private static void ShowLoginUI(
IOwinContext context,
StuntmanOptions options)
{
context.Response.ContentType = "text/html";
context.Response.StatusCode = 200;
var css = Resources.GetCss();
var usersHtml = GetUsersLoginUI(context, options);
context.Response.Write($@"
<!DOCTYPE html>
<html>
<head>
<meta charset=""UTF-8"">
<title>Select a user</title>
<style>
{css}
</style>
</head>
<body>
<div class=""stuntman-login-ui-container"">
<h2><img src=""https://raw.githubusercontent.com/ritterim/stuntman/gh-pages/images/stuntman-logo.png"" alt=""Welcome to Stuntman"" /></h2>
<h2>Please select a user to continue authentication.</h2>
<ul>
{usersHtml}
</ul>
</div>
</body>
</html>");
}
/// <summary>
/// Add Stuntman to this application.
/// </summary>
public static void AddStuntman(this IServiceCollection services, StuntmanOptions options)
{
services.AddAuthentication(Constants.StuntmanAuthenticationType);
var authBuilder = new AuthenticationBuilder(services);
if (options.AllowBearerTokenAuthentication)
{
authBuilder.AddJwtBearer(
opts =>
{
opts.Events = new JwtBearerEvents
{
OnMessageReceived = context => StuntmanOnMessageReceived(options, context)
};
});
}
if (options.AllowCookieAuthentication)
{
authBuilder.AddCookie(
Constants.StuntmanAuthenticationType,
opts =>
{
opts.LoginPath = new PathString(options.SignInUri);
opts.LogoutPath = new PathString(options.SignOutUri);
opts.ReturnUrlParameter = Constants.StuntmanOptions.ReturnUrlQueryStringKey;
});
}
}
private static string GetUsersLoginUI(
IOwinContext context,
StuntmanOptions options)
{
var usersHtml = new StringBuilder();
foreach (var user in options.Users)
{
var href = string.Format("{0}?OverrideUserId={1}&{2}={3}",
options.SignInUri,
user.Id,
StuntmanOptions.ReturnUrlQueryStringKey,
WebUtility.UrlEncode(context.Request.Query[StuntmanOptions.ReturnUrlQueryStringKey]));
usersHtml.Append(string.Format(@"
<div class=""stuntman-g"">
<div class=""stuntman-u-1"">
<a href=""{0}"" class=""stuntman-button stuntman-u-1"">{1}</a>
</div>
</div>
", href, user.Name));
}
return(usersHtml.ToString());
}
private static void ShowLoginUI(
IOwinContext context,
StuntmanOptions options)
{
context.Response.ContentType = "text/html";
context.Response.StatusCode = 200;
var css = Resources.GetCss();
var usersHtml = GetUsersLoginUI(context, options);
context.Response.Write(string.Format(@"
<html>
<head>
<style>
{0}
</style>
</head>
<body>
<div class=""stuntman-g"">
<div class=""stuntman-u-1-4""> </div>
<div class=""stuntman-u-1-2"">
<h2 class=""stuntman text-center"">Please select a user to continue authentication.</h2>
<div class=""stuntman-g"">
<div class=""stuntman-u-1-6""> </div>
<div class=""stuntman-u-2-3"">
{1}
</div>
</div>
</div>
<div class=""stuntman-u-1-4""> </div>
</div>
</body>
</html>
", css, usersHtml));
}
private static async void ShowLoginUI(
HttpContext context,
StuntmanOptions options)
{
context.Response.ContentType = "text/html";
context.Response.StatusCode = 200;
var css = Resources.GetCss();
var logoForInlining = Resources.GetLogoForInlining();
var usersHtml = GetUsersLoginUI(context, options);
await context.Response.WriteAsync($@"
<!DOCTYPE html>
<html>
<head>
<meta charset=""UTF-8"">
<title>Select a user</title>
<style>
{css}
</style>
</head>
<body>
<div class=""stuntman-login-ui-container"">
<h2><img src=""{logoForInlining}"" alt=""Welcome to Stuntman"" /></h2>
<h2>Please select a user to continue authentication.</h2>
<ul>
{usersHtml}
</ul>
</div>
</body>
</html>");
}
public void Configuration(IAppBuilder app)
{
var options = new StuntmanOptions()
.AddUser(new StuntmanUser("user-1", "User 1")
.AddClaim("given_name", "John")
.AddClaim("family_name", "Doe"));
if (System.Web.HttpContext.Current.IsDebuggingEnabled)
{
app.UseStuntman(options);
}
}
private static string GetUsersLoginUI(
IOwinContext context,
StuntmanOptions options)
{
var usersHtml = new StringBuilder();
foreach (var user in options.Users)
{
var href = $"{options.SignInUri}?OverrideUserId={user.Id}&{Constants.StuntmanOptions.ReturnUrlQueryStringKey}={WebUtility.UrlEncode(context.Request.Query[Constants.StuntmanOptions.ReturnUrlQueryStringKey])}";
usersHtml.Append($@"<li><a href=""{href}"">{user.Name}</a></li>");
}
return(usersHtml.ToString());
}
private static string GetUsersLoginUI(
HttpContext context,
StuntmanOptions options)
{
var usersHtml = new StringBuilder();
foreach (var user in options.Users)
{
var href = $"{options.SignInUri}?OverrideUserId={user.Id}&{Constants.StuntmanOptions.ReturnUrlQueryStringKey}={WebUtility.UrlEncode(context.Request.Query[Constants.StuntmanOptions.ReturnUrlQueryStringKey])}";
usersHtml.Append($@"<li><a href=""{href}"" title=""{(string.IsNullOrEmpty(user.Description) ? null : WebUtility.HtmlEncode(user.Description) + " ")}Source: {user.Source}"">{user.Name}</a></li>");
}
return(usersHtml.ToString());
}
/// <summary>
/// Enable Stuntman on this application.
