public bool Authorize(DashboardContext dashboardContext) { var owinEnvironment = dashboardContext.GetOwinEnvironment(); var owinContext = new OwinContext(owinEnvironment); var currentPerson = ClaimsIdentityHelper.PersonFromClaimsIdentity(owinContext.Authentication); return(currentPerson.IsAdministrator()); }
public async Task <IActionResult> PlaceOrder(List <OrderProduct> orderProductList) { int userId = ClaimsIdentityHelper.GetUserId(HttpContext); if (userId > 0 && orderProductList.Count > 0) { try { List <OrderProduct> verifiedOrderProductList = new List <OrderProduct>(); decimal total = 0; foreach (var item in orderProductList) { var Product = unitOfWork.ProductRepository.GetByID(item.ProductID); if (Product != null) { total += Product.ProductPrice * item.ProductCount; OrderProduct orderProduct = new OrderProduct(); orderProduct.ProductID = Product.ProductID; orderProduct.ProductCount = item.ProductCount; verifiedOrderProductList.Add(orderProduct); } } if (verifiedOrderProductList.Count > 0) { Order order = new Order(); order.CustomerID = userId; order.OrderDate = DateTime.Now; order.TotalPrice = total; unitOfWork.OrderRepository.Insert(order); unitOfWork.Save(); verifiedOrderProductList = verifiedOrderProductList.Select(c => { c.OrderID = order.OrderID; return(c); }).ToList(); await unitOfWork.OrderProductRepository.InsertALL(verifiedOrderProductList); unitOfWork.Save(); } return(Ok(new { Message = "Order place success" })); } catch (Exception ex) { return(new BadRequestObjectResult(new { Message = "Order place failed" })); } } return(new BadRequestObjectResult(new { Message = "Order place failed" })); }
// Is this called only on initial authorization? or every call? I think only first time, but let's be sure. public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext) { Roles = CalculateRoleNameStringFromFeature(); var userIdentity = HttpRequestStorage.GetHttpContextUserThroughOwin().Identity; //if () var firmaSessionFromClaimsIdentity = ClaimsIdentityHelper.FirmaSessionFromClaimsIdentity(HttpRequestStorage.GetHttpContextAuthenticationThroughOwin(), HttpRequestStorage.Tenant); HttpRequestStorage.FirmaSession = firmaSessionFromClaimsIdentity; AddLocalUserAccountRolesToClaims(HttpRequestStorage.FirmaSession, userIdentity); // This ends up making the calls into the RoleProvider base.OnAuthorization(filterContext); }
/// <summary> /// Function required by <see cref="OwinStartupAttribute" /> /// </summary> public void Configuration(IAppBuilder app) { SitkaHttpApplication.Logger.Info("Owin Startup - Start Configuration"); app.Use((ctx, next) => { // Trying a lock here to prevent sporadic "Collection was modified; enumeration operation may not execute." error. lock (BranchBuildLock) { var branch = app.New(); JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); // Specify TLS 1.2 for Rest API calls ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; var tenant = GetTenantFromUrl(ctx.Request); HttpRequestStorage.Tenant = tenant; if (!tenant.TenantEnabled) { throw new SitkaDisplayErrorException($"Tenant {tenant.TenantName} is disabled; cannot show site"); } var canonicalHostNameForEnvironment = FirmaWebConfiguration.FirmaEnvironment.GetCanonicalHostNameForEnvironment(tenant); var tenantAttributes = MultiTenantHelpers.GetTenantAttributeFromCache(); var cookieSecureOption = FirmaWebConfiguration.RedirectToHttps ? CookieSecureOption.Always : CookieSecureOption.Never; branch.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = CookieAuthenticationType, CookieManager = new SystemWebChunkingCookieManager(), CookieName = ClaimsIdentityHelper.GetAuthenticationApplicationCookieName(tenant), CookieSecure = cookieSecureOption }); switch (FirmaWebConfiguration.AuthenticationType) { case AuthenticationType.KeystoneAuth: branch.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { Authority = FirmaWebConfiguration.KeystoneOpenIDUrl, ResponseType = "id_token token", Scope = "openid all_claims keystone", UseTokenLifetime = false, SignInAsAuthenticationType = CookieAuthenticationType, CallbackPath = new PathString("/Account/LogOn"), ClientId = tenantAttributes.KeystoneOpenIDClientIdentifier, ClientSecret = tenantAttributes.KeystoneOpenIDClientSecret, RedirectUri = $"https://{canonicalHostNameForEnvironment}/Account/LogOn", // this has to match the keystone client redirect uri PostLogoutRedirectUri = $"https://{canonicalHostNameForEnvironment}/", // OpenID is super picky about this; url must match what Keystone has EXACTLY (Trailing slash and all) Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = (context) => { SitkaHttpApplication.Logger.Info($"Owin Startup - Configuration - AuthenticationFailed AuthType:{FirmaWebConfiguration.AuthenticationType}"); if ((context.Exception.Message.StartsWith("OICE_20004") || context.Exception.Message.Contains("IDX10311"))) { context.SkipToNextMiddleware(); return(Task.FromResult(0)); } return(Task.FromResult(0)); }, SecurityTokenValidated = n => { HttpRequestStorage.Tenant = GetTenantFromUrl(n.Request); SitkaHttpApplication.Logger.Info( $"In SecurityTokenValidated: TenantID {HttpRequestStorage.Tenant.TenantID}, Url: {n.Request.Uri.ToString()}, AuthType:{FirmaWebConfiguration.AuthenticationType}"); var claimsIdentity = n.AuthenticationTicket.Identity; claimsIdentity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken)); if (n.ProtocolMessage.Code != null) { claimsIdentity.AddClaim(new Claim("code", n.ProtocolMessage.Code)); } if (n.ProtocolMessage.AccessToken != null) { claimsIdentity.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken)); } //map name claim to default name type claimsIdentity.AddClaim(new Claim( "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", claimsIdentity.FindFirst(KeystoneOpenIDClaimTypes.Name).Value.ToString())); if (claimsIdentity.IsAuthenticated) // we have a token and we can determine the person. { KeystoneOpenIDUtilities.OpenIDClaimHandler(SyncLocalAccountStore, claimsIdentity); } return(Task.FromResult(0)); }, RedirectToIdentityProvider = n => { SitkaHttpApplication.Logger.Info($"Owin Startup - Configuration - RedirectToIdentityProvider AuthType:{FirmaWebConfiguration.AuthenticationType}, RequestType:{n.ProtocolMessage.RequestType}"); //n.ProtocolMessage.RedirectUri = GetHomePage(); // dynamic home page for multiple subdomains //n.ProtocolMessage.PostLogoutRedirectUri = GetOuterPage(); // dynamic landing page for multiple subdomains if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest) { var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token"); if (idTokenHint != null) { n.ProtocolMessage.IdTokenHint = idTokenHint.Value; } } else if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest) { var httpContextBase = GetHttpContext(n); var referrer = httpContextBase.Request.UrlReferrer; if (referrer != null && referrer.Host == canonicalHostNameForEnvironment) { n.Response.Cookies.Append("ReturnURL", referrer.PathAndQuery); } } return(Task.FromResult(0)); } } }); break; case AuthenticationType.LocalAuth: break; default: throw new ArgumentOutOfRangeException(); } // we have to do this per tenant so needs to belong here branch.UseHangfireDashboard("/hangfire", new DashboardOptions { Authorization = new[] { new HangfireFirmaWebAuthorizationFilter() } }); return(branch.Build()(ctx.Environment)); } }); ScheduledBackgroundJobBootstrapper.ConfigureHangfireAndScheduledBackgroundJobs(app); }