public async Task <IActionResult> AddOrUpdate(string scheme, string optionsMessage)
{
if (await _schemeProvider.GetSchemeAsync(scheme) == null)
{
_schemeProvider.AddScheme(new AuthenticationScheme(scheme, scheme, typeof(SimpleAuthHandler)));
}
else
{
_optionsCache.TryRemove(scheme);
}
_optionsCache.TryAdd(scheme, new SimpleOptions {
DisplayMessage = optionsMessage
});
return(Redirect("/"));
}
public void createSchemas()
{
using (var scope = services.CreateScope())
{
var accountDbContext = scope.ServiceProvider.GetRequiredService <AccountDbContext>();
var organizations = accountDbContext.Organizations;
foreach (var organization in organizations)
{
_logger.LogInformation("Creating Authentication Schema for organization : " + organization.Name + "");
_authenticationProvider.AddScheme(new AuthenticationScheme(organization.Name, organization.Name, typeof(CookieAuthenticationHandler)));
var _sysServices = scope.ServiceProvider.GetRequiredService <IServiceCollection>();
var shema = _sysServices.AddAuthentication()
.AddCookie(organization.Name, o =>
{
o.ExpireTimeSpan = TimeSpan.FromHours(1);
o.LoginPath = new PathString("/store/{OrganizationName}");
o.Cookie.Name = organization.Name + " CustomerCookie";
o.SlidingExpiration = true;
});
}
}
}
public MessagePump(IOptions <HttpSysOptions> options, ILoggerFactory loggerFactory, IAuthenticationSchemeProvider authentication)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (loggerFactory == null)
{
throw new ArgumentNullException(nameof(loggerFactory));
}
_options = options.Value;
Listener = new HttpSysListener(_options, loggerFactory);
_logger = loggerFactory.CreateLogger <MessagePump>();
if (_options.Authentication.Schemes != AuthenticationSchemes.None)
{
authentication.AddScheme(new AuthenticationScheme(HttpSysDefaults.AuthenticationScheme, displayName: _options.Authentication.AuthenticationDisplayName, handlerType: typeof(AuthenticationHandler)));
}
Features = new FeatureCollection();
_serverAddresses = new ServerAddressesFeature();
Features.Set <IServerAddressesFeature>(_serverAddresses);
if (HttpApi.IsFeatureSupported(HttpApiTypes.HTTP_FEATURE_ID.HttpFeatureDelegateEx))
{
var delegationProperty = new ServerDelegationPropertyFeature(Listener.RequestQueue, _logger);
Features.Set <IServerDelegationFeature>(delegationProperty);
}
_maxAccepts = _options.MaxAccepts;
}
public IISMiddleware(RequestDelegate next, ILoggerFactory loggerFactory, IOptions <IISOptions> options, string pairingToken, IAuthenticationSchemeProvider authentication, IApplicationLifetime applicationLifetime)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
if (loggerFactory == null)
{
throw new ArgumentNullException(nameof(loggerFactory));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (applicationLifetime == null)
{
throw new ArgumentNullException(nameof(applicationLifetime));
}
if (string.IsNullOrEmpty(pairingToken))
{
throw new ArgumentException("Missing or empty pairing token.");
}
_next = next;
_options = options.Value;
if (_options.ForwardWindowsAuthentication)
{
authentication.AddScheme(new AuthenticationScheme(IISDefaults.AuthenticationScheme, _options.AuthenticationDisplayName, typeof(AuthenticationHandler)));
}
_pairingToken = pairingToken;
_applicationLifetime = applicationLifetime;
_logger = loggerFactory.CreateLogger <IISMiddleware>();
}
public async Task InvokeAsync(HttpContext context,
IAuthenticationSchemeProvider schemeProvider,
IOptionsMonitorCache <FakeAuthenticationSchemeOptions> optionsCache)
{
var fakeOptions = context.RequestServices
.GetRequiredService <IOptionsSnapshot <FakeAuthenticationOptions> >().Value;
foreach (var fakeScheme in fakeOptions.Schemes)
{
if (await schemeProvider.GetSchemeAsync(fakeScheme.SchemeName) != null)
