public static ClaimsPrincipal MergeUserPrincipal(ClaimsPrincipal?existingPrincipal, ClaimsPrincipal?additionalPrincipal)
{
var newPrincipal = new ClaimsPrincipal();
// New principal identities go first
if (additionalPrincipal != null)
{
newPrincipal.AddIdentities(additionalPrincipal.Identities);
}
// Then add any existing non empty or authenticated identities
if (existingPrincipal != null)
{
newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any()));
}
return(newPrincipal);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.Use(async(context, next) =>
{
if (!context.Request.Path.Value.StartsWith("/admin"))
{
var participantScheme = await context.AuthenticateAsync("PromotionParticipantScheme");
var principal = new ClaimsPrincipal();
if (participantScheme?.Principal != null)
{
principal.AddIdentities(participantScheme.Principal.Identities);
}
else
{
principal.AddIdentity(new ClaimsIdentity());
}
context.User = principal;
}
await next();
});
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "Admin",
pattern: "{area=Admin}/{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "API",
pattern: "{area=API}/{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "ParticipantArea",
pattern: "{area=ParticipantArea}/{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
public override ClaimsPrincipal DeserializeSubject(string obj)
{
obj = string.IsNullOrEmpty(obj) ? "[]" : obj;
var simpleDocument = new SimpleDocument <List <ClaimIdentityRecord> >(obj);
var document = (List <ClaimIdentityRecord>)simpleDocument.Document;
var claimsPrincipal = new ClaimsPrincipal();
claimsPrincipal.AddIdentities(document.ToClaimsIdentitys());
return(claimsPrincipal);
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.Use(async(context, next) =>
{
var principal = new ClaimsPrincipal();
var result1 = await context.AuthenticateAsync("User_Schema");
if (result1?.Principal != null)
{
principal.AddIdentities(result1.Principal.Identities);
}
var result2 = await context.AuthenticateAsync("Admin_Schema");
if (result2?.Principal != null)
{
principal.AddIdentities(result2.Principal.Identities);
}
context.User = principal;
await next();
});
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "areas",
pattern: "{area:exists=Home}/{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
private async Task <ClaimsPrincipal> TransformClaims(ClaimsPrincipal principal, IServiceCollection services)
{
var transformed = new ClaimsPrincipal();
transformed.AddIdentities(principal.Identities);
transformed.AddIdentity(new ClaimsIdentity(new Claim[]
{
new Claim("logged in", DateTime.Now.ToString()) //voorbeeld: claims worden eenmalig gezet bij login
}));
return(transformed);
}
public Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
var transformed = new ClaimsPrincipal();
transformed.AddIdentities(principal.Identities);
transformed.AddIdentity(new ClaimsIdentity(new Claim[]
{
new Claim("Transformed", DateTime.Now.ToString())
}));
return(Task.FromResult(transformed));
}
public Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
// This will run every time Authenticate is called so its better to create a new Principal
var transformed = new ClaimsPrincipal();
transformed.AddIdentities(principal.Identities);
transformed.AddIdentity(new ClaimsIdentity(new Claim[]
{
new Claim("Transformed", DateTime.Now.ToString())
}));
return(Task.FromResult(transformed));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.Use(async(context, next) =>
{
var principal = new ClaimsPrincipal();
var result1 = await context.AuthenticateAsync("User_Schema");
if (result1?.Principal != null)
{
principal.AddIdentities(result1.Principal.Identities);
}
var result2 = await context.AuthenticateAsync("Admin_Schema");
if (result2?.Principal != null)
{
principal.AddIdentities(result2.Principal.Identities);
}
context.User = principal;
await next();
});
app.UseAuthentication();
app.UseSession();
app.UseStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
private static ClaimsPrincipal MergeUserPrincipal(
ClaimsPrincipal existingPrincipal,
ClaimsPrincipal additionalPrincipal)
{
var principal = new ClaimsPrincipal();
if (additionalPrincipal != null)
{
principal.AddIdentities(additionalPrincipal.Identities);
}
if (existingPrincipal == null)
{
return(principal);
}
var identities = existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any());
principal.AddIdentities(identities);
return(principal);
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseStaticFiles();
app.UseSession();
app.Use(async(context, next) =>
{
ClaimsPrincipal principal = new ClaimsPrincipal();
var result = await context.AuthenticateAsync("SCHEME_ADMIN");
if (result?.Principal != null)
{
principal.AddIdentities(result.Principal.Identities);
}
var result3 = await context.AuthenticateAsync("SCHEME_USER");
if (result3?.Principal != null)
{
principal.AddIdentities(result3.Principal.Identities);
}
context.User = principal;
await next();
});
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute("admin_route", "admin/{controller}/{action}/{id?}",
