public async Task <IActionResult> ExternalLoginAssociation(ExternalLoginAssociationViewModel model)
{
var user = await _userManager.FindByEmailAsync(model.Email);
var result = await _userManager.AddLoginAsync(user, new UserLoginInfo(model.Provider, model.ProviderKey, model.ProviderDisplayName ?? model.Provider));
if (result.Succeeded)
{
return(RedirectToAction(nameof(Callback)));
}
return(View("ExternalLoginFailure")); //RedirectToAction(nameof(AccountController.Login));
}
public async Task <IActionResult> Callback()
{
// read external identity from the temporary cookie
var result = await HttpContext.AuthenticateAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
if (result?.Succeeded != true)
{
throw new Exception("External authentication error");
}
var retrnurl = result.Properties.Items["returnUrl"];
// lookup our user and external provider info
var(user, provider, providerUserId, claims) = await FindUserFromExternalProviderAsync(result);
if (user == null)
{
// this might be where you might initiate a custom workflow for user registration
// in this sample we don't show how that would be done, as our sample implementation
// simply auto-provisions new external user
//user = _userManager.FindByEmailAsync(claim)
var email = claims.FirstOrDefault(x => x.Value.Contains("@"))?.Value;
if (!string.IsNullOrWhiteSpace(email))
{
var tentativeUser = await _userManager.FindByEmailAsync(email);
if (tentativeUser != null)
{
//var retrnurl = result.Properties.Items["returnUrl"];
var m = new ExternalLoginAssociationViewModel {
Email = email,
Provider = provider,
ProviderKey = providerUserId,
ProviderDisplayName = provider,
ReturnUrl = retrnurl
};
return(View("ExternalLoginAssociation", m));
}
}
else
{
email = "None";
}
//await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
return(View("ExternalLoginFailure", new ExternalLoginFailureViewModel {
Email = email, RedirectUri = retrnurl, ClientName = ""
})); //RedirectToAction(nameof(AccountController.Login));
//user = AutoProvisionUser(provider, providerUserId, claims);
//return RedirectToAction(nameof(AccountController.Login));
}
// this allows us to collect any additonal claims or properties
// for the specific prtotocols used and store them in the local auth cookie.
// this is typically used to store data needed for signout from those protocols.
var additionalLocalClaims = new List <Claim>();
var localSignInProps = new AuthenticationProperties()
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.ExternalProviderLoginDurationOverride)
};
ProcessLoginCallbackForOidc(result, additionalLocalClaims, localSignInProps);
ProcessLoginCallbackForWsFed(result, additionalLocalClaims, localSignInProps);
ProcessLoginCallbackForSaml2p(result, additionalLocalClaims, localSignInProps);
// issue authentication cookie for user
await _events.RaiseAsync(new UserLoginSuccessEvent(provider, providerUserId, user.Id, user.UserName));
await _signInManager.SignInAsync(user, localSignInProps, provider);
//await HttpContext.SignInAsync(user.Id, user.UserName, provider, localSignInProps, additionalLocalClaims.ToArray());
// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
// retrieve return URL
var returnUrl = result.Properties.Items["returnUrl"] ?? "~/";
// check if external login is in the context of an OIDC request
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (context != null)
{
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = returnUrl
}));
}
}
return(Redirect(returnUrl));
}
