protected override void Initialize(RequestContext requestContext)
{
base.Initialize(requestContext);
if (Request.Cookies["lang"] != null)
{
var value = Request.Cookies["lang"].Value;
Thread.CurrentThread.CurrentCulture = new CultureInfo(value);
Thread.CurrentThread.CurrentUICulture = new CultureInfo(value);
}
if (Request.Cookies["access_token"] != null)
{
var value = Request.Cookies["access_token"].Value;
if (!string.IsNullOrEmpty(value))
{
var jwtToken = new JwtSecurityToken(value);
var claims = jwtToken.Claims;
ClaimsIdentity claim = new ClaimsIdentity(claims);
var cp = new ClaimsPrincipal(claim);
var transformer = new ClaimsAuthenticationManager();
var newPrincipal = transformer.Authenticate(string.Empty, cp);
Thread.CurrentPrincipal = newPrincipal;
HttpContext.User = newPrincipal;
}
}
}
/// <summary>
/// Create a Claims Principal and a Federated Authentication Session for the authenticated user.
/// </summary>
/// <param name="lifetime">The period from the current time during which the token is valid. Default use the security token valid to time.</param>
/// <param name="isReferenceMode">In reference mode, a simple artifact is produced during serialization and the token material is stored in the token cache that is associated with the token handler. The token cache is an instance of a class that derives from SessionSecurityTokenCache. For Web Farm scenarios, the token cache must operate across all nodes in the farm.</param>
/// <param name="isPersistent">If the IsPersistent property is true, the cookie is written as a persistent cookie. Persistent cookies remain valid after the browser is closed until they expire.</param>
/// <param name="claimsAuthenticationManager">Possible to add a custom ClaimsAuthenticationManager for handling claims transformation.</param>
public static ClaimsPrincipal CreateSession(this Saml2AuthnResponse saml2AuthnResponse, TimeSpan?lifetime = null, bool isReferenceMode = false, bool isPersistent = false, ClaimsAuthenticationManager claimsAuthenticationManager = null)
{
if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
throw new InvalidOperationException("There already exist an Authenticated user.");
}
if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
{
throw new InvalidOperationException($"The SAML2 Response Status is not Success, the Response Status is: {saml2AuthnResponse.Status}.");
}
var principal = new ClaimsPrincipal(saml2AuthnResponse.ClaimsIdentity);
if (principal.Identity == null || !principal.Identity.IsAuthenticated)
{
throw new InvalidOperationException("No Claims Identity created from SAML2 Response.");
}
var transformedPrincipal = claimsAuthenticationManager != null?claimsAuthenticationManager.Authenticate(null, principal) : principal;
var sessionSecurityToken = lifetime.HasValue ?
new SessionSecurityToken(transformedPrincipal, lifetime.Value) :
new SessionSecurityToken(transformedPrincipal, null, saml2AuthnResponse.Saml2SecurityToken.ValidFrom, saml2AuthnResponse.Saml2SecurityToken.ValidTo);
sessionSecurityToken.IsReferenceMode = isReferenceMode;
sessionSecurityToken.IsPersistent = isPersistent;
FederatedAuthentication.SessionAuthenticationModule.AuthenticateSessionSecurityToken(sessionSecurityToken, true);
return(transformedPrincipal);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var principal = _transfomer.Authenticate(request.RequestUri.AbsoluteUri, Thread.CurrentPrincipal as IClaimsPrincipal);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
return(base.SendAsync(request, cancellationToken));
}
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
List <Claim> initialClaims = new List <Claim>();
initialClaims.Add(new Claim(ClaimTypes.Name, model.UserName));
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(initialClaims, "Forms"));
ClaimsAuthenticationManager authManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
authManager.Authenticate(string.Empty, claimsPrincipal);
return(RedirectToLocal(returnUrl));
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return(View(model));
}
public virtual void OnPostAuthenticateRequest(object sender, EventArgs args)
{
// TODO add the claimsPrincipal creation logic here
var principal = HttpContext.Current.User as IClaimsPrincipal;
if (principal == null)
{
principal = ClaimsPrincipal.CreateFromHttpContext(HttpContext.Current);
ClaimsAuthenticationManager authenticationManager = ServiceConfiguration.ClaimsAuthenticationManager;
if (authenticationManager != null && principal != null && principal.Identity != null)
{
principal = authenticationManager.Authenticate(HttpContext.Current.Request.Url.AbsoluteUri, principal);
}
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
}
/// <summary>
/// Event handler for Application.PostAuthenticateRequest. Runs any <see cref="ClaimsAuthenticationManager"/> if one is configured.
/// Tries to create a <see cref="ClaimsPrincipal"/> if none is already set.
/// </summary>
/// <param name="sender">Sender of this event.</param>
/// <param name="args">Event arguments.</param>
void OnPostAuthenticateRequest(object sender, EventArgs args)
{
IClaimsPrincipal icp = HttpContext.Current.User as IClaimsPrincipal;
if (icp == null)
{
icp = ClaimsPrincipal.CreateFromHttpContext(HttpContext.Current);
//
// Run the Claims Authentication Manager if one is configured
//
ClaimsAuthenticationManager authenticationManager = ServiceConfiguration.ClaimsAuthenticationManager;
if (authenticationManager != null && icp != null && icp.Identity != null)
{
icp = authenticationManager.Authenticate(HttpContext.Current.Request.Url.AbsoluteUri, icp);
}
SetPrincipal(icp);
}
}