defaults: new { area = "admin" }, constraints: new { area = "admin" });
endpoints.MapControllerRoute("user_route", "user/{controller}/{action}/{id?}",
defaults: new { area = "user" }, constraints: new { area = "user" });
endpoints.MapControllerRoute(name: "default", pattern: "{controller=home}/{action=index}/{id?}");
});
}
public async Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
var userId = _tokenStore.GetCurrentUserId().ToString();
if (userId != "0")
{
var user = await _userManager.FindByIdAsync(userId);
var newPrincipal = await _userClaimsPrincipalFactory.CreateAsync(user);
principal.AddIdentities(newPrincipal.Identities);
}
return(principal);
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
app.UseForwardedHeaders();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
loggerFactory.AddRollbarDotNetLogger(app.ApplicationServices);
using (var serviceScope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope())
using (var context = serviceScope.ServiceProvider.GetService <MeredithDbContext>())
{
context.Database.Migrate();
}
app
.UseCustomLocalization()
.UseAuthentication()
.Use(async(context, next) =>
{
// If the default identity failed to authenticate (cookies)
if (context.User.Identities.All(i => !i.IsAuthenticated))
{
var principal = new ClaimsPrincipal();
var jwtAuth = await context.AuthenticateAsync("jwt");
if (jwtAuth?.Principal != null)
{
principal.AddIdentities(jwtAuth.Principal.Identities);
context.User = principal;
}
}
await next();
})
.UseCustomSwagger()
.UseMiddleware <ExceptionHandlingMiddleware>();
app.UseStaticFiles();
app.UseRouting();
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
}
private static async Task <AuthorizationCode> Version1(
BsonDocument doc,
IClientStore clientStore,
IScopeStore scopeStore)
{
var code = new AuthorizationCode();
code.CreationTime = doc.GetValueOrDefault("creationTime", code.CreationTime);
code.IsOpenId = doc.GetValueOrDefault("isOpenId", code.IsOpenId);
code.RedirectUri = doc.GetValueOrDefault("redirectUri", code.RedirectUri);
code.WasConsentShown = doc.GetValueOrDefault("wasConsentShown", code.WasConsentShown);
code.Nonce = doc.GetValueOrDefault("nonce", code.Nonce);
var claimsPrincipal = new ClaimsPrincipal();
IEnumerable <ClaimsIdentity> identities = doc.GetValueOrDefault("subject", sub =>
{
string authenticationType = sub.GetValueOrDefault("authenticationType", (string)null);
var claims = sub.GetNestedValueOrDefault("claimSet", ClaimSetSerializer.Deserialize, new Claim[] { });
ClaimsIdentity identity = authenticationType == null
? new ClaimsIdentity(claims)
: new ClaimsIdentity(claims, authenticationType);
return(identity);
}, new ClaimsIdentity[] { });
claimsPrincipal.AddIdentities(identities);
code.Subject = claimsPrincipal;
var clientId = doc["_clientId"].AsString;
code.Client = await clientStore.FindClientByIdAsync(clientId);
if (code.Client == null)
{
throw new InvalidOperationException("Client not found when deserializing authorization code. Client id: " + clientId);
}
var scopes = doc.GetValueOrDefault(
"requestedScopes",
(IEnumerable <string>) new string[] { }).ToArray();
code.RequestedScopes = await scopeStore.FindScopesAsync(scopes);
if (scopes.Count() > code.RequestedScopes.Count())
{
throw new InvalidOperationException("Scopes not found when deserializing authorization code. Scopes: " + string.Join(", ", scopes.Except(code.RequestedScopes.Select(x => x.Name))));
}
return(code);
}
public Task <ClaimsPrincipal> SignInAsync(string username, string password, string authenticationScheme)
{
if (Utility.AuthenticateUser(_logger, _ps, username, password, _options.AllowedGroup, out var profileDir))
{
var identity = new GenericIdentity(username, "login");
var principal = new ClaimsPrincipal(identity);
var claims = new[] {
new Claim(Claims.RUser, ""),
new Claim(UnixClaims.RUsername, username),
new Claim(UnixClaims.RPassword, password),
new Claim(Claims.RUserProfileDir, profileDir)
};
var claimsIdentity = new ClaimsIdentity(claims, authenticationScheme);
principal.AddIdentities(new[] { claimsIdentity });
return(Task.FromResult(principal));
}
return(Task.FromResult <ClaimsPrincipal>(null));
}
public async Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
await Task.CompletedTask;
var identityUrl = _configuration.GetValue <string>("IdentityUrl");
var test = principal.Claims.FirstOrDefault(c => c.Type == "access_token")?.Value;
var userinfo = await _client.GetUserInfoAsync(new UserInfoRequest
{
Address = $"{identityUrl}/connect/userinfo",
Token = principal.Claims.FirstOrDefault(c => c.Type == "access_token")?.Value
});
var transformed = new ClaimsPrincipal();
transformed.AddIdentities(principal.Identities);
transformed.AddIdentity(new ClaimsIdentity(userinfo.Claims.Select(c => new Claim(c.Type, c.Value))));
return(transformed);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"))
.AddFile("Logs/<%= Name %>-{Date}.txt");
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
// Enable middleware to serve generated Swagger as a JSON endpoint.
