public async Task <(string returnUrl, string requestId)> LoginAsync(EAuthCallbackModel model) { EAuthService service = new EAuthService(); EAuthResponseModel eAuthResponseModel = service.Parse(model); string requestId = eAuthResponseModel?.RequestId; string returnUrl = _applicationStoreService.GetApplicationBaseUrl(requestId) + _loginReturnPath; (string personIdentifier, string holderName, string email) = ExtractPersonData(eAuthResponseModel); ApplicationUser user = _userManager.Users.SingleOrDefault(u => u.Certificate_UniqueIdentifier.Trim() == personIdentifier && !u.Deleted); if (user == null) { returnUrl += $"?error=true&message=userNotFound"; return(returnUrl, requestId); } else { /* * Ако потребителя е сменил своето име в подписа, го променяме и в базата * т.е. ако жена се омъжи и смени фамилията си и т.н. * Ако подписа е променен също запазваме данните */ if (user.Certificate_Name == null || user.Certificate_Name.ToLower().Trim() != (holderName ?? "").ToLower().Trim()) { //Check if certificate is the same and update user info if needed user.Certificate_Name = holderName; await _userManager.UpdateAsync(user); } } if (!user.EmailConfirmed) { await SendConfirmEmailAsync(user, _applicationStoreService.GetApplicationBaseUrl(requestId)); returnUrl += $"?error=true&message=EmailNotConfirmed,ConfirmationEmailResend"; return(returnUrl, requestId); } if (!user.ConfirmedByAdmin) { returnUrl += $"?error=true&message=NotConfirmedByAdmin"; return(returnUrl, requestId); } //sign in existing user returnUrl = await SignInExistingUser(user, returnUrl); return(returnUrl, requestId); }
public ActionResult PersonRequest() { EAuthRequestViewModel model = null; // Създава се SAML заявка и се записва в журнал. string requestUrl = Url.Action(nameof(PersonRequest), null, null, Request.Scheme); string callbackUrl = Url.Action(nameof(LoginCallback), null, null, Request.Scheme); EAuthService service = new EAuthService(); model = service.CreateRequestAsync(requestUrl, callbackUrl, RequestedServiceOid, RequestedProviderOid, null, false, _settings?.CertificateThumbprint); return(Ok(model)); }
public ActionResult LoginCallback(EAuthCallbackModel model) { // Записване на отговора в журнал. EAuthService service = new EAuthService(); EAuthResponseModel eAuthResponseModel = service.Parse(model); // Изходът от този action не се използва. Целта е само да се зареди локален адрес в callback iframe-а. // Това се интерпретира от Java Script-а като успешен край на автентикацията и следва пренасочване към друг адрес. // // До февруари 2019 г. този метод връщаше празен резултат и това вършеше работа. //return new EmptyResult(); // Chrome версия 72+ обаче започна да интерпретира security header-а X-Content-Type-Options=nosniff по друг начин. // Когато резултатът е празен, вече не зарежда резултата на екрана(или в iframe-а), а изтегля празен файл. // Така не се задейства никакъв Java Script, iframe-ът не разбира, че е зареден локален адрес, и автентикацията // не завършва в Chrome 72+. Tрябва се върне някакъв HTML, колкото да се задейства onload handler-ът на iframe-а. //return PartialView(); return(View(eAuthResponseModel)); }
public ActionResult PersonRequest([FromQuery] string type, [FromQuery] string userType, [FromQuery] string chsiNumber, [FromQuery] string email, [FromQuery] string lang) { EAuthRequestViewModel model = null; // Създава се SAML заявка и се записва в журнал. string requestUrl = Url.Action(nameof(PersonRequest), null, null, Request.Scheme); string callbackUrl = (type ?? "").Equals("login", System.StringComparison.OrdinalIgnoreCase) ? Url.Action(nameof(LoginCallback), null, null, Request.Scheme) : Url.Action(nameof(RegisterCallback), null, null, Request.Scheme); EAuthService service = new EAuthService(); model = service.CreateRequestAsync(requestUrl, callbackUrl, RequestedServiceOid, RequestedProviderOid, null, false, _settings?.CertificateThumbprint); _applicationStoreService.SetUserType(model.RequestId, userType); _applicationStoreService.SetChsiNumber(model.RequestId, chsiNumber); _applicationStoreService.SetApplicationBaseUrl(model.RequestId, Request.Headers["Referer"].ToString().TrimEnd('/')); _applicationStoreService.SetLang(model.RequestId, lang); _applicationStoreService.SetEmail(model.RequestId, email); return(Ok(model)); }