{
schemeProvider.RemoveScheme(fakeScheme.SchemeName);
optionsCache.TryRemove(fakeScheme.SchemeName);
var scheme = new AuthenticationScheme(fakeScheme.SchemeName,
fakeScheme.SchemeName,
typeof(FakeAuthenticationHandler));
schemeProvider.AddScheme(scheme);
var fakeSchemeOptions = new FakeAuthenticationSchemeOptions();
foreach (var claim in fakeScheme.Claims)
{
fakeSchemeOptions.Claims.Add(claim);
}
optionsCache.TryAdd(fakeScheme.SchemeName, fakeSchemeOptions);
}
}
await _next(context);
}
void AddSchemeIfNotExists(List <string> AppSchemes, string oauthScheme, Type handlerType)
{
if (!AppSchemes.Contains(oauthScheme))
{
_oauthProvider.AddScheme(new AuthenticationScheme(oauthScheme, oauthScheme, handlerType));
}
}
public MessagePump(IOptions <HttpSysOptions> options, ILoggerFactory loggerFactory, IAuthenticationSchemeProvider authentication)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (loggerFactory == null)
{
throw new ArgumentNullException(nameof(loggerFactory));
}
_options = options.Value;
Listener = new HttpSysListener(_options, loggerFactory);
_logger = loggerFactory.CreateLogger <MessagePump>();
if (_options.Authentication.Schemes != AuthenticationSchemes.None)
{
authentication.AddScheme(new AuthenticationScheme(HttpSysDefaults.AuthenticationScheme, displayName: null, handlerType: typeof(AuthenticationHandler)));
}
Features = new FeatureCollection();
_serverAddresses = new ServerAddressesFeature();
Features.Set <IServerAddressesFeature>(_serverAddresses);
_maxAccepts = _options.MaxAccepts;
}
public async Task <IActionResult> AddOrUpdate(string scheme, string optionsMessage)
{
if (await _schemeProvider.GetSchemeAsync(scheme) == null)
{
_schemeProvider.AddScheme(new AuthenticationScheme(scheme, scheme, typeof(GoogleHandler)));
}
else
{
_optionsCache.TryRemove(scheme);
}
_optionsCache.TryAdd(scheme, new GoogleOptions
{
SignInScheme = "Kalle",
ClientId = "708996912208-9m4dkjb5hscn7cjrn5u0r4tbgkbj1fko.apps.googleusercontent.com",
ClientSecret = "wdfPY6t8H8cecgjlxud__4Gh"
//DisplayMessage = optionsMessage
});
//var a = await this._schemeProvider.GetSchemeAsync("Google");
//return this.Challenge(new AuthenticationProperties
//{
//}, "Google");
return(Redirect("/"));
}
public IISHttpServer(
IISNativeApplication nativeApplication,
IHostApplicationLifetime applicationLifetime,
IAuthenticationSchemeProvider authentication,
IOptions <IISServerOptions> options,
ILogger <IISHttpServer> logger
)
{
_nativeApplication = nativeApplication;
_applicationLifetime = applicationLifetime;
_logger = logger;
_options = options.Value;
_serverAddressesFeature = new ServerAddressesFeature();
if (_options.ForwardWindowsAuthentication)
{
authentication.AddScheme(new AuthenticationScheme(IISServerDefaults.AuthenticationScheme, _options.AuthenticationDisplayName, typeof(IISServerAuthenticationHandlerInternal)));
}
Features.Set <IServerAddressesFeature>(_serverAddressesFeature);
if (_options.MaxRequestBodySize > _options.IisMaxRequestSizeLimit)
{
_logger.LogWarning(CoreStrings.MaxRequestLimitWarning);
}
}
/// <summary>
/// Adds a scheme asynchronously.
/// </summary>
/// <param name="definition">The definition.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns></returns>
/// <exception cref="ArgumentNullException">definition</exception>
public virtual async Task AddAsync(ISchemeDefinition definition, CancellationToken cancellationToken = default)
{
definition = definition ?? throw new ArgumentNullException(nameof(definition));
var handlerType = definition.HandlerType;
var optionsType = GetOptionsType(handlerType);
var optionsMonitorCache = _wrapperFactory.Get(optionsType);
var scheme = definition.Scheme;
if (await _schemeProvider.GetSchemeAsync(scheme).ConfigureAwait(false) != null)
