public async Task RefreshAsync(string userAreaCode, int userId)
{
if (userAreaCode == null)
{
throw new ArgumentNullException(nameof(userAreaCode));
}
if (userId < 1)
{
throw new ArgumentOutOfRangeException(nameof(userId));
}
ValidateHttpContext("refresh a user sign in");
var userArea = _userAreaDefinitionRepository.GetRequiredByCode(userAreaCode);
var loggedInUser = await GetUserIdByUserAreaCodeAsync(userAreaCode);
// Only refresh the sign in if the user is currently logged in
if (loggedInUser != userId)
{
return;
}
var scheme = AuthenticationSchemeNames.UserArea(userArea.UserAreaCode);
var auth = await _httpContextAccessor.HttpContext.AuthenticateAsync(scheme);
var isPeristent = auth?.Properties?.IsPersistent ?? false;
await SignInAsync(userAreaCode, userId, isPeristent);
}
/// <summary>
/// Returns the authenitcation scheme name that should be set as the default
/// in a call to <see cref="AuthenticationServiceCollectionExtensions.AddAuthentication"/>.
/// Override this if you want to change the default scheme.
/// </summary>
protected virtual string GetDefaultScheme()
{
var defaultSchemeCode = _userAreaDefinitionRepository.GetDefault()?.UserAreaCode;
if (defaultSchemeCode == null)
{
throw new InvalidOperationException("Default user area expected, but none are defined. The Cofoundry Admin user area should be defined at least.");
}
var defaultScheme = AuthenticationSchemeNames.UserArea(defaultSchemeCode);
return(defaultScheme);
}
public async Task SignOutOfAllUserAreasAsync()
{
ValidateHttpContext("sign out a user");
await _inMemoryUserSessionService.SignOutOfAllUserAreasAsync();
foreach (var userArea in _userAreaDefinitionRepository.GetAll())
{
var scheme = AuthenticationSchemeNames.UserArea(userArea.UserAreaCode);
await _httpContextAccessor.HttpContext.SignOutAsync(scheme);
TrackSignOut(userArea.UserAreaCode);
}
}
protected virtual void ConfigureAuthBuilder(AuthenticationBuilder authBuilder)
{
var allUserAreas = _userAreaDefinitionRepository.GetAll();
foreach (var userArea in allUserAreas)
{
var cookieNamespace = _authCookieNamespaceProvider.GetNamespace(userArea.UserAreaCode);
var scheme = AuthenticationSchemeNames.UserArea(userArea.UserAreaCode);
var options = new UserAreaSchemeRegistrationOptions(userArea, scheme, cookieNamespace);
ConfigureUserAreaScheme(authBuilder, options);
}
}
public async Task SignOutAsync(string userAreaCode)
{
if (userAreaCode == null)
{
throw new ArgumentNullException(nameof(userAreaCode));
}
ValidateHttpContext("sign out a user");
await _inMemoryUserSessionService.SignOutAsync(userAreaCode);
var scheme = AuthenticationSchemeNames.UserArea(userAreaCode);
await _httpContextAccessor.HttpContext.SignOutAsync(scheme);
TrackSignOut(userAreaCode);
}
public async Task <int?> GetUserIdByUserAreaCodeAsync(string userAreaCode)
{
if (userAreaCode == null)
{
throw new ArgumentNullException(nameof(userAreaCode));
}
if (_signedOutUserAreas.Contains(userAreaCode))
{
return(null);
}
var cachedUserId = await _inMemoryUserSessionService.GetUserIdByUserAreaCodeAsync(userAreaCode);
if (cachedUserId.HasValue)
{
return(cachedUserId);
}
if (_httpContextAccessor.HttpContext == null)
{
return(null);
}
var scheme = AuthenticationSchemeNames.UserArea(userAreaCode);
var result = await _httpContextAccessor.HttpContext.AuthenticateAsync(scheme);
if (!result.Succeeded)
{
return(null);
}
var userIdClaim = result.Principal.FindFirst(CofoundryClaimTypes.UserId);
if (userIdClaim == null)
{
return(null);
}
var userId = IntParser.ParseOrNull(userIdClaim.Value);
if (userId.HasValue)
{
// cache the auth by logging into the in-memory service
await _inMemoryUserSessionService.SignInAsync(userAreaCode, userId.Value, true);
}
return(userId);
}
public Task <ClaimsPrincipal> CreateAsync(IClaimsPrincipalBuilderContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var scheme = AuthenticationSchemeNames.UserArea(context.UserAreaCode);
var claims = new[]
{
new Claim(CofoundryClaimTypes.UserId, Convert.ToString(context.UserId)),
new Claim(CofoundryClaimTypes.SecurityStamp, context.SecurityStamp),
new Claim(CofoundryClaimTypes.UserAreaCode, context.UserAreaCode),
};
var claimsIdentity = new ClaimsIdentity(claims, scheme);
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
return(Task.FromResult(claimsPrincipal));
}
/// <summary>
/// Creates a minimal service provider to support authentication
/// </summary>
private ServiceProvider CreateServiceProvider(IUserAreaDefinitionRepository userAreaDefinitionRepository)
{
var allUserAreas = userAreaDefinitionRepository.GetAll();
var defaultSchemaCode = userAreaDefinitionRepository.GetDefault().UserAreaCode;
var defaultScheme = AuthenticationSchemeNames.UserArea(defaultSchemaCode);
var services = new ServiceCollection();
var authBuilder = services.AddAuthentication(defaultScheme);
foreach (var userAreaDefinition in allUserAreas)
{
var scheme = AuthenticationSchemeNames.UserArea(userAreaDefinition.UserAreaCode);
authBuilder.AddCookie(scheme);
}
services.AddLogging(config => config.AddDebug().AddConsole());
services.AddControllersWithViews();
return(services.BuildServiceProvider());
}
public async Task SignInAsync(string userAreaCode, int userId, bool rememberUser)
{
if (userAreaCode == null)
{
throw new ArgumentNullException(nameof(userAreaCode));
}
if (userId < 1)
{
throw new ArgumentOutOfRangeException(nameof(userId));
}
ValidateHttpContext("sign in a user");
var userArea = _userAreaDefinitionRepository.GetRequiredByCode(userAreaCode);
var userPrincipal = await CreateUserPrincipal(userId, userArea);
var scheme = AuthenticationSchemeNames.UserArea(userArea.UserAreaCode);
if (rememberUser)
{
var authProperties = new AuthenticationProperties()
{
IsPersistent = true
};
await _httpContextAccessor.HttpContext.SignInAsync(scheme, userPrincipal, authProperties);
}
else
{
await _httpContextAccessor.HttpContext.SignInAsync(scheme, userPrincipal);
}
await _inMemoryUserSessionService.SignInAsync(userAreaCode, userId, rememberUser);
if (_signedOutUserAreas.Contains(userAreaCode))
{
// signed out and back in during the same request: odd but let's handle it.
_signedOutUserAreas.Remove(userAreaCode);
}
}
