public static ClaimsPrincipal MergeUserPrincipal(ClaimsPrincipal?existingPrincipal, ClaimsPrincipal?additionalPrincipal) { var newPrincipal = new ClaimsPrincipal(); // New principal identities go first if (additionalPrincipal != null) { newPrincipal.AddIdentities(additionalPrincipal.Identities); } // Then add any existing non empty or authenticated identities if (existingPrincipal != null) { newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any())); } return(newPrincipal); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.Use(async(context, next) => { if (!context.Request.Path.Value.StartsWith("/admin")) { var participantScheme = await context.AuthenticateAsync("PromotionParticipantScheme"); var principal = new ClaimsPrincipal(); if (participantScheme?.Principal != null) { principal.AddIdentities(participantScheme.Principal.Identities); } else { principal.AddIdentity(new ClaimsIdentity()); } context.User = principal; } await next(); }); app.UseEndpoints(endpoints => { endpoints.MapControllerRoute( name: "Admin", pattern: "{area=Admin}/{controller=Home}/{action=Index}/{id?}"); endpoints.MapControllerRoute( name: "API", pattern: "{area=API}/{controller=Home}/{action=Index}/{id?}"); endpoints.MapControllerRoute( name: "ParticipantArea", pattern: "{area=ParticipantArea}/{controller=Home}/{action=Index}/{id?}"); endpoints.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}"); }); }
public override ClaimsPrincipal DeserializeSubject(string obj) { obj = string.IsNullOrEmpty(obj) ? "[]" : obj; var simpleDocument = new SimpleDocument <List <ClaimIdentityRecord> >(obj); var document = (List <ClaimIdentityRecord>)simpleDocument.Document; var claimsPrincipal = new ClaimsPrincipal(); claimsPrincipal.AddIdentities(document.ToClaimsIdentitys()); return(claimsPrincipal); }
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.Use(async(context, next) => { var principal = new ClaimsPrincipal(); var result1 = await context.AuthenticateAsync("User_Schema"); if (result1?.Principal != null) { principal.AddIdentities(result1.Principal.Identities); } var result2 = await context.AuthenticateAsync("Admin_Schema"); if (result2?.Principal != null) { principal.AddIdentities(result2.Principal.Identities); } context.User = principal; await next(); }); app.UseAuthentication(); app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseCookiePolicy(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllerRoute( name: "areas", pattern: "{area:exists=Home}/{controller=Home}/{action=Index}/{id?}"); endpoints.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}"); }); }
private async Task <ClaimsPrincipal> TransformClaims(ClaimsPrincipal principal, IServiceCollection services) { var transformed = new ClaimsPrincipal(); transformed.AddIdentities(principal.Identities); transformed.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("logged in", DateTime.Now.ToString()) //voorbeeld: claims worden eenmalig gezet bij login })); return(transformed); }
public Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal) { var transformed = new ClaimsPrincipal(); transformed.AddIdentities(principal.Identities); transformed.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("Transformed", DateTime.Now.ToString()) })); return(Task.FromResult(transformed)); }
public Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal) { // This will run every time Authenticate is called so its better to create a new Principal var transformed = new ClaimsPrincipal(); transformed.AddIdentities(principal.Identities); transformed.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("Transformed", DateTime.Now.ToString()) })); return(Task.FromResult(transformed)); }
public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.Use(async(context, next) => { var principal = new ClaimsPrincipal(); var result1 = await context.AuthenticateAsync("User_Schema"); if (result1?.Principal != null) { principal.AddIdentities(result1.Principal.Identities); } var result2 = await context.AuthenticateAsync("Admin_Schema"); if (result2?.Principal != null) { principal.AddIdentities(result2.Principal.Identities); } context.User = principal; await next(); }); app.UseAuthentication(); app.UseSession(); app.UseStaticFiles(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }
private static ClaimsPrincipal MergeUserPrincipal( ClaimsPrincipal existingPrincipal, ClaimsPrincipal additionalPrincipal) { var principal = new ClaimsPrincipal(); if (additionalPrincipal != null) { principal.AddIdentities(additionalPrincipal.Identities); } if (existingPrincipal == null) { return(principal); } var identities = existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any()); principal.AddIdentities(identities); return(principal); }
