public async override Task <AuthenticationState> GetAuthenticationStateAsync() { try { if (this.memoryStorage.AuthenticationData == null) { string authDataUrl = this.Options.ProviderOptions.AuthenticationDataUrl + "/.auth/me"; AuthenticationData data = await this.HttpClient.GetFromJsonAsync <AuthenticationData>(authDataUrl); this.memoryStorage.SetAuthenticationData(data); } ClientPrincipal principal = this.memoryStorage.AuthenticationData.ClientPrincipal; if (principal == null) { return(new AuthenticationState(new ClaimsPrincipal())); } principal.UserRoles = principal.UserRoles.Except(new string[] { "anonymous" }, StringComparer.CurrentCultureIgnoreCase); var identity = new ClaimsIdentity(principal.IdentityProvider); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, principal.UserId)); identity.AddClaim(new Claim(ClaimTypes.Name, principal.UserDetails)); identity.AddClaims(principal.UserRoles.Select(r => new Claim(ClaimTypes.Role, r))); return(new AuthenticationState(new ClaimsPrincipal(identity))); } catch { this.memoryStorage.SetAuthenticationData(null); return(new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()))); } }
public static ClaimsPrincipal Parse(HttpRequest req) { var principal = new ClientPrincipal(); if (req.Headers.TryGetValue("x-ms-client-principal", out var header)) { var data = header[0]; var decoded = Convert.FromBase64String(data); var json = Encoding.ASCII.GetString(decoded); principal = JsonSerializer.Deserialize <ClientPrincipal>(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true }); } principal.UserRoles = principal.UserRoles?.Except(new string[] { "anonymous" }, StringComparer.CurrentCultureIgnoreCase); if (!principal.UserRoles?.Any() ?? true) { return(new ClaimsPrincipal(new ClaimsIdentity())); } var identity = new ClaimsIdentity(principal.IdentityProvider); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, principal.UserId)); identity.AddClaim(new Claim(ClaimTypes.Name, principal.UserDetails)); identity.AddClaims(principal.UserRoles.Select(r => new Claim(ClaimTypes.Role, r))); return(new ClaimsPrincipal(identity)); }
private void ManagerAuthenticator(ClientConnection connection) { Logger.Finest("Authenticating against the owner node"); var ss = _client.GetSerializationService(); string uuid = null; string ownerUuid = null; if (_principal != null) { uuid = _principal.GetUuid(); ownerUuid = _principal.GetOwnerUuid(); } ClientMessage request; if (_credentials is UsernamePasswordCredentials) { var usernamePasswordCr = (UsernamePasswordCredentials)_credentials; request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.GetUsername(), usernamePasswordCr.GetPassword(), uuid, ownerUuid, true, ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion()); } else { var data = ss.ToData(_credentials); request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, false, ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion()); } IClientMessage response; try { var invocationService = (ClientInvocationService)_client.GetInvocationService(); response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection)); } catch (Exception e) { throw ExceptionUtil.Rethrow(e); } var result = ClientAuthenticationCodec.DecodeResponse(response); if (result.address == null) { throw new HazelcastException("Could not resolve address for owner node."); } var member = new Member(result.address, result.ownerUuid); _principal = new ClientPrincipal(result.uuid, result.ownerUuid); connection.Member = member; connection.SetOwner(); connection.ConnectedServerVersionStr = result.serverHazelcastVersion; }
public bool CanUserAccessList(ClientPrincipal principal, string listId) { var list = _cloudTable.ExecuteQuery(new TableQuery <TodoListEntity>().Where(TableQuery.GenerateFilterCondition("RowKey", QueryComparisons.Equal, listId))).FirstOrDefault(); if (list == null) { throw new Exception("Could not find list"); } return(list.PartitionKey == principal.UserId); }
public bool CanUserAccessList(ClientPrincipal principal, string listId, ShareRole requiredRole = ShareRole.View) { var list = GetEntitiesForRowKey(listId).FirstOrDefault(); if (list == null) { throw new Exception("Could not find list"); } return(list.PartitionKey == principal.UserId || _todoListMemberService.CanUserAccessList(listId, principal.UserId, requiredRole)); }
