public void Process(DoLoginPipelineArgs args)
{
LoginSiteInfo currentSiteInfo = new LoginSiteInfo(Sitecore.Context.Site.SiteInfo);
if (args != null && args.Principal == null)
{
args.Principal = _identityHelper.GetCurrentClaimsPrincipal();
}
// NOTE [ILs] OAuth Principal is hidden during login so try fetching it
if (args != null && args.Principal == null)
{
ClaimsIdentity identity = args.HttpContext.GetOwinContext().Get <ClaimsIdentity>(OAuthAuthentication.OAuthOwinContextKey);
if (identity != null)
{
args.Principal = new ClaimsPrincipal(identity);
}
}
if (args?.Principal != null && args.PrincipalClaimsInformation == null)
{
ClaimsPrincipal principal = args.Principal as ClaimsPrincipal;
Type principalClaimsInformationType = Type.GetType(currentSiteInfo.PrincipleClaimsInfoClass);
if (principalClaimsInformationType != null)
{
args.PrincipalClaimsInformation =
(IPrincipalClaimsInformation)
Activator.CreateInstance(principalClaimsInformationType, principal?.Claims);
}
}
}
public void Process(DoLoginPipelineArgs args)
{
LoginSiteInfo currentSiteInfo = new LoginSiteInfo(Sitecore.Context.Site.SiteInfo);
if (args?.ValidRoles.Count == 0)
{
args.ValidRoles.AddRange(currentSiteInfo.ValidRoles);
}
}
public override void Process(HttpRequestArgs args)
{
Assert.ArgumentNotNull(args, "args");
// NOTE [ILs] Only check authentication for claimbased authentication sites
if (LoginSiteInfo.FastIsClaimsBasedCheck(Context.Site))
{
ClaimsPrincipal federatedUser = _identityHelper.GetCurrentClaimsPrincipal() as ClaimsPrincipal;
// algorithm:
// 1 - if user is not logged in AND claimscookie is missing, return: anonymous visit -> handle in pipeline
// 2 - if only claimscookie is available, delete this cookie -> handled by owin
// 3 - if only ID in Database is available (not possible to check) -> handled by timer
// 4 - if cookie, fedID and no sitecore ID is available -> redirect to login page, handled by sitecore
// 5 - if only .ASPXAUTH cookiue is available (Context.IsLoggedIn) -> logout and redirect -> pipeline
// 6 - if claimscookie, no fed ID and sitecore login is availalbe: logout and redirect -> pipeline
// 7- if no claimscookie, no fed ID and sitecore login available: logout and redirect -> pipeline.
// handled by
// 1 - anonymous
if (!Context.IsLoggedIn && federatedUser == null)
{
return;
}
if (Context.IsLoggedIn && federatedUser == null)
{
// 5 & 7 - pipeline if user is logged in
LogoutAndRedirectToLogoutPage();
}
else if (Context.IsLoggedIn && federatedUser != null)
{
// 8 all identities available
// check if identity matches.
// if not: redirect. Otherwise: return
User user = Context.User;
// compare identities
// if not equal, , there is a cookie mismatch:
// remove tokens,
// logout sitecore user and
// redirect to loginpage.
LoginSiteInfo currentSiteInfo = new LoginSiteInfo(Context.Site);
IPrincipalClaimsInformation principalClaimsInformation =
(IPrincipalClaimsInformation)
// ReSharper disable once AssignNullToNotNullAttribute - Will never be null
Activator.CreateInstance(Type.GetType(currentSiteInfo.PrincipleClaimsInfoClass), federatedUser.Claims);
AuthenticationCheckPipelineArgs pipelineArgs = new AuthenticationCheckPipelineArgs
{
ClaimsUser = federatedUser,
SitecoreUser = user,
PrincipalClaimsInformation = principalClaimsInformation
};
CorePipeline.Run("authenticationCheck", pipelineArgs);
if (!pipelineArgs.IsCheckSuccess)
{
LogoutAndRedirectToLogoutPage();
}
}
else
{
// several options:
// Callback from the federated Identity provider, or an unexpected situation
// Callback from the identity provider
// entry from /login, auth context
if (HttpContext.Current.Request.Url.PathAndQuery.StartsWith(
Context.Site.LoginPage,
StringComparison.InvariantCultureIgnoreCase))
{
return;
}
// For all other situations:
// Log to database for other situation
LogoutAndRedirectToLogoutPage();
}
}
}
