public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) { var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync(); var cookieScheme = await context.GetCookieAuthenticationSchemeAsync(); if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme) { AugmentPrincipal(principal); if (properties == null) { properties = new AuthenticationProperties(); } properties.Items[IdentityConstants.AuthenticationProperties.Ip] = context.GetRequestIp(); if (!properties.Items.ContainsKey(IdentityConstants.AuthenticationProperties.SkipCreateSession)) { var userDevice = context .GetHeaderValueAs <string>("User-Agent") .GetDevice(); if (!string.IsNullOrEmpty(userDevice)) { properties.Items[IdentityConstants.AuthenticationProperties.Device] = userDevice; } } await _session.CreateSessionIdAsync(principal, properties); } await _inner.SignInAsync(context, scheme, principal, properties); }
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) { var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync(); var cookieScheme = await GetCookieAuthenticationSchemeAsync(); if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme) { if (principal?.IsAnonymous() == false) { var currentPrincipal = await _session.GetUserAsync(); if (currentPrincipal?.IsAnonymous() == true && _options.AllowRemoveAnonymousUserAfterSigningIn) { await _anonUserManager.DeleteByIdAsync(currentPrincipal.GetSubjectId()); } } if (properties == null) { properties = new AuthenticationProperties(); } await _session.CreateSessionIdAsync(principal, properties); } await _inner.SignInAsync(context, scheme, principal, properties); }
public async Task <AuthenticateResponse> Authenticate(UsernamePasswordCredentials credentials) { var validationResult = _usernamePasswordCredentialsValidator.Validate(credentials); if (!validationResult.IsValid) { return(new AuthenticationFailure <UsernamePasswordAuthenticateFailureReason>(validationResult.Errors.ParseFailureReasons <UsernamePasswordAuthenticateFailureReason>())); } var user = await _userDataService.GetUserForAuthentication(credentials.Username); // if the user is not found, use a random password to verify against and still do the work. This protects against timing attacks var password = user?.Password ?? _randomHashedPasswordProvider.RandomHashedPassword; // Verify against the stored password by performing the same hash operation on the entered password var hashedPassword = _hashPasswordService.Hash( credentials.Password, password.Salt, password.Prf, password.Iterations); if (!password.Equals(hashedPassword) || user == null) { return(new AuthenticationFailure <UsernamePasswordAuthenticateFailureReason>(UsernamePasswordAuthenticateFailureReason.InvalidCredentials)); } var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity( user.AsClaims(), (await _authenticationSchemeProvider.GetDefaultSignInSchemeAsync()).Name)); return(new AuthenticationSuccess(claimsPrincipal)); }
private async Task VerifyAllDefaults(IAuthenticationSchemeProvider provider, AuthenticationScheme?expected) { Assert.Equal(await provider.GetDefaultForbidSchemeAsync(), expected); Assert.Equal(await provider.GetDefaultAuthenticateSchemeAsync(), expected); Assert.Equal(await provider.GetDefaultChallengeSchemeAsync(), expected); Assert.Equal(await provider.GetDefaultSignInSchemeAsync(), expected); Assert.Equal(await provider.GetDefaultSignOutSchemeAsync(), expected); }
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) { var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync(); var cookieScheme = await context.GetCookieAuthenticationSchemeAsync(); if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme) { AugmentPrincipal(principal); properties ??= new AuthenticationProperties(); await _session.CreateSessionIdAsync(principal, properties); } await _inner.SignInAsync(context, scheme, principal, properties); }
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) { var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync(); if (scheme == null || scheme == defaultScheme.Name) { AugmentPrincipal(principal); if (properties == null) { properties = new AuthenticationProperties(); } await _session.CreateSessionIdAsync(principal, properties); } await _inner.SignInAsync(context, scheme, principal, properties); }
/// <inheritdoc /> public virtual async Task ProcessRequestAsync(HttpContext context) { context.CheckForBffMiddleware(Options); var result = await context.AuthenticateAsync(); if (result.Succeeded && result.Principal?.Identity?.IsAuthenticated == true) { var userSessionId = result.Principal.FindFirst(JwtClaimTypes.SessionId)?.Value; if (!String.IsNullOrWhiteSpace(userSessionId)) { var passedSessionId = context.Request.Query[JwtClaimTypes.SessionId].FirstOrDefault(); // for an authenticated user, if they have a sesison id claim, // we require the logout request to pass that same value to // prevent unauthenticated logout requests (similar to OIDC front channel) if (Options.RequireLogoutSessionId && userSessionId != passedSessionId) { throw new Exception("Invalid Session Id"); } } } // get rid of local cookie first var signInScheme = await AuthenticationSchemeProvider.GetDefaultSignInSchemeAsync(); await context.SignOutAsync(signInScheme?.Name); var returnUrl = context.Request.Query[Constants.RequestParameters.ReturnUrl].FirstOrDefault(); if (!string.IsNullOrWhiteSpace(returnUrl)) { if (!Util.IsLocalUrl(returnUrl)) { throw new Exception("returnUrl is not application local: " + returnUrl); } } var props = new AuthenticationProperties { RedirectUri = returnUrl ?? "/" }; // trigger idp logout await context.SignOutAsync(props); }
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) { var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync(); var cookieScheme = await GetCookieAuthenticationSchemeAsync(); if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme) { AugmentPrincipal(principal); } else { var claim = principal.FindFirst("http://schemas.microsoft.com/identity/claims/identityprovider"); if (claim != null) { context.Items.Add(JwtClaimTypes.IdentityProvider, claim.Value); } } await _inner.SignInAsync(context, scheme, principal, properties); }
/// <summary> /// Initializes a new instance of the <see cref="AutomaticTokenManagementConfigureCookieOptions"/> class. /// </summary> /// <param name="provider">The provider.</param> public AutomaticTokenManagementConfigureCookieOptions(IAuthenticationSchemeProvider provider) { this.Scheme = provider.GetDefaultSignInSchemeAsync().GetAwaiter().GetResult(); }
public Task <AuthenticationScheme> GetDefaultSignInSchemeAsync() { return(_inner.GetDefaultSignInSchemeAsync()); }
public AutoRefreshConfigureCookieOptions(IAuthenticationSchemeProvider provider) { _signInScheme = provider.GetDefaultSignInSchemeAsync().GetAwaiter().GetResult(); }