public void LogIn(IUserAuthData user, bool isPersistent, params Claim[] extraClaims) { ClaimsIdentity identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie , ClaimsIdentity.DefaultNameClaimType , ClaimsIdentity.DefaultRoleClaimType); identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider" , _title , ClaimValueTypes.String)); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString(), ClaimValueTypes.String)); identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, user.FirstName, ClaimValueTypes.String)); if (user.Roles != null && user.Roles.Any()) { foreach (string singleRole in user.Roles) { identity.AddClaim(new Claim(ClaimsIdentity.DefaultRoleClaimType, singleRole, ClaimValueTypes.String)); } } identity.AddClaims(extraClaims); Microsoft.Owin.Security.AuthenticationProperties props = new Microsoft.Owin.Security.AuthenticationProperties { IsPersistent = isPersistent, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddDays(60), AllowRefresh = true }; HttpContext.Current.GetOwinContext().Authentication.SignIn(props, identity); }
private void IssueAuthenticationCookie(string signInMessageId, AuthenticateResult authResult, bool?rememberMe = null) { if (authResult == null) { throw new ArgumentNullException("authResult"); } if (authResult.IsPartialSignIn) { Logger.Info("issuing partial signin cookie"); } else { Logger.Info("issuing primary signin cookie"); } var props = new Microsoft.Owin.Security.AuthenticationProperties(); var id = authResult.User.Identities.First(); if (authResult.IsPartialSignIn) { // add claim so partial redirect can return here to continue login // we need a random ID to resume, and this will be the query string // to match a claim added. the claim added will be the original // signIn ID. var resumeId = CryptoRandom.CreateUniqueId(); var resumeLoginUrl = context.GetPartialLoginResumeUrl(resumeId); var resumeLoginClaim = new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, resumeLoginUrl); id.AddClaim(resumeLoginClaim); id.AddClaim(new Claim(GetClaimTypeForResumeId(resumeId), signInMessageId)); } else { signInMessageCookie.Clear(signInMessageId); sessionCookie.IssueSessionId(rememberMe); } if (!authResult.IsPartialSignIn) { // don't issue persistnt cookie if it's a partial signin if (rememberMe == true || (rememberMe != false && this.options.AuthenticationOptions.CookieOptions.IsPersistent)) { // only issue persistent cookie if user consents (rememberMe == true) or // if server is configured to issue persistent cookies and user has not explicitly // denied the rememberMe (false) // if rememberMe is null, then user was not prompted for rememberMe props.IsPersistent = true; if (rememberMe == true) { var expires = DateTimeHelper.UtcNow.Add(options.AuthenticationOptions.CookieOptions.RememberMeDuration); props.ExpiresUtc = new DateTimeOffset(expires); } } } context.Authentication.SignIn(props, id); }
private void IssueAuthenticationCookie(SignInMessage signInMessage, string signInMessageId, AuthenticateResult authResult, bool?rememberMe = null) { if (signInMessage == null) { throw new ArgumentNullException("signInId"); } if (authResult == null) { throw new ArgumentNullException("authResult"); } Logger.InfoFormat("issuing cookie{0}", authResult.IsPartialSignIn ? " (partial login)" : ""); var props = new Microsoft.Owin.Security.AuthenticationProperties(); var id = authResult.User.Identities.First(); if (authResult.IsPartialSignIn) { // add claim so partial redirect can return here to continue login // we need a random ID to resume, and this will be the query string // to match a claim added. the claim added will be the original // signIn ID. var resumeId = Guid.NewGuid().ToString("N"); var resumeLoginUrl = Url.Link(Constants.RouteNames.ResumeLoginFromRedirect, new { resume = resumeId }); var resumeLoginClaim = new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, resumeLoginUrl); id.AddClaim(resumeLoginClaim); id.AddClaim(new Claim(GetClaimTypeForResumeId(resumeId), signInMessageId)); } else { ClearSignInCookie(signInMessageId); } if (!authResult.IsPartialSignIn) { // don't issue persistnt cookie if it's a partial signin if (rememberMe == true || (rememberMe != false && this._options.AuthenticationOptions.CookieOptions.IsPersistent)) { // only issue persistent cookie if user consents (rememberMe == true) or // if server is configured to issue persistent cookies and user has not explicitly // denied the rememberMe (false) // if rememberMe is null, then user was not prompted for rememberMe props.IsPersistent = true; if (rememberMe == true) { var expires = DateTime.UtcNow.Add(_options.AuthenticationOptions.CookieOptions.RememberMeDuration); props.ExpiresUtc = new DateTimeOffset(expires); } } } ClearAuthenticationCookies(); var ctx = Request.GetOwinContext(); ctx.Authentication.SignIn(props, id); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); IdentityUser user; using (AuthRepository _repo = new AuthRepository()) { user = await _repo.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("role", "user")); Microsoft.Owin.Security.AuthenticationProperties properties = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string> { { "userId", user.Id } }); Microsoft.Owin.Security.AuthenticationTicket ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, properties); // the above didn't worked so working around for the same context.Validated(ticket); // context.Validated(identity); }
