Beispiel #1
0
        private static void SetPersonalInfo(Session session, IPrincipalClaimsInformation principalClaimsInformation)
        {
            IContactPersonalInfo personalInfo = session.Contact.GetFacet <IContactPersonalInfo>("Personal");

            personalInfo.FirstName = principalClaimsInformation.GivenName;
            personalInfo.Surname   = principalClaimsInformation.Surname;

            // if neither the given name nor the surname are specified for the user and
            // the display name is then we fall back to that field
            if (string.IsNullOrEmpty(principalClaimsInformation.GivenName) &&
                string.IsNullOrEmpty(principalClaimsInformation.Surname) &&
                !string.IsNullOrEmpty(principalClaimsInformation.DisplayName))
            {
                personalInfo.Surname = principalClaimsInformation.DisplayName;
            }
        }
Beispiel #2
0
        public override void Process(HttpRequestArgs args)
        {
            Assert.ArgumentNotNull(args, "args");

            // NOTE [ILs] Only check authentication for claimbased authentication sites
            if (LoginSiteInfo.FastIsClaimsBasedCheck(Context.Site))
            {
                ClaimsPrincipal federatedUser = _identityHelper.GetCurrentClaimsPrincipal() as ClaimsPrincipal;

                // algorithm:
                // 1 - if user is not logged in AND claimscookie is missing, return: anonymous visit -> handle in pipeline
                // 2 - if only claimscookie is available, delete this cookie -> handled by owin
                // 3 - if only ID in Database is available (not possible to check) -> handled by timer
                // 4 - if cookie, fedID and no sitecore ID is available -> redirect to login page, handled by sitecore
                // 5 - if only .ASPXAUTH cookiue is available (Context.IsLoggedIn) -> logout and redirect -> pipeline
                // 6 - if claimscookie, no fed ID and sitecore login is availalbe: logout and redirect -> pipeline
                // 7-  if no claimscookie, no fed ID and sitecore login available: logout and redirect -> pipeline.
                // handled by

                // 1 - anonymous
                if (!Context.IsLoggedIn && federatedUser == null)
                {
                    return;
                }

                if (Context.IsLoggedIn && federatedUser == null)
                {
                    // 5 & 7 - pipeline if user is logged in
                    LogoutAndRedirectToLogoutPage();
                }
                else if (Context.IsLoggedIn && federatedUser != null)
                {
                    // 8 all identities available
                    // check if identity matches.
                    // if not: redirect. Otherwise: return
                    User user = Context.User;

                    // compare identities
                    // if not equal, , there is a cookie mismatch:
                    // remove tokens,
                    // logout sitecore user and
                    // redirect to loginpage.
                    LoginSiteInfo currentSiteInfo = new LoginSiteInfo(Context.Site);
                    IPrincipalClaimsInformation principalClaimsInformation =
                        (IPrincipalClaimsInformation)
                        // ReSharper disable once AssignNullToNotNullAttribute - Will never be null
                        Activator.CreateInstance(Type.GetType(currentSiteInfo.PrincipleClaimsInfoClass), federatedUser.Claims);
                    AuthenticationCheckPipelineArgs pipelineArgs = new AuthenticationCheckPipelineArgs
                    {
                        ClaimsUser   = federatedUser,
                        SitecoreUser = user,
                        PrincipalClaimsInformation = principalClaimsInformation
                    };
                    CorePipeline.Run("authenticationCheck", pipelineArgs);
                    if (!pipelineArgs.IsCheckSuccess)
                    {
                        LogoutAndRedirectToLogoutPage();
                    }
                }
                else
                {
                    // several options:
                    // Callback from the federated Identity provider, or an unexpected situation

                    // Callback from the identity provider
                    // entry from /login, auth context
                    if (HttpContext.Current.Request.Url.PathAndQuery.StartsWith(
                            Context.Site.LoginPage,
                            StringComparison.InvariantCultureIgnoreCase))
                    {
                        return;
                    }

                    // For all other situations:
                    // Log to database for other situation
                    LogoutAndRedirectToLogoutPage();
                }
            }
        }