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); app.UseStaticFiles(); app.UseSession(); app.Use(async(context, next) => { ClaimsPrincipal principal = new ClaimsPrincipal(); var result = await context.AuthenticateAsync("SCHEME_ADMIN"); if (result?.Principal != null) { principal.AddIdentities(result.Principal.Identities); } var result3 = await context.AuthenticateAsync("SCHEME_USER"); if (result3?.Principal != null) { principal.AddIdentities(result3.Principal.Identities); } context.User = principal; await next(); }); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllerRoute("admin_route", "admin/{controller}/{action}/{id?}", defaults: new { area = "admin" }, constraints: new { area = "admin" }); endpoints.MapControllerRoute("user_route", "user/{controller}/{action}/{id?}", defaults: new { area = "user" }, constraints: new { area = "user" }); endpoints.MapControllerRoute(name: "default", pattern: "{controller=home}/{action=index}/{id?}"); }); }
public async Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal) { var userId = _tokenStore.GetCurrentUserId().ToString(); if (userId != "0") { var user = await _userManager.FindByIdAsync(userId); var newPrincipal = await _userClaimsPrincipalFactory.CreateAsync(user); principal.AddIdentities(newPrincipal.Identities); } return(principal); }
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory) { app.UseForwardedHeaders(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } loggerFactory.AddRollbarDotNetLogger(app.ApplicationServices); using (var serviceScope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope()) using (var context = serviceScope.ServiceProvider.GetService <MeredithDbContext>()) { context.Database.Migrate(); } app .UseCustomLocalization() .UseAuthentication() .Use(async(context, next) => { // If the default identity failed to authenticate (cookies) if (context.User.Identities.All(i => !i.IsAuthenticated)) { var principal = new ClaimsPrincipal(); var jwtAuth = await context.AuthenticateAsync("jwt"); if (jwtAuth?.Principal != null) { principal.AddIdentities(jwtAuth.Principal.Identities); context.User = principal; } } await next(); }) .UseCustomSwagger() .UseMiddleware <ExceptionHandlingMiddleware>(); app.UseStaticFiles(); app.UseRouting(); app.UseCors(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); }
private static async Task <AuthorizationCode> Version1( BsonDocument doc, IClientStore clientStore, IScopeStore scopeStore) { var code = new AuthorizationCode(); code.CreationTime = doc.GetValueOrDefault("creationTime", code.CreationTime); code.IsOpenId = doc.GetValueOrDefault("isOpenId", code.IsOpenId); code.RedirectUri = doc.GetValueOrDefault("redirectUri", code.RedirectUri); code.WasConsentShown = doc.GetValueOrDefault("wasConsentShown", code.WasConsentShown); code.Nonce = doc.GetValueOrDefault("nonce", code.Nonce); var claimsPrincipal = new ClaimsPrincipal(); IEnumerable <ClaimsIdentity> identities = doc.GetValueOrDefault("subject", sub => { string authenticationType = sub.GetValueOrDefault("authenticationType", (string)null); var claims = sub.GetNestedValueOrDefault("claimSet", ClaimSetSerializer.Deserialize, new Claim[] { }); ClaimsIdentity identity = authenticationType == null ? new ClaimsIdentity(claims) : new ClaimsIdentity(claims, authenticationType); return(identity); }, new ClaimsIdentity[] { }); claimsPrincipal.AddIdentities(identities); code.Subject = claimsPrincipal; var clientId = doc["_clientId"].AsString; code.Client = await clientStore.FindClientByIdAsync(clientId); if (code.Client == null) { throw new InvalidOperationException("Client not found when deserializing authorization code. Client id: " + clientId); } var scopes = doc.GetValueOrDefault( "requestedScopes", (IEnumerable <string>) new string[] { }).ToArray(); code.RequestedScopes = await scopeStore.FindScopesAsync(scopes); if (scopes.Count() > code.RequestedScopes.Count()) { throw new InvalidOperationException("Scopes not found when deserializing authorization code. Scopes: " + string.Join(", ", scopes.Except(code.RequestedScopes.Select(x => x.Name)))); } return(code); }
public Task <ClaimsPrincipal> SignInAsync(string username, string password, string authenticationScheme) { if (Utility.AuthenticateUser(_logger, _ps, username, password, _options.AllowedGroup, out var profileDir)) { var identity = new GenericIdentity(username, "login"); var principal = new ClaimsPrincipal(identity); var claims = new[] { new Claim(Claims.RUser, ""), new Claim(UnixClaims.RUsername, username), new Claim(UnixClaims.RPassword, password), new Claim(Claims.RUserProfileDir, profileDir) }; var claimsIdentity = new ClaimsIdentity(claims, authenticationScheme); principal.AddIdentities(new[] { claimsIdentity }); return(Task.FromResult(principal)); } return(Task.FromResult <ClaimsPrincipal>(null)); }