{
_schemeProvider.RemoveScheme(scheme);
optionsMonitorCache.TryRemove(scheme);
}
_schemeProvider.AddScheme(new AuthenticationScheme(scheme, definition.DisplayName, handlerType));
optionsMonitorCache.TryAdd(scheme, definition.Options);
}
public IISHttpServer(IApplicationLifetime applicationLifetime, IAuthenticationSchemeProvider authentication, IOptions <IISOptions> options)
{
_applicationLifetime = applicationLifetime;
_authentication = authentication;
_options = options.Value;
if (_options.ForwardWindowsAuthentication)
{
authentication.AddScheme(new AuthenticationScheme(IISDefaults.AuthenticationScheme, _options.AuthenticationDisplayName, typeof(IISServerAuthenticationHandler)));
}
}
public void Register(AuthenticationProvider provider)
{
_providerId = provider.Id.ToString();
_providerCache = new ProviderCache();
SchemeName = provider.Name;
var scheme = new AuthenticationScheme(SchemeName, provider.DisplayName, typeof(NegotiateHandler));
_schemeProvider.AddScheme(scheme);
var options = new NegotiateOptions();
_optionsCache.TryAdd(SchemeName, options);
}
public void AddIdentityProvider <THandler, TOptions>(Guid id, TOptions options)
where THandler : RemoteAuthenticationHandler <TOptions>
where TOptions : RemoteAuthenticationOptions, new()
{
_schemeProvider.AddScheme(new AuthenticationScheme(id.ToString(), id.ToString(), typeof(THandler)));
SetCommonProviderOptions(options);
var postConfigure = _container.Get <IPostConfigureOptions <TOptions> >();
postConfigure.PostConfigure(id.ToString(), options);
var cache = _container.Get <IOptionsMonitorCache <TOptions> >();
cache.TryAdd(id.ToString(), options);
}
/// <inheritdoc />
public async Task ConfigureAsync()
{
// Remove all schemes
var allSchemes = await _schemeProvider.GetAllSchemesAsync();
var filteredSchemes = allSchemes.Where(x => !ExcludedSchemes.Contains(x.Name));
foreach (var authenticationScheme in filteredSchemes)
{
_schemeProvider.RemoveScheme(authenticationScheme.Name);
}
// Add schemes based on identity providers
var identityProviders = await _sgIdentityProviderStore.GetAllAsync();
foreach (var identityProvider in identityProviders)
{
if (!identityProvider.IsEnabled)
{
continue;
}
AuthenticationScheme scheme;
switch (identityProvider)
{
case GoogleIdentityProvider googleIdentityProvider:
scheme = _authSchemeCreatorFactory.GetCreator <GoogleIdentityProvider>()
.Create(googleIdentityProvider);
break;
case MicrosoftIdentityProvider microsoftIdentityProvider:
scheme = _authSchemeCreatorFactory.GetCreator <MicrosoftIdentityProvider>()
.Create(microsoftIdentityProvider);
break;
case AzureAdIdentityProvider azureAdIdentityProvider:
scheme = _authSchemeCreatorFactory.GetCreator <AzureAdIdentityProvider>()
.Create(azureAdIdentityProvider);
break;
default:
throw new NotImplementedException(
$"Identity provider '{identityProvider.Type}' is not supported.");
}
_schemeProvider.AddScheme(scheme);
}
}
public IISHttpServer(
IISNativeApplication nativeApplication,
IApplicationLifetime applicationLifetime,
IAuthenticationSchemeProvider authentication,
IOptions <IISServerOptions> options,
ILogger <IISHttpServer> logger
)
{
_nativeApplication = nativeApplication;
_applicationLifetime = applicationLifetime;
_logger = logger;
_options = options.Value;
if (_options.ForwardWindowsAuthentication)
{
authentication.AddScheme(new AuthenticationScheme(IISServerDefaults.AuthenticationScheme, _options.AuthenticationDisplayName, typeof(IISServerAuthenticationHandler)));
}
}
private async Task AddScheme(ExternalLoginScheme scheme)
{
if (!new Regex("^Scheme[0-9]$").IsMatch(scheme.Name ?? string.Empty))
{
throw new ArgumentException($"Scheme name '{scheme.Name}' must be like '^Scheme[0-9]$'.");
}
