using System.Web; using Portoa.Web.Session; using VideoGameQuotes.Api; using VideoGameQuotes.Api.Persistence; namespace VideoGameQuotes.Web.Security { public class SessionBasedUserProvider : ICurrentUserProvider { private readonly IUserService userService; private readonly ISessionStore sessionStore; private readonly HttpContextBase httpContext; public SessionBasedUserProvider(IUserService userService, ISessionStore sessionStore, HttpContextBase httpContext) { this.userService = userService; this.sessionStore = sessionStore; this.httpContext = httpContext; } public User CurrentUser { get { var user = sessionStore["user"] as User; if (user == null) { //if we're logged in, then use the authenticated user (this inconsistency between cookie/session occurs when the app restarts) if (httpContext.Request.IsAuthenticated) { user = userService.FindByUsername(httpContext.User.Identity.Name); } else { //identify user by IP address var ipAddress = httpContext.Request.UserHostAddress; if (string.IsNullOrEmpty(ipAddress)) { return null; } user = userService.FindByIpAddress(ipAddress); if (user == null) { user = new User { IpAddress = ipAddress, Group = UserGroup.User }; user = userService.Save(user); } } sessionStore["user"] = user; } return user; } } } }