search

brockallen / BrockAllen.MembershipReboot

MembershipReboot is a user identity management and authentication library.
Other
742 stars 238 forks source link

Authenticate method with certificate validates the certificate validity dates against UTC #659

Open mirecg opened 8 years ago

mirecg commented 8 years ago

Hi,

I've found a bug when authenticating with certificate right after it has been created.

I mean UserAccountService.Authenticate(TAccount account, X509Certificate2 certificate). There is a validation of validity dates (NotBefore, NotAfter) against UtcNow property, which is not correct, because NotBefore and NotAfter properties are in local time. So the user with a newly created certificated is not able to login when he is not in the UTC timezone.

if (!(certificate.NotBefore < UtcNow && UtcNow < certificate.NotAfter))
{
    Tracing.Error("[UserAccountService.Authenticate] failed -- invalid certificate dates");
    this.AddEvent(new InvalidCertificateEvent<TAccount> { Account = account, Certificate = certificate });
    return false;
}
brockallen commented 8 years ago

Submit a PR please to dev.