if (await schemeProvider.GetSchemeAsync(scheme.Name) != null)
{
throw new ArgumentException($"Scheme '{scheme.Name}' already exists.");
}
if (!new Regex("^[ a-zA-Z0-9]+$").IsMatch(scheme.DisplayName ?? string.Empty))
{
throw new ArgumentException($"Scheme display name '{scheme.DisplayName}' must be like '^[ a-zA-Z0-9]+$'.");
}
var newOptions = new MicrosoftAccountOptions
{
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
ClientId = scheme.ClientId,
ClientSecret = scheme.ClientSecret,
AuthorizationEndpoint = scheme.AuthorizationEndpoint,
TokenEndpoint = scheme.TokenEndpoint,
CallbackPath = scheme.CallbackPath,
};
newOptions.Validate();
foreach (var c in optionsConfigure)
{
c.Configure(newOptions);
}
foreach (var c in optionsPostConfigure)
{
c.PostConfigure(scheme.Name, newOptions);
}
var dataProtector = newOptions.DataProtectionProvider.CreateProtector(typeof(CacheStateLocallyAndOnlySendReference).FullName, scheme.Name, "v1");
newOptions.StateDataFormat = new CacheStateLocallyAndOnlySendReference(this.httpContextAccessor, dataProtector);
optionsCache.TryAdd(scheme.Name, newOptions);
schemeProvider.AddScheme(new AuthenticationScheme(scheme.Name, scheme.DisplayName, typeof(MicrosoftAccountHandler)));
logger.LogInformation("Added external authentication {ExternalLogin} for tenant {Tenant}.", scheme.Name, resolvedTenant.TenantName);
}
public async Task <IActionResult> Register(IndexViewModel mod)
{
Register registerModel = mod.Register;
Organization organizationExist = await _organizationRepository.OraganizationExist(registerModel.DatabaseName);
if (organizationExist == null)
{
var user = new ApplicationUser
{
Email = registerModel.Email,
DatabaseName = registerModel.DatabaseName,
Country = registerModel.Country,
Language = registerModel.Language,
UserName = registerModel.UserName,
Organization = new Organization {
Name = registerModel.DatabaseName,
Email = registerModel.Email
}
};
var result = await _userManager.CreateAsync(user, registerModel.Password);
if (result.Succeeded)
{
List <Task> tasks = new List <Task>();
var roleAdmin = "Administrator";
var roleEmployee = "Employee";
await _management.AddRoleToUserAsync(roleAdmin, user);
await _management.AddRoleToUserAsync(roleEmployee, user);
await _userManager.AddClaimAsync(user, new Claim("organization", user.DatabaseName));
await _userManager.AddClaimAsync(user, new Claim("organizationId", user.OrganizationId));
muserLogger.LogInformation("A user with a specifc roles : " + roleAdmin + " has Been Created");
var res = await _signInManager.PasswordSignInAsync(user.UserName, registerModel.Password,
true, false);
if (res.Succeeded)
{
tasks.Add(_databaseBuilder.createModulesDatabaseAsync(registerModel.DatabaseName));
tasks.Add(Task.Run(() => _authenticationProvider.AddScheme(new AuthenticationScheme(registerModel.DatabaseName, registerModel.DatabaseName, typeof(CookieAuthenticationHandler)))));
;
await Task.WhenAll(tasks);
using (var scope = _service.CreateScope())
{
var _sysServices = scope.ServiceProvider.GetRequiredService <IServiceCollection>();
var shema = _sysServices.AddAuthentication()
.AddCookie(registerModel.DatabaseName, o =>
{
o.ExpireTimeSpan = TimeSpan.FromHours(1);
o.LoginPath = new PathString("/store/{OrganizationName}");
o.Cookie.Name = registerModel.DatabaseName + " CustomerCookie";
o.SlidingExpiration = true;
});
}
return(RedirectToAction("System", "App"));
}
}
var errors = result.Errors.ToList();
foreach (var el in errors)
{
ModelState.AddModelError("", el.Code);
}
}
else
{
ModelState.AddModelError("", "This Database Name is used");
}
return(View());
}
public void AddScheme(AuthenticationScheme scheme)
{
_inner.AddScheme(scheme);
}
public Task Invoke(
HttpContext context,
TenantDbContext _db,