app.UseSwagger();
//enable swagger (help page)
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "<%= Name %> API v1.0");
});
#if DEBUG
app.Use(async(context, next) =>
{
if (!string.IsNullOrEmpty(context.Request.Headers["Authorization"]))
{
var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
if (authHeader.ToLower().StartsWith("basic"))
{
var result = await context.AuthenticateAsync("BasicAuthentication");
if (result?.Principal != null)
{
var principal = new ClaimsPrincipal();
principal.AddIdentities(result.Principal.Identities);
context.User = principal;
}
}
}
await next();
});
#endif
app.UseMvc();
}
private Mock <HttpContext> SetupContext(params ClaimsIdentity[] ids)
{
var context = new Mock <HttpContext>();
context.SetupProperty(c => c.User);
var user = new ClaimsPrincipal();
user.AddIdentities(ids);
context.Object.User = user;
if (ids != null)
{
var results = new List <AuthenticationResult>();
foreach (var id in ids)
{
results.Add(new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription()));
}
context.Setup(c => c.AuthenticateAsync(It.IsAny <IEnumerable <string> >())).ReturnsAsync(results).Verifiable();
}
return(context);
}
public static void UseXFJsonRpc(this IApplicationBuilder app, Action <RpcEndpointBuilder> configureOptions)
{
app.Map($"/{UrlConstants.CommandApiNamespace}", b =>
{
// add a custom middleware that authenticates all schemes.
// Workaround for the lack of support of multiple authentication schemes in EdjCase.JsonRpc.
b.Use(async(context, next) =>
{
var authSchemeProvider = context.RequestServices.GetService <IAuthenticationSchemeProvider>();
ClaimsPrincipal principal = null;
foreach (AuthenticationScheme scheme in await authSchemeProvider.GetAllSchemesAsync())
{
AuthenticateResult result = await context.AuthenticateAsync(scheme.Name);
if (result.Succeeded)
{
if (principal == null)
{
principal = result.Principal;
}
else
{
principal.AddIdentities(result.Principal.Identities);
}
}
}
if (principal != null)
{
context.User = principal;
}
await next();
});
b.UseJsonRpc(options =>
{
options.AddControllerWithCustomPath <UsersRpcController>(UrlConstants.Users);
configureOptions(options);
});
});
}
/// <inheritdoc />
public virtual async Task OnAuthorizationAsync([NotNull] AuthorizationContext context)
{
// Build a ClaimsPrincipal with the Policy's required authentication types
if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any())
{
var newPrincipal = new ClaimsPrincipal();
foreach (var scheme in Policy.ActiveAuthenticationSchemes)
{
var result = (await context.HttpContext.Authentication.AuthenticateAsync(scheme))?.Principal;
if (result != null)
{
newPrincipal.AddIdentities(result.Identities);
}
}
// If all schemes failed authentication, provide a default identity anyways
if (newPrincipal.Identity == null)
{
newPrincipal.AddIdentity(new ClaimsIdentity());
}
context.HttpContext.User = newPrincipal;
}
// Allow Anonymous skips all authorization
if (context.Filters.Any(item => item is IAllowAnonymous))
{
return;
}
var httpContext = context.HttpContext;
var authService = httpContext.RequestServices.GetRequiredService <IAuthorizationService>();
// Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity())
if (httpContext.User == null ||
!httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
!await authService.AuthorizeAsync(httpContext.User, context, Policy))
{
context.Result = new ChallengeResult(Policy.ActiveAuthenticationSchemes.ToArray());
}
}
public static AuthorizationCode ToAuthorizationCode(this AuthorizationCodeHandle handle,
IClientStore clientStore,
IScopeStore scopeStore)
{
var claimsPrincipal = new ClaimsPrincipal();
claimsPrincipal.AddIdentities(handle.ClaimIdentityRecords.ToClaimsIdentitys());
var result = new AuthorizationCode()
{
Subject = claimsPrincipal,
Client = clientStore.FindClientByIdAsync(handle.ClientId).Result,
RequestedScopes = scopeStore.FindScopesAsync(handle.RequestedScopes).Result,
CreationTime = handle.CreationTime,
IsOpenId = handle.IsOpenId,
RedirectUri = handle.RedirectUri,
WasConsentShown = handle.WasConsentShown,
Nonce = handle.Nonce
};
return(result);
}
public static IApplicationBuilder UseCustomAuthentication(this IApplicationBuilder app)
{
app.UseAuthentication().
