public bool Authorize(DashboardContext dashboardContext)
{
var owinEnvironment = dashboardContext.GetOwinEnvironment();
var owinContext = new OwinContext(owinEnvironment);
var currentPerson = ClaimsIdentityHelper.PersonFromClaimsIdentity(owinContext.Authentication);
return(currentPerson.IsAdministrator());
}
public async Task <IActionResult> PlaceOrder(List <OrderProduct> orderProductList)
{
int userId = ClaimsIdentityHelper.GetUserId(HttpContext);
if (userId > 0 && orderProductList.Count > 0)
{
try
{
List <OrderProduct> verifiedOrderProductList = new List <OrderProduct>();
decimal total = 0;
foreach (var item in orderProductList)
{
var Product = unitOfWork.ProductRepository.GetByID(item.ProductID);
if (Product != null)
{
total += Product.ProductPrice * item.ProductCount;
OrderProduct orderProduct = new OrderProduct();
orderProduct.ProductID = Product.ProductID;
orderProduct.ProductCount = item.ProductCount;
verifiedOrderProductList.Add(orderProduct);
}
}
if (verifiedOrderProductList.Count > 0)
{
Order order = new Order();
order.CustomerID = userId;
order.OrderDate = DateTime.Now;
order.TotalPrice = total;
unitOfWork.OrderRepository.Insert(order);
unitOfWork.Save();
verifiedOrderProductList = verifiedOrderProductList.Select(c => { c.OrderID = order.OrderID; return(c); }).ToList();
await unitOfWork.OrderProductRepository.InsertALL(verifiedOrderProductList);
unitOfWork.Save();
}
return(Ok(new { Message = "Order place success" }));
}
catch (Exception ex)
{
return(new BadRequestObjectResult(new { Message = "Order place failed" }));
}
}
return(new BadRequestObjectResult(new { Message = "Order place failed" }));
}
// Is this called only on initial authorization? or every call? I think only first time, but let's be sure.
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
Roles = CalculateRoleNameStringFromFeature();
var userIdentity = HttpRequestStorage.GetHttpContextUserThroughOwin().Identity;
//if ()
var firmaSessionFromClaimsIdentity = ClaimsIdentityHelper.FirmaSessionFromClaimsIdentity(HttpRequestStorage.GetHttpContextAuthenticationThroughOwin(), HttpRequestStorage.Tenant);
HttpRequestStorage.FirmaSession = firmaSessionFromClaimsIdentity;
AddLocalUserAccountRolesToClaims(HttpRequestStorage.FirmaSession, userIdentity);
// This ends up making the calls into the RoleProvider
base.OnAuthorization(filterContext);
}
/// <summary>
/// Function required by <see cref="OwinStartupAttribute" />
/// </summary>
public void Configuration(IAppBuilder app)
{
SitkaHttpApplication.Logger.Info("Owin Startup - Start Configuration");
app.Use((ctx, next) =>
{
// Trying a lock here to prevent sporadic "Collection was modified; enumeration operation may not execute." error.
