public SamlController(ILoggerFactory logger, IOptions <AuthConfiguration> spidConfiguration, RequestOptionFactory requestOptionFactory, IAuthRequest authRequest, IAuthResponse authResponse, ILogoutResponse logoutResponse, ITokenService tokenService, IdpHelper idpHelper, IDataProtectionService dataProtectionService) { _logger = logger.CreateLogger(LogCategories.AUTHENGINE); _traceLogger = logger.CreateLogger(LogCategories.SAMLTRACE); _sessionAuthLogger = logger.CreateLogger(LogCategories.AUTHSESSION); _spidConfiguration = spidConfiguration?.Value; _requestOptionFactory = requestOptionFactory; _authRequest = authRequest; _authResponse = authResponse; _logoutResponse = logoutResponse; _tokenService = tokenService; _idpHelper = idpHelper; _dataProtectionService = dataProtectionService; }
/// <summary> /// Registers a new user. /// </summary> public async Task <User> Post([FromBody] ProviderInfo info) { ProviderInfo result = await IdpHelper.GetUserInfoAsync(info.Provider, info.Token); var user = new User { Name = result.Name, Email = result.Email, Auth = result, PhotoUrl = result.PhotoUrl }; Db.Users.Add(user); await Db.SaveChangesAsync(); return(user); }
/// <summary> /// Authenticates a user. /// </summary> public async Task <User> Post([FromBody] ProviderInfo request) { var user = await Db.Users.FirstOrDefaultAsync(x => x.Email == request.Email); if (null == user) { return(null); } ProviderInfo info = await IdpHelper.GetUserInfoAsync(request.Provider, request.Token); if (info.Email == request.Email) { user.Auth = info; return(user); } return(null); }
/// <summary> /// Checks that the user's claimed identity (email and token) matches /// thier actual identity according to their provider. /// </summary> private async Task <HttpResponseMessage> Authorize() { // TODO: Consider more robust security. // This sample provides a basic demonstration of how to use tokens to communicate // with identity providers (IDPs) and authorize users. However, in a production application, // making repeated calls to IDPs is not reccomended as it is not performant and may result // in your app being rate-limited. Instead, you should perform an initial verification of // the user's identity, and then persist it on your own token (or a similar mechanism). string email = _context.Request.Headers.From; string token = _context.Request.Headers.Authorization.Parameter; ProviderType provider; bool providerParsed = Enum.TryParse <ProviderType>( _context.Request.Headers.Authorization.Scheme, out provider); if (!providerParsed || String.IsNullOrEmpty(email) || String.IsNullOrEmpty(token)) { return(_context.Request.CreateResponse(HttpStatusCode.Unauthorized)); } var user = await _db.Users.FirstOrDefaultAsync(x => x.Email == email); if (null == user) { return(_context.Request.CreateResponse(HttpStatusCode.Unauthorized)); } ProviderInfo response = await IdpHelper.GetUserInfoAsync(provider, token); if (response?.Email != email) { return(_context.Request.CreateResponse(HttpStatusCode.Unauthorized)); } _context.ControllerContext.RequestContext.Principal = new GenericPrincipal(new GenericIdentity(email), null); return(new HttpResponseMessage(HttpStatusCode.OK)); }
public RequestOptionFactory(ILoggerFactory logger, IOptions <AuthConfiguration> spidConfiguration, IdpHelper idpHelper) { _logger = logger.CreateLogger(LogCategories.AUTHENGINE); _spidConfiguration = spidConfiguration?.Value; _idpHelper = idpHelper; }