public void Process(DoLoginPipelineArgs args) { LoginSiteInfo currentSiteInfo = new LoginSiteInfo(Sitecore.Context.Site.SiteInfo); if (args != null && args.Principal == null) { args.Principal = _identityHelper.GetCurrentClaimsPrincipal(); } // NOTE [ILs] OAuth Principal is hidden during login so try fetching it if (args != null && args.Principal == null) { ClaimsIdentity identity = args.HttpContext.GetOwinContext().Get <ClaimsIdentity>(OAuthAuthentication.OAuthOwinContextKey); if (identity != null) { args.Principal = new ClaimsPrincipal(identity); } } if (args?.Principal != null && args.PrincipalClaimsInformation == null) { ClaimsPrincipal principal = args.Principal as ClaimsPrincipal; Type principalClaimsInformationType = Type.GetType(currentSiteInfo.PrincipleClaimsInfoClass); if (principalClaimsInformationType != null) { args.PrincipalClaimsInformation = (IPrincipalClaimsInformation) Activator.CreateInstance(principalClaimsInformationType, principal?.Claims); } } }
public void Process(DoLoginPipelineArgs args) { LoginSiteInfo currentSiteInfo = new LoginSiteInfo(Sitecore.Context.Site.SiteInfo); if (args?.ValidRoles.Count == 0) { args.ValidRoles.AddRange(currentSiteInfo.ValidRoles); } }
public override void Process(HttpRequestArgs args) { Assert.ArgumentNotNull(args, "args"); // NOTE [ILs] Only check authentication for claimbased authentication sites if (LoginSiteInfo.FastIsClaimsBasedCheck(Context.Site)) { ClaimsPrincipal federatedUser = _identityHelper.GetCurrentClaimsPrincipal() as ClaimsPrincipal; // algorithm: // 1 - if user is not logged in AND claimscookie is missing, return: anonymous visit -> handle in pipeline // 2 - if only claimscookie is available, delete this cookie -> handled by owin // 3 - if only ID in Database is available (not possible to check) -> handled by timer // 4 - if cookie, fedID and no sitecore ID is available -> redirect to login page, handled by sitecore // 5 - if only .ASPXAUTH cookiue is available (Context.IsLoggedIn) -> logout and redirect -> pipeline // 6 - if claimscookie, no fed ID and sitecore login is availalbe: logout and redirect -> pipeline // 7- if no claimscookie, no fed ID and sitecore login available: logout and redirect -> pipeline. // handled by // 1 - anonymous if (!Context.IsLoggedIn && federatedUser == null) { return; } if (Context.IsLoggedIn && federatedUser == null) { // 5 & 7 - pipeline if user is logged in LogoutAndRedirectToLogoutPage(); } else if (Context.IsLoggedIn && federatedUser != null) { // 8 all identities available // check if identity matches. // if not: redirect. Otherwise: return User user = Context.User; // compare identities // if not equal, , there is a cookie mismatch: // remove tokens, // logout sitecore user and // redirect to loginpage. LoginSiteInfo currentSiteInfo = new LoginSiteInfo(Context.Site); IPrincipalClaimsInformation principalClaimsInformation = (IPrincipalClaimsInformation) // ReSharper disable once AssignNullToNotNullAttribute - Will never be null Activator.CreateInstance(Type.GetType(currentSiteInfo.PrincipleClaimsInfoClass), federatedUser.Claims); AuthenticationCheckPipelineArgs pipelineArgs = new AuthenticationCheckPipelineArgs { ClaimsUser = federatedUser, SitecoreUser = user, PrincipalClaimsInformation = principalClaimsInformation }; CorePipeline.Run("authenticationCheck", pipelineArgs); if (!pipelineArgs.IsCheckSuccess) { LogoutAndRedirectToLogoutPage(); } } else { // several options: // Callback from the federated Identity provider, or an unexpected situation // Callback from the identity provider // entry from /login, auth context if (HttpContext.Current.Request.Url.PathAndQuery.StartsWith( Context.Site.LoginPage, StringComparison.InvariantCultureIgnoreCase)) { return; } // For all other situations: // Log to database for other situation LogoutAndRedirectToLogoutPage(); } } }