private static void ConfigureMembershipReboot(IAppBuilder app) { var cookieOptions = new CookieAuthenticationOptions { AuthenticationType = MembershipRebootOwinConstants.AuthenticationType }; Func<IDictionary<string, object>, UserAccountService> uaFunc = env => { var appInfo = new OwinApplicationInformation( env, "Test", "Test Email Signature", "/Login", "/Register/Confirm/", "/Register/Cancel/", "/PasswordReset/Confirm/"); var config = new MembershipRebootConfiguration(); var emailFormatter = new EmailMessageFormatter(appInfo); // uncomment if you want email notifications -- also update smtp settings in web.config config.AddEventHandler(new EmailAccountEventsHandler(emailFormatter)); var svc = new UserAccountService(config, new DefaultUserAccountRepository()); svc.TwoFactorAuthenticationPolicy = new OwinCookieBasedTwoFactorAuthPolicy(env); return svc; }; Func<IDictionary<string, object>, AuthenticationService> authFunc = env => { return new OwinAuthenticationService(cookieOptions.AuthenticationType, uaFunc(env), env); }; app.UseMembershipReboot(cookieOptions, uaFunc, authFunc); }
public ValidationResult Validate(UserAccountService service, UserAccount account, string value) { if (String.IsNullOrWhiteSpace(value)) { return new ValidationResult(Resources.ValidationMessages.PasswordRequired); } if (value.Length < this.MinimumLength) { return new ValidationResult(String.Format(Resources.ValidationMessages.PasswordLength, this.MinimumLength)); } var upper = value.Any(x => Char.IsUpper(x)); var lower = value.Any(x => Char.IsLower(x)); var digit = value.Any(x => Char.IsDigit(x)); var other = value.Any(x => !Char.IsUpper(x) && !Char.IsLower(x) && !Char.IsDigit(x)); var vals = new bool[] { upper, lower, digit, other }; var matches = vals.Where(x => x).Count(); if (matches < this.MinimumNumberOfComplexityRules) { return new ValidationResult(String.Format(Resources.ValidationMessages.PasswordComplexityRules, this.MinimumNumberOfComplexityRules)); } return null; }
public static void CreateLocalAccount( IDocumentStore masterStore,string email,string password ,UserAccountService userAccountService) { if (userAccountService == null) return; var account=userAccountService.CreateAccount(null, password, email); account.RequiresPasswordReset = true; userAccountService.Update(account); }
public static IUserService Factory(string connString) { var repo = new DefaultUserAccountRepository(connString); var userAccountService = new UserAccountService(config, repo); var userSvc = new MembershipRebootUserService<UserAccount>(userAccountService, repo); return userSvc; }
public HomeController( ClaimsBasedAuthenticationService claimsBasedAuthenticationService, UserAccountService userAccountService) { this.claimsBasedAuthenticationService = claimsBasedAuthenticationService; this.userAccountService = userAccountService; }
public HomeController( AuthenticationService AuthenticationService, UserAccountService userAccountService) { this.AuthenticationService = AuthenticationService; this.userAccountService = userAccountService; }
public static IUserService Factory() { var repo = new DefaultUserAccountRepository(); var userAccountService = new UserAccountService(config, repo); var userSvc = new UserService<UserAccount>(userAccountService, repo); return userSvc; }
public static IUserManager Create() { var repo = new DefaultUserAccountRepository(); repo.QueryFilter = RelationalUserAccountQuery.Filter; repo.QuerySort = RelationalUserAccountQuery.Sort; var svc = new UserAccountService(config, repo); return new UserManager<UserAccount>(svc, repo, repo); }
public IdentityRepository() { var settings = SecuritySettings.FromConfiguration(); settings.RequireAccountVerification = false; var config = new MembershipRebootConfiguration(settings); this.userSvc = new UserAccountService(config, new BrockAllen.MembershipReboot.Ef.DefaultUserAccountRepository()); this.groupSvc = new GroupService(new BrockAllen.MembershipReboot.Ef.DefaultGroupRepository()); }
public void Test(UserAccountService<HierarchicalUserAccount> service, string username, string password, string certThumb) { string email = $"{username}@example.com"; var account = service.CreateAccount(username, password, email); service.AddCertificate(account.ID, certThumb, username); }