public ClientPrincipal GetClientPrincipalFromRequest(HttpRequest req) { var principle = new ClientPrincipal { IdentityProvider = "ThopDevsSuperSecretAuth", UserId = "ThopDev", UserDetails = "ThopDev" }; _userService.InsertIfNotExists(principle); return(principle); }
public static string GetClientPrincipal(HttpRequest req) { var principal = new ClientPrincipal(); if (req.Headers.TryGetValue("x-ms-client-principal", out var header)) { var data = header[0]; var decoded = Convert.FromBase64String(data); var json = Encoding.ASCII.GetString(decoded); principal = JsonConvert.DeserializeObject <ClientPrincipal>(json); } return(principal.UserDetails); }
public override async Task <AuthenticationState> GetAuthenticationStateAsync() { ClientPrincipal principal = _testMode ? await GetTestUserPrincipal() : await GetUserPrincipal(); var identity = new ClaimsIdentity(principal.IdentityProvider); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, principal.UserId)); identity.AddClaim(new Claim(ClaimTypes.Name, principal.UserDetails)); identity.AddClaims(principal.UserRoles.Select(r => new Claim(ClaimTypes.Role, r))); var user = new ClaimsPrincipal(identity); return(new AuthenticationState(user)); }
public void TestAnonymousUserIsNotAuthorized() { var clientPrincipal = new ClientPrincipal { IdentityProvider = "google", UserId = "foo", UserDetails = "foo bar", UserRoles = new List <string> { "anonymous", } }; var isAuthorized = StaticWebAppsAuth.IsAuthorized(clientPrincipal, "foo"); Assert.False(isAuthorized); }
public void TestNotAuthorizedToAccessResourceNotOwnedByTheAuthenticatedUser() { var clientPrincipal = new ClientPrincipal { IdentityProvider = "google", UserId = "bar", UserDetails = "foo bar", UserRoles = new List <string> { "anonymous", "user", } }; var isAuthorized = StaticWebAppsAuth.IsAuthorized(clientPrincipal, "foo"); Assert.False(isAuthorized); }
private static async Task <ClientPrincipal> ParseAsync(HttpRequest request) { var principal = new ClientPrincipal(); if (request.Headers.TryGetValue("x-ms-client-principal", out var header)) { var data = header[0]; var decoded = Convert.FromBase64String(data); var json = Encoding.ASCII.GetString(decoded); principal = JsonConvert.DeserializeObject <ClientPrincipal>(json); } principal.UserRoles = principal.UserRoles?.Except(new string[] { "anonymous" }, StringComparer.CurrentCultureIgnoreCase); return(await Task.FromResult(principal)); }
public static ClaimsPrincipal Parse(HttpRequest req, ApiKey[] apiKeys) { var principal = new ClientPrincipal(); Microsoft.Extensions.Primitives.StringValues header; if (req.Headers.TryGetValue(ClientPrincipalHeader, out header) || req.Headers.TryGetValue(ClientPrincipalHeader.ToUpperInvariant(), out header)) { var data = header[0]; var decoded = Convert.FromBase64String(data); var json = Encoding.ASCII.GetString(decoded); principal = JsonSerializer.Deserialize <ClientPrincipal>(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true }); } else if (TryGetApiKey(req, out var apiKeyValue)) { var apiKey = apiKeys.FirstOrDefault(k => string.Equals(k.Key, apiKeyValue)); if (apiKey != null) { principal.IdentityProvider = "API Key"; principal.UserDetails = apiKey.Name; principal.UserId = apiKey.UserId; principal.UserRoles = apiKey.Roles; } } principal !.UserRoles = principal.UserRoles?.Except(new string[] { "anonymous" }, StringComparer.OrdinalIgnoreCase) ?? Array.Empty <string>(); if (!principal.UserRoles?.Any() ?? true) { return(new ClaimsPrincipal()); } var identity = new ClaimsIdentity(principal.IdentityProvider); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, principal.UserId)); identity.AddClaim(new Claim(ClaimTypes.Name, principal.UserDetails)); identity.AddClaims(principal.UserRoles !.Select(r => new Claim(ClaimTypes.Role, r))); return(new ClaimsPrincipal(identity)); }
public static ClaimsPrincipal ParseClaims(string json) { AuthenticationData data = JsonSerializer.Deserialize <AuthenticationData>(json); ClientPrincipal principal = data.ClientPrincipal; principal.UserRoles = principal.UserRoles.Except(new string[] { "anonymous" }, StringComparer.CurrentCultureIgnoreCase); if (!principal.UserRoles.Any()) { return(new ClaimsPrincipal()); } var identity = new ClaimsIdentity(principal.IdentityProvider); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, principal.UserId)); identity.AddClaim(new Claim(ClaimTypes.Name, principal.UserDetails)); identity.AddClaims(principal.UserRoles.Select(r => new Claim(ClaimTypes.Role, r))); return(new ClaimsPrincipal(identity)); }