Use(async(context, next) =>
{
// If the default identity failed to authenticate (cookies)
if (context.User.Identities.All(i => !i.IsAuthenticated))
{
var principal = new ClaimsPrincipal();
var jwtAuth = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
if (jwtAuth?.Principal != null)
{
principal.AddIdentities(jwtAuth.Principal.Identities);
context.User = principal;
}
}
await next();
});
return(app);
}
private async Task SignInAsync(MyCompanyModel model, IEnumerable <ClaimsIdentity> externalIdentities = null)
{
// create principal
ClaimsPrincipal principal = new ClaimsPrincipal();
if (model != null)
{
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.PasswordString),
new Claim(ClaimTypes.Email, model.EmailAddress),
new Claim("IsLocalAuthenticated", model.IsAuthenticated.ToString()),
};
// create identity
ClaimsIdentity identity = new ClaimsIdentity(claims, ePin.MyCompanyConstants.MyCompanyAuthenticationScheme)
{
Label = ePin.MyCompanyConstants.MyCompanyAuthenticationScheme
};
principal.AddIdentity(identity);
}
if (externalIdentities != null)
{
principal.AddIdentities(externalIdentities);
}
// sign in
await HttpContext.SignInAsync(
scheme : ePin.MyCompanyConstants.MyCompanyAuthenticationScheme,
principal : principal,
properties : new AuthenticationProperties
{
IsPersistent = true, // for 'remember me' feature
ExpiresUtc = DateTime.UtcNow.AddMinutes(20)
});
}
public async Task RouteAsync(RouteContext context)
{
if (context.HttpContext.Request.ContentType != "application/json")
{
return;
}
if (!context.HttpContext.Request.Path.Value.EndsWith($"/{XForgeConstants.CommandsEndpoint}"))
{
return;
}
var authSchemeProvider = context.HttpContext.RequestServices.GetService <IAuthenticationSchemeProvider>();
ClaimsPrincipal principal = null;
foreach (AuthenticationScheme scheme in await authSchemeProvider.GetAllSchemesAsync())
{
AuthenticateResult result = await context.HttpContext.AuthenticateAsync(scheme.Name);
if (result.Succeeded)
{
if (principal == null)
{
principal = result.Principal;
}
else
{
principal.AddIdentities(result.Principal.Identities);
}
}
}
if (principal != null)
{
context.HttpContext.User = principal;
}
await _internalRouter.RouteAsync(context);
}
/// <summary>
/// Evaluates the current Policy. This is provided for backward compatibility
/// of WCF Claims model. We always return true without affecting the EvaluationContext.
/// </summary>
/// <param name="evaluationContext">The current EvaluationContext.</param>
/// <param name="state">The reference state object.</param>
/// <returns>True if the Policy was successfully applied.</returns>
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (null == evaluationContext || null == evaluationContext.Properties)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("evaluationContext");
}
if (0 == _identityCollection.Count)
{
//
// Nothing to do here.
//
return(true);
}
//
// Locate or create the ClaimsPrincipal
//
object principalObj = null;
if (!evaluationContext.Properties.TryGetValue(ClaimsPrincipalKey, out principalObj))
{
ClaimsPrincipal principalToAdd = CreateClaimsPrincipalFromIdentities(_identityCollection);
evaluationContext.Properties.Add(ClaimsPrincipalKey, principalToAdd);
if (DiagnosticUtility.ShouldTrace(TraceEventType.Information))
{
TraceUtility.TraceEvent(
TraceEventType.Information,
TraceCode.Diagnostics,
SR.GetString(SR.TraceSetPrincipalOnEvaluationContext),
new ClaimsPrincipalTraceRecord(principalToAdd),
null,
null);
}
}
else
{
ClaimsPrincipal principal = principalObj as ClaimsPrincipal;
if (null != principal && null != principal.Identities)
{
principal.AddIdentities(_identityCollection);
}
else
{
//
// Someone stomped on our ClaimsPrincipal property key in the properties collection
// Just trace this for now.
//
if (DiagnosticUtility.ShouldTrace(TraceEventType.Error))
{
TraceUtility.TraceString(
TraceEventType.Error,
SR.GetString(SR.ID8004,
ClaimsPrincipalKey));
}
}
}
//
// Locate or create evaluationContext.Properties[ "Identities" ] with identities
//
object identitiesObj = null;
if (!evaluationContext.Properties.TryGetValue(IdentitiesKey, out identitiesObj))
{
List <ClaimsIdentity> identities = new List <ClaimsIdentity>();
foreach (ClaimsIdentity ici in _identityCollection)
{
identities.Add(ici);
}
evaluationContext.Properties.Add(IdentitiesKey, identities);
}
else
{
List <ClaimsIdentity> identities;
identities = identitiesObj as List <ClaimsIdentity>;
foreach (ClaimsIdentity ici in _identityCollection)
{
identities.Add(ici);
}
}
return(true);
}