public async Task <(string returnUrl, string requestId)> RegisterAsync(EAuthCallbackModel model) { string returnUrl = ""; string requestId = ""; try { if (model == null) { throw new ArgumentNullException(nameof(EAuthCallbackModel)); } EAuthService service = new EAuthService(); EAuthResponseModel eAuthResponseModel = service.Parse(model); requestId = eAuthResponseModel?.RequestId; returnUrl = _applicationStoreService.GetApplicationBaseUrl(requestId) + _registerReturnPath; string userType = _applicationStoreService.GetUserType(requestId); string chsiNumber = _applicationStoreService.GetChsiNumber(requestId); string lang = _applicationStoreService.GetLang(requestId); string email = _applicationStoreService.GetEmail(requestId); (string personIdentifier, string holderName, string certEmail) = ExtractPersonData(eAuthResponseModel); Thread.CurrentThread.CurrentCulture = new CultureInfo(lang); Thread.CurrentThread.CurrentUICulture = new CultureInfo(lang); if ((userType == UserType.CHSI.ToString() || userType == UserType.CHSIHelper.ToString()) && chsiNumber == default) { returnUrl += $"?error=true"; return(returnUrl, requestId); } //check egn bool isDuplicateEgn = _userManager.Users.Any(u => u.Certificate_UniqueIdentifier == (personIdentifier ?? "").ToUpper().Trim() && !u.Deleted); if (isDuplicateEgn) { returnUrl += $"?error=true&message=duplicateEgn"; return(returnUrl, requestId); } if (string.IsNullOrWhiteSpace(email)) { email = certEmail; } //check email if (string.IsNullOrWhiteSpace(email)) { //Redirect to register page with parameter to gather additional info returnUrl += "?requireEmail=true"; return(returnUrl, requestId); } //Create new user ApplicationUser user = new ApplicationUser() { Certificate = string.IsNullOrWhiteSpace(eAuthResponseModel.SamlResponse) ? null : Encoding.ASCII.GetBytes(eAuthResponseModel.SamlResponse), Certificate_Thumbprint = eAuthResponseModel.RequestId, Email = email, EmailConfirmed = false, UserName = GenerateUserName(holderName), Certificate_Name = holderName.Trim(), Certificate_UniqueIdentifier = personIdentifier?.Trim(), AuthType = AuthType.EAUTH.ToString(), UserType = userType, ConfirmedByAdmin = false, CreatedOn = DateTime.UtcNow }; string userRole = Constants.Role_AuctionOrgaziner; if (userType == UserType.AUCPAR.ToString()) { user.ConfirmedByAdmin = true; userRole = Constants.Role_AuctionParticipant; } else if (userType == UserType.CHSI.ToString()) { user.CHSINumber = chsiNumber; //TODO Check CHSI in CHSI register by number //Return error if chsi is not found bool ChsiRegisterCheck = true; user.CheckedInCHSIRegister = ChsiRegisterCheck; user.ConfirmedByAdmin = ChsiRegisterCheck; } else if (userType == UserType.CHSIHelper.ToString()) { user.CHSINumber = chsiNumber; //TODO Check CHSI helpers in CHSI register by number //Return error if chsi is not found bool ChsiRegisterCheck = true; user.CheckedInCHSIRegister = ChsiRegisterCheck; user.ConfirmedByAdmin = ChsiRegisterCheck; } IdentityResult ir = await _userManager.CreateAsync(user); if (!ir.Succeeded) { //create new user fail Log.Error("Error creating user with ESign", string.Join(',', ir.Errors.Select(x => x.Description))); returnUrl += $"?error=true"; return(returnUrl, requestId); } //Assign to role var roleAddResult = await _userManager.AddToRoleAsync(user, userRole); if (!roleAddResult.Succeeded) { Log.Error($"Error adding user ID= {user.Id} to role {userRole}", string.Join(',', roleAddResult.Errors.Select(x => x.Description))); } try { //create person await CreatePerson(user.Id, holderName, email); //send confirmation email await SendConfirmEmailAsync(user, _applicationStoreService.GetApplicationBaseUrl(requestId)); return(returnUrl, requestId); } catch (Exception x) { //await AuditService.EditContentAndUserAsync(AuditId, AuditContentType.Activity, // AuditMessages.Failure.ToString(), user.Id, user.UserName); Log.Error("Error creating person with EAuth", x); IdentityResult deleteResult = await _userManager.DeleteAsync(user); returnUrl += $"?error=true"; return(returnUrl, requestId); } } catch (Exception x) { if (x is ArgumentNullException) { Log.Error("Empty EAuth response " + x.Message); returnUrl += $"?error=true"; return(returnUrl, requestId); } Log.Error(x, "Error parsing EAuth response on register"); //cannot parse EAuth response returnUrl += $"?error=true"; return(returnUrl, requestId); } }