public bool IsAuthorized(Operation operation, IRequest req, IAuthSession session) { if (HostContext.HasValidAuthSecret(req)) { return(true); } if (operation.RequiresAuthentication && !session.IsAuthenticated) { return(false); } if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(session.HasRole)) { return(false); } if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(session.HasPermission)) { return(false); } if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(session.HasRole)) { return(false); } if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(session.HasPermission)) { return(false); } return(true); }
//For pass-through requests not handled by ServiceStack public async Task SignInAuthenticatedSessions(NetCoreRequest req) { if (!AutoSignInSessionsMatching(req)) { return; } var session = req.GetSession(); if (session.IsAuthenticated) { var claims = session.ConvertSessionToClaims( issuer: Issuer, roleClaimType: RoleClaimType, permissionClaimType: PermissionClaimType); if (HostContext.HasValidAuthSecret(req)) { claims.Add(new Claim(RoleClaimType, RoleNames.Admin, Issuer)); } var principal = CreateClaimsPrincipal != null ? CreateClaimsPrincipal(claims, session, req) : new ClaimsPrincipal(new ClaimsIdentity(claims, AuthenticationType)); req.HttpContext.User = principal; } }
public void Authenticate(IRequest req, IResponse res, object requestDto) { if (HostContext.HasValidAuthSecret(req)) { return; } //ExecuteBasic(req, res, requestDto); //first check if session is authenticated //if (res.IsClosed) return; //AuthenticateAttribute already closed the request (ie auth failed) ValidateUser(req); }
protected async Task <object> AuthenticateAsync(IServiceBase authService, IAuthSession session, string userName, string password, string referrerUrl, CancellationToken token = default) { session = await ResetSessionBeforeLoginAsync(authService, session, userName, token).ConfigAwait(); bool success = false; var authFeature = HostContext.AppHost.AssertPlugin <AuthFeature>(); if (HostContext.HasValidAuthSecret(authService.Request)) { if (userName == authFeature.AuthSecretSession.UserName) { session = authFeature.AuthSecretSession; success = true; } } if (!success) { success = await TryAuthenticateAsync(authService, userName, password, token).ConfigAwait(); } if (success) { session.IsAuthenticated = true; if (session.UserAuthName == null) { session.UserAuthName = userName; } var response = await OnAuthenticatedAsync(authService, session, null, null, token).ConfigAwait(); if (response != null) { return(response); } return(new AuthenticateResponse { UserId = session.UserAuthId, UserName = userName, SessionId = session.Id, DisplayName = session.DisplayName ?? session.UserName ?? $"{session.FirstName} {session.LastName}".Trim(), ReferrerUrl = referrerUrl }); } throw HttpError.Unauthorized(ErrorMessages.InvalidUsernameOrPassword.Localize(authService.Request)); }
public async Task <bool> IsAuthorizedAsync(Operation operation, IRequest req, IAuthSession session) { if (HostContext.HasValidAuthSecret(req)) { return(true); } if (operation.RequiresAuthentication && !session.IsAuthenticated) { return(false); } var authRepo = HostContext.AppHost.GetAuthRepositoryAsync(req); #if NET472 || NETCORE await using (authRepo as IAsyncDisposable) #else using (authRepo as IDisposable) #endif { var allRoles = await session.GetRolesAsync(authRepo).ConfigAwait(); if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(allRoles.Contains)) { return(false); } var allPerms = await session.GetPermissionsAsync(authRepo).ConfigAwait(); if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(allPerms.Contains)) { return(false); } if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(allRoles.Contains)) { return(false); } if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(allPerms.Contains)) { return(false); } return(true); } }
public bool IsAuthorized(Operation operation, IRequest req, IAuthSession session) { if (HostContext.HasValidAuthSecret(req)) { return(true); } if (operation.RequiresAuthentication && !session.IsAuthenticated) { return(false); } var authRepo = HostContext.AppHost.GetAuthRepository(req); using (authRepo as IDisposable) { var allRoles = session.GetRoles(authRepo); if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(allRoles.Contains)) { return(false); } var allPerms = session.GetPermissions(authRepo); if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(allPerms.Contains)) { return(false); } if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(allRoles.Contains)) { return(false); } if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(allPerms.Contains)) { return(false); } return(true); } }
public static HashSet <string> GetUserAttributes(this IRequest request) { if (request == null) { return(TypeConstants <string> .EmptyHashSet); } if (request.Items.TryGetValue(Keywords.Attributes, out var oAttrs)) { return((HashSet <string>)oAttrs); } var authSession = request.GetSession(); var attrs = new HashSet <string>(); if (authSession?.IsAuthenticated == true) { attrs.Add("auth"); if (HostContext.HasValidAuthSecret(request)) { attrs.Add(RoleNames.Admin); } var roles = authSession.Roles; var permissions = authSession.Permissions; if (roles.IsEmpty() && permissions.IsEmpty()) { var authRepo = HostContext.AppHost.GetAuthRepository(request); using (authRepo as IDisposable) { if (authRepo is IManageRoles manageRoles) { manageRoles.GetRolesAndPermissions(authSession.UserAuthId, out var iroles, out var ipermissions); roles = iroles.ToList(); permissions = ipermissions.ToList(); } } } if (roles != null) { foreach (var role in roles) { attrs.Add("role:" + role); } } if (permissions != null) { foreach (var perm in permissions) { attrs.Add("perm:" + perm); } } if (authSession is IAuthSessionExtended extended) { if (extended.Scopes != null) { foreach (var item in extended.Scopes) { attrs.Add("scope:" + item); } } } var claims = request.GetClaims(); if (claims != null) { foreach (var claim in claims) { attrs.Add("claim:" + claim); } } } request.Items[Keywords.Attributes] = attrs; return(attrs); }
public static HashSet <string> GetUserAttributes(this IRequest request) { if (request == null) { return(TypeConstants <string> .EmptyHashSet); } if (request.Items.TryGetValue(Keywords.Attributes, out var oAttrs)) { return((HashSet <string>)oAttrs); } var authSession = request.GetSession(); var attrs = new HashSet <string>(); if (authSession?.IsAuthenticated == true) { attrs.Add("auth"); if (HostContext.HasValidAuthSecret(request)) { attrs.Add(RoleNames.Admin); } if (authSession.Roles != null) { foreach (var role in authSession.Roles) { attrs.Add("role:" + role); } } if (authSession.Permissions != null) { foreach (var perm in authSession.Permissions) { attrs.Add("perm:" + perm); } } if (authSession is IAuthSessionExtended extended) { if (extended.Scopes != null) { foreach (var item in extended.Scopes) { attrs.Add("scope:" + item); } } } var claims = request.GetClaims(); if (claims != null) { foreach (var claim in claims) { attrs.Add("claim:" + claim); } } } request.Items[Keywords.Attributes] = attrs; return(attrs); }