public ActionResult Login(string email, string password, string returnUrl = null) { ViewData["ReturnUrl"] = returnUrl; if (!string.IsNullOrWhiteSpace(email) && !string.IsNullOrWhiteSpace(password)) { UserProfileDTO userProfile = this.userRepository.GetUserByNameAndPassword(email, password); if (userProfile != null) { var principal = new ClaimsPrincipal(ClaimHelpers.ConstructClaimsIdentity(userProfile)); HttpContext.Authentication.SignInAsync("Cookies", principal); if (returnUrl != null) { if (returnUrl != null && returnUrl.Contains("Home/") || returnUrl.Contains("Users/Edit/0")) { return(RedirectToAction("Edit", "Users", new { @id = ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)principal.Identity) })); } return(LocalRedirect(returnUrl)); } else { return(RedirectToAction("Index", "Home")); } } } return(View()); }
public BaseController(IBaseRepository baseRepository, IHttpContextAccessor httpContextAccessor) { if (httpContextAccessor.HttpContext.User != null && httpContextAccessor.HttpContext.User.Identity.IsAuthenticated) { baseRepository.UserID = ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)httpContextAccessor.HttpContext.User.Identity); } }
public static IServiceCollection RegisterJwtAuthentication(this IServiceCollection services, string secret, bool requireHttpsMetadata) { var key = Encoding.ASCII.GetBytes(secret); services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(x => { x.Events = new JwtBearerEvents { OnTokenValidated = ctx => { var loginUser = ClaimHelpers.GetUserFromClaims(ctx.Principal.Claims.ToArray()); var authService = ctx.HttpContext.RequestServices.GetRequiredService <IAuthService>(); if (!authService.CheckLogin(loginUser.UserId, loginUser.LogId)) { ctx.Fail($"User is no longer logged in."); } return(Task.CompletedTask); } }; x.RequireHttpsMetadata = requireHttpsMetadata; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, }; }); return(services); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserProfileAuthorizationPolicyRequirement requirement) { var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext; string idParam = mvcContext.HttpContext.Request.Path.Value.Split(new char[] { '/' }).Last(); if (!context.User.HasClaim(c => c.Type == ClaimTypesCustom.UserID)) { return(Task.CompletedTask); } if (!context.User.HasClaim(c => c.Type == ClaimTypesCustom.Role)) { return(Task.CompletedTask); } if (idParam != null && ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)context.User.Identity) == Int32.Parse(idParam)) { context.Succeed(requirement); } if (context.User.Claims.Any(c => c.Type == ClaimTypesCustom.Role && c.Value == RolesEnum.Admin.ToString())) { context.Succeed(requirement); } return(Task.CompletedTask); }
/// <summary> /// Validate authenticated claims. /// </summary> /// <param name="claimsPrincipal">Request claims.</param> /// <param name="ignoreSchedule">Whether to ignore parental control.</param> /// <param name="localAccessOnly">Whether access is to be allowed locally only.</param> /// <param name="requiredDownloadPermission">Whether validation requires download permission.</param> /// <returns>Validated claim status.</returns> protected bool ValidateClaims( ClaimsPrincipal claimsPrincipal, bool ignoreSchedule = false, bool localAccessOnly = false, bool requiredDownloadPermission = false) { // Ensure claim has userId. var userId = ClaimHelpers.GetUserId(claimsPrincipal); if (!userId.HasValue) { return(false); } // Ensure userId links to a valid user. var user = _userManager.GetUserById(userId.Value); if (user == null) { return(false); } // Ensure user is not disabled. if (user.HasPermission(PermissionKind.IsDisabled)) { return(false); } var ip = _httpContextAccessor.HttpContext.GetNormalizedRemoteIp(); var isInLocalNetwork = _networkManager.IsInLocalNetwork(ip); // User cannot access remotely and user is remote if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !isInLocalNetwork) { return(false); } if (localAccessOnly && !isInLocalNetwork) { return(false); } // User attempting to access out of parental control hours. if (!ignoreSchedule && !user.HasPermission(PermissionKind.IsAdministrator) && !user.IsParentalScheduleAllowed()) { return(false); } // User attempting to download without permission. if (requiredDownloadPermission && !user.HasPermission(PermissionKind.EnableContentDownloading)) { return(false); } return(true); }
