/// <summary>
/// Serialize content only <see cref="ActionInfo"/> to json string
/// </summary>
/// <returns>json string</returns>
protected override void ToJsonRaw(JsonWriter writer)
{
writer.WriteProperty("ActionID", ActionID);
writer.WriteProperty("AssemblyID", AssemblyID);
writer.WriteProperty("ClassName", ClassName);
writer.WriteProperty("Name", Name);
writer.WriteProperty("LogOnError", LogOnError);
writer.WriteProperty("EMailOnError", EMailOnError);
writer.WriteProperty("EMailGroup", EMailGroup);
writer.WriteProperty("TransactionSupport", TransactionSupport.ToString());
writer.WriteProperty("WebAuthentication", WebAuthentication.ToString());
writer.WriteProperty("AuthenticationRequired", AuthenticationRequired);
writer.WriteProperty("AuthorizationRequired", AuthorizationRequired);
writer.WriteProperty("AsyncMode", AsyncMode);
writer.WriteProperty("IID", IID);
writer.WriteProperty("InterfaceID", InterfaceID);
writer.WriteProperty("InterfaceName", InterfaceName);
writer.WriteProperty("Description", Description);
writer.WriteProperty("MultipleRowsParams", MultipleRowsParams);
writer.WriteProperty("MultipleRowsResult", MultipleRowsResult);
writer.WriteProperty("IsStatic", IsStatic);
writer.WritePropertyName("InterfaceParameters");
writer.WriteStartArray();
foreach (var item in InterfaceParameters)
{
item.Value.ToJson(writer);
}
writer.WriteEndArray();
}
Result AuthenticateForAjaxRequest(System.Reflection.MethodInfo source)
{
if (!SecurityProvider.CurrentUser.Enabled)
{
return(new Result("Ajax method called failed because your account has been disabled."));
}
Attribute[] roleAttr = Attribute.GetCustomAttributes(source, typeof(RequiresRoleAttribute));
Attribute[] permAttr = Attribute.GetCustomAttributes(source, typeof(RequiresPermissionAttribute));
for (int i = 0; i < roleAttr.Length; i++)
{
if (!SecurityProvider.CurrentUser.HasRole(((RequiresRoleAttribute)roleAttr[i]).RoleCode))
{
return(new Result("Ajax method call failed because you do not have one or more required roles."));
}
}
for (int i = 0; i < permAttr.Length; i++)
{
if (!WebAuthentication.VerifyAccess(((RequiresPermissionAttribute)permAttr[i]).PermissionTypeCode))
{
return(new Result("Ajax method call failed because you do not have one or more required permissions."));
}
}
return(new Result());
}
public void PreProcessLoginPage(PageEntry page)
{
if (WebAuthentication.VerifyAccess(PermissionType.AccessAdminArea))
{
WebUtility.Redirect("admin");
}
}
private async void ButtonRequestToken_Click(object sender, RoutedEventArgs e)
{
var error = string.Empty;
try
{
var response = await WebAuthentication.DoImplicitFlowAsync(
endpoint : new Uri(Constants.AS.OAuth2AuthorizeEndpoint),
clientId : Constants.Clients.ImplicitClient,
scope : "read");
TokenVault.StoreToken(_resourceName, response.AccessToken, response.ExpiresIn, response.TokenType);
RetrieveStoredToken();
}
catch (Exception ex)
{
error = ex.Message;
}
if (!string.IsNullOrEmpty(error))
{
var dialog = new MessageDialog(error);
await dialog.ShowAsync();
}
}
private async void SignIn_Click(object sender, RoutedEventArgs e)
{
var error = string.Empty;
try
{
var response = await WebAuthentication.DoImplicitFlowAsync(