lock (BranchBuildLock)
{
var branch = app.New();
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
// Specify TLS 1.2 for Rest API calls
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var tenant = GetTenantFromUrl(ctx.Request);
HttpRequestStorage.Tenant = tenant;
if (!tenant.TenantEnabled)
{
throw new SitkaDisplayErrorException($"Tenant {tenant.TenantName} is disabled; cannot show site");
}
var canonicalHostNameForEnvironment = FirmaWebConfiguration.FirmaEnvironment.GetCanonicalHostNameForEnvironment(tenant);
var tenantAttributes = MultiTenantHelpers.GetTenantAttributeFromCache();
var cookieSecureOption = FirmaWebConfiguration.RedirectToHttps
? CookieSecureOption.Always
: CookieSecureOption.Never;
branch.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationType,
CookieManager = new SystemWebChunkingCookieManager(),
CookieName = ClaimsIdentityHelper.GetAuthenticationApplicationCookieName(tenant),
CookieSecure = cookieSecureOption
});
switch (FirmaWebConfiguration.AuthenticationType)
{
case AuthenticationType.KeystoneAuth:
branch.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = FirmaWebConfiguration.KeystoneOpenIDUrl,
ResponseType = "id_token token",
Scope = "openid all_claims keystone",
UseTokenLifetime = false,
SignInAsAuthenticationType = CookieAuthenticationType,
CallbackPath = new PathString("/Account/LogOn"),
ClientId = tenantAttributes.KeystoneOpenIDClientIdentifier,
ClientSecret = tenantAttributes.KeystoneOpenIDClientSecret,
RedirectUri =
$"https://{canonicalHostNameForEnvironment}/Account/LogOn", // this has to match the keystone client redirect uri
PostLogoutRedirectUri =
$"https://{canonicalHostNameForEnvironment}/", // OpenID is super picky about this; url must match what Keystone has EXACTLY (Trailing slash and all)
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = (context) =>
{
SitkaHttpApplication.Logger.Info($"Owin Startup - Configuration - AuthenticationFailed AuthType:{FirmaWebConfiguration.AuthenticationType}");
if ((context.Exception.Message.StartsWith("OICE_20004") ||
context.Exception.Message.Contains("IDX10311")))
{
context.SkipToNextMiddleware();
return(Task.FromResult(0));
}
return(Task.FromResult(0));
},
SecurityTokenValidated = n =>
{
HttpRequestStorage.Tenant = GetTenantFromUrl(n.Request);
SitkaHttpApplication.Logger.Info(
$"In SecurityTokenValidated: TenantID {HttpRequestStorage.Tenant.TenantID}, Url: {n.Request.Uri.ToString()}, AuthType:{FirmaWebConfiguration.AuthenticationType}");
var claimsIdentity = n.AuthenticationTicket.Identity;
claimsIdentity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
if (n.ProtocolMessage.Code != null)
{
claimsIdentity.AddClaim(new Claim("code", n.ProtocolMessage.Code));
}
if (n.ProtocolMessage.AccessToken != null)
{
claimsIdentity.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
}
//map name claim to default name type
claimsIdentity.AddClaim(new Claim(
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
claimsIdentity.FindFirst(KeystoneOpenIDClaimTypes.Name).Value.ToString()));
if (claimsIdentity.IsAuthenticated) // we have a token and we can determine the person.
{
KeystoneOpenIDUtilities.OpenIDClaimHandler(SyncLocalAccountStore, claimsIdentity);
}
return(Task.FromResult(0));
},
RedirectToIdentityProvider = n =>
{
SitkaHttpApplication.Logger.Info($"Owin Startup - Configuration - RedirectToIdentityProvider AuthType:{FirmaWebConfiguration.AuthenticationType}, RequestType:{n.ProtocolMessage.RequestType}");
//n.ProtocolMessage.RedirectUri = GetHomePage(); // dynamic home page for multiple subdomains
//n.ProtocolMessage.PostLogoutRedirectUri = GetOuterPage(); // dynamic landing page for multiple subdomains
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
else if (n.ProtocolMessage.RequestType ==
OpenIdConnectRequestType.AuthenticationRequest)
{
var httpContextBase = GetHttpContext(n);
var referrer = httpContextBase.Request.UrlReferrer;
if (referrer != null && referrer.Host == canonicalHostNameForEnvironment)
{
n.Response.Cookies.Append("ReturnURL", referrer.PathAndQuery);
}
}
return(Task.FromResult(0));
}
}
});
break;
case AuthenticationType.LocalAuth:
break;
default:
throw new ArgumentOutOfRangeException();
}
// we have to do this per tenant so needs to belong here
branch.UseHangfireDashboard("/hangfire", new DashboardOptions
{
Authorization = new[] { new HangfireFirmaWebAuthorizationFilter() }
});
return(branch.Build()(ctx.Environment));
}
});
ScheduledBackgroundJobBootstrapper.ConfigureHangfireAndScheduledBackgroundJobs(app);
}
