. }
58. }