How to receive auth failure from ASP.NET MVC5+Identity server on .NET client?

0
votes

i'm using ASP.NET MVC5 with the latest Identity and Signalr on the server and have .NET client app. Currently i have working auth logic implemented but i don't get it how can i get auth failure in .NET desktop client?

Here is my .NET desktop client auth code:

        private static async Task<bool> AuthenticateUser(string siteUrl, string email, string password)
    {
        try
        {
            var handler = new HttpClientHandler { CookieContainer = new CookieContainer() };

            using (var httpClient = new HttpClient(handler))
            {
                var loginUrl = siteUrl + "Account/Login";

                _writer.WriteLine("Sending http GET to {0}", loginUrl);

                var response = await httpClient.GetAsync(loginUrl);
                var content = await response.Content.ReadAsStringAsync();
                _verificationToken = ParseRequestVerificationToken(content);
                content = _verificationToken + "&UserName="+email+"&Password="+password+"&RememberMe=false";

                _writer.WriteLine("Sending http POST to {0}", loginUrl);

                response = await httpClient.PostAsync(loginUrl, new StringContent(content, Encoding.UTF8, "application/x-www-form-urlencoded"));
                content = await response.Content.ReadAsStringAsync();
                _verificationToken = ParseRequestVerificationToken(content);


                _connection.CookieContainer = handler.CookieContainer;
                return true;
            }
        }
        catch (Exception ex)
        {

            Logger.Log(ex, "Auth");
            return false;
        }
    }

where _connection is a hub connection which receives cookie needed for hub auth. The problem is that httpCLient.PostAsync() always return valid result and i don't get it how i can implement auth failure detection.

Here is server login code:

        // POST: /Account/Login
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var user = await UserManager.FindAsync(model.UserName, model.Password);
            if (user != null)
            {
                await SignInAsync(user, model.RememberMe);
                return RedirectToLocal(returnUrl);
            }
            else
            {
                ModelState.AddModelError("", "Invalid username or password.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

On failure it just adds error string on the page.

Please advice what is the better way to implement auth result.

1
c#asp.netasp.net-mvcsignalridentity

1 Answers

0
votes

This is strange that i got no single answer for this question. I've come to an intermediate solution:

  1. Add unique hidden tags for login and index pages (on failure login page is displayed again, on success - index page)

    <div style="display: none;" id="@SharedData.Constants.INDEX_PAGE_TAG"></div>
  2. In .NET client check content string for the specific tag presence.

I don't think this the preformance-wise solution but at least it works...