endpoint : new Uri("https://adfs.leastprivilege.vm/idsrv/issue/oauth2/authorize"),
clientId : "test",
scope : "https://test/rp/");
TokenVault.StoreToken(_resourceName, response);
RetrieveStoredToken();
}
catch (Exception ex)
{
error = ex.Message;
}
if (!string.IsNullOrEmpty(error))
{
var dialog = new MessageDialog(error);
await dialog.ShowAsync();
}
}
public void TestBuildChallengeTransactionWithOptions()
{
var serverKeypair = KeyPair.Random();
var clientAccountId = "GBDIT5GUJ7R5BXO3GJHFXJ6AZ5UQK6MNOIDMPQUSMXLIHTUNR2Q5CFNF";
var anchorName = "NET";
var nonce = new byte[48];
Array.Clear(nonce, 0, nonce.Length);
var now = new DateTimeOffset();
var duration = TimeSpan.FromMinutes(10.0);
var tx = WebAuthentication
.BuildChallengeTransaction(serverKeypair, clientAccountId, anchorName, nonce, now, duration, Network.Test());
var serializedTx = tx.ToEnvelopeXdrBase64();
var back = Transaction.FromEnvelopeXdr(serializedTx);
var timeout = back.TimeBounds.MaxTime - back.TimeBounds.MinTime;
Assert.AreEqual(600, timeout);
CheckAccounts(back, serverKeypair);
CheckOperation(back, clientAccountId);
}
private async void SignIn_Click(object sender, RoutedEventArgs e)
{
var error = string.Empty;
try
{
var response = await WebAuthentication.DoImplicitFlowAsync(
endpoint : new Uri(Constants.IdSrv.OAuth2AuthorizeEndpoint),
clientId : Constants.IdSrv.Win8OAuthClientName,
scope : Constants.Scope);
TokenVault.StoreToken(_resourceName, response);
RetrieveStoredToken();
}
catch (Exception ex)
{
error = ex.Message;
}
if (!string.IsNullOrEmpty(error))
{
var dialog = new MessageDialog(error);
await dialog.ShowAsync();
}
}
private async Task StartFlowAsync(string responseType, string scope)
{
Exception exception = null;
try
{
_response = await WebAuthentication.DoImplicitFlowAsync(
new Uri(Constants.AuthorizeEndpoint),
"implicitclient",
responseType,
scope);
Output.Text = _response.Raw;
ParseResponse();
}
catch (Exception ex)
{
exception = ex;
}
if (exception != null)
{
var md = new MessageDialog(exception.ToString());
await md.ShowAsync();
}
}
public static string RunUpdates(NoIPDNSSettings settings, string IPAddress)
{
string returnStatus = "";
foreach (string host in settings.Hosts)
{
string url = endPointURL + host + "&myip=" + IPAddress;
WebAuthentication auth = new WebAuthentication();
auth.CredCache.Add(new Uri(url), "Basic", new NetworkCredential(settings.Login, settings.Password));
auth.Agent = "Dynamix DNS Update Client/1.0.0.0 [email protected] - dynamix.run";
string response = GenericHelper.MakeHTTPGETRequest(url, auth);
if (response.StartsWith("Exception"))
{
returnStatus += serviceName + " host " + host + " failed to update due to a system exception. " + response.Replace(Environment.NewLine, " ") + Environment.NewLine;
}
else if (response.Trim() != ("good " + IPAddress) && !response.Trim().StartsWith("good " + IPAddress))
{
returnStatus += serviceName + " host " + host + " failed to update to your current IP address. " + response + Environment.NewLine;
}
else
{
returnStatus += serviceName + " host " + host + " was successfully updated to your current IP address. " + response + Environment.NewLine;
}
}
return(returnStatus);
}
static void Main0(string[] args)
{
Console.WriteLine("Start LocalWebServer");