/// </summary>
public static void UseStuntman(this IAppBuilder app, StuntmanOptions options)
{
if (options.AllowBearerTokenAuthentication)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
AuthenticationType = Constants.StuntmanAuthenticationType,
Provider = new StuntmanOAuthBearerProvider(options),
AccessTokenFormat = new StuntmanOAuthAccessTokenFormat()
});
}
if (options.AllowCookieAuthentication)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = Constants.StuntmanAuthenticationType,
LoginPath = new PathString(options.SignInUri),
LogoutPath = new PathString(options.SignOutUri),
ReturnUrlParameter = Constants.StuntmanOptions.ReturnUrlQueryStringKey,
});
app.Map(options.SignInUri, signin =>
{
signin.Use(async(context, next) =>
{
var claims = new List <Claim>();
var overrideUserId = context.Request.Query[Constants.StuntmanOptions.OverrideQueryStringKey];
if (string.IsNullOrWhiteSpace(overrideUserId))
{
await next.Invoke();
IAppBuilderShared.ShowLoginUI(context, options);
}
else
{
var user = options.Users
.Where(x => x.Id == overrideUserId)
.FirstOrDefault();
if (user == null)
{
context.Response.StatusCode = 404;
await context.Response.WriteAsync(
$"options provided does not include the requested '{overrideUserId}' user.");
return;
}
claims.Add(new Claim(user.NameClaimType, user.Name));
claims.AddRange(user.Claims);
var identity = new ClaimsIdentity(claims, Constants.StuntmanAuthenticationType, user.NameClaimType, user.RoleClaimType);
var authManager = context.Authentication;
authManager.SignIn(identity);
await next.Invoke();
}
});
IAppBuilderShared.RedirectToReturnUrl(signin);
});
app.Map(options.SignOutUri, signout =>
{
signout.Use((context, next) =>
{
var authManager = context.Authentication;
authManager.SignOut(Constants.StuntmanAuthenticationType);
return(next.Invoke());
});
IAppBuilderShared.RedirectToReturnUrl(signout);
});
}
if (options.ServerEnabled)
{
app.Map(options.ServerUri, server =>
{
server.Use(async(context, next) =>
{
var response = new StuntmanServerResponse {
Users = options.Users
};
var json = JsonConvert.SerializeObject(response);
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(json);
});
});
}
}
public StuntmanOAuthBearerProvider(StuntmanOptions options)
{
this.options = options;
}
public UserPicker(StuntmanOptions options)
{
_options = options;
}
private static async Task StuntmanOnMessageReceived(
StuntmanOptions options,
MessageReceivedContext context)
{
var authorizationBearerToken = context.HttpContext.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(authorizationBearerToken))
{
// TODO: Skip to next middleware?