public void Dispose() { if (this.userService != null) { this.userService.Dispose(); this.userService = null; } }
public void Dispose() { if (this.UserAccountService != null) { this.UserAccountService.Dispose(); this.UserAccountService = null; } }
public void CanAuthenticateAnAccount(UserAccountService<HierarchicalUserAccount> service, string username, string password) { string email = $"{username}@example.com"; service.CreateAccount(username, password, email); service.Authenticate(username, password).ShouldBe(true); }
public AccountController( AuthenticationService<NhUserAccount> authenticationService, ISession session, UserAccountService<NhUserAccount> userAccountService) { this.authenticationService = authenticationService; this.session = session; this.userAccountService = userAccountService; }
public virtual void SignIn(TAccount account, string method, bool persistent = false) { if (account == null) { throw new ArgumentNullException("account"); } if (String.IsNullOrWhiteSpace(method)) { throw new ArgumentNullException("method"); } if (!account.IsLoginAllowed || account.IsAccountClosed) { throw new ValidationException(UserAccountService.GetValidationMessage(MembershipRebootConstants.ValidationMessages.LoginNotAllowed)); } if (!account.IsAccountVerified && UserAccountService.Configuration.RequireAccountVerification) { throw new ValidationException(UserAccountService.GetValidationMessage(MembershipRebootConstants.ValidationMessages.AccountNotVerified)); } if (account.RequiresTwoFactorAuthToSignIn() || account.RequiresPasswordReset || this.UserAccountService.IsPasswordExpired(account)) { Tracing.Verbose("[AuthenticationService.SignIn] detected account requires two factor or password reset to sign in: {0}", account.ID); IssuePartialSignInToken(account, method); return; } // gather claims var claims = GetAllClaims(account, method); // get custom claims from properties var cmd = new MapClaimsFromAccount <TAccount> { Account = account }; this.UserAccountService.ExecuteCommand(cmd); if (cmd.MappedClaims != null) { claims.AddRange(cmd.MappedClaims); } // create principal/identity var id = new ClaimsIdentity(claims, method); var cp = new ClaimsPrincipal(id); // claims transform if (this.ClaimsAuthenticationManager != null) { cp = ClaimsAuthenticationManager.Authenticate(String.Empty, cp); } // issue cookie IssueToken(cp, persistentCookie: persistent); }
protected override IIdentityManagerService CreateIdentityManager() { var config = new MembershipRebootConfiguration<TestUserAccount>(); config.RequireAccountVerification = false; config.PasswordHashingIterationCount = 100; var repository = new TestUserAccountRepository(); userAccountService = new UserAccountService<TestUserAccount>(config, repository); return new IdentityManagerService<TestUserAccount>(userAccountService, repository); }
public static void RemoveClaims <TAccount>(this UserAccountService <TAccount> svc, Guid accountID, IEnumerable <Claim> claims) where TAccount : UserAccount { if (svc == null) { throw new ArgumentNullException("account"); } svc.RemoveClaims(accountID, new UserClaimCollection(claims)); }
public static void UpdateClaims <TAccount>(this UserAccountService <TAccount> svc, Guid accountID, IEnumerable <Claim> additions = null, IEnumerable <Claim> deletions = null) where TAccount : UserAccount { if (svc == null) { throw new ArgumentNullException("account"); } svc.UpdateClaims(accountID, new UserClaimCollection(additions), new UserClaimCollection(deletions)); }
public static void ConfigureTwoFactorAuthenticationPolicy <TAccount>(this UserAccountService <TAccount> svc, ITwoFactorAuthenticationPolicy policy) where TAccount : UserAccount { if (svc == null) { throw new ArgumentNullException("account"); } svc.AddCommandHandler(new TwoFactorAuthPolicyCommandHandler(policy)); }
public static void CreateLocalAccount(IDocumentStore masterStore, string email, string password) { var accountRepo = new RavenUserAccountRepository(masterStore); var userAccountService = new UserAccountService(accountRepo) { Configuration = MembershipRebootConfig.Create() }; CreateLocalAccount(masterStore, email, password, userAccountService); }
