public static CookieAuthenticationOptions SetupAppCookie(
this IApplicationBuilder app,
SiteAuthCookieValidator siteValidator,
string scheme,
bool useRelatedSitesMode,
SiteContext tenant,
CookieSecurePolicy cookieSecure = CookieSecurePolicy.SameAsRequest
)
{
var cookieEvents = new CookieAuthenticationEvents();
var options = new CookieAuthenticationOptions();
if (useRelatedSitesMode)
{
options.AuthenticationScheme = scheme;
options.CookieName = scheme;
options.CookiePath = "/";
}
else
{
//options.AuthenticationScheme = $"{scheme}-{tenant.SiteFolderName}";
options.AuthenticationScheme = scheme;
options.CookieName = $"{scheme}-{tenant.SiteFolderName}";
options.CookiePath = "/" + tenant.SiteFolderName;
cookieEvents.OnValidatePrincipal = siteValidator.ValidatePrincipal;
}
var tenantPathBase = string.IsNullOrEmpty(tenant.SiteFolderName)
? PathString.Empty
: new PathString("/" + tenant.SiteFolderName);
options.LoginPath = tenantPathBase + "/account/login";
options.LogoutPath = tenantPathBase + "/account/logoff";
options.AccessDeniedPath = tenantPathBase + "/account/accessdenied";
options.Events = cookieEvents;
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = false;
options.CookieSecure = cookieSecure;
return(options);
}
public static IApplicationBuilder UseSocialAuth(
this IApplicationBuilder app,
SiteSettings site,
CookieAuthenticationOptions externalCookieOptions,
bool shouldUseFolder)
{
// TODO: will this require a restart if the options are updated in the ui?
// no just need to clear the tenant cache after updating the settings
if (!string.IsNullOrWhiteSpace(site.GoogleClientId))
{
var googleOptions = new GoogleOptions();
googleOptions.AuthenticationScheme = "Google";
googleOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
googleOptions.ClientId = site.GoogleClientId;
googleOptions.ClientSecret = site.GoogleClientSecret;
if (shouldUseFolder)
{
googleOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-google";
}
app.UseGoogleAuthentication(googleOptions);
}
if (!string.IsNullOrWhiteSpace(site.FacebookAppId))
{
var facebookOptions = new FacebookOptions();
facebookOptions.AuthenticationScheme = "Facebook";
facebookOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
facebookOptions.AppId = site.FacebookAppId;
facebookOptions.AppSecret = site.FacebookAppSecret;
if (shouldUseFolder)
{
facebookOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-facebook";
}
app.UseFacebookAuthentication(facebookOptions);
}
if (!string.IsNullOrWhiteSpace(site.MicrosoftClientId))
{
var microsoftOptions = new MicrosoftAccountOptions();
microsoftOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
microsoftOptions.ClientId = site.MicrosoftClientId;
microsoftOptions.ClientSecret = site.MicrosoftClientSecret;
if (shouldUseFolder)
{
microsoftOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-microsoft";
}
app.UseMicrosoftAccountAuthentication(microsoftOptions);
}
//app.Use()
//Func<HttpContext, bool> hasTwitterKeys = (HttpContext context) =>
//{
// var tenant = context.GetTenant<SiteSettings>();
// if (tenant == null) return false;
// if (string.IsNullOrWhiteSpace(tenant.TwitterConsumerKey)) return false;
// if (string.IsNullOrWhiteSpace(tenant.TwitterConsumerSecret)) return false;
// return true;
//};
//app.UseWhen(context => hasTwitterKeys(context), appBuilder =>
//{
if (!string.IsNullOrWhiteSpace(site.TwitterConsumerKey))
{
var twitterOptions = new TwitterOptions();
twitterOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
twitterOptions.ConsumerKey = site.TwitterConsumerKey;
twitterOptions.ConsumerSecret = site.TwitterConsumerSecret;
if (shouldUseFolder)
{
twitterOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-twitter";
}
app.UseTwitterAuthentication(twitterOptions);
}
//});
return(app);
}
/// <summary>
/// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
/// </summary>
/// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
/// <param name="options">A <see cref="CookieAuthenticationOptions"/> that specifies options for the middleware.</param>
/// <returns>A reference to this instance after the operation has completed.</returns>
public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
return(app.UseMiddleware <CookieAuthenticationMiddleware>(Options.Create(options)));
}
public static IApplicationBuilder UseSocialAuth(
this IApplicationBuilder app,
SiteContext site,
CookieAuthenticationOptions externalCookieOptions,
bool shouldUseFolder,
bool sslIsAvailable = true
)
{
// TODO: will this require a restart if the options are updated in the ui?