LocalWebServer lws = new LocalWebServer($"http://{args[0]}:1895/");
lws.Start();
WebAuthentication wa = new WebAuthentication();
string clientId = args[1];
string clientSecret = args[2];
Scope scope = Scope.Public;
int callbackPort = 1895;
wa.AccessTokenReceived += c_AccessTokenReceived;
wa.AuthCodeReceived += c_AuthCodeReceived;
wa.GetTokenAsync(clientId, clientSecret, scope, callbackPort);
Console.WriteLine("Wait Token");
Task.Delay(10000).Wait();
Console.WriteLine("Query");
Console.WriteLine($"WebAuthentication {wa.AccessToken} {wa.AuthCode}");
var a = MyMethodAsync(wa);
Task.WaitAll(a); //Now Waiting
Console.WriteLine("Wait before quit");
Task.Delay(5000).Wait();
lws.Stop();
Console.WriteLine("Exiting CommandLine");
}
public void TestVerifyChallengeTransactionThrowsIfOperationDataIsNotBase64Encoded()
{
var serverKeypair = KeyPair.Random();
var clientKeypair = KeyPair.Random();
var anchorName = "NET";
Network.UseTestNetwork();
var now = DateTimeOffset.Now;
var nonce = new byte[64];
var tx = new Transaction
.Builder(new Account(serverKeypair.AccountId, -1))
.AddOperation(
new ManageDataOperation
.Builder("NET auth", nonce)
.SetSourceAccount(clientKeypair)
.Build())
.Build();
tx.Sign(clientKeypair);
Assert.ThrowsException <InvalidWebAuthenticationException>(() =>
{
WebAuthentication.VerifyChallengeTransaction(tx, serverKeypair.AccountId, now: now);
});
}
void OnCMSAdminAuthenticationSuccess(string source, Result result)
{
if (!WebAuthentication.VerifyAccess(PermissionType.AdministrativeAccess))
{
result.SetFailed("You don't have access to this area.");
}
}
void WebEvents_OnLoadRequestedPath(HandleFlag handled)
{
if (handled.Handled)
{
return;
}
if (!WebAuthentication.IsLoggedIn)
{
return;
}
if (!WebAuthentication.VerifyAccess(PermissionType.ModifyPages))
{
return;
}
if (SprocketPath.Sections.Length >= 4 && SprocketPath.Sections[0] == "admin")
{
switch (SprocketPath.Sections[1])
{
case "pages":
switch (SprocketPath.Sections[2])
{
case "delete":
{
long id;
if (long.TryParse(SprocketPath.Sections[3], out id))
{
Page page = ContentManager.Instance.DataProvider.SelectPage(id);
if (page != null)
{
Result r = page.SaveRevision("** Page deleted.", page.RevisionInformation.Draft, page.RevisionInformation.Hidden, true);
if (!r.Succeeded)
{
Response.Write("Unable to delete page:<br/>" + r.Message);
Response.End();
return;
}
}
}
}
WebUtility.Redirect("admin/pages");
break;
case "imgthumb":
{
long id;
if (long.TryParse(SprocketPath.Sections[3], out id))
{
SizingOptions options = new SizingOptions(60, 45, SizingOptions.Display.Constrain, id);
FileManager.FileManager.Instance.TransmitImage(options);
}
}
break;
}
break;
}
}
}
void AdminHandler_OnLoadAdminPage(AdminInterface admin, PageEntry page, HandleFlag handled)
{
if (WebAuthentication.VerifyAccess(PermissionType.ModifyPages))
{
admin.AddMainMenuLink(new AdminMenuLink("Pages and Content", WebUtility.MakeFullPath("admin/pages"), ObjectRank.Normal, "pages_and_content"));
}
if (WebAuthentication.VerifyAccess(PermissionType.ModifyTemplates))
{
admin.AddMainMenuLink(new AdminMenuLink("Page Templates", WebUtility.MakeFullPath("admin/templates"), ObjectRank.Normal, "page_templates"));
}
}
public static async Task MyMethodAsync(WebAuthentication wa)
