/*
* Utility function for checking if a user is internal. If they are on the internal IP list they get to skip login
* The internal ip list must have defined roles
*/
private void CreateVirtualUserIfInternal()
{
var internalAccessItem = Sitecore.Data.Database.GetDatabase(Database).GetItem(InternalAccessItem);
NameValueCollection accessList = WebUtil.ParseUrlParameters(internalAccessItem.Fields["Access List"].Value);
var virtualUserRoles = internalAccessItem.Fields["Virtual User Roles"].Value;
var loginService = new LoginService(accessList, virtualUserRoles);
var internalRangeMatch = loginService.InternalMatchCheck();
if (!internalRangeMatch.Equals(default(KeyValuePair <string, string>)))
{
var virtualUsername = string.Format("vUser\\{0}_{1}", internalRangeMatch.Key, internalRangeMatch.Value.Replace(".", "_"));
var virtualUser = AuthenticationManager.BuildVirtualUser(virtualUsername, true);
var virtualRoles = loginService.GetVirtualUserRoles();
if (!virtualRoles.Any())
{
Log.Error("No Virtual Roles defined", this);
}
foreach (var virtualUserRole in virtualRoles)
{
virtualUser.Roles.Add(virtualUserRole);
}
AuthenticationManager.LoginVirtualUser(virtualUser);
}
}
public IWebLoginUserResult Login(IUser user, bool persist)
{
var sitecoreUsername = VirtualUsernameFactory.Create(user);
var sitecoreVirtualUser = AuthenticationManager.BuildVirtualUser(sitecoreUsername, true);
var userProfile = UserProfileFactory.Create(user);
if (userProfile != null)
{
sitecoreVirtualUser.Profile.Email = userProfile.Email;
sitecoreVirtualUser.Profile.Name = string.Format("{0} {1}", userProfile.FirstName, userProfile.LastName);
}
sitecoreVirtualUser.Profile.Save();
var success = AuthenticationManager.Login(sitecoreVirtualUser.Name, persist);
if (success)
{
LoginActions.Process(user);
}
return(new WebLoginUserResult
{
Success = success
});
}
protected User BuildVirtualUser(UserIdamData idamData)
{
var domain = "extranet";
var userId = idamData.NameIdentifier;
var username = $"{domain}\\{userId}";
var user = AuthenticationManager.BuildVirtualUser(username, true);
user.Profile.Save();
return(user);
}
private User CreateVirtualUser(DGATokenResponse token, string userName)
{
var virtualUser = AuthenticationManager.BuildVirtualUser(string.Format("{0}\\{1}", Take2Domain, userName), true);
virtualUser.Profile.FullName = string.Format("{0} {1}", token.given_name, token.family_name);
virtualUser.Profile.Email = token.email;
virtualUser.Profile.Save();
if (token.role.Equals("member", StringComparison.InvariantCultureIgnoreCase) &&
token.is_member_in_good_standing)
{
virtualUser.Roles.Add(Sitecore.Security.Accounts.Role.FromName(@"take2\member"));
}
return(virtualUser);
}
/// <summary>
/// Logins the specified user.
/// </summary>
/// <param name="user">The user.</param>
public void Login(IPrincipal user)
{
var identity = user.Identity;
#if DEBUG
WriteClaimsInfo(user.Identity as ClaimsIdentity);
#endif
if (!identity.IsAuthenticated)
{
return;
}
var userName = string.Format("{0}\\{1}", Context.Domain.Name, identity.Name);
try
{
var virtualUser = AuthenticationManager.BuildVirtualUser(userName, true);
var roles = Context.Domain.GetRoles();
if (roles != null)
{
var groups = GetGroups(user.Identity as ClaimsIdentity);
foreach (var role in from role in roles
let roleName = GetRoleName(role.Name)
where groups.Contains(roleName.ToLower()) && !virtualUser.Roles.Contains(role)
select role)
{
virtualUser.Roles.Add(role);
}
foreach (
var role2 in
virtualUser.Roles.SelectMany(
role1 =>
RolesInRolesManager.GetRolesForRole(role1, true)
.Where(role2 => !virtualUser.Roles.Contains(role2))))
{
virtualUser.Roles.Add(role2);
}
// Setting the user to be an admin.
