protected void SignIn(string username, int userId, string role) { AuthenticationExtensions.SignIn( username, userId, new List <string> { role }, this.Request); this.SetAuthentication(); }
public void ConfigureServices(IServiceCollection services) { services.AddOptions(); services.AddHttpContextAccessor(); var authenticationExtensions = new AuthenticationExtensions(Configuration); authenticationExtensions.ConfigureAuthenticationServices(services); services.ConfigureApplicationServices(Configuration, WebHostEnvironment); services.ConfigureLoggingServices(Configuration); }
private static void CreateSettingsBox(Ui ui, DashboardModel model) { var completed = model.HasSettings; var id = ui.NextId("settings").ToString(); var message = completed ? "You have successfully initialized your configuration settings." : "Create a configuration to manage your cluster's features and security."; var icon = completed ? FontAwesomeIcons.CheckCircle : FontAwesomeIcons.PlusCircle; var color = completed ? NamedColors.Grey : NamedColors.Green; var buttonState = completed ? " disabled" : ""; ui.BeginDiv("card"); { ui.BeginDiv("content"); { ui.Div("Configure Cluster Settings", new { @class = "header" }); ui.Div(message, new { @class = "description" }); } ui.EndDiv(); ui.BeginDiv($"ui bottom attached button{buttonState}", id: id) .Icon(icon, color).Literal("Create Settings") .EndDiv(); } ui.EndDiv(); if (ui.OnClick()) { if (!SqliteConfigurationHelper.IsEmptyConfiguration("settings.db")) { return; } var configSeed = ConfigurationLoader.FromEmbeddedJsonFile("seed.json"); if (configSeed == null) { return; } SqliteConfigurationHelper.MigrateToLatest("settings.db", SaveConfigurationOptions.Default, configSeed); var configRoot = ui.Context.UiServices.GetRequiredService <IConfigurationRoot>(); configRoot.Reload(); var options = ui.Context.UiServices.GetRequiredService <ISaveOptions <SecurityOptions> >(); if (AuthenticationExtensions.MaybeSelfCreateMissingKeys(options.Value.Tokens)) { options.TrySave("HQ:Security", () => { }); } ui.Invalidate(); } }
protected void SignOut() { AuthenticationExtensions.SignOut(this.Request); }
public static IMvcCoreBuilder AddSuperUserTokenController <TKey>(this IMvcCoreBuilder mvcBuilder, Func <IServiceProvider, DateTimeOffset> timestamps, Action <ClaimOptions> configureClaimsAction = null, Action <TokenOptions> configureTokensAction = null, Action <SuperUserOptions> configureSuperUserAction = null) where TKey : IEquatable <TKey> { if (configureClaimsAction != null) { mvcBuilder.Services.Configure(configureClaimsAction); } if (configureTokensAction != null) { mvcBuilder.Services.Configure(configureTokensAction); } if (configureSuperUserAction != null) { mvcBuilder.Services.Configure(configureSuperUserAction); } var claims = new ClaimOptions(); configureClaimsAction?.Invoke(claims); var tokens = new TokenOptions(); configureTokensAction?.Invoke(tokens); var superUser = new SuperUserOptions(); configureSuperUserAction?.Invoke(superUser); var credentials = new { SigningKeyString = tokens.SigningKey, EncryptingKeyString = tokens.EncryptingKey }.QuackLike <ITokenCredentials>(); AuthenticationExtensions.MaybeSetSecurityKeys(credentials); var scheme = superUser.Scheme ?? tokens.Scheme; mvcBuilder.Services.AddAuthentication().AddJwtBearer(scheme, o => { if (tokens.Encrypt) { o.TokenValidationParameters = new TokenValidationParameters { TokenDecryptionKeyResolver = (token, securityToken, kid, parameters) => new[] { credentials.EncryptingKey.Key }, ValidateIssuerSigningKey = false, ValidIssuer = tokens.Issuer, ValidateLifetime = true, ValidateAudience = true, ValidAudience = tokens.Audience, RequireSignedTokens = false, IssuerSigningKey = credentials.SigningKey.Key, TokenDecryptionKey = credentials.EncryptingKey.Key, ClockSkew = TimeSpan.FromSeconds(tokens.ClockSkewSeconds), RoleClaimType = claims.RoleClaim, NameClaimType = claims.UserNameClaim }; } else { o.