protected override Task <AuthenticateResult> HandleAuthenticateAsync()
{
_logger.LogDebug("Parsing the header for SiteMinder authentication credentials...");
string username = this.SiteMinderUserId;
string siteMinderGuid = this.SiteMinderGuid;
if (string.IsNullOrEmpty(username))
{
// Defer to another layer ...
_logger.LogWarning($"Missing username");
return(Task.FromResult(AuthenticateResult.Fail("Missing SiteMinder UserId!")));
}
if (string.IsNullOrEmpty(siteMinderGuid))
{
// Defer to another layer ...
_logger.LogWarning($"Missing guid!");
return(Task.FromResult(AuthenticateResult.Fail("Missing SiteMinder Guid!")));
}
var user = _context.LoadUser(username, siteMinderGuid);
if (user == null)
{
// Defer to another layer ...
_logger.LogWarning($"Could not find user {username}!");
return(Task.FromResult(AuthenticateResult.Fail("Invalid credentials!")));
}
if (user.Active == false)
{
// Defer to another layer ...
_logger.LogWarning($"Inactive user attempting to login {username}!");
return(Task.FromResult(AuthenticateResult.Fail("Inactive user cannot login!")));
}
ClaimsPrincipal principal = user.ToClaimsPrincipal(Options.AuthenticationScheme);
_logger.LogInformation($"Setting identity to {principal.Identity.Name} ...");
AuthenticationTicket ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
return(Task.FromResult(AuthenticateResult.Success(ticket)));
}
protected override Task <AuthenticateResult> HandleAuthenticateAsync()
{
_logger.LogDebug("Parsing the request for development environment authentication credentials ...");
// Look for credentials in the request cookies ...
var username = Request.Cookies[Options.AuthenticationTokenKey];
// Look for credentials in the request headers ...
if (string.IsNullOrEmpty(username))
{
username = Request.Headers[Options.AuthenticationTokenKey];
}
if (string.IsNullOrEmpty(username))
{
// Defer to another layer ...
_logger.LogWarning($"Could not find user information in the request!");
return(Task.FromResult(AuthenticateResult.Fail("Missing required authentication information!")));
}
var user = _context.LoadUser(username);
if (user == null)
{
// Defer to another layer ...
_logger.LogWarning($"Could not find user {username}!");
return(Task.FromResult(AuthenticateResult.Fail("Invalid credentials!")));
}
ClaimsPrincipal principal = user.ToClaimsPrincipal(Options.AuthenticationScheme);
_logger.LogInformation($"Setting identity to {principal.Identity.Name} ...");
AuthenticationTicket ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
return(Task.FromResult(AuthenticateResult.Success(ticket)));
}
/// <summary>
/// Process Authentication Request
/// </summary>
/// <returns></returns>
protected override Task <AuthenticateResult> HandleAuthenticateAsync()
{
// get siteminder headers
_logger.LogDebug("Parsing the HTTP headers for SiteMinder authentication credential");
SiteMinderAuthOptions options = new SiteMinderAuthOptions();
try
{
ClaimsPrincipal principal;
HttpContext context = Request.HttpContext;
IDbAppContext dbAppContext = (DbAppContext)context.RequestServices.GetService(typeof(DbAppContext));
IHostingEnvironment hostingEnv = (IHostingEnvironment)context.RequestServices.GetService(typeof(IHostingEnvironment));
UserSettings userSettings = new UserSettings();
string userId = "";
string siteMinderGuid = "";
// **************************************************
// If this is an Error or Authentiation API - Ignore
// **************************************************
string url = context.Request.GetDisplayUrl().ToLower();
if (url.Contains("/authentication/dev") ||
url.Contains("/error") ||
url.Contains(".map") ||
url.Contains(".js"))
{
return(Task.FromResult(AuthenticateResult.NoResult()));
}
// **************************************************
// Check if we have a Dev Environment Cookie
// **************************************************
if (hostingEnv.IsDevelopment())
{
string temp = context.Request.Cookies[options.DevAuthenticationTokenKey];
if (!string.IsNullOrEmpty(temp))
{
userId = temp;
}
}
// **************************************************
// Check if the user session is already created
// **************************************************
try
{
_logger.LogInformation("Checking user session");
userSettings = UserSettings.ReadUserSettings(context);
}
catch
{
//do nothing
}
// is user authenticated - if so we're done
if ((userSettings.UserAuthenticated && string.IsNullOrEmpty(userId)) ||
(userSettings.UserAuthenticated && !string.IsNullOrEmpty(userId) &&
!string.IsNullOrEmpty(userSettings.UserId) && userSettings.UserId == userId))
{
_logger.LogInformation("User already authenticated with active session: " + userSettings.UserId);
principal = userSettings.HetsUser.ToClaimsPrincipal(options.Scheme);
return(Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, null, Options.Scheme))));
}
// **************************************************
// Authenticate based on SiteMinder Headers
// **************************************************
_logger.LogDebug("Parsing the HTTP headers for SiteMinder authentication credential");
if (string.IsNullOrEmpty(userId))
{
userId = context.Request.Headers[options.SiteMinderUserNameKey];
if (string.IsNullOrEmpty(userId))
{
userId = context.Request.Headers[options.SiteMinderUniversalIdKey];
}
siteMinderGuid = context.Request.Headers[options.SiteMinderUserGuidKey];
// **************************************************
// Validate credentials
// **************************************************
if (string.IsNullOrEmpty(userId))
{
_logger.LogError(options.MissingSiteMinderUserIdError);
return(Task.FromResult(AuthenticateResult.Fail(options.MissingSiteMinderGuidError)));
}
if (string.IsNullOrEmpty(siteMinderGuid))
{
_logger.LogError(options.MissingSiteMinderGuidError);
return(Task.FromResult(AuthenticateResult.Fail(options.MissingSiteMinderGuidError)));
}
}
// **************************************************
// Validate credential against database
// **************************************************
userSettings.HetsUser = hostingEnv.IsDevelopment()
? dbAppContext.LoadUser(userId)
: dbAppContext.LoadUser(userId, siteMinderGuid);
if (userSettings.HetsUser == null)
{
_logger.LogWarning(options.MissingDbUserIdError + " (" + userId + ")");
return(Task.FromResult(AuthenticateResult.Fail(options.MissingDbUserIdError)));
}
if (!userSettings.HetsUser.Active)
{
_logger.LogWarning(options.InactivegDbUserIdError + " (" + userId + ")");
return(Task.FromResult(AuthenticateResult.Fail(options.InactivegDbUserIdError)));
}
// **************************************************
// Create authenticated user
// **************************************************
_logger.LogInformation("Authentication successful: " + userId);
_logger.LogInformation("Setting identity and creating session for: " + userId);
// create session info
userSettings.UserId = userId;
userSettings.UserAuthenticated = true;
// update user settings
UserSettings.SaveUserSettings(userSettings, context);
// done!
principal = userSettings.HetsUser.ToClaimsPrincipal(options.Scheme);
return(Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, null, Options.Scheme))));
}
catch (Exception exception)
{
_logger.LogError(exception.Message);
Console.WriteLine(exception);
throw;
}
}