IOptionsMonitor <IdentityServerAuthenticationOptions> identityServerAuthenticationOptions)
{
var tenant = _tenantService.GetTenant(_db,
context.Request.Host.Value);
if (tenant.Item1 != null)
{
context.Items[TenantConstant.CacheKey] = tenant.Item1;
}
var ResetOAuthProvider_CacheKey = TenantConstant.SchemesReflush + context.Request.Host.Value;
var ResetOAuthProvider_Flag = _memoryCache.Get <string>(ResetOAuthProvider_CacheKey);
if (tenant.Item2 != null)
{
var pvtModel = tenant.Item2;
#region IdentityServer4 - IssuerUri
_identityServerOptions.IssuerUri = context.Request.Scheme + "://" + tenant.Item2.IdentityServerIssuerUri;
#endregion
#region IdentityServer4 - AuthorityUri
identityServerAuthenticationOptions.CurrentValue.Authority = _identityServerOptions.IssuerUri;
#endregion
#region ResetOAuthProvider - PerRequest
if (string.IsNullOrWhiteSpace(ResetOAuthProvider_Flag) && pvtModel.Properties.Count > 0)
{
// All Schemes
var ApplicationSchemes = _oauthProvider.GetAllSchemesAsync().Result.Select(x => x.Name).ToList();
// All Scheme Providers
var SchemeProviders = OAuthBuilderExtensions.Handlers.Select(x => x.Key).ToList();
foreach (var oauthScheme in SchemeProviders)
{
if (!pvtModel.Properties.ContainsKey($"{oauthScheme}:ClientId") ||
!pvtModel.Properties.ContainsKey($"{oauthScheme}:ClientSecret"))
{
continue;
}
var ClientId_FromTenant = pvtModel.Properties[$"{oauthScheme}:ClientId"];
var ClientSecret_FromTenant = pvtModel.Properties[$"{oauthScheme}:ClientSecret"];
if (string.IsNullOrWhiteSpace(ClientId_FromTenant) ||
string.IsNullOrWhiteSpace(ClientSecret_FromTenant))
{
_oauthProvider.RemoveScheme(oauthScheme);
continue;
}
switch (oauthScheme)
{
case AmazonAuthenticationDefaults.AuthenticationScheme:
_amazonOptions.ClientId = ClientId_FromTenant;
_amazonOptions.ClientSecret = ClientSecret_FromTenant;
break;
case FacebookDefaults.AuthenticationScheme:
_facebookOptions.ClientId = ClientId_FromTenant;
_facebookOptions.ClientSecret = ClientSecret_FromTenant;
break;
case GitHubDefaults.AuthenticationScheme:
_githubOptions.ClientId = ClientId_FromTenant;
_githubOptions.ClientSecret = ClientSecret_FromTenant;
break;
case GitterAuthenticationDefaults.AuthenticationScheme:
_gitterOptions.ClientId = ClientId_FromTenant;
_gitterOptions.ClientSecret = ClientSecret_FromTenant;
break;
case GoogleDefaults.AuthenticationScheme:
_googleOptions.ClientId = ClientId_FromTenant;
_googleOptions.ClientSecret = ClientSecret_FromTenant;
break;
case InstagramAuthenticationDefaults.AuthenticationScheme:
_instagramOptions.ClientId = ClientId_FromTenant;
_instagramOptions.ClientSecret = ClientSecret_FromTenant;
break;
case LinkedInAuthenticationDefaults.AuthenticationScheme:
_linkedinOptions.ClientId = ClientId_FromTenant;
_linkedinOptions.ClientSecret = ClientSecret_FromTenant;
break;
case MicrosoftAccountDefaults.AuthenticationScheme:
_microsoftOptions.ClientId = ClientId_FromTenant;
_microsoftOptions.ClientSecret = ClientSecret_FromTenant;
break;
case PaypalAuthenticationDefaults.AuthenticationScheme:
_paypalOptions.ClientId = ClientId_FromTenant;
_paypalOptions.ClientSecret = ClientSecret_FromTenant;
break;
case QQDefaults.AuthenticationScheme:
_qqOptions.ClientId = ClientId_FromTenant;
_qqOptions.ClientSecret = ClientSecret_FromTenant;
break;
case RedditAuthenticationDefaults.AuthenticationScheme:
_redditOptions.ClientId = ClientId_FromTenant;
_redditOptions.ClientSecret = ClientSecret_FromTenant;
break;
case SalesforceAuthenticationDefaults.AuthenticationScheme:
_salesforceOptions.ClientId = ClientId_FromTenant;
_salesforceOptions.ClientSecret = ClientSecret_FromTenant;
break;
case TwitterDefaults.AuthenticationScheme:
_twitterOptions.ConsumerKey = ClientId_FromTenant;