private (string ClientName, string ClientVersion) GetRequestInformation() { var clientName = ClaimHelpers.GetClient(HttpContext.User) ?? "unknown-client"; var clientVersion = ClaimHelpers.GetIsApiKey(HttpContext.User) ? "apikey" : ClaimHelpers.GetVersion(HttpContext.User) ?? "unknown-version"; return(clientName, clientVersion); }
public BaseModel Logout() { var user = ClaimHelpers.GetUserFromClaims(User.Claims.ToArray()); _authService.LogoffUser(user.UserId, user.LogId); return(new BaseModel() { Error = false }); }
public ActionResult <bool> Authorize([FromQuery, Required] string code) { var userId = ClaimHelpers.GetUserId(Request.HttpContext.User); if (!userId.HasValue) { return(StatusCode(StatusCodes.Status403Forbidden, "Unknown user id")); } return(_quickConnect.AuthorizeRequest(userId.Value, code)); }
public ActionResult <int> Deauthorize() { var userId = ClaimHelpers.GetUserId(Request.HttpContext.User); if (!userId.HasValue) { return(0); } return(_quickConnect.DeleteAllDevices(userId.Value)); }
public static bool IsUserAdmin(this ClaimsPrincipal User) { bool isUserAdmin = false; if (User != null) { isUserAdmin = ClaimHelpers.IsUserAnAdmin((ClaimsIdentity)User.Identity); } return(isUserAdmin); }
private string GetJwtToken(LoginModel logindData) { var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.AuthSecret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(ClaimHelpers.GetUserClaims(logindData)), Expires = DateTime.UtcNow.AddHours(_appSettings.AuthTokenExpiresInHours), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); return(tokenHandler.WriteToken(token)); }
/// <summary> /// Add additional fields depending on client. /// </summary> /// <remarks> /// Use in place of GetDtoOptions. /// Legacy order: 2. /// </remarks> /// <param name="dtoOptions">DtoOptions object.</param> /// <param name="request">Current request.</param> /// <returns>Modified DtoOptions object.</returns> internal static DtoOptions AddClientFields( this DtoOptions dtoOptions, HttpRequest request) { dtoOptions.Fields ??= Array.Empty <ItemFields>(); string?client = ClaimHelpers.GetClient(request.HttpContext.User); // No client in claim if (string.IsNullOrEmpty(client)) { return(dtoOptions); } if (!dtoOptions.ContainsField(ItemFields.RecursiveItemCount)) { if (client.IndexOf("kodi", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("wmc", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("media center", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("classic", StringComparison.OrdinalIgnoreCase) != -1) { int oldLen = dtoOptions.Fields.Count; var arr = new ItemFields[oldLen + 1]; dtoOptions.Fields.CopyTo(arr, 0); arr[oldLen] = ItemFields.RecursiveItemCount; dtoOptions.Fields = arr; } } if (!dtoOptions.ContainsField(ItemFields.ChildCount)) { if (client.IndexOf("kodi", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("wmc", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("media center", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("classic", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("roku", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("samsung", StringComparison.OrdinalIgnoreCase) != -1 || client.IndexOf("androidtv", StringComparison.OrdinalIgnoreCase) != -1) { int oldLen = dtoOptions.Fields.Count; var arr = new ItemFields[oldLen + 1]; dtoOptions.Fields.CopyTo(arr, 0); arr[oldLen] = ItemFields.ChildCount; dtoOptions.Fields = arr; } } return(dtoOptions); }
public ActionResult<UserDto> GetCurrentUser() { var userId = ClaimHelpers.GetUserId(Request.HttpContext.User); if (userId is null) { return BadRequest(); } var user = _userManager.GetUserById(userId.Value); if (user == null) { return BadRequest(); } return _userManager.GetUserDto(user); }
