private Task OnTicketReceived(TicketReceivedContext context)
{
string iPlanetProCookie = string.Empty;
if (context.Request.HasFormContentType)
{
String jwtTokenString = context.Request.Form["id_token"];
//JwtSecurityToken jwtToken = new JwtSecurityToken(jwtTokenString);
//context.Principal.AddIdentity(new ClaimsIdentity(jwtToken.Claims));
var identity = context.Principal.Identity as ClaimsIdentity;
if (identity != null)
{
if (!context.Principal.HasClaim(c => c.Type == ClaimTypes.Name) &&
identity.HasClaim(c => c.Type == "name"))
{
identity.AddClaim(new Claim(ClaimTypes.Name, identity.FindFirst("name").Value));
}
}
context.HttpContext.Authentication.SignInAsync("Cookies", context.Principal);
CookieOptions options = new CookieOptions();
options.Expires = DateTime.Now.AddDays(1);
// Lire les cookies de la session et les stocker dans une chaine de caractere.
//foreach (var cookie in context.HttpContext.Request.Cookies) {
// if (cookie.Key.Equals("iPlanetDirectoryPro"))
// iPlanetProCookie = cookie.Value;
// Console.WriteLine( cookie.Key + ": " + cookie.Value);
//}
context.Response.Cookies.Append("ca.qc.inspq.oidc.token", jwtTokenString, options);
}
return(Task.FromResult(0));
}
private Task OnTicketReceived(TicketReceivedContext ticketReceivedContext)
{
// Get the ClaimsIdentity
var identity = ticketReceivedContext.Principal.Identity as ClaimsIdentity;
if (identity != null)
{
// Check if token names are stored in Properties
if (ticketReceivedContext.Properties.Items.ContainsKey(".TokenNames"))
{
// Token names a semicolon separated
var tokenNames = ticketReceivedContext.Properties.Items[".TokenNames"].Split(';');
// Add each token value as Claim
foreach (var tokenName in tokenNames)
{
// Tokens are stored in a Dictionary with the Key ".Token.<token name>"
var tokenValue = ticketReceivedContext.Properties.Items[$".Token.{tokenName}"];
identity.AddClaim(new Claim(tokenName, tokenValue));
}
}
}
return(Task.FromResult(0));
}
public override Task TicketReceived(TicketReceivedContext context)
{
var userDto = new UserDto
{
Username = context.Principal.Claims.FirstOrDefault(x => x.Type.Contains("email")).Value,
FirstName = context.Principal.Claims.FirstOrDefault(x => x.Type.Contains("givenname")).Value,
LastName = context.Principal.Claims.FirstOrDefault(x => x.Type.Contains("surname")).Value
};
var existingUser = _userService.GetByUsername(userDto.Username);
if (existingUser == null)
{
var user = _userAdapter.ConvertToEntity(userDto);
user.Token = GenerateJwtToken(user);
existingUser = _userService.Create(user);
}
else
{
if (DateTime.UtcNow > existingUser.Token.ExpirationDate)
{
existingUser.Token = GenerateJwtToken(existingUser);
_userService.Update(existingUser);
}
}
context.Request.Headers.Add("Bearer", existingUser.Token.TokenString);
return(Task.FromResult(context));
}
private static Task _onTicketReceived(TicketReceivedContext context)
{
context.Properties.IsPersistent = true;
context.Properties.AllowRefresh = true;
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30);
return(Task.CompletedTask);
}
/// <summary>
/// When an oauth token has been successfully received.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public static async Task HandleOnTicketReceived(TicketReceivedContext context)
{
await Task.Run(() =>
{
var datasource = context.HttpContext.RequestServices.GetRequiredService <IDataSource>();
AuthenticationHelper.AuthorizeOauthUser(datasource, context.Principal);
});
context.Success();
}
public async Task <Task> CreateOnSignUp(TicketReceivedContext ticketReceivedContext)
{
string username = null;
string firstName = null;
string lastName = null;
string email = null;
bool isNewUser = false;
List <Claim> claims = ticketReceivedContext.Principal.Claims.ToList();
var claim = claims.FirstOrDefault(x => x.Type.EndsWith("isNewUser"));
string userOId = claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value;
var userInfo = _context.User.FirstOrDefault(s => s.ExternalId == userOId);
if ((userInfo == null) || bool.Parse(claim.Value))
{
isNewUser = true;
}
if (isNewUser)
{
ticketReceivedContext.ReturnUri = "/Users/Profile";
username = claims.FirstOrDefault(x => x.Type.EndsWith("nickname")).Value;
//claims.First(x => x.Type == ClaimTypes.)