protected override void Dispose(bool disposing) { if (disposing) { this.userAccountService.TryDispose(); this.userAccountService = null; this.authenticationService.TryDispose(); this.authenticationService = null; } base.Dispose(disposing); }
public void CanCreateANewUserAccount(UserAccountService<HierarchicalUserAccount> service, string username, string password) { string email = $"{username}@example.com"; var account = service.CreateAccount(username, password, email); var fromDb = service.GetByID(account.ID); fromDb.ShouldNotBe(null); fromDb.Username.ShouldBe(username); fromDb.Email.ShouldBe(email); }
protected override void Dispose(bool disposing) { if (disposing) { if (this.userAccountService != null) { this.userAccountService.Dispose(); this.userAccountService = null; } } base.Dispose(disposing); }
public IIdentityManagerService Create() { var db = new DefaultMembershipRebootDatabase(this.connString); var userrepo = new DefaultUserAccountRepository(db); var usersvc = new UserAccountService<RelationalUserAccount>(config, userrepo); var grprepo = new DefaultGroupRepository(db); var grpsvc = new GroupService<RelationalGroup>(config.DefaultTenant, grprepo); var svc = new MembershipRebootIdentityManagerService<RelationalUserAccount, RelationalGroup>(usersvc, userrepo, grpsvc, grprepo); return new DisposableIdentityManagerService(svc, db); }
/// <summary> /// Load your modules or register your services here! /// </summary> /// <param name="kernel">The kernel.</param> private static void RegisterServices(IKernel kernel) { var config = MembershipRebootConfig.Create(); kernel.Bind<IUserAccountRepository<CustomUserAccount>>().To<CustomRepository>().InRequestScope(); kernel.Bind<AuthenticationService<CustomUserAccount>>().To<SamAuthenticationService<CustomUserAccount>>(); kernel.Bind<UserAccountService<CustomUserAccount>>().ToMethod(ctx => { var svc = new UserAccountService<CustomUserAccount>(config, ctx.Kernel.Get<IUserAccountRepository<CustomUserAccount>>()); svc.TwoFactorAuthenticationPolicy = new AspNetCookieBasedTwoFactorAuthPolicy<CustomUserAccount>(); return svc; }); }
public IIdentityManagerService Create() { var userrepo = new DefaultUserAccountRepository(this.connString); userrepo.QueryFilter = RelationalUserAccountQuery.Filter; userrepo.QuerySort = RelationalUserAccountQuery.Sort; var usersvc = new UserAccountService<RelationalUserAccount>(config, userrepo); var grprepo = new DefaultGroupRepository(this.connString); var grpsvc = new GroupService<RelationalGroup>(grprepo); var svc = new MembershipRebootIdentityManagerService<RelationalUserAccount, RelationalGroup>(usersvc, userrepo, grpsvc, grprepo); return new DisposableIdentityManagerService(svc, userrepo); }
public IdentityRepository() { var settings = SecuritySettings.FromConfiguration(); settings.RequireAccountVerification = false; settings.PasswordHashingIterationCount = 50000; var config = new MembershipRebootConfiguration(settings); var uarepo = new BrockAllen.MembershipReboot.Ef.DefaultUserAccountRepository(); this.userSvc = new UserAccountService(config, uarepo); this.userQuery = uarepo; var grpRepo = new BrockAllen.MembershipReboot.Ef.DefaultGroupRepository(); this.groupSvc = new GroupService(config.DefaultTenant, grpRepo); this.groupQuery = grpRepo; }
/// <summary> /// Load your modules or register your services here! /// </summary> /// <param name="kernel">The kernel.</param> private static void RegisterServices(IKernel kernel) { var config = MembershipRebootConfig.Create(); var policy = new AspNetCookieBasedTwoFactorAuthPolicy(debugging: true); kernel.Bind<UserAccountService>().ToMethod(ctx => { var svc = new UserAccountService(config, ctx.Kernel.Get<IUserAccountRepository>()); svc.TwoFactorAuthenticationPolicy = policy; return svc; }); kernel.Bind<AuthenticationService>().To<SamAuthenticationService>(); RegisterEntityFramework(kernel); //RegisterMongoDb(kernel); //RegisterRavenDb(kernel); }