_twitterOptions.ConsumerSecret = ClientSecret_FromTenant;
break;
case VisualStudioAuthenticationDefaults.AuthenticationScheme:
_visualstudioOptions.ClientId = ClientId_FromTenant;
_visualstudioOptions.ClientSecret = ClientSecret_FromTenant;
break;
case WeiboDefaults.AuthenticationScheme:
_weiboOptions.ClientId = ClientId_FromTenant;
_weiboOptions.ClientSecret = ClientSecret_FromTenant;
break;
case WeixinDefaults.AuthenticationScheme:
_weixinOptions.ClientId = ClientId_FromTenant;
_weixinOptions.ClientSecret = ClientSecret_FromTenant;
break;
case WordPressAuthenticationDefaults.AuthenticationScheme:
_wordpressOptions.ClientId = ClientId_FromTenant;
_wordpressOptions.ClientSecret = ClientSecret_FromTenant;
break;
default: break;
}
if (!ApplicationSchemes.Contains(oauthScheme))
{
_oauthProvider.AddScheme(new AuthenticationScheme(oauthScheme,
oauthScheme, OAuthBuilderExtensions.Handlers[oauthScheme]));
}
}
var MemoryCacheOptions = new MemoryCacheEntryOptions();
MemoryCacheOptions.SetAbsoluteExpiration(
TimeSpan.FromSeconds(TenantConstant.SchemesReflushDuration));
_memoryCache.Set(ResetOAuthProvider_CacheKey,
"1",
MemoryCacheOptions);
}
#endregion
}
return(_next(context));
}
public async Task AddOrUpdate(string tenantId)
{
var scheme = $"{tenantId}-scheme";
var oidOptions = new OpenIdConnectOptions();
var samlOptions = new Saml2pAuthenticationOptions();
var saml2SpOptions = new SpOptions();
var saml2IdpOptions = new IdpOptions();
var tenant = _repo.GetAllTenants().FirstOrDefault(x => x.TenantId.Equals(tenantId));
var oidcProtocol = tenant.Protocol.Equals("oidc");
if (tenant != null && oidcProtocol)
{
var oidConfig = _repo.GetOpenIdConfig(tenantId);
oidOptions = BuildOidOptions(oidConfig);
}
else
{
var samlConfig = _repo.GetSamlConfig(tenantId);
saml2SpOptions = new SpOptions()
{
EntityId = "https://localhost:44374/saml",
SigningCertificate = new X509Certificate2("testclient.pfx", "test"),
MetadataPath = "/saml/metadata",
SignAuthenticationRequests = true
};
saml2IdpOptions = new IdpOptions()
{
EntityId = samlConfig.IdpEntityId,
SingleSignOnEndpoint = new SamlEndpoint(samlConfig.SingleSignOnEndpoint, SamlBindingTypes.HttpPost),
SingleLogoutEndpoint = new SamlEndpoint(samlConfig.SingleLogoutEndpoint, SamlBindingTypes.HttpPost),
SigningCertificate = new X509Certificate2(samlConfig.IdpSigningCertificate), //file name
};
samlOptions = BuildSamlOptions(samlConfig, saml2SpOptions, saml2IdpOptions);
}
if (await _schemeProvider.GetSchemeAsync(scheme) == null)
{
_schemeProvider.AddScheme(new AuthenticationScheme(scheme, scheme, oidcProtocol ? typeof(OpenIdConnectHandler) : typeof(Saml2pAuthenticationHandler)));
}
else
{
if (oidcProtocol)
{
_openIdOptions.TryRemove(scheme);
}
else
{
_saml2pOptions.TryRemove(scheme);
}
}
if (oidcProtocol)
{
_oidPostConfOptions.PostConfigure(scheme, oidOptions);
_openIdOptions.TryAdd(scheme, oidOptions);
}
else
{
_saml2pOptions.TryAdd(scheme, samlOptions);
}
}
public async Task <IActionResult> Add([FromBody] SchemeData schemeData)
{
var schemeName = string.Format("{0}_{1}", schemeData.Domain, schemeData.Scheme);
if (schemeData.Scheme == "Google")
{
IOptionsMonitorCache <GoogleOptions> oAuthOptionsCache = serviceProvider.GetRequiredService <IOptionsMonitorCache <GoogleOptions> >();
OAuthPostConfigureOptions <GoogleOptions, GoogleHandler> oAuthPostConfigureOptions = serviceProvider.GetRequiredService <OAuthPostConfigureOptions <GoogleOptions, GoogleHandler> >();
if (await schemeProvider.GetSchemeAsync(schemeName) == null)
{
schemeProvider.AddScheme(new AuthenticationScheme(schemeName, schemeData.Scheme, typeof(GoogleHandler)));
}
else
{
oAuthOptionsCache.TryRemove(schemeName);
}
var options = new GoogleOptions
{
ClientId = "xxxxxxx",
ClientSecret = "xxxxxxxxxxxx"
};