if (claims.Find(c => (c.Type == ClaimTypes.NameIdentifier)).Value.StartsWith("google"))
{
if (claims.FirstOrDefault(x => x.Type.Contains("givenname")) != null)
{
firstName = claims.FirstOrDefault(x => x.Type.Contains("givenname")).Value;
}
if (claims.FirstOrDefault(x => x.Type.Contains("surname")) != null)
{
lastName = (claims.FirstOrDefault(x => x.Type.Contains("surname")).Value);
}
email = username + "@gmail.com";
}
// claims.FirstOrDefault(x => x.Type.EndsWith("name")).Value;
if (claims.Find(c => (c.Type == ClaimTypes.NameIdentifier)).Value.StartsWith("auth0"))
{
email = claims.FirstOrDefault(x => x.Type.StartsWith("name")).Value;
}
var pictureURL = claims.FirstOrDefault(x => x.Type.EndsWith("picture")).Value;
if (String.IsNullOrEmpty(pictureURL))
{
pictureURL = "http://ssl.gstatic.com/accounts/ui/avatar_2x.png";
}
User user = new User()
{
Firstname = firstName, Lastname = lastName, ExternalId = userOId, Username = username, Email = email, PictureUrl = pictureURL
};
//insert new value into DB
_context.Add(user);
await _context.SaveChangesAsync();
}
return(Task.CompletedTask);
}
public async Task <int> OnTokenReceived(TicketReceivedContext context)
{
var identity = context.Principal.Identity as ClaimsIdentity;
identity.AddClaim(new Claim("id_token", tempIdToken));
var name = identity.Claims.ToList().Find(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");
//Do not wait for this , the cache will get upated in the background
_cache.RefreshAndDontWait(name.Value, tempIdToken);
return(await Task.FromResult(0));
}
public void PostLoginActions(TicketReceivedContext context, ServiceProvider serviceProvider)
{
var userEmail = context.Principal.Claims.First(x => x.Type == "preferred_username").Value;
var userManager = (UserManager <User>)serviceProvider.GetService(typeof(UserManager <User>));
var signinManager = (SignInManager <User>)serviceProvider.GetService(typeof(SignInManager <User>));
var userResult = CheckIfUserIsNewAndCreate(userManager, signinManager, userEmail).Result;
MergeDatabaseRolesWithClaims(context, userManager, userResult);
}
public override Task TicketReceived(TicketReceivedContext context)
{
context.Properties.Items.Clear();
context.Properties.Items.Clear();
foreach (var principalClaim in context.Principal.Claims)
{
principalClaim.Properties.Clear();
}
return(base.TicketReceived(context));
}
private Task HandleOnTicketReceived(TicketReceivedContext context)
{
// Get the principal identity
var identity = context.Principal.Identities.First();
// Grab the email address
var emailAddress = identity.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email).Value;
// Here, we can use the e-mail address to verify user state in our own database, attach any claims or transform the identity prior to stamping the cookie
// Continue with the pipeline
return(Task.CompletedTask);
}
private Task OnTicketReceived(TicketReceivedContext context)
{
var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var claims = new List <Claim>
{
new Claim(ClaimTypes.Role, _sqrlAdminUserIds.Contains(userId) ? "SqrlAdminRole" : "SqrlUserRole")
};
var appIdentity = new ClaimsIdentity(claims);
context.Principal.AddIdentity(appIdentity);
return(Task.CompletedTask);
}
private async Task SignUpUser(TicketReceivedContext ticketReceivedContext)
{
var user = (ClaimsIdentity)ticketReceivedContext.Principal.Identity;
if (user.IsAuthenticated)
{
var athleteService = ticketReceivedContext.HttpContext.RequestServices.GetService <IAthleteService>();
await athleteService.OnAthleteLogin(user, ticketReceivedContext.Properties);
}
return;
}
private static void MergeDatabaseRolesWithClaims(TicketReceivedContext context, UserManager <User> userManager, User user)
