public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
var cookieScheme = await context.GetCookieAuthenticationSchemeAsync();
if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
{
AugmentPrincipal(principal);
if (properties == null)
{
properties = new AuthenticationProperties();
}
properties.Items[IdentityConstants.AuthenticationProperties.Ip] = context.GetRequestIp();
if (!properties.Items.ContainsKey(IdentityConstants.AuthenticationProperties.SkipCreateSession))
{
var userDevice = context
.GetHeaderValueAs <string>("User-Agent")
.GetDevice();
if (!string.IsNullOrEmpty(userDevice))
{
properties.Items[IdentityConstants.AuthenticationProperties.Device] = userDevice;
}
}
await _session.CreateSessionIdAsync(principal, properties);
}
await _inner.SignInAsync(context, scheme, principal, properties);
}
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
var cookieScheme = await GetCookieAuthenticationSchemeAsync();
if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
{
if (principal?.IsAnonymous() == false)
{
var currentPrincipal = await _session.GetUserAsync();
if (currentPrincipal?.IsAnonymous() == true && _options.AllowRemoveAnonymousUserAfterSigningIn)
{
await _anonUserManager.DeleteByIdAsync(currentPrincipal.GetSubjectId());
}
}
if (properties == null)
{
properties = new AuthenticationProperties();
}
await _session.CreateSessionIdAsync(principal, properties);
}
await _inner.SignInAsync(context, scheme, principal, properties);
}
public async Task <AuthenticateResponse> Authenticate(UsernamePasswordCredentials credentials)
{
var validationResult = _usernamePasswordCredentialsValidator.Validate(credentials);
if (!validationResult.IsValid)
{
return(new AuthenticationFailure <UsernamePasswordAuthenticateFailureReason>(validationResult.Errors.ParseFailureReasons <UsernamePasswordAuthenticateFailureReason>()));
}
var user = await _userDataService.GetUserForAuthentication(credentials.Username);
// if the user is not found, use a random password to verify against and still do the work. This protects against timing attacks
var password = user?.Password ?? _randomHashedPasswordProvider.RandomHashedPassword;
// Verify against the stored password by performing the same hash operation on the entered password
var hashedPassword = _hashPasswordService.Hash(
credentials.Password,
password.Salt,
password.Prf,
password.Iterations);
if (!password.Equals(hashedPassword) || user == null)
{
return(new AuthenticationFailure <UsernamePasswordAuthenticateFailureReason>(UsernamePasswordAuthenticateFailureReason.InvalidCredentials));
}
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(
user.AsClaims(),
(await _authenticationSchemeProvider.GetDefaultSignInSchemeAsync()).Name));
return(new AuthenticationSuccess(claimsPrincipal));
}
private async Task VerifyAllDefaults(IAuthenticationSchemeProvider provider, AuthenticationScheme?expected)
{
Assert.Equal(await provider.GetDefaultForbidSchemeAsync(), expected);
Assert.Equal(await provider.GetDefaultAuthenticateSchemeAsync(), expected);
Assert.Equal(await provider.GetDefaultChallengeSchemeAsync(), expected);
Assert.Equal(await provider.GetDefaultSignInSchemeAsync(), expected);
Assert.Equal(await provider.GetDefaultSignOutSchemeAsync(), expected);
}
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
var cookieScheme = await context.GetCookieAuthenticationSchemeAsync();
if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
{
AugmentPrincipal(principal);
properties ??= new AuthenticationProperties();
await _session.CreateSessionIdAsync(principal, properties);
}
await _inner.SignInAsync(context, scheme, principal, properties);
}
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
if (scheme == null || scheme == defaultScheme.Name)
{
AugmentPrincipal(principal);
if (properties == null)
{
properties = new AuthenticationProperties();
}
await _session.CreateSessionIdAsync(principal, properties);
}
await _inner.SignInAsync(context, scheme, principal, properties);
}
/// <inheritdoc />
public virtual async Task ProcessRequestAsync(HttpContext context)
{
context.CheckForBffMiddleware(Options);
var result = await context.AuthenticateAsync();
if (result.Succeeded && result.Principal?.Identity?.IsAuthenticated == true)
{
var userSessionId = result.Principal.FindFirst(JwtClaimTypes.SessionId)?.Value;
if (!String.IsNullOrWhiteSpace(userSessionId))
{
var passedSessionId = context.Request.Query[JwtClaimTypes.SessionId].FirstOrDefault();
// for an authenticated user, if they have a sesison id claim,
// we require the logout request to pass that same value to
// prevent unauthenticated logout requests (similar to OIDC front channel)
if (Options.RequireLogoutSessionId && userSessionId != passedSessionId)
{
throw new Exception("Invalid Session Id");
}
}
}
// get rid of local cookie first
var signInScheme = await AuthenticationSchemeProvider.GetDefaultSignInSchemeAsync();
await context.SignOutAsync(signInScheme?.Name);
var returnUrl = context.Request.Query[Constants.RequestParameters.ReturnUrl].FirstOrDefault();
if (!string.IsNullOrWhiteSpace(returnUrl))
{
if (!Util.IsLocalUrl(returnUrl))
{
throw new Exception("returnUrl is not application local: " + returnUrl);
}
}
var props = new AuthenticationProperties
{
RedirectUri = returnUrl ?? "/"
};
// trigger idp logout
await context.SignOutAsync(props);
}
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
var cookieScheme = await GetCookieAuthenticationSchemeAsync();
if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
{
AugmentPrincipal(principal);
}
else
{
var claim = principal.FindFirst("http://schemas.microsoft.com/identity/claims/identityprovider");
if (claim != null)
{
context.Items.Add(JwtClaimTypes.IdentityProvider, claim.Value);
}
}
await _inner.SignInAsync(context, scheme, principal, properties);
}
/// <summary>
/// Initializes a new instance of the <see cref="AutomaticTokenManagementConfigureCookieOptions"/> class.
/// </summary>
/// <param name="provider">The provider.</param>
public AutomaticTokenManagementConfigureCookieOptions(IAuthenticationSchemeProvider provider)
{
this.Scheme = provider.GetDefaultSignInSchemeAsync().GetAwaiter().GetResult();
}
public Task <AuthenticationScheme> GetDefaultSignInSchemeAsync()
{
return(_inner.GetDefaultSignInSchemeAsync());
}
public AutoRefreshConfigureCookieOptions(IAuthenticationSchemeProvider provider)
{
_signInScheme = provider.GetDefaultSignInSchemeAsync().GetAwaiter().GetResult();
}