public static int GetUserId(this ClaimsPrincipal User) { int userId = 0; if (User != null) { try { userId = ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)User.Identity); } catch (Exception ex) { } } return(userId); }
public async Task <ActionResult <bool> > Authorize([FromQuery, Required] string code) { var userId = ClaimHelpers.GetUserId(Request.HttpContext.User); if (!userId.HasValue) { return(StatusCode(StatusCodes.Status403Forbidden, "Unknown user id")); } try { return(await _quickConnect.AuthorizeRequest(userId.Value, code).ConfigureAwait(false)); } catch (AuthenticationException) { return(Unauthorized("Quick connect is disabled")); } }
/// <inheritdoc /> protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement) { if (!ValidateClaims(context.User)) { context.Fail(); return(Task.CompletedTask); } var userId = ClaimHelpers.GetUserId(context.User); var user = _userManager.GetUserById(userId !.Value); if ((requirement.RequiredAccess.HasValue && user.SyncPlayAccess == requirement.RequiredAccess) || user.SyncPlayAccess == SyncPlayAccess.CreateAndJoinGroups) { context.Succeed(requirement); } else { context.Fail(); } return(Task.CompletedTask); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BankAccountOperationsAuthorizationPolicyRequirement requirement) { var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext; string idParam = mvcContext.HttpContext.Request.Path.Value.Split(new char[] { '/' }).Last(); var id = mvcContext.ActionDescriptor.Id; BankAccountRepository bankAccountRepo = new BankAccountRepository((int)UserEnum.SystemUser); int accountOwnerUserID = bankAccountRepo.GetBankAccountOwnerId(Int32.Parse(idParam)); if (accountOwnerUserID == ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)context.User.Identity)) { context.Succeed(requirement); } if (context.User.Claims.Any(c => c.Value == requirement.RoleName)) { context.Succeed(requirement); } return(Task.CompletedTask); }
public MealController(IHttpContextAccessor contextAccessor, IMealService mealService) { _mealService = mealService; _loggedInUser = ClaimHelpers.GetUserFromClaims(contextAccessor.HttpContext.User.Claims); }
public static List <Claim> RemoveClaimsByType(List <Claim> claims, string type) => ClaimHelpers.RemoveClaimsByType(claims, type);
public static IEnumerable <string> GetClaimValuesByType(IEnumerable <Claim> claims, string type) => ClaimHelpers.GetClaimValuesByType(claims, type);
public static string GetFirstClaimValueByType(IEnumerable <Claim> claims, string type) => ClaimHelpers.GetFirstClaimValueByType(claims, type);
/// <inheritdoc /> protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement) { if (!ValidateClaims(context.User)) { context.Fail(); return(Task.CompletedTask); } var userId = ClaimHelpers.GetUserId(context.User); var user = _userManager.GetUserById(userId !.Value); if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess) { if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups || user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups || _syncPlayManager.IsUserActive(userId.Value)) { context.Succeed(requirement); } else { context.Fail(); } } else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.CreateGroup) { if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups) { context.Succeed(requirement); } else { context.Fail(); } } else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.JoinGroup) { if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups || user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups) { context.Succeed(requirement); } else { context.Fail(); } } else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.IsInGroup) { if (_syncPlayManager.IsUserActive(userId.Value)) { context.Succeed(requirement); } else { context.Fail(); } } else { context.Fail(); } return(Task.CompletedTask); }
public UserSettingsController(IHttpContextAccessor contextAccessor, IUserSettingsService userSettingsService) { _userSettingsService = userSettingsService; _loggedInUser = ClaimHelpers.GetUserFromClaims(contextAccessor.HttpContext.User.Claims); }