{
var isUserAnAdministrator = userManager.IsInRoleAsync(user, ConstantRoles.AdministratorRole).Result;
if (isUserAnAdministrator)
{
var extraIdentity = new ClaimsIdentity(new List <Claim>()
{
new Claim(ClaimTypes.Role, ConstantRoles.AdministratorRole)
});
context.Principal.AddIdentity(extraIdentity);
}
}
private async Task HandleTicketRecieved(TicketReceivedContext context)
{
_log.LogDebug($"ticket received");
var tokens = context.Properties.GetTokens().ToList();
if (tokens.Count > 0)
{
await _oidcHybridFlowHelper.CaptureOidcTokens(context.Principal, tokens);
}
//return Task.CompletedTask;
}
public Task TicketReceived(TicketReceivedContext context)
{
/*
* var userId = context.HttpContext.User.GetUserId();
* var token = context.ProtocolMessage.AccessToken;
*
* context.HttpContext.Response.Cookies.Append("token", token);
*/
_logger.LogInformation("Ticket Received", context.Ticket);
return(Task.FromResult(0));
}
public async override Task TicketReceived(TicketReceivedContext context)
{
//如果不调用HandleResponse,默认的行为是重定向到RedirectUri属性指定的地址。
//在这里不需要定向
var handleResponseContext = new HandleResponseContext(context.HttpContext
, context.Scheme
, context.Options as WeChatClientOptions
, context.Principal);
await HandleResponse(handleResponseContext);
context.HandleResponse();
await base.TicketReceived(context);
}
private Task OnTicketReceived(TicketReceivedContext context)
{
var identity = context.Principal.Identity as ClaimsIdentity;
StringBuilder builder = new StringBuilder();
var claims = identity?.Claims.Select(x => $"{x.Type}:{x.Value};");
if (claims != null)
{
builder.AppendJoin(", ", claims);
}
Logger.LogInformation($"Ticket received: [Claims:{builder}]");
//identity?.AddClaim(new Claim(AlfClaimTypes.SelectedTenant, AuthenticationOptions.TenantId));
return(Task.CompletedTask);
}
public Task OnTicketReceived(TicketReceivedContext context)
{
// Get the ClaimsIdentity
ClaimsIdentity identity = context.Principal.Identity as ClaimsIdentity;
if (identity != null)
{
// Add the Name ClaimType. This is required if we want User.Identity.Name to actually return something!
if (!context.Principal.HasClaim(c => c.Type == ClaimTypes.Name) && identity.HasClaim(c => c.Type == "name"))
{
identity.AddClaim(new Claim(ClaimTypes.Name, identity.FindFirst("name").Value));
}
// Check if token names are stored in Properties
if (context.Properties.Items.ContainsKey(".TokenNames"))
{
// Token names a semicolon separated
string[] tokenNames = context.Properties.Items[".TokenNames"].Split(';');
// Add each token value as Claim
foreach (string tokenName in tokenNames)
{
// Tokens are stored in a Dictionary with the Key ".Token.<token name>"
string tokenValue = context.Properties.Items[$".Token.{tokenName}"];
identity.AddClaim(new Claim(tokenName, tokenValue));
}
}
Need4Service service = new Need4Service();
Need4Protocol.UserService.UserServiceClient userService = service.GetUserClient();
Need4Protocol.PermissionService.PermissionServiceClient permissionService = service.GetPermissionClient();
string email = Claims.GetEmail(context.Principal.Claims);
Need4Protocol.User user = new Need4Protocol.User {
Email = email
};
Need4Protocol.User response = userService.GetUser(user);
if (!response.Created)
{
response = userService.CreateUser(user);
}
else
{
Need4Protocol.PermissionSet permissions = permissionService.GetAllPermissions(user);
}
}
return(Task.CompletedTask);
}
internal static Task OnTicketReceived(TicketReceivedContext context)
{
if (context.Principal != null && context.Options.SignInScheme == new IdentityCookieOptions().ExternalCookieAuthenticationScheme)
{
//This way we will know all events were fired.
