public async Task <AuthorizeResult> GenerateTokenForIdentityId(Guid identityId, CancellationToken cancellationToken = default(CancellationToken))
{
var retrieveOperation = TableOperation.Retrieve <AzureIdentityEntity>(Constants.PartitionNames.IdentityPrimary, identityId.ToString());
var retrievedResult = await this.IdentityTable.ExecuteAsync(retrieveOperation, null, null, cancellationToken).ConfigureAwait(false);
var retrievedEntity = (AzureIdentityEntity)retrievedResult?.Result;
var token = Security.GenerateToken();
var tokenEntity = new AzureTokenEntity
{
IdentityId = retrievedEntity.IdentityId,
Token = token
};
var createTokenOperation = TableOperation.Insert(tokenEntity);
await this.TokenTable.ExecuteAsync(createTokenOperation, null, null, cancellationToken).ConfigureAwait(false);
return(new AuthorizeResult
{
Success = true,
Token = token,
IdentityId = identityId
});
}
public async Task DeleteToken(string token, CancellationToken cancellationToken = default(CancellationToken))
{
var deleteEntity = new AzureTokenEntity
{
PartitionKey = Constants.PartitionNames.TokenPrimary,
RowKey = token,
ETag = "*"
};
var deleteOperation = TableOperation.Delete(deleteEntity);
var result = await this.TokenTable.ExecuteAsync(deleteOperation, null, null, cancellationToken).ConfigureAwait(false);
}
public async Task <CreateIdentityResult> CreateIdentity(string emailAddress, string password, CancellationToken cancellationToken = default(CancellationToken))
{
try
{
emailAddress = emailAddress?.ToLowerInvariant();
var identityExistsCheck = await CheckIdentityExists(emailAddress, cancellationToken).ConfigureAwait(false);
if (identityExistsCheck)
{
return(new CreateIdentityResult
{
Success = false
});
}
// Identity generation
var perUserSalt = Security.GeneratePerUserSalt();
var hashedPassword = Security.GeneratePasswordHash(password, perUserSalt);
var identityEntity = new AzureIdentityEntity()
{
IdentityId = Guid.NewGuid(),
EmailAddress = emailAddress,
PerUserSalt = perUserSalt,
HashedPassword = hashedPassword
};
var createIdentityOperation = TableOperation.Insert(identityEntity);
// Identity foreign key generation
var foreignKey = new AzureIdentityForeignKeyEntity
{
IdentityId = identityEntity.IdentityId,
EmailAddress = emailAddress,
};
var createForeignKeyOperation = TableOperation.Insert(foreignKey);
// Insert identity information
await this.IdentityTable.ExecuteAsync(createForeignKeyOperation, null, null, cancellationToken).ConfigureAwait(false); // This insert first to ensure there isn't a key conflict
await this.IdentityTable.ExecuteAsync(createIdentityOperation, null, null, cancellationToken).ConfigureAwait(false);
// Create verification token if email provider is set up
if (this.EmailProvider != null)
{
await this.EmailProvider.SendVerificationEmail(identityEntity.IdentityId, this.EmailProvider.VerificationEmailSubject, cancellationToken).ConfigureAwait(false);
// Do not create token until identity is verified
return(new CreateIdentityResult
{
Success = true,
IdentityId = identityEntity.IdentityId
});
}
// Token generation
var token = Security.GenerateToken();
var tokenEntity = new AzureTokenEntity
{
IdentityId = identityEntity.IdentityId,
Token = token
};
var createTokenOperation = TableOperation.Insert(tokenEntity);
await this.TokenTable.ExecuteAsync(createTokenOperation, null, null, cancellationToken).ConfigureAwait(false);
return(new CreateIdentityResult
{
Success = true,
IdentityId = identityEntity.IdentityId,
Token = tokenEntity.Token
});
}
catch (StorageException)
{
return(new CreateIdentityResult
{
Success = false
});
}
}
public async Task <AuthorizeResult> Authorize(string emailAddress, string password, CancellationToken cancellationToken = default(CancellationToken))
{
try
{
emailAddress = emailAddress?.ToLowerInvariant();
// Check to see if email exists
var retrieveOperation = TableOperation.Retrieve <AzureIdentityForeignKeyEntity>(Constants.PartitionNames.EmailAddressToIdentityForeignKey, emailAddress);
var retrievedResult = await this.IdentityTable.ExecuteAsync(retrieveOperation, null, null, cancellationToken).ConfigureAwait(false);
var retrievedEntity = (AzureIdentityForeignKeyEntity)retrievedResult?.Result;
if (retrievedEntity == null)
{
return(new AuthorizeResult
{
Success = false
});
}
// Retrieve IdentityEntity
var retrieveIdentityOperation = TableOperation.Retrieve <AzureIdentityEntity>(Constants.PartitionNames.IdentityPrimary, retrievedEntity.IdentityId.ToString());
var retrievedIdentityResult = await this.IdentityTable.ExecuteAsync(retrieveIdentityOperation, null, null, cancellationToken).ConfigureAwait(false);
var retrievedIdentityEntity = (AzureIdentityEntity)retrievedIdentityResult?.Result;
if (this.EmailProvider != null && !retrievedIdentityEntity.EmailVerified && !this.AllowUnverifiedIdentities)
{
return(new AuthorizeResult
{
Success = false,
IdentityId = retrievedEntity.IdentityId,
Message = "Identity has not been verified by email yet"
});
}
// Check if provided password is valid
var passwordMatches = Security.PasswordMatches(retrievedIdentityEntity.PerUserSalt, password, retrievedIdentityEntity.HashedPassword);
if (!passwordMatches)
{
return(new AuthorizeResult
{
Success = false
});
}
// Generate, store and return token
var token = Security.GenerateToken();
var tokenEntity = new AzureTokenEntity
{
IdentityId = retrievedEntity.IdentityId,
Token = token
};
var createOperation = TableOperation.Insert(tokenEntity);
var result = await this.TokenTable.ExecuteAsync(createOperation, null, null, cancellationToken).ConfigureAwait(false);
return(new AuthorizeResult
{
Success = true,
IdentityId = retrievedEntity.IdentityId,
Token = token
});
}
catch (StorageException)
{
return(new AuthorizeResult
{
Success = false
});
}
}