return;
}
else
{
var authorizationBearerTokenParts = authorizationBearerToken.ToString().Split(' ');
var accessToken = authorizationBearerTokenParts
.LastOrDefault();
var claims = new List <Claim>();
StuntmanUser user = null;
if (authorizationBearerTokenParts.Count() != 2 ||
string.IsNullOrWhiteSpace(accessToken))
{
context.HttpContext.Response.StatusCode = 400;
await context.HttpContext.Response.WriteAsync(
"Authorization header is not in correct format.");
context.Fail(
"Authorization header is not in correct format.");
return;
}
else
{
user = options.Users
.Where(x => x.AccessToken == accessToken)
.FirstOrDefault();
if (user == null)
{
if (!options.AllowBearerTokenPassthrough)
{
context.Response.StatusCode = 403;
await context.HttpContext.Response.WriteAsync(
$"options provided does not include the requested '{accessToken}' user.");
}
context.Fail(
$"options provided does not include the requested '{accessToken}' user.");
return;
}
else
{
claims.Add(new Claim("access_token", accessToken));
}
}
claims.Add(new Claim(user.NameClaimType, user.Name));
claims.AddRange(user.Claims);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, Constants.StuntmanAuthenticationType, user.NameClaimType, user.RoleClaimType));
context.Success();
options.AfterBearerValidateIdentity?.Invoke(context);
}
}
public UserPicker(StuntmanOptions options)
{
_options = options;
}
public static void UseStuntman(this IAppBuilder app, StuntmanOptions options)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
AuthenticationType = StuntmanAuthenticationType,
Provider = new StuntmanOAuthBearerProvider(options),
AccessTokenFormat = new StuntmanOAuthAccessTokenFormat()
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = StuntmanAuthenticationType,
LoginPath = new PathString(options.SignInUri),
LogoutPath = new PathString(options.SignOutUri),
ReturnUrlParameter = StuntmanOptions.ReturnUrlQueryStringKey,
});
app.Map(options.SignInUri, signin =>
{
signin.Use(async(context, next) =>
{
var claims = new List <Claim>();
var overrideUserId = context.Request.Query[StuntmanOptions.OverrideQueryStringKey];
if (string.IsNullOrWhiteSpace(overrideUserId))
{
await next.Invoke();
ShowLoginUI(context, options);
}
else
{
var user = options.Users
.Where(x => x.Id == overrideUserId)
.FirstOrDefault();
if (user == null)
{
context.Response.StatusCode = 404;
await context.Response.WriteAsync(string.Format(
"options provided does not include the requested '{0}' user.",
overrideUserId));
return;
}
claims.Add(new Claim(ClaimTypes.Name, user.Name));
claims.AddRange(user.Claims);
var identity = new ClaimsIdentity(claims, StuntmanAuthenticationType);
var authManager = context.Authentication;
authManager.SignIn(identity);
await next.Invoke();
}
});
RedirectToReturnUrl(signin);
});
app.Map(options.SignOutUri, signout =>
{
signout.Use((context, next) =>
{
var authManager = context.Authentication;
authManager.SignOut(StuntmanAuthenticationType);
return(next.Invoke());
});
RedirectToReturnUrl(signout);
});
}
public void Configuration(IAppBuilder app)
{
var options = new StuntmanOptions()
.AddUser(new StuntmanUser("user-1", "User 1")
.SetAccessToken("user-1-token")
.AddClaim("given_name", "John")
.AddClaim("family_name", "Doe"))
.AddUser(new StuntmanUser("user-2", "User 2")
.AddClaim("given_name", "Jane")
.AddClaim("family_name", "Doe"))
.AddUser(new StuntmanUser("user-3", "User 3")
.AddClaim("given_name", "Sam")
.AddClaim("family_name", "Smith"));
if (System.Web.HttpContext.Current.IsDebuggingEnabled)
{
app.UseStuntman(options);
}
var userPicker = new UserPicker(options);
app.Map("/secure", secure =>
{
AuthenticateAllRequests(secure, new[] { "StuntmanAuthentication" });
secure.Run(context =>
{
var userName = context.Request.User.Identity.Name;
if (string.IsNullOrEmpty(userName))
userName = "******";
context.Response.ContentType = "text/html";
context.Response.WriteAsync(string.Format(
"Hello, {0}. This is the /secure endpoint.",
userName));
if (System.Web.HttpContext.Current.IsDebuggingEnabled)
{
context.Response.WriteAsync(
userPicker.GetHtml(context.Request.User, context.Request.Uri.AbsoluteUri));
}
return Task.FromResult(true);
});
});
app.Map("/logout", logout =>
{
logout.Run(context =>
{
context.Authentication.SignOut();
return Task.FromResult(true);
});
});
app.Map("", nonSecure =>
{
nonSecure.Run(context =>
{
var userName = context.Request.User.Identity.Name;
if (string.IsNullOrEmpty(userName))
userName = "******";
context.Response.ContentType = "text/html";
context.Response.WriteAsync(string.Format(
"Hello, {0}.",
userName));
if (System.Web.HttpContext.Current.IsDebuggingEnabled)
{
context.Response.WriteAsync(
userPicker.GetHtml(context.Request.User, context.Request.Uri.AbsoluteUri));
}
return Task.FromResult(true);
});
});
}