public void Send(Message msg) { var accountRepo = new RavenUserAccountRepository(MasterStore); var userAccountService = new UserAccountService(accountRepo) { Configuration = MembershipRebootConfig.Create() }; string user = msg.To;// think this is probably e-mail address... UserAccount account; account = userAccountService.GetByEmail(user); // who the message is to will give us org and user- query masterdb by username using (var session = MasterStore.OpenSession()) { } var notify = new Notification { //need url to put in here. Body = String.Format("Your temporary Illuminate passowrd is : {0} \n Please follow the instructions at {1} to change your password and login to Illuminate", password), SendDate = DateTime.Now, Title = string.Format("Your temporary Illuminate password"), From = EmailRecipient.GetIlluminateRecipient(), NotificationRecipients = new NotificationRecipient[] { new NotificationRecipient { NotificationDeliveryTypes = NotificationDeliveryTypes .Email, Users = new List<SimpleUser>{OrgUser.ToSimpleUser()} } }, }; using (var orgSession = OrgStore.OpenSession()) { orgSession.Store(notify); orgSession.SaveChanges(); } }
private void InitDb() { using (var db = new BrockAllen.MembershipReboot.Ef.DefaultUserAccountRepository()) { var svc = new UserAccountService(db); if (svc.GetByUsername("admin") == null) { var account = svc.CreateAccount("admin", "admin123", "*****@*****.**"); svc.VerifyAccount(account.VerificationKey); account = svc.GetByID(account.ID); account.AddClaim(ClaimTypes.Role, "Administrator"); account.AddClaim(ClaimTypes.Role, "Manager"); account.AddClaim(ClaimTypes.Country, "USA"); svc.Update(account); } } }
public StudentsController(UserAccountService<CustomUserAccount> userAccountService) { db = new CustomDb(); this.userAccountService = userAccountService; try { var findacc = db.Users.Find(1); //find admin user if (findacc == null) { //add admin user var acc = this.userAccountService.CreateAccount("admin", "adminx", "*****@*****.**"); this.userAccountService.AddClaim(acc.ID, Constants.ClaimTypes.Role, "Admin"); } } catch (Exception e) { //admin exist } }
public async Task Invoke(IDictionary<string, object> env) { var ctx = new OwinContext(env); using (var db = new BrockAllen.MembershipReboot.Ef.DefaultUserAccountRepository()) { var settings = SecuritySettings.FromConfiguration(); var mrConfig = new MembershipRebootConfiguration(settings); mrConfig.ConfigureCookieBasedTwoFactorAuthPolicy(new OwinCookieBasedTwoFactorAuthPolicy(env)); var appInfo = new OwinApplicationInformation(env, "Test", "Test Email Signature", "/Login", "/Register/Confirm/", "/Register/Cancel/", "/PasswordReset/Confirm/", "/ChangeEmail/Confirm/"); var emailFormatter = new EmailMessageFormatter(appInfo); if (settings.RequireAccountVerification) { // uncomment if you want email notifications -- also update smtp settings in web.config mrConfig.AddEventHandler(new EmailAccountCreatedEventHandler(emailFormatter)); } // uncomment if you want email notifications -- also update smtp settings in web.config mrConfig.AddEventHandler(new EmailAccountEventsHandler(emailFormatter)); var uaSvc = new UserAccountService(mrConfig, db); var anSvc = new OwinAuthenticationService(uaSvc, env); try { ctx.SetUserAccountService(uaSvc); ctx.SetAuthenticationService(anSvc); await next(env); } finally { ctx.SetUserAccountService(null); ctx.SetAuthenticationService(null); } } }
protected override void OnApplicationStarted() { //hook into the fed auth config created event do we can do some extra steps FederatedAuthentication.FederationConfigurationCreated += FederatedAuthentication_FederationConfigurationCreated; XmlConfigurator.Configure(); //configure logging Logger = LogManager.GetLogger("Illuminate"); Logger.Information("Illuminate Web Application Started"); AreaRegistration.RegisterAllAreas(); WebApiConfig.Register(GlobalConfiguration.Configuration); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteTable.Routes.MapHubs(); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); Logger.Information("About to create master store when starting Illuminate"); DataBase = IlluminateDatabase.Create(new DocumentStore { ConnectionStringName = "RavenServer" }); Logger.Information("Created master store when starting Illuminate"); Mappings.Initialise(); BinderConfig.RegisterBinders(); var accountRepoStore = new DocumentStore {ConnectionStringName = "RavenServer"}; accountRepoStore.Initialize(); var accountRepo = new RavenUserAccountRepository(accountRepoStore); UserAccountService = new UserAccountService(accountRepo) { Configuration = MembershipRebootConfig.Create() }; RebootAuthenticationService = new SamAuthenticationService(UserAccountService); //in DEBUG mode attach raven profiler so we can profile all org stores if needed #if DEBUG foreach (var store in DataBase.GetAllOrgStores().Where(store => store.Identifier.EndsWith("halethorpe"))) { Raven.Client.MvcIntegration.RavenProfiler.InitializeFor(store); } //Raven.Client.MvcIntegration.RavenProfiler.InitializeFor(DataBase.MasterStore); #endif //task manager does some stuff as background processes Logger.Information("about to initialize taskmanager when starting Illuminate"); TaskManager.Initialize(new IlluminateRegistry()); Logger.Information("Initialized taskmanager when starting Illuminate"); }
private static void ConfigureMembershipReboot(IAppBuilder app) { System.Data.Entity.Database.SetInitializer(new System.Data.Entity.MigrateDatabaseToLatestVersion<DefaultMembershipRebootDatabase, BrockAllen.MembershipReboot.Ef.Migrations.Configuration>()); var cookieOptions = new CookieAuthenticationOptions { AuthenticationType = MembershipRebootOwinConstants.AuthenticationType }; var appInfo = new OwinApplicationInformation( app, "Test", "Test Email Signature", "/Login", "/Register/Confirm/", "/Register/Cancel/", "/PasswordReset/Confirm/"); var config = new MembershipRebootConfiguration(); var emailFormatter = new EmailMessageFormatter(appInfo); // uncomment if you want email notifications -- also update smtp settings in web.config config.AddEventHandler(new EmailAccountEventsHandler(emailFormatter)); Func<IDictionary<string, object>, UserAccountService> uaFunc = env => { var svc = new UserAccountService(config, new DefaultUserAccountRepository()); var debugging = false; #if DEBUG debugging = true; #endif svc.ConfigureTwoFactorAuthenticationCookies(env, debugging); return svc; }; Func<IDictionary<string, object>, AuthenticationService> authFunc = env => { return new OwinAuthenticationService(cookieOptions.AuthenticationType, uaFunc(env), env); }; app.UseMembershipReboot(cookieOptions, uaFunc, authFunc); }
public ValidationResult Validate(UserAccountService <TAccount> service, TAccount account, string value) { if (service == null) { throw new ArgumentNullException("service"); } if (account == null) { throw new ArgumentNullException("account"); } var list = new List <ValidationResult>(); foreach (var item in this) { var result = item.Validate(service, account, value); if (result != null && result != ValidationResult.Success) { return(result); } } return(null); }
public virtual void SignIn(TAccount account, string method, bool persistent = false) { if (account == null) { throw new ArgumentNullException("account"); } if (String.IsNullOrWhiteSpace(method)) { throw new ArgumentNullException("method"); } if (!account.IsLoginAllowed || account.IsAccountClosed) { throw new ValidationException(UserAccountService.GetValidationMessage("LoginNotAllowed")); } if (!account.IsAccountVerified && UserAccountService.Configuration.RequireAccountVerification) { throw new ValidationException(UserAccountService.GetValidationMessage("AccountNotVerified")); } if (account.RequiresTwoFactorAuthToSignIn() || account.RequiresPasswordReset || this.UserAccountService.IsPasswordExpired(account)) { Tracing.Verbose("[AuthenticationService.SignIn] detected account requires two factor or password reset to sign in: {0}", account.ID); IssuePartialSignInToken(account, method); return; } // gather claims var claims = GetBasicClaims(account, method); // get the rest if (!String.IsNullOrWhiteSpace(account.Email)) { claims.Add(new Claim(ClaimTypes.Email, account.Email)); } if (!String.IsNullOrWhiteSpace(account.MobilePhoneNumber)) { claims.Add(new