{
StravaClient client = new StravaClient(wa);
// Receive the currently authenticated athlete
List <ActivitySummary> activities = await client.Activities.GetActivitiesAsync(20, 20);
foreach (ActivitySummary Activity in activities)
{
Console.WriteLine($"Email:{Activity.Name} {Activity.Type}");
}
}
static void Main(string[] args)
{
var staticAuthentication = new StaticAuthentication("f112cb279e1ab839bae4918febb5b7a96f199e40");
var web = new WebAuthentication {
AccessToken = "f112cb279e1ab839bae4918febb5b7a96f199e40", AuthCode = ""
};
var client = new StravaClient(staticAuthentication);
var segment = client.Segments.GetSegment("10393462");
var segmentLeaderboard = client.Segments.GetFullSegmentLeaderboard("10393462");
var athlete = client.Athletes.GetAthlete();
}
void AdminWindow_OnBeforeDisplayAdminWindowOverlay(Result result)
{
if (WebAuthentication.IsLoggedIn)
{
if (WebAuthentication.VerifyAccess(PermissionType.AdministrativeAccess))
{
return;
}
}
result.SetFailed("access denied");
}
public ActionResult <IEnumerable <ActivitySummary> > GetActivities()
{
WebAuthentication wa = new WebAuthentication();
wa.AccessToken = User.Claims.First(claim => claim.Type == "token").Value;
var activities = new StravaClient(wa).Activities.GetActivitiesAsync(40, 40).Result;
if (activities == null)
{
return(NotFound());
}
return(activities);
}
void OnAdminRequest(AdminInterface admin, string sprocketPath, string[] pathSections, HandleFlag handled)
{
// build the "current user" block
WebAuthentication auth = (WebAuthentication)Core.Instance["WebAuthentication"];
SecurityProvider.User user = SecurityProvider.User.Load(WebsiteClientID, auth.CurrentUsername);
string block = "<div id=\"currentuser-block\">"
+ "You are currently logged in as <b>{0}</b>."
+ "</div>";
admin.AddLeftColumnSection(new RankedString(
string.Format(block, (user.FirstName + " " + user.Surname).Trim()), -100));
admin.WebsiteName = WebsiteClient.Name;
if (!CurrentUser.HasPermission(SecurityProvider.PermissionTypeCodes.UserAdministrator))
{
return;
}
admin.AddMainMenuLink(new AdminMenuLink("Users and Roles", WebUtility.MakeFullPath("admin/security"), 0));
// build the security interface if it has been requested
if (sprocketPath.StartsWith("admin/security"))
{
handled.Set();
int defaultMaxFilterMatches;
try { defaultMaxFilterMatches = int.Parse(SprocketSettings.GetValue("WebSecurityDefaultUserFilterMatches")); }
catch { defaultMaxFilterMatches = 50; }
admin.AddInterfaceScript(WebControlScript.TabStrip);
admin.AddInterfaceScript(WebControlScript.Fader);
admin.AddInterfaceScript(WebControlScript.AjaxForm);
string scr = ResourceLoader.LoadTextResource("Sprocket.Web.CMS.Security.security.js")
.Replace("50,//{defaultMaxFilterMatches}", defaultMaxFilterMatches.ToString() + ",")
.Replace("if(true)//{ifUserCanAccessRoleManagement}",
CurrentUser.HasPermission("ROLEADMINISTRATOR") ? "" : "if(false)");
admin.AddInterfaceScript(new RankedString(scr, 0));
admin.AddBodyOnLoadScript(new RankedString("SecurityInterface.Run()", 0));
admin.ContentHeading = "Users and Roles";
SecurityProvider security = (SecurityProvider)Core.Instance["SecurityProvider"];
string html = "<div id=\"user-admin-container\"></div>";