public async Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal) { await Task.CompletedTask; var identityUrl = _configuration.GetValue <string>("IdentityUrl"); var test = principal.Claims.FirstOrDefault(c => c.Type == "access_token")?.Value; var userinfo = await _client.GetUserInfoAsync(new UserInfoRequest { Address = $"{identityUrl}/connect/userinfo", Token = principal.Claims.FirstOrDefault(c => c.Type == "access_token")?.Value }); var transformed = new ClaimsPrincipal(); transformed.AddIdentities(principal.Identities); transformed.AddIdentity(new ClaimsIdentity(userinfo.Claims.Select(c => new Claim(c.Type, c.Value)))); return(transformed); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")) .AddFile("Logs/<%= Name %>-{Date}.txt"); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAuthentication(); // Enable middleware to serve generated Swagger as a JSON endpoint. app.UseSwagger(); //enable swagger (help page) app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "<%= Name %> API v1.0"); }); #if DEBUG app.Use(async(context, next) => { if (!string.IsNullOrEmpty(context.Request.Headers["Authorization"])) { var authHeader = context.Request.Headers["Authorization"].FirstOrDefault(); if (authHeader.ToLower().StartsWith("basic")) { var result = await context.AuthenticateAsync("BasicAuthentication"); if (result?.Principal != null) { var principal = new ClaimsPrincipal(); principal.AddIdentities(result.Principal.Identities); context.User = principal; } } } await next(); }); #endif app.UseMvc(); }
private Mock <HttpContext> SetupContext(params ClaimsIdentity[] ids) { var context = new Mock <HttpContext>(); context.SetupProperty(c => c.User); var user = new ClaimsPrincipal(); user.AddIdentities(ids); context.Object.User = user; if (ids != null) { var results = new List <AuthenticationResult>(); foreach (var id in ids) { results.Add(new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription())); } context.Setup(c => c.AuthenticateAsync(It.IsAny <IEnumerable <string> >())).ReturnsAsync(results).Verifiable(); } return(context); }
public static void UseXFJsonRpc(this IApplicationBuilder app, Action <RpcEndpointBuilder> configureOptions) { app.Map($"/{UrlConstants.CommandApiNamespace}", b => { // add a custom middleware that authenticates all schemes. // Workaround for the lack of support of multiple authentication schemes in EdjCase.JsonRpc. b.Use(async(context, next) => { var authSchemeProvider = context.RequestServices.GetService <IAuthenticationSchemeProvider>(); ClaimsPrincipal principal = null; foreach (AuthenticationScheme scheme in await authSchemeProvider.GetAllSchemesAsync()) { AuthenticateResult result = await context.AuthenticateAsync(scheme.Name); if (result.Succeeded) { if (principal == null) { principal = result.Principal; } else { principal.AddIdentities(result.Principal.Identities); } } } if (principal != null) { context.User = principal; } await next(); }); b.UseJsonRpc(options => { options.AddControllerWithCustomPath <UsersRpcController>(UrlConstants.Users); configureOptions(options); }); }); }
/// <inheritdoc /> public virtual async Task OnAuthorizationAsync([NotNull] AuthorizationContext context) { // Build a ClaimsPrincipal with the Policy's required authentication types if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any()) { var newPrincipal = new ClaimsPrincipal(); foreach (var scheme in Policy.ActiveAuthenticationSchemes) { var result = (await context.HttpContext.Authentication.AuthenticateAsync(scheme))?.Principal; if (result != null) { newPrincipal.AddIdentities(result.Identities); } } // If all schemes failed authentication, provide a default identity anyways if (newPrincipal.Identity == null) { newPrincipal.AddIdentity(new ClaimsIdentity()); } context.HttpContext.User = newPrincipal; } // Allow Anonymous skips all authorization if (context.Filters.Any(item => item is IAllowAnonymous)) { return; } var httpContext = context.HttpContext; var authService = httpContext.RequestServices.GetRequiredService <IAuthorizationService>(); // Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity()) if (httpContext.User == null || !httpContext.User.Identities.Any(i => i.IsAuthenticated) || !await authService.AuthorizeAsync(httpContext.User, context, Policy)) { context.Result = new ChallengeResult(Policy.ActiveAuthenticationSchemes.ToArray()); } }
public static AuthorizationCode ToAuthorizationCode(this AuthorizationCodeHandle handle, IClientStore clientStore, IScopeStore scopeStore) { var claimsPrincipal = new ClaimsPrincipal(); claimsPrincipal.AddIdentities(handle.ClaimIdentityRecords.ToClaimsIdentitys()); var result = new AuthorizationCode() { Subject = claimsPrincipal, Client = clientStore.FindClientByIdAsync(handle.ClientId).Result, RequestedScopes = scopeStore.FindScopesAsync(handle.RequestedScopes).Result, CreationTime = handle.CreationTime, IsOpenId = handle.IsOpenId, RedirectUri = handle.RedirectUri, WasConsentShown = handle.WasConsentShown, Nonce = handle.Nonce }; return(result); }