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidIssuer = tokens.Issuer, ValidateLifetime = true, ValidateAudience = true, ValidAudience = tokens.Audience, RequireSignedTokens = true, IssuerSigningKey = credentials.SigningKey.Key, ClockSkew = TimeSpan.FromSeconds(tokens.ClockSkewSeconds), RoleClaimType = claims.RoleClaim, NameClaimType = claims.UserNameClaim }; } }); mvcBuilder.Services.TryAddSingleton <IIdentityClaimNameProvider, DefaultIdentityClaimNameProvider>(); mvcBuilder.Services.TryAddSingleton <ITokenFabricator <TKey> >(r => new DefaultTokenFabricator <TKey>(() => timestamps(r), r.GetRequiredService <IOptionsSnapshot <TokenOptions> >())); mvcBuilder.AddActiveRoute <SuperUserTokenController <TKey>, SuperUserFeature, SuperUserOptions>(); return(mvcBuilder); }
public static IServiceCollection AddSecurityPolicies(this IServiceCollection services, Action <SecurityOptions> configureSecurityAction = null, Action <SuperUserOptions> configureSuperUserAction = null, ISafeLogger logger = null) { Bootstrap.EnsureInitialized(); Bootstrap.ContractResolver.IgnoreTypes.Add(typeof(KestrelConfigurationLoader)); var security = new SecurityOptions(true); configureSecurityAction?.Invoke(security); var superUser = new SuperUserOptions(); configureSuperUserAction?.Invoke(superUser); var credentials = new { SigningKeyCredentials = security.Signing, EncryptingKey = security.Encrypting }.QuackLike <ITokenCredentials>(); AuthenticationExtensions.MaybeSetSecurityKeys(credentials); security.Signing = credentials.SigningKey; security.Encrypting = credentials.EncryptingKey; if (configureSecurityAction != null) { services.Configure <SecurityOptions>(o => { configureSecurityAction.Invoke(o); o.Signing = security.Signing; o.Encrypting = security.Encrypting; }); } if (configureSuperUserAction != null) { services.Configure <SuperUserOptions>(configureSuperUserAction.Invoke); } services.ConfigureOptions <ConfigureWebServer>(); services.AddCors(logger, security.Cors); services.AddAuthentication(logger, security, superUser); services.AddSuperUser(logger, superUser); services.AddHttps(logger, security); // FIXME: may need a better home for default policies for the platform services.AddDefaultAuthorization(Constants.Security.Policies.AccessOperations, ClaimValues.AccessOperations); services.AddDefaultAuthorization(Constants.Security.Policies.AccessMeta, ClaimValues.AccessMeta); services.AddDefaultAuthorization(Constants.Security.Policies.ManageConfiguration, ClaimValues.ManageConfiguration); services.AddDefaultAuthorization(Constants.Security.Policies.ManageObjects, ClaimValues.ManageObjects); services.AddDefaultAuthorization(Constants.Security.Policies.ManageSchemas, ClaimValues.ManageSchemas); services.AddDefaultAuthorization(Constants.Security.Policies.ManageBackgroundTasks, ClaimValues.ManageBackgroundTasks); services.AddDefaultAuthorization(Constants.Security.Policies.ManageUsers, ClaimValues.ManageUsers); services.AddDefaultAuthorization(Constants.Security.Policies.ManageRoles, ClaimValues.ManageRoles); services.AddDefaultAuthorization(Constants.Security.Policies.ManageTenants, ClaimValues.ManageTenants); services.AddDefaultAuthorization(Constants.Security.Policies.ManageApplications, ClaimValues.ManageApplications); return(services); }