admin.AddContentSection(new RankedString(html, 0));
admin.AddHeadSection(new RankedString("<link rel=\"stylesheet\" type=\"text/css\" href=\""
+ WebUtility.MakeFullPath("resources/admin/security.css") + "\" />", 0));
}
}
public void TestVerifyChallengeTransactionReturnsTrueForValidTransaction()
{
var serverKeypair = KeyPair.Random();
var clientKeypair = KeyPair.Random();
var anchorName = "NET";
Network.UseTestNetwork();
var now = DateTimeOffset.Now;
var tx = WebAuthentication.BuildChallengeTransaction(serverKeypair, clientKeypair.AccountId, anchorName, now: now);
tx.Sign(clientKeypair);
Assert.IsTrue(WebAuthentication.VerifyChallengeTransaction(tx, serverKeypair.AccountId, now: now));
}
private Task <bool> SignIn()
{
var signal = new TaskCompletionSource <bool>();
var auth = new WebAuthentication();
auth.AuthCodeReceived += (s, e) => { this.config.AuthCode = e.AuthCode; };
auth.AccessTokenReceived += (s, e) =>
{
Logger.Log($"Access token received. {e.Token}");
this.config.Token = e.Token;
this.client = new StravaClient(auth);
signal.SetResult(true);
};
auth.GetTokenAsync(this.config.ClientId, this.config.ClientSecret, Scope.Full);
return(signal.Task);
}
public void TestVerifyChallengeTransactionThrowsIfNotSignedByClient()
{
var serverKeypair = KeyPair.Random();
var clientKeypair = KeyPair.Random();
var anchorName = "NET";
Network.UseTestNetwork();
var now = DateTimeOffset.Now;
var tx = WebAuthentication.BuildChallengeTransaction(serverKeypair, clientKeypair.AccountId, anchorName, now: now);
Assert.ThrowsException <InvalidWebAuthenticationException>(() =>
{
WebAuthentication.VerifyChallengeTransaction(tx, serverKeypair.AccountId, now: now);
});
}
public void ProcessLoginForm()
{
WebAuthentication auth = WebAuthentication.Instance;
if (auth.ProcessLoginForm("SprocketUsername", "SprocketPassword", "SprocketPreserveLogin"))
{
if (WebAuthentication.VerifyAccess(PermissionType.AccessAdminArea))
{
WebUtility.Redirect("admin");
}
else
{
auth.ClearAuthenticationCookie();
}
}
FormValues.Set("login", "", null, true);
}
void WebEvents_OnRequestedPathProcessed()
{
if (!HttpContext.Current.Response.ContentType.Contains("html"))
{
return;
}
if (!IsAdminRequest)
{
return;
}
if (!WebAuthentication.VerifyAccess(PermissionType.AccessAdminArea))
{
return;
}
string html = WebUtility.CacheTextFile("resources/admin/header.htm");
HttpContext.Current.Response.Write(string.Format(html, WebUtility.BasePath));
}
public ActionResult Activities()
{
// var model=new string[]{"ABCD","EFGH"};
ActivitiesModel model = new ActivitiesModel();
var token = User.Claims.First(claim => claim.Type == "token").Value;
model.Token = token;
WebAuthentication wa = new WebAuthentication();
wa.AccessToken = token;
Task <IEnumerable <ActivitySummary> > t = GetActivityListAsync(wa);
IEnumerable <ActivitySummary> activities = t.Result;
model.Activities = activities;
return(View(model));
}
void OnAdminRequest(AdminInterface admin, PageEntry page, HandleFlag handled)
{
// build the "current user" block
User user = User.Select(SecurityProvider.ClientSpaceID, WebAuthentication.Instance.CurrentUsername);
string block = "<div id=\"currentuser-block\">"
+ "You are currently logged in as <b>{0}</b>."