public static IApplicationBuilder UseCustomAuthentication(this IApplicationBuilder app) { app.UseAuthentication(). Use(async(context, next) => { // If the default identity failed to authenticate (cookies) if (context.User.Identities.All(i => !i.IsAuthenticated)) { var principal = new ClaimsPrincipal(); var jwtAuth = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme); if (jwtAuth?.Principal != null) { principal.AddIdentities(jwtAuth.Principal.Identities); context.User = principal; } } await next(); }); return(app); }
private async Task SignInAsync(MyCompanyModel model, IEnumerable <ClaimsIdentity> externalIdentities = null) { // create principal ClaimsPrincipal principal = new ClaimsPrincipal(); if (model != null) { List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.PasswordString), new Claim(ClaimTypes.Email, model.EmailAddress), new Claim("IsLocalAuthenticated", model.IsAuthenticated.ToString()), }; // create identity ClaimsIdentity identity = new ClaimsIdentity(claims, ePin.MyCompanyConstants.MyCompanyAuthenticationScheme) { Label = ePin.MyCompanyConstants.MyCompanyAuthenticationScheme }; principal.AddIdentity(identity); } if (externalIdentities != null) { principal.AddIdentities(externalIdentities); } // sign in await HttpContext.SignInAsync( scheme : ePin.MyCompanyConstants.MyCompanyAuthenticationScheme, principal : principal, properties : new AuthenticationProperties { IsPersistent = true, // for 'remember me' feature ExpiresUtc = DateTime.UtcNow.AddMinutes(20) }); }
public async Task RouteAsync(RouteContext context) { if (context.HttpContext.Request.ContentType != "application/json") { return; } if (!context.HttpContext.Request.Path.Value.EndsWith($"/{XForgeConstants.CommandsEndpoint}")) { return; } var authSchemeProvider = context.HttpContext.RequestServices.GetService <IAuthenticationSchemeProvider>(); ClaimsPrincipal principal = null; foreach (AuthenticationScheme scheme in await authSchemeProvider.GetAllSchemesAsync()) { AuthenticateResult result = await context.HttpContext.AuthenticateAsync(scheme.Name); if (result.Succeeded) { if (principal == null) { principal = result.Principal; } else { principal.AddIdentities(result.Principal.Identities); } } } if (principal != null) { context.HttpContext.User = principal; } await _internalRouter.RouteAsync(context); }
/// <summary> /// Evaluates the current Policy. This is provided for backward compatibility /// of WCF Claims model. We always return true without affecting the EvaluationContext. /// </summary> /// <param name="evaluationContext">The current EvaluationContext.</param> /// <param name="state">The reference state object.</param> /// <returns>True if the Policy was successfully applied.</returns> public bool Evaluate(EvaluationContext evaluationContext, ref object state) { if (null == evaluationContext || null == evaluationContext.Properties) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("evaluationContext"); } if (0 == _identityCollection.Count) { // // Nothing to do here. // return(true); } // // Locate or create the ClaimsPrincipal // object principalObj = null; if (!evaluationContext.Properties.TryGetValue(ClaimsPrincipalKey, out principalObj)) { ClaimsPrincipal principalToAdd = CreateClaimsPrincipalFromIdentities(_identityCollection); evaluationContext.Properties.Add(ClaimsPrincipalKey, principalToAdd); if (DiagnosticUtility.ShouldTrace(TraceEventType.Information)) { TraceUtility.TraceEvent( TraceEventType.Information, TraceCode.Diagnostics, SR.GetString(SR.TraceSetPrincipalOnEvaluationContext), new ClaimsPrincipalTraceRecord(principalToAdd), null, null); } } else { ClaimsPrincipal principal = principalObj as ClaimsPrincipal; if (null != principal && null != principal.Identities) { principal.AddIdentities(_identityCollection); } else { // // Someone stomped on our ClaimsPrincipal property key in the properties collection // Just trace this for now. // if (DiagnosticUtility.ShouldTrace(TraceEventType.Error)) { TraceUtility.TraceString( TraceEventType.Error, SR.GetString(SR.ID8004, ClaimsPrincipalKey)); } } } // // Locate or create evaluationContext.Properties[ "Identities" ] with identities // object identitiesObj = null; if (!evaluationContext.Properties.TryGetValue(IdentitiesKey, out identitiesObj)) { List <ClaimsIdentity> identities = new List <ClaimsIdentity>(); foreach (ClaimsIdentity ici in _identityCollection) { identities.Add(ici); } evaluationContext.Properties.Add(IdentitiesKey, identities); } else { List <ClaimsIdentity> identities; identities = identitiesObj as List <ClaimsIdentity>; foreach (ClaimsIdentity ici in _identityCollection) { identities.Add(ici); } } return(true); }