public bool LoginIntent(AuthenticationConclusion conc)
{
var idp = (AS)SVX.VProgram_API.GetParticipant(idpParticipantId);
SVX.VProgram_API.AssumeTrustedServer(idp.SVX_Principal);
SVX.VProgram_API.AssumeTrustedServer(SVX_Principal);
SVX.VProgram_API.AssumeTrustedBrowser(conc.channel);
return(idp.Ghost_CheckSignedIn(SVX.VProgram_API.Owner(conc.channel), conc.userProfile.UserID));
}
public bool LoginSafety(AuthenticationConclusion conc)
{
var idp = (AS)SVX.VProgram_API.GetParticipant(idpParticipantId);
var idpUserPrincipal = GenericAuthStandards.GetIdPUserPrincipal(idp.SVX_Principal, conc.userProfile.UserID);
SVX.VProgram_API.AssumeTrustedServer(idp.SVX_Principal);
SVX.VProgram_API.AssumeTrustedServer(SVX_Principal);
SVX.VProgram_API.AssumeTrusted(idpUserPrincipal);
// bool x = SVX.VProgram_API.ActsFor(conc.authenticatedClient, idp.SVX_Principal);
// bool y = SVX.VProgram_API.ActsFor(conc.authenticatedClient, SVX_Principal);
return(SVX.VProgram_API.ActsFor(conc.channel, idpUserPrincipal));
}
public async Task AuthenticationDone(AuthenticationConclusion conclusion, SVAuthRequestContext context)
{
if (context.channel != conclusion.channel)
{
throw new Exception("Attempt to apply an AuthenticationConclusion to the wrong channel.");
}
if (!BypassCertification)
{
SVX.SVX_Ops.Certify(conclusion, LoginSafety, idpParticipantId);
SVX.SVX_Ops.Certify(conclusion, LoginIntent, idpParticipantId);
}
await Utils.AbandonAndCreateSessionAsync(conclusion, context);
}
public static async Task LocalAbandonAndCreateSessionAsync(GenericAuth.AuthenticationConclusion conclusion, SVAuthRequestContext context)
{
Console.WriteLine(JsonConvert.SerializeObject(conclusion.userProfile));
//return;
string createSessionEndpoint =
Config.config.internalPlatformRootUrl +
"CreateNewSession." + Config.config.WebAppSettings.platform.fileExtension;
var abandonSessionRequest = new HttpRequestMessage(HttpMethod.Post, createSessionEndpoint);
abandonSessionRequest.Headers.Add("Cookie",
Config.config.WebAppSettings.platform.sessionCookieName + "=" + context.http.Request.Cookies[Config.config.WebAppSettings.platform.sessionCookieName] + ";");
HttpResponseMessage abandonSessionResponse = await PerformHttpRequestAsync(abandonSessionRequest);
Trace.Write("Abandoned session");
var createSessionRequest = new HttpRequestMessage(HttpMethod.Post, createSessionEndpoint);
createSessionRequest.Headers.Add("Cookie", "");
createSessionRequest.Content = ObjectToUrlEncodedContent(conclusion.userProfile);
HttpResponseMessage createSessionResponse = await PerformHttpRequestAsync(createSessionRequest);
Trace.Write("Created session");
var setcookie = createSessionResponse.Headers.GetValues("Set-Cookie");
// HTTP request and response data structures are subtly different between the HTTP client and server libraries...
// What we really want is "add another Set-Cookie value, creating
// the header if it doesn't exist yet". For now, just try to create
// the header, and we'll get an exception if there was already one
// (e.g., for the SVAuthSessionID, which shouldn't normally be set
// in the same response).
context.http.Response.Headers.Add("Set-Cookie", setcookie.ToArray());
string redir_url = context.http.Request.Cookies["LandingUrl"];
//Console.WriteLine("LandingUrl="+ redir_url);
if (redir_url == null || redir_url == "")
{
Microsoft.Extensions.Primitives.StringValues referer;
context.http.Request.Headers.TryGetValue("referer", out referer);
redir_url = System.Net.WebUtility.UrlDecode(referer);
Console.WriteLine("referer=" + redir_url);
}
context.http.Response.StatusCode = 303;
context.http.Response.Redirect(redir_url);
}
public static void RemoteAbandonAndCreateSessionAsync(GenericAuth.AuthenticationConclusion conclusion, SVAuthRequestContext context)
{
string agentscope = Config.config.AgentSettings.agentScope.ToLower();
if (agentscope != "*" && !context.concdst.ToLower().EndsWith(agentscope))
{
throw new Exception("This agent is not allowed to serve the host " + context.concdst);
}
string SerializedUserProfile = JsonConvert.SerializeObject(conclusion.userProfile);
Console.WriteLine(SerializedUserProfile);
string conckey = context.conckey;
UTF8Encoding utf8 = new UTF8Encoding();
byte[] key = utf8.GetBytes(conckey).Take <byte>(256 / 8).ToArray <byte>();
byte[] IV = utf8.GetBytes(conckey).Take <byte>(128 / 8).ToArray <byte>();
byte[] encrypted = EncryptStringToBytes_Aes(SerializedUserProfile, key, IV);
string encrypted_str = BitConverter.ToString(encrypted).Replace("-", "");
int pos = context.concdst.IndexOf('?');
if (pos < 1)
{
throw new Exception("platform info is missing in the concdst string");
}
string platform = context.concdst.Substring(pos + 1);
string concdst = context.concdst.Replace("?", "/SVAuth/adapters/");
string redir_url =
concdst + "/RemoteCreateNewSession." + platform +
"?encryptedUserProfile=" + encrypted_str;
//tmp
//redir_url += "&conckey=" + context.http.Request.Query["conckey"] + "&userProfile=" + SerializedUserProfile; ;
context.http.Response.StatusCode = 303;
context.http.Response.Redirect(redir_url);
}
