private static void RegisterAuthRoutes(RouteCollection routes)
{
if (AppAuthConfiguration.Get().DebugMode)
{
routes.MapRoute(
"AuthLogin", AuthHelpers.LoginPath,
new { controller = "Auth", action = "Login" }
);
routes.MapRoute(
"AuthLogout", AuthHelpers.LogoutPath,
new { controller = "Auth", action = "Logout" }
);
}
else
{
routes.MapRoute(
"AuthLogin", AuthHelpers.LoginPath,
new { controller = "Auth", action = "LoginSso" }
);
routes.MapRoute(
"AuthSsoFailed", "auth/sso-failed",
new { controller = "Auth", action = "SsoFailed" }
);
}
}
/// <summary>
/// Configures the Audit logger (suing Serilog library)
/// </summary>
public static void InitializeAuditLogger()
{
AuditLogManager.Logger = new LoggerConfiguration()
.WriteTo.Console()
.WriteTo.File(GetAuditLoggingConfiguration().FilePath)
.CreateLogger();
AuthHelpers.Logger = new LoggerConfiguration()
.WriteTo.Console()
.WriteTo.File(AppAuthConfiguration.Get().LogPath)
.CreateLogger();
}
private ActionResult FailCallback()
{
if (!(Session[FailedSsoAttemptsKey] is int))
{
Session[FailedSsoAttemptsKey] = 0;
}
Session[FailedSsoAttemptsKey] = ((int)Session[FailedSsoAttemptsKey]) + 1;
if ((int)Session[FailedSsoAttemptsKey] > AppAuthConfiguration.Get().MaxSsoAttempts)
{
Session[FailedSsoAttemptsKey] = 0;
return(RedirectToAction("SsoFailed"));
}
return(RedirectToSso());
}
private ActionResult RedirectToSso()
{
return(Redirect(AppAuthConfiguration.Get().GetTimetableLoginUrlOrFail()));
}
/// <summary>
/// Configures the authentication system
/// </summary>
private static void ConfigureAuth(IAppBuilder app)
{
if (AppAuthConfiguration.Get().DebugMode)
{
// Fake login page with username only
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString($"/{AuthHelpers.LoginPath}"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = context =>
{
if (context.Identity.Claims.All(claim => claim.Type != AuthHelpers.DebugModeClaim))
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
}
return(Task.CompletedTask);
}
}
});
}
else
{
// Real SSO mode
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString($"/{AuthHelpers.LoginPath}"),
ExpireTimeSpan = TimeSpan.FromDays(30),
SlidingExpiration = true,
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = async context =>
{
if (context.Identity.Claims.Any(claim => claim.Type == AuthHelpers.DebugModeClaim))
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
return;
}
Claim sessionGuidClaim = context.Identity.Claims
.FirstOrDefault(claim => claim.Type == AuthHelpers.TimetableSessionClaim);
if (sessionGuidClaim == null)
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
return;
}
TimetableDbContext timetableDb = new TimetableDbContext();
AuthSession session =
await timetableDb.AuthSessions.FindAsync(new Guid(sessionGuidClaim.Value));
if (session == null || session.ExpiresAt < DateTime.Now)
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
return;
}
TimetableUserEntry user = await new TimetableUserRepository(timetableDb)
.GetByUsernameAsync(session.UserEmail);
if (user == null || user.UserId != context.Identity.GetUserId())
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
}
}
}
});
}
}