private async Task<string> GenerateUserToken(ApplicationUser validatedUser) { CustomJwtFormat jwt = new CustomJwtFormat("http://jv.com"); var identity = await validatedUser.GenerateUserIdentityAsync(AppUserManager, "password"); Microsoft.Owin.Security.AuthenticationProperties properties = new Microsoft.Owin.Security.AuthenticationProperties(); properties.IssuedUtc = DateTime.Now.ToUniversalTime(); properties.ExpiresUtc = DateTime.Now.AddMinutes(5).ToUniversalTime(); return jwt.Protect(new Microsoft.Owin.Security.AuthenticationTicket(identity, properties)); }
protected override void Postprocess(Microsoft.Owin.IOwinContext ctx) { if (SignInIdentity != null) { var props = new Microsoft.Owin.Security.AuthenticationProperties(); props.Dictionary.Add("signin", SignInId); ctx.Authentication.SignIn(props, SignInIdentity); SignInIdentity = null; } }
private async Task <string> GenerateUserToken(ApplicationUser validatedUser) { CustomJwtFormat jwt = new CustomJwtFormat("http://jv.com"); var identity = await validatedUser.GenerateUserIdentityAsync(AppUserManager, "password"); Microsoft.Owin.Security.AuthenticationProperties properties = new Microsoft.Owin.Security.AuthenticationProperties(); properties.IssuedUtc = DateTime.Now.ToUniversalTime(); properties.ExpiresUtc = DateTime.Now.AddMinutes(5).ToUniversalTime(); return(jwt.Protect(new Microsoft.Owin.Security.AuthenticationTicket(identity, properties))); }
public override void ExecuteResult(ControllerContext Context) { var Properties = new Microsoft.Owin.Security.AuthenticationProperties() { RedirectUri = RedirectUri }; if (UserId != null) { Properties.Dictionary[XsrfKey] = UserId; } Context.HttpContext.GetOwinContext().Authentication.Challenge(Properties, Provider); }
public override void ExecuteResult(ControllerContext context) { var properties = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = RedirectUri }; if (UserId != null) { properties.Dictionary[XsrfKey] = UserId; } context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider); }
/// <summary> /// 发放。授权资源访问凭证 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async System.Threading.Tasks.Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context) { //return base.GrantResourceOwnerCredentials(context); var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); //鉴定ClientID之后。授权来源 if (allowedOrigin == null) { allowedOrigin = this.userClientAuth? "*" : this.AnoymouseAllowedOrigins; } /////ngauthenticationweb Access-Control-Allow-Origin //来源鉴定 context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", allowedOrigin.Split(',')); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE" }); Microsoft.AspNet.Identity.EntityFramework.IdentityUser user = await authRepository.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "用户名,密码不正确"); return; } //claim based 认证 var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, context.UserName)); identity.AddClaim(new System.Security.Claims.Claim("sub", context.UserName)); identity.AddClaim(new System.Security.Claims.Claim("role", "user")); //identity.AddClaim(new System.Security.Claims.Claim("test", "test")); var claims = MallAuth.ServerCache.GlobalCache.getInstance().getUserClaims(context.UserName); foreach (var item in claims) { identity.AddClaim(new System.Security.Claims.Claim(item.Type, item.Value)); } ///额外的响应参数.注意这个和Claim不同 var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props); context.Validated(ticket); //context.Validated(identity); }
protected override void Postprocess(Microsoft.Owin.IOwinContext ctx) { if (SignInIdentity != null) { var props = new Microsoft.Owin.Security.AuthenticationProperties(); props.Dictionary.Add("signin", SignInId); if (SignInIdentity.AuthenticationType == Constants.ExternalAuthenticationType) { props.Dictionary.Add("katanaAuthenticationType", "Google"); } ctx.Authentication.SignIn(props, SignInIdentity); SignInIdentity = null; } }
/// <summary> /// This does the mechanics of getting IdSrv to log you in and set an auth cookie /// Basically copy & paste from the auth controller /// Suggest this is refactored in IdSrv to call it easily /// </summary> private void SetTheIdSrvAuthCookie(AuthenticateResult p) { var user = CreateFromPrincipal(p.User, Constants.PrimaryAuthenticationType); this.owinContext.Authentication.SignOut( Constants.PrimaryAuthenticationType, Constants.ExternalAuthenticationType, Constants.PartialSignInAuthenticationType); var props = new Microsoft.Owin.Security.AuthenticationProperties(); var id = user.Identities.First(); this.owinContext.Authentication.SignIn(props, id); }
public IHttpActionResult LoginExternal(string provider) { logger.Start("[AuthenticationController.LoginExternal] called"); VerifyLoginRequestMessage(); var ctx = Request.GetOwinContext(); var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; Request.GetOwinContext().Authentication.Challenge(authProp, provider); return(Unauthorized()); }