Claim(ClaimTypes.MobilePhone, account.MobilePhoneNumber)); } var x509 = from c in account.Certificates select new Claim(ClaimTypes.X500DistinguishedName, c.Subject); claims.AddRange(x509); var otherClaims = (from uc in account.Claims select new Claim(uc.Type, uc.Value)).ToList(); claims.AddRange(otherClaims); // get custom claims from properties var cmd = new MapClaimsFromAccount <TAccount> { Account = account }; this.UserAccountService.ExecuteCommand(cmd); if (cmd.MappedClaims != null) { claims.AddRange(cmd.MappedClaims); } // create principal/identity var id = new ClaimsIdentity(claims, method); var cp = new ClaimsPrincipal(id); // claims transform if (this.ClaimsAuthenticationManager != null) { cp = ClaimsAuthenticationManager.Authenticate(String.Empty, cp); } // issue cookie IssueToken(cp, persistentCookie: persistent); }
public AuthenticationService(UserAccountService <TAccount> userService, ClaimsAuthenticationManager claimsAuthenticationManager) { this.UserAccountService = userService; this.ClaimsAuthenticationManager = claimsAuthenticationManager; }
public AuthenticationService(UserAccountService <TAccount> userService) : this(userService, null) { }
public void SignInWithLinkedAccount( string tenant, string providerName, string providerAccountID, IEnumerable <Claim> claims, out TAccount account) { account = null; if (!UserAccountService.Configuration.MultiTenant) { tenant = UserAccountService.Configuration.DefaultTenant; } if (String.IsNullOrWhiteSpace(tenant)) { throw new ArgumentException("tenant"); } if (String.IsNullOrWhiteSpace(providerName)) { throw new ArgumentException("providerName"); } if (String.IsNullOrWhiteSpace(providerAccountID)) { throw new ArgumentException("providerAccountID"); } if (claims == null) { throw new ArgumentNullException("claims"); } var user = GetCurentPrincipal(); if (user != null && user.Identity.IsAuthenticated) { // already logged in, so use the current user's account account = this.UserAccountService.GetByID(user.GetUserID()); } else { // see if there's already an account mapped to this provider account = this.UserAccountService.GetByLinkedAccount(tenant, providerName, providerAccountID); if (account == null) { // no account associated, so create one // we need email var email = claims.GetValue(ClaimTypes.Email); if (String.IsNullOrWhiteSpace(email)) { throw new ValidationException(UserAccountService.GetValidationMessage(MembershipRebootConstants.ValidationMessages.AccountCreateFailNoEmailFromIdp)); } // guess at a name to use var name = claims.GetValue(ClaimTypes.Name); if (name == null || this.UserAccountService.UsernameExists(tenant, name)) { name = email; } else { name = name.Replace(" ", ""); } // check to see if email already exists if (this.UserAccountService.EmailExists(tenant, email)) { throw new ValidationException(UserAccountService.GetValidationMessage(MembershipRebootConstants.ValidationMessages.LoginFailEmailAlreadyAssociated)); } // auto-gen a password, they can always reset it later if they want to use the password feature // this is slightly dangerous if we don't do email account verification, so if email account // verification is disabled then we need to be very confident that the external provider has // provided us with a verified email account = this.UserAccountService.CreateAccount(tenant, name, null, email); } } if (account == null) { throw new Exception("Failed to locate account"); } // add/update the provider with this account this.UserAccountService.AddOrUpdateLinkedAccount(account, providerName, providerAccountID, claims); // log them in if the account if they're verified if (account.IsAccountVerified || !UserAccountService.Configuration.RequireAccountVerification) { // signin from the account // if we want to include the provider's claims, then perhaps this // should be done in the claims transformer this.SignIn(account, providerName); } }
