private ExternalIdentity MapToExternalIdentity(IEnumerable <Claim> claims)
{
var externalId = ExternalIdentity.FromClaims(claims);
if (externalId != null && _externalClaimsFilter != null)
{
externalId.Claims = _externalClaimsFilter.Filter(externalId.Provider, externalId.Claims);
}
return(externalId);
}
public async Task <IHttpActionResult> LoginExternalCallback()
{
Logger.Info("Callback invoked from external identity provider ");
var signInId = await GetSignInIdFromExternalProvider();
if (signInId.IsMissing())
{
Logger.Error("No signin id passed");
return(RenderErrorPage());
}
var cookie = new MessageCookie <SignInMessage>(Request.GetOwinContext(), this._options);
var signInMessage = cookie.Read(signInId);
if (signInMessage == null)
{
Logger.Error("No cookie matching signin id found");
return(RenderErrorPage());
}
var user = await GetIdentityFromExternalProvider();
if (user == null)
{
Logger.Error("no identity from external identity provider");
return(await RenderLoginPage(signInMessage, signInId, Messages.NoMatchingExternalAccount));
}
var externalIdentity = ExternalIdentity.FromClaims(user.Claims);
if (externalIdentity == null)
{
Logger.Error("no subject or unique identifier claims from external identity provider");
return(await RenderLoginPage(signInMessage, signInId, Messages.NoMatchingExternalAccount));
}
Logger.InfoFormat("external user provider: {0}, provider ID: {1}", externalIdentity.Provider, externalIdentity.ProviderId);
var authResult = await _userService.AuthenticateExternalAsync(externalIdentity);
if (authResult == null)
{
Logger.Warn("user service failed to authenticate external identity");
return(await RenderLoginPage(signInMessage, signInId, Messages.NoMatchingExternalAccount));
}
if (authResult.IsError)
{
Logger.WarnFormat("user service returned error message: {0}", authResult.ErrorMessage);
return(await RenderLoginPage(signInMessage, signInId, authResult.ErrorMessage));
}
return(SignInAndRedirect(signInMessage, signInId, authResult));
}
public async Task <IHttpActionResult> LoginExternalCallback(string error = null)
{
Logger.Info("Callback invoked from external identity provider");
if (error.IsPresent())
{
if (error.Length > options.InputLengthRestrictions.ExternalError)
{
error = error.Substring(0, options.InputLengthRestrictions.ExternalError);
}
Logger.ErrorFormat("External identity provider returned error: {0}", error);
await eventService.RaiseExternalLoginErrorEventAsync(error);
return(RenderErrorPage(String.Format(localizationService.GetMessage(MessageIds.ExternalProviderError), error)));
}
var signInId = await context.GetSignInIdFromExternalProvider();
if (signInId.IsMissing())
{
Logger.Info("No signin id passed");
return(HandleNoSignin());
}
var signInMessage = signInMessageCookie.Read(signInId);
if (signInMessage == null)
{
Logger.Info("No cookie matching signin id found");
return(HandleNoSignin());
}
var user = await context.GetIdentityFromExternalProvider();
if (user == null)
{
Logger.Error("no identity from external identity provider");
return(await RenderLoginPage(signInMessage, signInId, localizationService.GetMessage(MessageIds.NoMatchingExternalAccount)));
}
var externalIdentity = ExternalIdentity.FromClaims(user.Claims);
if (externalIdentity == null)
{
var claims = user.Claims.Select(x => new { x.Type, x.Value });
Logger.ErrorFormat("no subject or unique identifier claims from external identity provider. Claims provided:\r\n{0}", LogSerializer.Serialize(claims));
return(await RenderLoginPage(signInMessage, signInId, localizationService.GetMessage(MessageIds.NoMatchingExternalAccount)));
}
Logger.InfoFormat("external user provider: {0}, provider ID: {1}", externalIdentity.Provider, externalIdentity.ProviderId);
var externalContext = new ExternalAuthenticationContext
{
ExternalIdentity = externalIdentity,
SignInMessage = signInMessage
};
await userService.AuthenticateExternalAsync(externalContext);
var authResult = externalContext.AuthenticateResult;
if (authResult == null)
{
Logger.Warn("user service failed to authenticate external identity");
var msg = localizationService.GetMessage(MessageIds.NoMatchingExternalAccount);
await eventService.RaiseExternalLoginFailureEventAsync(externalIdentity, signInId, signInMessage, msg);
return(await RenderLoginPage(signInMessage, signInId, msg));
}
if (authResult.IsError)
{
Logger.WarnFormat("user service returned error message: {0}", authResult.ErrorMessage);
await eventService.RaiseExternalLoginFailureEventAsync(externalIdentity, signInId, signInMessage, authResult.ErrorMessage);
return(await RenderLoginPage(signInMessage, signInId, authResult.ErrorMessage));
}
Logger.Info("External identity successfully validated by user service");
await eventService.RaiseExternalLoginSuccessEventAsync(externalIdentity, signInId, signInMessage, authResult);
return(await SignInAndRedirectAsync(signInMessage, signInId, authResult));
}
public async Task <IHttpActionResult> LoginExternalCallback(string error = null)
{
Logger.Info("Callback invoked from external identity provider");
if (error.IsPresent())
{
Logger.ErrorFormat("External identity provider returned error: {0}", error);
eventService.RaiseExternalLoginErrorEvent(error);
return(RenderErrorPage(String.Format(localizationService.GetMessage(MessageIds.ExternalProviderError), error)));
}
var signInId = await context.GetSignInIdFromExternalProvider();
if (signInId.IsMissing())
{
Logger.Error("No signin id passed");
return(RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie)));
}
var signInMessage = signInMessageCookie.Read(signInId);
if (signInMessage == null)
{
Logger.Error("No cookie matching signin id found");
return(RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie)));
}
var user = await context.GetIdentityFromExternalProvider();
if (user == null)
{
Logger.Error("no identity from external identity provider");
return(await RenderLoginPage(signInMessage, signInId, localizationService.GetMessage(MessageIds.NoMatchingExternalAccount)));
}
var externalIdentity = ExternalIdentity.FromClaims(user.Claims);
if (externalIdentity == null)
{
Logger.Error("no subject or unique identifier claims from external identity provider");
return(await RenderLoginPage(signInMessage, signInId, localizationService.GetMessage(MessageIds.NoMatchingExternalAccount)));
}
Logger.InfoFormat("external user provider: {0}, provider ID: {1}", externalIdentity.Provider, externalIdentity.ProviderId);
var authResult = await userService.AuthenticateExternalAsync(externalIdentity, signInMessage);
if (authResult == null)
{
Logger.Warn("user service failed to authenticate external identity");
var msg = localizationService.GetMessage(MessageIds.NoMatchingExternalAccount);
eventService.RaiseExternalLoginFailureEvent(externalIdentity, signInId, signInMessage, msg);
return(await RenderLoginPage(signInMessage, signInId, msg));
}
if (authResult.IsError)
{
Logger.WarnFormat("user service returned error message: {0}", authResult.ErrorMessage);
eventService.RaiseExternalLoginFailureEvent(externalIdentity, signInId, signInMessage, authResult.ErrorMessage);
return(await RenderLoginPage(signInMessage, signInId, authResult.ErrorMessage));
}
eventService.RaiseExternalLoginSuccessEvent(externalIdentity, signInId, signInMessage, authResult);
return(SignInAndRedirect(signInMessage, signInId, authResult));
}