oAuthPostConfigureOptions.PostConfigure(schemeName, options);
oAuthOptionsCache.TryAdd(schemeName, options);
}
else if (schemeData.Scheme == "Auth0")
{
IOptionsMonitorCache <Saml2Options> oAuthOptionsCache = serviceProvider.GetRequiredService <IOptionsMonitorCache <Saml2Options> >();
PostConfigureSaml2Options oAuthPostConfigureOptions = serviceProvider.GetRequiredService <PostConfigureSaml2Options>();
if (await schemeProvider.GetSchemeAsync(schemeName) == null)
{
schemeProvider.AddScheme(new AuthenticationScheme(schemeName, schemeData.Scheme, typeof(Saml2Handler)));
}
else
{
oAuthOptionsCache.TryRemove(schemeName);
}
//urn:ccidentity.auth0.com
var options = new Saml2Options();
options.SPOptions.EntityId = new EntityId("https://localhost:44332/auth0");
options.SPOptions.ModulePath = "/Saml2Auth0";
options.SPOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
var idp = new IdentityProvider(new EntityId("urn:ccidentity.auth0.com"), options.SPOptions)
{
MetadataLocation = "https://xxxxxxxx/samlp/metadata/7HmaqIPuC32Pc95e0clSqN3n3ogzkTkP",
LoadMetadata = true,
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
SingleSignOnServiceUrl = new Uri("https://xxxxxxx/samlp/7HmaqIPuC32Pc95e0clSqN3n3ogzkTkP"),
};
idp.SigningKeys.AddConfiguredKey(new X509Certificate2(Convert.FromBase64String("MIIDAzCCAeugAwIBAgIJLNhPpvvzUXRnMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNVBAMTFGNjaWRlbnRpdHkuYXV0aDAuY29tMB4XDTIwMDQwMTEwMTEzMVoXDTMzMTIwOTEwMTEzMVowHzEdMBsGA1UEAxMUY2NpZGVudGl0eS5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXOaxVEhjYW+eT3YduAnRMGrJGcriVU1e3n3RXB6SPt4QsmXsOcdLItaqKthSKeRTkOtXvRANvve1YrEUeMwWzv9gsKoQrwM5fDKwG+chEJNxEZEtMmGfqasb++taLTduNPphSm1xs0RNHeeFXdJHt4QWVsCMJfH2RRUlRHaqj4niew/uzJOZNiWLnXp+03tiy5uwOyxyOhpMOX9QZqpSwHHzZ8OoLIIxynuSiWipZoeCoxrZKM3kHW9YlwLVZvcqAZhWTbut6sC+Y+1O1Sfh1tr6XxWzcP5GaMMV2xQPgPYYKjYMiMeFSe4E5P3R4QxmEoeOpAhWzHQbiyzMYLIO1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFldi8Vcq5IwPROX5ssxqm+uuQaZMA4GA1UdDwEB/wQEAwIChDANBgkqhkiG9w0BAQsFAAOCAQEA1DWRiUaTCHqPUQRzOOnuiSib2dga2Qd1v39dqaaHrLe345c0eo1yn0cE50xtSTlx++WeIQ3RbXCMm70Za3+AfQhTOisqiHS0Nb+ZrxkHFzl0JNgY4AHQFbYsM3QwZQLBjfhL3KyYoTiQRifn/L9N1F/ZJN5PatoybwwJAbo4V0Y1g9pMSWXhbUKJCBP3Eq/8LPx2erAs3RkheYtz+beviOiXNeNYvUNxmPNy+vpp/zvFG5q20vtK7a3EBbOh1pputoctmAfnGoyjZ06JDAa006iJiGwXlwNonBFClLwbds4H3fc9hv4RsCWlVVdcO+l5FL17nhMRYZUn74lGHOCMZg==")));
options.IdentityProviders.Add(idp);
oAuthPostConfigureOptions.PostConfigure(schemeName, options);
oAuthOptionsCache.TryAdd(schemeName, options);
}
else if (schemeData.Scheme == "Saml2")
{
IOptionsMonitorCache <Saml2Options> oAuthOptionsCache = serviceProvider.GetRequiredService <IOptionsMonitorCache <Saml2Options> >();
PostConfigureSaml2Options oAuthPostConfigureOptions = serviceProvider.GetRequiredService <PostConfigureSaml2Options>();
if (await schemeProvider.GetSchemeAsync(schemeName) == null)
{
schemeProvider.AddScheme(new AuthenticationScheme(schemeName, schemeData.Scheme, typeof(Saml2Handler)));
}
else
{
oAuthOptionsCache.TryRemove(schemeName);
}
var options = new Saml2Options();
options.SPOptions.EntityId = new EntityId("https://localhost:44332/Saml2");
options.SPOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
var idp = new IdentityProvider(new EntityId("https://xxxxxxxxxxxx/adfs/services/trust"), options.SPOptions)
{
//MetadataLocation = "https://xxxxxxxxxxxx/FederationMetadata/2007-06/FederationMetadata.xml",
//LoadMetadata = true,
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
SingleSignOnServiceUrl = new Uri("https://xxxxxxxxx/adfs/ls/"),
};