public void SignInWithLinkedAccount( string tenant, string providerName, string providerAccountID, IEnumerable <Claim> claims, out TAccount account) { account = null; if (!UserAccountService.Configuration.MultiTenant) { tenant = UserAccountService.Configuration.DefaultTenant; } if (String.IsNullOrWhiteSpace(tenant)) { throw new ArgumentException("tenant"); } if (String.IsNullOrWhiteSpace(providerName)) { throw new ArgumentException("providerName"); } if (String.IsNullOrWhiteSpace(providerAccountID)) { throw new ArgumentException("providerAccountID"); } if (claims == null) { throw new ArgumentNullException("claims"); } Tracing.Information("[AuthenticationService.SignInWithLinkedAccount] tenant: {0}, provider: {1}, id: {2}", tenant, providerName, providerAccountID); var user = GetCurentPrincipal(); if (user != null && user.Identity.IsAuthenticated) { // already logged in, so use the current user's account Tracing.Verbose("[AuthenticationService.SignInWithLinkedAccount] user already logged in as: {0}", user.Identity.Name); account = this.UserAccountService.GetByID(user.GetUserID()); } else { // see if there's already an account mapped to this provider account = this.UserAccountService.GetByLinkedAccount(tenant, providerName, providerAccountID); if (account == null) { Tracing.Verbose("[AuthenticationService.SignInWithLinkedAccount] linked account not found"); // no account associated, so create one // we need email var email = claims.GetValue(ClaimTypes.Email); if (String.IsNullOrWhiteSpace(email)) { throw new ValidationException(UserAccountService.GetValidationMessage(MembershipRebootConstants.ValidationMessages.AccountCreateFailNoEmailFromIdp)); } // check to see if email already exists if (this.UserAccountService.EmailExists(tenant, email)) { throw new ValidationException(UserAccountService.GetValidationMessage(MembershipRebootConstants.ValidationMessages.LoginFailEmailAlreadyAssociated)); } // guess at a username to use var name = claims.GetValue(ClaimTypes.Name); // remove whitespace if (name != null) { name = ParseValidUsername(name); } // check to see if username already exists if (String.IsNullOrWhiteSpace(name) || this.UserAccountService.UsernameExists(tenant, name)) { // try use email for name then name = email.Substring(0, email.IndexOf('@')); name = ParseValidUsername(name); if (this.UserAccountService.UsernameExists(tenant, name)) { // gen random username -- this isn't ideal but // they should always be able to change it later name = Guid.NewGuid().ToString("N"); } } // create account without password -- user can verify their email and then // do a password reset to assign password Tracing.Verbose("[AuthenticationService.SignInWithLinkedAccount] creating account: {0}, {1}", name, email); account = this.UserAccountService.CreateAccount(tenant, name, null, email); // update account with external claims var cmd = new MapClaimsToAccount <TAccount> { Account = account, Claims = claims }; this.UserAccountService.ExecuteCommand(cmd); this.UserAccountService.Update(account); } else { Tracing.Verbose("[AuthenticationService.SignInWithLinkedAccount] linked account found: {0}", account.ID); } } if (account == null) { throw new Exception("Failed to locate account"); } // add/update the provider with this account this.UserAccountService.AddOrUpdateLinkedAccount(account, providerName, providerAccountID, claims); // log them in if the account if they're verified if (account.IsAccountVerified || !UserAccountService.Configuration.RequireAccountVerification) { Tracing.Verbose("[AuthenticationService.SignInWithLinkedAccount] signing user in: {0}", account.ID); // signin from the account // if we want to include the provider's claims, then perhaps this // should be done in the claims transformer this.SignIn(account, providerName); } else { Tracing.Error("[AuthenticationService.SignInWithLinkedAccount] user account not verified, not allowed to login: {0}", account.ID); } }
public ClaimsBasedAuthenticationService(UserAccountService userService) { this.userService = userService; }
public ValidationResult Validate(UserAccountService <TAccount> service, TAccount account, string value) { return(func(service, account, value)); }
public AuthenticationService(UserAccountService userService) { this.UserAccountService = userService; }
public SamAuthenticationService(UserAccountService userService) : base(userService) { }