// no just need to clear the tenant cache after updating the settings
if (!string.IsNullOrWhiteSpace(site.GoogleClientId))
{
var googleOptions = new GoogleOptions();
googleOptions.AuthenticationScheme = "Google";
googleOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
googleOptions.ClientId = site.GoogleClientId;
googleOptions.ClientSecret = site.GoogleClientSecret;
if (shouldUseFolder)
{
googleOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-google";
}
app.UseGoogleAuthentication(googleOptions);
}
if (!string.IsNullOrWhiteSpace(site.FacebookAppId))
{
var facebookOptions = new FacebookOptions();
facebookOptions.AuthenticationScheme = "Facebook";
facebookOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
facebookOptions.AppId = site.FacebookAppId;
facebookOptions.AppSecret = site.FacebookAppSecret;
if (shouldUseFolder)
{
facebookOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-facebook";
}
app.UseFacebookAuthentication(facebookOptions);
}
if (!string.IsNullOrWhiteSpace(site.MicrosoftClientId))
{
var microsoftOptions = new MicrosoftAccountOptions();
microsoftOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
microsoftOptions.ClientId = site.MicrosoftClientId;
microsoftOptions.ClientSecret = site.MicrosoftClientSecret;
if (shouldUseFolder)
{
microsoftOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-microsoft";
}
app.UseMicrosoftAccountAuthentication(microsoftOptions);
}
if (!string.IsNullOrWhiteSpace(site.TwitterConsumerKey))
{
var twitterOptions = new TwitterOptions();
twitterOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
twitterOptions.ConsumerKey = site.TwitterConsumerKey;
twitterOptions.ConsumerSecret = site.TwitterConsumerSecret;
if (shouldUseFolder)
{
twitterOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-twitter";
}
app.UseTwitterAuthentication(twitterOptions);
}
if (!string.IsNullOrWhiteSpace(site.OidConnectAuthority) &&
!string.IsNullOrWhiteSpace(site.OidConnectAppId)
// && !string.IsNullOrWhiteSpace(site.OidConnectAppSecret)
)
{
var displayName = "ExternalOIDC";
if (!string.IsNullOrWhiteSpace(site.OidConnectDisplayName))
{
displayName = site.OidConnectDisplayName;
}
var oidOptions = new OpenIdConnectOptions();
oidOptions.AuthenticationScheme = "ExternalOIDC";
oidOptions.SignInScheme = externalCookieOptions.AuthenticationScheme;
oidOptions.Authority = site.OidConnectAuthority;
oidOptions.ClientId = site.OidConnectAppId;
oidOptions.ClientSecret = site.OidConnectAppSecret;
oidOptions.GetClaimsFromUserInfoEndpoint = true;
oidOptions.ResponseType = OpenIdConnectResponseType.CodeIdToken;
oidOptions.RequireHttpsMetadata = sslIsAvailable;
oidOptions.SaveTokens = true;
oidOptions.DisplayName = displayName;
if (shouldUseFolder)
{
oidOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-oidc";
oidOptions.SignedOutCallbackPath = "/" + site.SiteFolderName + "/signout-callback-oidc";
oidOptions.RemoteSignOutPath = "/" + site.SiteFolderName + "/signout-oidc";
}
//oidOptions.Events = new OpenIdConnectEvents()
//{
// OnAuthenticationFailed = c =>
// {
// c.HandleResponse();
// c.Response.StatusCode = 500;
// c.Response.ContentType = "text/plain";
// return c.Response.WriteAsync("An error occurred processing your authentication.");
// }
//};
app.UseOpenIdConnectAuthentication(oidOptions);
}
return(app);
}
public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
{
throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
