public static void AddToResponse(SiteMinderAuthenticationToken token, HttpResponse res)
{
res.Cookies.Append(SM_TOKEN_NAME, token.ToString().Base64Encode(), new CookieOptions
{
SameSite = SameSiteMode.Strict,
Expires = DateTimeOffset.Now.AddSeconds(30),
HttpOnly = true
});
}
private static ClaimsPrincipal CreatePrincipalFor(SiteMinderAuthenticationToken smAuthToken)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Sid, smAuthToken.smgov_userguid),
new Claim(ClaimTypes.Upn, smAuthToken.sm_universalid),
new Claim(SiteMinderClaimTypes.NAME, smAuthToken.smgov_userdisplayname),
new Claim(SiteMinderClaimTypes.GIVEN_NAME, smAuthToken.smgov_givenname),
new Claim(SiteMinderClaimTypes.SURNAME, smAuthToken.smgov_sn),
new Claim(SiteMinderClaimTypes.DEPARTMENT, smAuthToken.smgov_department),
new Claim(SiteMinderClaimTypes.COMPANY, smAuthToken.smgov_company),
new Claim(SiteMinderClaimTypes.EMAIL, smAuthToken.smgov_email),
};
return(new ClaimsPrincipal(new ClaimsIdentity(claims, SiteMinderAuthOptions.Scheme)));
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
var smAuthToken = SiteMinderAuthenticationToken.CreateFromFwdHeaders(Request);
if (!_environment.IsProduction() && smAuthToken.IsAnonymous())
{
smAuthToken = SiteMinderAuthenticationToken.CreateForDev(Request);
Response.Cookies.Delete(SiteMinderAuthenticationToken.SM_TOKEN_NAME);
}
string claims = Context.Session.GetString("app.principal");
if (!string.IsNullOrEmpty(claims))
{
var principal = claims.FromJwt();
_logger.LogInformation("Successfully authenticated user {User} from session with authentication token {@SmAuthToken}", principal.Identity.Name, smAuthToken);
return(AuthenticateResult.Success(new AuthenticationTicket(principal, SiteMinderAuthOptions.Scheme)));
}
if (smAuthToken.IsAnonymous())
{
_logger.LogInformation("Did not authenticate anonymous user with authentication token {@SmAuthToken}", smAuthToken);
return(AuthenticateResult.NoResult());
}
try
{
var principal = CreatePrincipalFor(smAuthToken);
Context.Session.SetString("app.principal", principal.ToJwt());
_logger.LogInformation("Successfully authenticated user {User} with authentication token {@SmAuthToken}", principal.Identity.Name, smAuthToken);
return(AuthenticateResult.Success(new AuthenticationTicket(principal, SiteMinderAuthOptions.Scheme)));
}
catch (ApplicationException e)
{
_logger.LogError(e, "Failed to authenticate user with authentication token {@SmAuthToken}", smAuthToken);
return(AuthenticateResult.Fail(e.Message));
}
}