+ "</div>";
admin.AddLeftColumnSection(new AdminSection(
string.Format(block, (user.FirstName + " " + user.Surname).Trim()), ObjectRank.First));
if (!WebAuthentication.VerifyAccess(PermissionType.UserAdministrator))
{
return;
}
admin.AddMainMenuLink(new AdminMenuLink("Users and Roles", WebUtility.MakeFullPath("admin/security"), ObjectRank.Normal));
// build the security interface if it has been requested
if (SprocketPath.Value.StartsWith("admin/security"))
{
//handled.Set();
int defaultMaxFilterMatches;
try { defaultMaxFilterMatches = int.Parse(SprocketSettings.GetValue("WebSecurityDefaultUserFilterMatches")); }
catch { defaultMaxFilterMatches = 50; }
admin.AddInterfaceScript(WebControlScript.TabStrip);
admin.AddInterfaceScript(WebControlScript.Fader);
admin.AddInterfaceScript(WebControlScript.AjaxForm);
string scr = ResourceLoader.LoadTextResource("Sprocket.Security.CMS.security.js")
.Replace("50,//{defaultMaxFilterMatches}", defaultMaxFilterMatches.ToString() + ",")
.Replace("if(true)//{ifUserCanAccessRoleManagement}",
WebAuthentication.VerifyAccess(PermissionType.RoleAdministrator) ? "" : "if(false)");
admin.AddInterfaceScript(new AdminSection(scr, 0));
admin.AddBodyOnLoadScript(new AdminSection("SecurityInterface.Run()", 0));
string html = "<div id=\"user-admin-container\"></div>";
admin.AddPreContentSection(new AdminSection(html, 0));
admin.AddHeadSection(new AdminSection("<link rel=\"stylesheet\" type=\"text/css\" href=\""
+ WebUtility.MakeFullPath("resources/admin/security.css") + "\" />", 0));
}
}
public void TestVerifyChallengeTransactionThrowsIfItsTooLate()
{
var serverKeypair = KeyPair.Random();
var clientKeypair = KeyPair.Random();
var anchorName = "NET";
Network.UseTestNetwork();
var now = DateTimeOffset.Now;
var tx = WebAuthentication.BuildChallengeTransaction(serverKeypair, clientKeypair.AccountId, anchorName, now: now);
tx.Sign(clientKeypair);
Assert.ThrowsException <InvalidWebAuthenticationException>(() =>
{
WebAuthentication.VerifyChallengeTransaction(tx, serverKeypair.AccountId, now: now.Add(TimeSpan.FromDays(1.0)));
});
}
public object Evaluate(Token contextToken, List <ExpressionArgument> args, ExecutionState state)
{
if (args.Count != 1)
{
throw new InstructionExecutionException("\"haspermission\" expects exactly one argument specifying the name of a permission.", contextToken);
}
object o = TokenParser.ReduceFromExpression(state, args[0].Token, args[0].Expression.Evaluate(state, args[0].Token));
string permission = o == null ? null : o.ToString();
if (permission == null)
{
throw new InstructionExecutionException("the argument didn't equate to a string naming a permission.", contextToken);
}
if (!WebAuthentication.IsLoggedIn)
{
return(false);
}
return(WebAuthentication.VerifyAccess(permission));
}
public void TestBuildChallengeTransaction()
{
var serverKeypair = KeyPair.Random();
var clientAccountId = "GBDIT5GUJ7R5BXO3GJHFXJ6AZ5UQK6MNOIDMPQUSMXLIHTUNR2Q5CFNF";
var anchorName = "NET";
Network.UseTestNetwork();
var tx = WebAuthentication.BuildChallengeTransaction(serverKeypair, clientAccountId, anchorName);
var serializedTx = tx.ToEnvelopeXdrBase64();
var back = Transaction.FromEnvelopeXdr(serializedTx);
var timeout = back.TimeBounds.MaxTime - back.TimeBounds.MinTime;
Assert.AreEqual(300, timeout);
CheckAccounts(back, serverKeypair);
CheckOperation(back, clientAccountId);
}
public static string MakeHTTPGETRequest(string url, WebAuthentication auth = null)
{
try
{
string textResponse;
WebRequest request;
request = WebRequest.Create(url);
request.Timeout = 5000;
WebResponse response;
if (auth != null)
{
HttpWebRequest webRequest = (HttpWebRequest)request;
webRequest.Credentials = auth.CredCache;
if (!string.IsNullOrEmpty(auth.Agent))
{
webRequest.UserAgent = auth.Agent;
}
response = webRequest.GetResponse();
}
else
{
response = request.GetResponse();
}
StreamReader stream = new StreamReader(response.GetResponseStream());
textResponse = stream.ReadToEnd();
stream.Close();
response.Close();
if (!string.IsNullOrEmpty(textResponse))
{
return(textResponse);
}
}
catch (Exception e)
{
return("Exception: " + e.ToString());
}
return(string.Empty);
}