var identity = context.Principal.Identities.First();
var manageStoreClaim = identity?.Claims.Where(c => c.Type == "ManageStore" && c.Value == "false").FirstOrDefault();
if (manageStoreClaim != null)
{
identity.RemoveClaim(manageStoreClaim);
identity.AddClaim(new Claim("ManageStore", "Allowed"));
}
}
return(Task.FromResult(0));
}
private static async Task SetupIdentityAndClaimsAndGa(
TicketReceivedContext context, OpenIdAuthOptions authOptions)
{
var id = await GetClaimsIdentity(
context.Scheme.Name,
context.Properties.GetTokenValue("access_token"),
context.HttpContext,
authOptions,
context.Principal.Claims?.ToArray());
await RegisterExternalAccount(context, id);
try
{
await context.HttpContext.ConfirmAccountAsync(
id,
context.Properties.GetTokenValue("access_token"));
}
catch (Exception)
{
// Not logging here as it's already logged elsewhere.
context.HandleResponse();
context.Response.Redirect("/error/authfailure");
return;
}
context.Principal = new ClaimsPrincipal(id);
// The following is for GA.
var subjectIdClaim = id.Claims.FirstOrDefault(x => x.Type == "sub");
if (subjectIdClaim != null)
{
var distributedCache =
context.HttpContext.RequestServices.GetRequiredService <IDistributedCache>();
await distributedCache.SetAsync($"JUST-LOGGED-IN-{subjectIdClaim?.Value}",
Encoding.UTF8.GetBytes("TRUE"),
new DistributedCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(5)
});
}
}
private static async Task OnTicketReceived(TicketReceivedContext context)
{
var principal = context.Principal;
if (principal != null)
{
var mediator = context.HttpContext.RequestServices.GetRequiredService <IMediator>();
var @event = new UserLoggedInEvent
{
FullName = principal.Identity.Name,
Email = principal.Claims
.FirstOrDefault(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")?.Value
};
await mediator.Publish(@event);
}
}
private async Task OnTicketReceived(TicketReceivedContext context)
{
var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var database = context.HttpContext.RequestServices.GetRequiredService <DatabaseContext>();
var user = await database.User.SingleAsync(x => x.SqrlUser.UserId == userId);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Role, user.Role)
};
var appIdentity = new ClaimsIdentity(claims);
context.Principal.AddIdentity(appIdentity);
context.Properties.IsPersistent = true;
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddHours(3);
context.Properties.IssuedUtc = DateTimeOffset.UtcNow;
context.Properties.AllowRefresh = true;
}
public static Task OnTicketReceivedCallback(TicketReceivedContext context)
{
List <Claim> claims = context.Principal.Claims.ToList();
string userId = claims.FirstOrDefault(context => {
return(context.Type == ClaimTypes.NameIdentifier);
}).Value;
string email = context.Principal.Identity.Name;
IUserService service = context.HttpContext.RequestServices.GetService <IUserService>();
User userModel = new User {
Id = userId, Email = email
};
service.Add(userModel);
return(Task.CompletedTask);
}
public async Task TicketReceivedAsync(TicketReceivedContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var principal = context.Principal;
var email = principal.GetRequiredClaim(ClaimTypes.Email);
var role = principal.GetOptionalClaim(_options.Value.RoleClaimType);
var name = principal.GetName();
var user = await _userManager.FindByEmailAsync(email);
if (user == null)
{
user = new ApplicationUser
{
UserName = email,
Name = name,
Email = email
};
await _userManager.CreateAsync(user);
}
var claims = principal.GetAllClaimsExcept(
ClaimTypes.NameIdentifier,