private void Authenticate(ClientConnection connection, bool isOwnerConnection) { if (Logger.IsFinestEnabled()) { Logger.Finest(string.Format("Authenticating against the {0} node", isOwnerConnection?"owner":"non-owner")); } string uuid = null; string ownerUuid = null; if (ClientPrincipal != null) { uuid = ClientPrincipal.GetUuid(); ownerUuid = ClientPrincipal.GetOwnerUuid(); } var ss = _client.GetSerializationService(); ClientMessage request; var credentials = _credentialsFactory.NewCredentials(); LastCredentials = credentials; if (credentials.GetType() == typeof(UsernamePasswordCredentials)) { var usernamePasswordCr = (UsernamePasswordCredentials)credentials; request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.Username, usernamePasswordCr.Password, uuid, ownerUuid, isOwnerConnection, ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion()); } else { var data = ss.ToData(credentials); request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, isOwnerConnection, ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion()); } IClientMessage response; try { var invocationService = (ClientInvocationService)_client.GetInvocationService(); response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection), _heartbeatTimeout); } catch (Exception e) { var ue = ExceptionUtil.Rethrow(e); Logger.Finest("Member returned an exception during authentication.", ue); throw ue; } var result = ClientAuthenticationCodec.DecodeResponse(response); if (result.address == null) { throw new HazelcastException("Could not resolve address for member."); } switch (result.status) { case AuthenticationStatus.Authenticated: if (isOwnerConnection) { var member = new Member(result.address, result.ownerUuid); ClientPrincipal = new ClientPrincipal(result.uuid, result.ownerUuid); connection.Member = member; connection.SetOwner(); connection.ConnectedServerVersionStr = result.serverHazelcastVersion; } else { var member = _client.GetClientClusterService().GetMember(result.address); if (member == null) { throw new HazelcastException(string.Format("Node with address '{0}' was not found in the member list", result.address)); } connection.Member = member; } break; case AuthenticationStatus.CredentialsFailed: throw new AuthenticationException("Invalid credentials! Principal: " + ClientPrincipal); case AuthenticationStatus.SerializationVersionMismatch: throw new InvalidOperationException("Server serialization version does not match to client"); default: throw new AuthenticationException("Authentication status code not supported. status: " + result.status); } }
public void InsertIfNotExists(ClientPrincipal clientPrincipal) { InsertIfNotExists(_mapper.Map <UserEntity>(clientPrincipal)); }
private void ManagerAuthenticator(ClientConnection connection) { Logger.Finest("Authenticating against the owner node"); var ss = _client.GetSerializationService(); string uuid = null; string ownerUuid = null; if (_principal != null) { uuid = _principal.GetUuid(); ownerUuid = _principal.GetOwnerUuid(); } ClientMessage request; if (_credentials is UsernamePasswordCredentials) { var usernamePasswordCr = (UsernamePasswordCredentials) _credentials; request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.GetUsername(), usernamePasswordCr.GetPassword(), uuid, ownerUuid, true, ClientTypes.Csharp, _client.GetSerializationService().GetVersion()); } else { var data = ss.ToData(_credentials); request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, false, ClientTypes.Csharp, _client.GetSerializationService().GetVersion()); } connection.Init(); IClientMessage response; try { var invocationService = (ClientInvocationService) _client.GetInvocationService(); response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection)); } catch (Exception e) { throw ExceptionUtil.Rethrow(e); } var result = ClientAuthenticationCodec.DecodeResponse(response); var member = new Member(result.address, result.ownerUuid); _principal = new ClientPrincipal(result.uuid, result.ownerUuid); connection.SetRemoteMember(member); }