idp.SigningKeys.AddConfiguredKey(new X509Certificate2(Convert.FromBase64String("MIIC5jCCAc6gAwIBAgIQOMQMbu2YTpFIO7bLoDczgjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBEZXYtMTAxLkJhbmtPZlpvbmUubGswHhcNMjAwMzMwMTQyOTQ5WhcNMjEwMzMwMTQyOTQ5WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBEZXYtMTAxLkJhbmtPZlpvbmUubGswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0sv1rrY0QcVy8kCYz48dTE0qWlwg7J67kNDuO4um37DKnmSK43QTKMkN4Oe / q6 + a8YV2XW7aHqVzirdyeCWDqWf0fuef0jBhysylwdZI8P8PHAhX632jkQ9dXKqKC9kVEsV + LMzMB98xv3ue + rAjQMctrvdapTgvRTOyu5SEHV7zKN / AXDgqM1AT9ae4prRhg7F37Y6h4DVjCdOZgV7LpmgkkFxFnmk0G5il9yfFnLs2Xw3dQxh8HPj9XCgeNT3GGnui + d69BnESsWDjUBUuBGB / +6WQixC4SnKzbssVTy3W4h3aSSsGljAAJfh5YUafzqCjG7Z6xE16LNBieKjbVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAH / a2bttVBkWzk4Q7K8qjgC / GQboK1NJewEPdi + 8GKG5RD + hWWz /qmXKT0u6ZklzmNrsxj + jPxIOzlv7Aaa5CbGUHHRoG7mgWnvV7y0Qys3OfRUpIzOK0HzDhe / LlyHyX3TpKDH / b1YQJiE6yHgwEdkO4ZBQsOHDNm9pvWH2YJQqMFbWPA4ZeUASeUO0h + BdR4Fog / MYu86lensZwZUKbq / 1 + M5xao3LZfQh5oyEBpH0roRJOazjMSHV + U4sLdvkvXx6in4BLwt1HiMAm0oA6c + vSW5GANAJBXPupfP6Njt0lpGGC3bLgWOlU65NTPwIZhvAjs / gV / pBa + jVMVxDP0g = ")));
options.IdentityProviders.Add(idp);
oAuthPostConfigureOptions.PostConfigure(schemeName, options);
oAuthOptionsCache.TryAdd(schemeName, options);
}
else
{
IOptionsMonitorCache <FacebookOptions> oAuthOptionsCache = serviceProvider.GetRequiredService <IOptionsMonitorCache <FacebookOptions> >();
OAuthPostConfigureOptions <FacebookOptions, FacebookHandler> oAuthPostConfigureOptions = serviceProvider.GetRequiredService <OAuthPostConfigureOptions <FacebookOptions, FacebookHandler> >();
if (await schemeProvider.GetSchemeAsync(schemeName) == null)
{
schemeProvider.AddScheme(new AuthenticationScheme(schemeName, schemeData.Scheme, typeof(FacebookHandler)));
}
else
{
oAuthOptionsCache.TryRemove(schemeName);
}
var options = new FacebookOptions
{
AppId = "xxxxxxxxxxxx",
AppSecret = "xxxxxxxxxxxxxxxxx"
};
oAuthOptionsCache.TryAdd(schemeName, options);
oAuthPostConfigureOptions.PostConfigure(schemeName, options);
oAuthOptionsCache.TryAdd(schemeName, options);
}
return(Redirect("/"));
}
public Task Invoke(
HttpContext context,
TenantDbContext _db)
{
var tenant = _tenantService.GetTenant(_db,
context.Request.Host.Value);
if (tenant.Item1 != null)
{
context.Items[TenantConstant.CacheKey] = tenant.Item1;
}
var reflushFlagCacheKey = TenantConstant.SchemesReflush + context.Request.Host.Value;
var reflushFlag = _memoryCache.Get <string>(reflushFlagCacheKey);
if (tenant.Item2 != null)
{
var pvtModel = tenant.Item2;
#region IssuerUri
_identityServerOptions.IssuerUri = context.Request.Scheme + "://" + tenant.Item2.IdentityServerIssuerUri;
#endregion
#region ResetOAuthOptions
if (string.IsNullOrWhiteSpace(reflushFlag) && pvtModel.Properties.Count > 0)
{
// 获取当前所有OAuth Scheme
var AllSchemes = _oauthProvider.GetAllSchemesAsync().Result.Select(x => x.Name).ToList();
var TenantSchemes = AppDefaultData.Tenant.OAuthHandlers.Select(x => x.Key).ToList();
foreach (var scheme in TenantSchemes)
{
var ClientIdKey = $"{scheme}:ClientId";
var ClientIdValue = pvtModel.Properties[ClientIdKey];
var ClientSecretKey = $"{scheme}:ClientSecret";
var ClientSecretValue = pvtModel.Properties[ClientSecretKey];
if (string.IsNullOrWhiteSpace(ClientIdValue) ||
string.IsNullOrWhiteSpace(ClientSecretValue))
{
_oauthProvider.RemoveScheme(scheme);
continue;
}
AppDefaultData.Tenant.TenantProperties[ClientIdKey] = ClientIdValue;
AppDefaultData.Tenant.TenantProperties[ClientSecretKey] = ClientSecretValue;
if (!AllSchemes.Contains(scheme))
{
var authScheme = new AuthenticationScheme(scheme,
scheme, AppDefaultData.Tenant.OAuthHandlers[scheme]);
_oauthProvider.AddScheme(authScheme);
}
}
_memoryCache.Set(reflushFlagCacheKey,
"1",
TimeSpan.FromSeconds(TenantConstant.SchemesReflushDuration));
}
#endregion
}
return(_next(context));
}