ClaimTypes.Name,
ClaimTypes.Role
).ToList();
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id));
claims.Add(new Claim(ClaimTypes.Name, name));
if (!string.IsNullOrEmpty(role))
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, principal.Identity.AuthenticationType));
}
private Task OnTicketReceived(TicketReceivedContext context)
{
if (context.Request.HasFormContentType)
{
String jwtTokenString = context.Request.Form["id_token"];
var identity = context.Principal.Identity as ClaimsIdentity;
if (identity != null)
{
if (!context.Principal.HasClaim(c => c.Type == ClaimTypes.Name) &&
identity.HasClaim(c => c.Type == "name"))
{
identity.AddClaim(new Claim(ClaimTypes.Name, identity.FindFirst("name").Value));
}
}
CookieOptions options = new CookieOptions();
options.Expires = DateTime.Now.AddDays(1);
context.Response.Cookies.Append("iPlanetDirectoryPro", jwtTokenString, options);
}
return(Task.FromResult(0));
}
private async Task OnTicketReceived(TicketReceivedContext ticketReceivedContext)
{
// Only one identity supported by the current implementation of IdentityServer4
if (ticketReceivedContext.Principal.Identities.Count() != 1)
{
throw new InvalidOperationException("only a single identity supported");
}
var oldIdentity = ticketReceivedContext.Principal.Identity as ClaimsIdentity;
var oldPrincipal = ticketReceivedContext.Principal;
oldPrincipal.Clone();
var claims = new List <Claim>();
claims.AddRange(oldPrincipal.Claims);
claims.Add(new Claim("sub", ticketReceivedContext.Principal.FindFirstValue(_configuration["Settings:WindowsAccountNameClaimtype"])));
var newIdentity = new ClaimsIdentity(claims, oldIdentity.AuthenticationType, oldIdentity.NameClaimType, oldIdentity.RoleClaimType);
newIdentity.Actor = oldIdentity.Actor;
ticketReceivedContext.Principal = new ClaimsPrincipal(newIdentity);
}
public override Task TicketReceived(TicketReceivedContext context)
{
if (!String.IsNullOrEmpty(_domainName))
{
var emailClaim = context.Ticket.Principal.Claims.FirstOrDefault(
c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
if (emailClaim == null)
{
context.Response.Redirect("/account/forbidden?reason=no_email_claim");
context.HandleResponse();
}
if (emailClaim.Value == null || !emailClaim.Value.ToLower().EndsWith(_domainName))
{
context.Response.Redirect("/account/forbidden?reason=domain_not_allowed");
context.HandleResponse();
}
}
return(base.TicketReceived(context));
}
private async Task OnClientAuthenticated(TicketReceivedContext arg)
{
string email = arg.Principal.Claims.Where(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Select(c => c.Value).SingleOrDefault();
if (!string.IsNullOrEmpty(email))
{
var userManager = arg.HttpContext.RequestServices.GetService <SignInManager <ApplicationUser> >();
AppDBContent appDbContent = arg.HttpContext.RequestServices.GetService <AppDBContent>();
if (appDbContent != null)
{
var user = await appDbContent.Users.Where(u => u.Email == email).FirstOrDefaultAsync();
if (user == null)
{
var query = HttpUtility.ParseQueryString("");
query["text_main"] = "Этот аккаунт еще не был зарегистрирован";
query["text"] = "Пожалуйста, пройдите регистрацию";
string queryStr = query.ToString();
arg.ReturnUri = "Error?" + queryStr;
return;
}
if (userManager != null)
{
await userManager.SignInAsync(user, true);
}
else
{
arg.ReturnUri = "/Error";
return;
}
}
return;
}
return;
}
public Task OnTicketReceivedFunc(TicketReceivedContext ctx)
{
return(Task.CompletedTask);
}
private static Task OnTicketReceived(TicketReceivedContext context)
{
return(Task.FromResult(0));
}
