// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddSingleton <PersistentCommissionManager>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.AddMvc() .AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix) .AddDataAnnotationsLocalization(); services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd")); //.AddAzureAD(options => Configuration.Bind("AzureAd", options)); services.AddDbContext <ESDB>(o => { o.UseSqlServer(Configuration.GetConnectionString("ESDB")); }); services.Configure <OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, opt => { var onTokenValidated = opt.Events.OnTokenValidated; opt.Events.OnTokenValidated = ( async ctxt => { var opt = new DbContextOptionsBuilder <ESDB>(); using (var esdb = new ESDB(opt.UseSqlServer(Configuration.GetConnectionString("ESDB")).Options)) { onTokenValidated?.Invoke(ctxt); var roles = await EligereRoles.ComputeRoles(esdb, "AzureAD", ctxt.Principal.Identity.Name); var claims = new List <Claim>(); roles.ForEach(r => claims.Add(new Claim(ClaimTypes.Role, r))); var appIdentity = new ClaimsIdentity(claims, "EligereIdentity"); ctxt.Principal.AddIdentity(appIdentity); } }); }); services.AddDataProtection() .SetApplicationName("Eligere") .PersistKeysToFileSystem(new DirectoryInfo(evsKeyPath)); services.AddControllersWithViews(options => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); options.Filters.Add(new AuthorizeFilter(policy)); }); services.AddRazorPages() .AddMicrosoftIdentityUI(); IdentityModelEventSource.ShowPII = true; }
public async Task <IActionResult> Index() { // FIXME: this should be improved, roles are computed upon login so if they are changed during execution should be recomputed // in particular when assigned roles are revoked currently login should be forced through server restart. // This check is only to ensure that enrolled voters being still acknowledged. if (User.Identity.IsAuthenticated && await EligereRoles.InconsistentRoles(User, _context, "AzureAD", User.Identity.Name)) { return(RedirectToAction("SignOut", "Account", new { Area = "MicrosoftIdentity" })); } var u = User.Identity.Name; var pendingUserLoginRequest = false; if (User.IsInRole(EligereRoles.AuthenticatedUser) && !User.IsInRole(EligereRoles.AuthenticatedPerson)) { if (_context.UserLoginRequest.Where(l => l.UserId == u).Count() > 0) { pendingUserLoginRequest = true; } } ViewData["PendingUserLoginRequest"] = pendingUserLoginRequest; return(View()); }