virtualUser.RuntimeSettings.IsAdministrator =
groups.Contains(Settings.GetSetting("ADFS.Authenticator.AdminUserRole", "Admins"));
}
AuthenticationManager.Login(virtualUser);
}
catch (ArgumentException ex)
{
Log.Error("ADFS::Login Failed!", ex, this);
}
}
public void Process(DoLoginPipelineArgs args)
{
if (args?.User == null &&
args?.Principal != null &&
args.Principal.Identity.IsAuthenticated)
{
ClaimsPrincipal principal = args.Principal as ClaimsPrincipal;
if (principal != null &&
(!args.ValidRoles.Any() || args.PrincipalClaimsInformation.Roles.Intersect(args.ValidRoles).Any()))
{
string accountName = args.PrincipalClaimsInformation.AccountName;
string userName = $"{Context.Domain.Name}\\{accountName}";
User virtualUser = AuthenticationManager.BuildVirtualUser(userName, true);
AuthenticationManager.Login(virtualUser);
args.User = virtualUser;
}
}
}
public void LoginWithVirtualUser(string UserName, string fullName, string emailAddress)
{
string[] roles = new string[] {
@"sitecore\Sitecore Client Users",
@"external\Preview User"
};
string[] revokedItems = new string[] {
@"/sitecore/content/Home/Events",
@"/sitecore/content/Home/News"
};
User user = AuthenticationManager.BuildVirtualUser(UserName, true);
if (user != null)
{
AssignRoles(user, roles);
RevokeItemAccessRights(user, revokedItems);
SetProfile(user, fullName, emailAddress);
AuthenticationManager.Login(user);
}
}
public bool AuthenticateUser(string email, string password)
{
var hashedPassword = GetHashedPassword(password);
using (var db = new CustomMembershipContext())
{
var matchingUser = db.Users.FirstOrDefault(i => i.Email == email && i.Password == password);
if (matchingUser != null)
{
var virtualUser = AuthenticationManager.BuildVirtualUser(email, true);
virtualUser.Roles.Add(Role.FromName("extranet\\Simple IoC Logged In Users"));
virtualUser.Profile.Email = email;
virtualUser.Profile.Name = string.Format("{0} {1}", matchingUser.FirstName, matchingUser.LastName);
return(AuthenticationManager.LoginVirtualUser(virtualUser));
}
}
return(false);
}
/// <summary>
/// Logins the specified user.
/// </summary>
/// <param name="user">The user.</param>
public void Login(IPrincipal principal)
{
var identity = principal.Identity;
var allowLoginToShell = false;
#if DEBUG
WriteClaimsInfo(principal.Identity as ClaimsIdentity);
#endif
if (!identity.IsAuthenticated)
{
return;
}
var userName = string.Format("{0}\\{1}", Context.Domain.Name, identity.Name);
try
{
var virtualUser = AuthenticationManager.BuildVirtualUser(userName, true);
var roles = Context.Domain.GetRoles();
if (roles != null)
{
var groups = GetGroups(principal.Identity as ClaimsIdentity);
foreach (var role in from role in roles
let roleName = GetRoleName(role.Name)
where groups.Contains(roleName.ToLower()) && !virtualUser.Roles.Contains(role)
select role)
{
virtualUser.Roles.Add(role);
}
foreach (
var role2 in
virtualUser.Roles.SelectMany(
role1 =>
RolesInRolesManager.GetRolesForRole(role1, true)
.Where(role2 => !virtualUser.Roles.Contains(role2))))
{
virtualUser.Roles.Add(role2);
}
// Setting the user to be an admin.
//TODO = case sensitive
virtualUser.RuntimeSettings.IsAdministrator =
groups.Contains(Settings.GetSetting("ADFS.Authenticator.AdminUserRole", "Sitecore Local Administrators"), StringComparer.OrdinalIgnoreCase);
if (virtualUser.RuntimeSettings.IsAdministrator)
{
allowLoginToShell = true;
}
}
virtualUser.Profile.Email = "*****@*****.**";
AuthenticationManager.Login(virtualUser);
var tracker = Tracker.Current;
if (tracker != null)
{
tracker.Session.Identify(virtualUser.Identity.Name);
}
}
catch (ArgumentException ex)
{
Log.Error("ADFS::Login Failed!", ex, this);
}
}