public static bool LoginFromCookie(ActionContext ac)
{
using (AuthLogic.Disable())
{
try
{
if (!ac.HttpContext.Request.Cookies.TryGetValue(CookieName, out string?ticketText) || !ticketText.HasText())
{
return(false); //there is no cookie
}
var httpConnection = ac.HttpContext.Features.Get <IHttpConnectionFeature>() !;
UserEntity user = UserTicketLogic.UpdateTicket(httpConnection.RemoteIpAddress !.ToString(), ref ticketText);
AuthServer.OnUserPreLogin(ac, user);
ac.HttpContext.Response.Cookies.Append(CookieName, ticketText, new CookieOptions
{
Domain = ac.HttpContext.Request.Host.Host.ToString(),
Path = new UrlHelper(ac).Content("~/"),
Expires = DateTime.UtcNow.Add(UserTicketLogic.ExpirationInterval),
});
AuthServer.AddUserSession(ac, user);
return(true);
}
catch
{
//Remove cookie
RemoveCookie(ac);
return(false);
}
}
}
public static bool LoginAzureADAuthentication(ActionContext ac, string jwt, bool throwErrors)
{
using (AuthLogic.Disable())
{
try
{
var ada = (ActiveDirectoryAuthorizer)AuthLogic.Authorizer !;
if (!ada.GetConfig().LoginWithAzureAD)
{
return(false);
}
var principal = ValidateToken(jwt, out var jwtSecurityToken);
var ctx = new AzureClaimsAutoCreateUserContext(principal);
UserEntity?user = Database.Query <UserEntity>().SingleOrDefault(a => a.Mixin <UserADMixin>().OID == ctx.OID);
if (user == null)
{
user = Database.Query <UserEntity>().SingleOrDefault(a => a.UserName == ctx.UserName) ??
(ctx.UserName.Contains("@") && ada.GetConfig().AllowMatchUsersBySimpleUserName ? Database.Query <UserEntity>().SingleOrDefault(a => a.Email == ctx.UserName || a.UserName == ctx.UserName.Before("@")) : null);
}
if (user == null)
{
user = ada.OnAutoCreateUser(ctx);
if (user == null)
{
return(false);
}
}
else
{
ada.UpdateUser(user, ctx);
}
AuthServer.OnUserPreLogin(ac, user);
AuthServer.AddUserSession(ac, user);
return(true);
}
catch (Exception ex)
{
ex.LogException();
if (throwErrors)
{
throw;
}
return(false);
}
}
}
public ActionResult <LoginResponse> Login([Required, FromBody] LoginRequest data)
{
if (string.IsNullOrEmpty(data.userName))
{
return(ModelError("userName", LoginAuthMessage.UserNameMustHaveAValue.NiceToString()));
}
if (string.IsNullOrEmpty(data.password))
{
return(ModelError("password", LoginAuthMessage.PasswordMustHaveAValue.NiceToString()));
}
string authenticationType;
// Attempt to login
UserEntity user;
try
{
if (AuthLogic.Authorizer == null)
{
user = AuthLogic.Login(data.userName, Security.EncodePassword(data.password), out authenticationType);
}
else
{
user = AuthLogic.Authorizer.Login(data.userName, data.password, out authenticationType);
}
}
catch (Exception e) when(e is IncorrectUsernameException || e is IncorrectPasswordException)
{
if (AuthServer.MergeInvalidUsernameAndPasswordMessages)
{
return(ModelError("login", LoginAuthMessage.InvalidUsernameOrPassword.NiceToString()));
}
else if (e is IncorrectUsernameException)
{
return(ModelError("userName", LoginAuthMessage.InvalidUsername.NiceToString()));
}
else if (e is IncorrectPasswordException)
{
return(ModelError("password", LoginAuthMessage.InvalidPassword.NiceToString()));
}
throw;
}
catch (Exception e)
{
return(ModelError("login", e.Message));
}
AuthServer.OnUserPreLogin(ControllerContext, user);
AuthServer.AddUserSession(ControllerContext, user);
if (data.rememberMe == true)
{
UserTicketServer.SaveCookie(ControllerContext);
}
var token = AuthTokenServer.CreateToken(user);
return(new LoginResponse {
userEntity = user, token = token, authenticationType = authenticationType
});
}
public static string?LoginWindowsAuthentication(ActionContext ac)
{
using (AuthLogic.Disable())
{
try
{
if (!(ac.HttpContext.User is WindowsPrincipal wp))
{
return($"User is not a WindowsPrincipal ({ac.HttpContext.User.GetType().Name})");
}
if (AuthLogic.Authorizer is not ActiveDirectoryAuthorizer ada)
{
return("No AuthLogic.Authorizer set");
}
var config = ada.GetConfig();
if (!config.LoginWithWindowsAuthenticator)
{
return($"{ReflectionTools.GetPropertyInfo(() => ada.GetConfig().LoginWithWindowsAuthenticator)} is set to false");
}
var userName = wp.Identity.Name !;
var domainName = config.DomainName.DefaultToNull() ?? userName.TryAfterLast('@') ?? userName.TryBefore('\\') !;
var localName = userName.TryBeforeLast('@') ?? userName.TryAfter('\\') ?? userName;
var sid = ((WindowsIdentity)wp.Identity).User !.Value;
UserEntity?user = Database.Query <UserEntity>().SingleOrDefaultEx(a => a.Mixin <UserADMixin>().SID == sid);
if (user == null)
{
user = Database.Query <UserEntity>().SingleOrDefault(a => a.UserName == userName) ??
(config.AllowMatchUsersBySimpleUserName ? Database.Query <UserEntity>().SingleOrDefault(a => a.Email == userName || a.UserName == localName) : null);
}
try
{
if (user == null)
{
if (!config.AutoCreateUsers)
{
return(null);
}
using (PrincipalContext pc = GetPrincipalContext(domainName, config))
{
user = Database.Query <UserEntity>().SingleOrDefaultEx(a => a.Mixin <UserADMixin>().SID == sid);
if (user == null)
{
user = ada.OnAutoCreateUser(new DirectoryServiceAutoCreateUserContext(pc, localName, domainName !));
}
}
}
else
{
if (config.AutoUpdateUsers)
{
using (PrincipalContext pc = GetPrincipalContext(domainName, config))
{
ada.UpdateUser(user, new DirectoryServiceAutoCreateUserContext(pc, localName, domainName !));
}
}
}
}
catch (Exception e)
{
e.Data["Identity.Name"] = wp.Identity.Name;
e.Data["domainName"] = domainName;
e.Data["localName"] = localName;
throw;
}
if (user == null)
{
if (user == null)
{
return("AutoCreateUsers is false");
}
}
AuthServer.OnUserPreLogin(ac, user);
AuthServer.AddUserSession(ac, user);
return(null);
}
catch (Exception e)
{
e.LogException();
return(e.Message);
}
}
}