public IHttpActionResult LoginExternal(string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); VerifySignInMessage(); var ctx = Request.GetOwinContext(); var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; Request.GetOwinContext().Authentication.Challenge(authProp, provider); return(Unauthorized()); }
public ActionResult Login(LoginModel model) { if (model.Password == null || model.EmailAddress == null) { return(View()); } //var getTokenUrl = string.Format(ApiEndPoints.AuthorisationTokenEndpoint.Post.Token, ConfigurationManager.AppSettings["ApiBaseUri"]); var getTokenUrl = "http://localhost:57359/token"; using (HttpClient httpClient = new HttpClient()) { HttpContent content = new FormUrlEncodedContent(new[] { new KeyValuePair <string, string>("grant_type", "password"), new KeyValuePair <string, string>("username", model.EmailAddress), //new KeyValuePair<string, string>("username", "ElenaElena2"), new KeyValuePair <string, string>("password", model.Password) //new KeyValuePair<string, string>("password", "SuperPass") }); HttpResponseMessage result = httpClient.PostAsync(getTokenUrl, content).Result; string resultContent = result.Content.ReadAsStringAsync().Result; var token = JsonConvert.DeserializeObject <Token>(resultContent); Microsoft.Owin.Security.AuthenticationProperties options = new Microsoft.Owin.Security.AuthenticationProperties(); options.AllowRefresh = true; options.IsPersistent = true; options.ExpiresUtc = DateTime.UtcNow.AddSeconds(int.Parse(token.expires_in)); var claims = new[] { //new Claim(ClaimTypes.Name, model.EmailAddress), new Claim(ClaimTypes.Name, "ElenaElena2"), new Claim("AcessToken", string.Format("Bearer {0}", token.access_token)), }; var identity = new ClaimsIdentity(claims, "ApplicationCookie"); Request.GetOwinContext().Authentication.SignIn(options, identity); } return(RedirectToAction("Index", "OrderList")); }
public async Task <IHttpActionResult> LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return(RenderErrorPage()); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new MessageCookie <SignInMessage>(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } var providerFilter = await GetProviderFilterForClientAsync(signInMessage); if (providerFilter != null && providerFilter.Any() && !providerFilter.Contains(provider)) { Logger.ErrorFormat("Provider {0} not allowed for client: {1}", provider, signInMessage.ClientId); return(RenderErrorPage()); } var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add(Constants.Authentication.SigninId, signin); authProp.Dictionary.Add(Constants.Authentication.KatanaAuthenticationType, provider); Request.GetOwinContext().Authentication.Challenge(authProp, provider); return(Unauthorized()); }
public async Task <IHttpActionResult> LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return(RenderErrorPage(localizationService.GetMessage(MessageIds.NoExternalProvider))); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie))); } var signInMessage = signInMessageCookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie))); } if (!(await clientStore.IsValidIdentityProviderAsync(signInMessage.ClientId, provider))) { Logger.ErrorFormat("Provider {0} not allowed for client: {1}", provider, signInMessage.ClientId); return(RenderErrorPage()); } var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add(Constants.Authentication.SigninId, signin); authProp.Dictionary.Add(Constants.Authentication.KatanaAuthenticationType, provider); context.Authentication.Challenge(authProp, provider); return(Unauthorized()); }
protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { List <string> providerNames = HttpContext.Current.GetOwinContext().Authentication .GetAuthenticationTypes((d) => d.Properties != null && d.Properties.ContainsKey("Caption")) .Select(t => t.AuthenticationType).ToList(); ListView1.DataSource = providerNames; ListView1.DataBind(); } else { var provider = Request.Form["provider"]; if (provider == null) { return; } else { string returnUrl = Request["ReturnUrl"]; if (String.IsNullOrEmpty(returnUrl)) { returnUrl = "/"; } var properties = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = returnUrl }; HttpContext.Current.GetOwinContext().Authentication.Challenge(properties, provider); } } }
public IHttpActionResult LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return(RenderErrorPage()); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new SignInMessageCookie(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } var ctx = Request.GetOwinContext(); var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add("signin", signin); Request.GetOwinContext().Authentication.Challenge(authProp, provider); return(Unauthorized()); }
private void IssueAuthenticationCookie( AuthenticateResult authResult, string authenticationMethod, string identityProvider, long authTime) { if (authResult == null) { throw new ArgumentNullException("authResult"); } if (String.IsNullOrWhiteSpace(authenticationMethod)) { throw new ArgumentNullException("authenticationMethod"); } if (String.IsNullOrWhiteSpace(identityProvider)) { throw new ArgumentNullException("identityProvider"); } Logger.InfoFormat("logging user in as subject: {0}, name: {1}{2}", authResult.Subject, authResult.Name, authResult.IsPartialSignIn ? " (partial login)" : ""); var issuer = authResult.IsPartialSignIn ? Constants.PartialSignInAuthenticationType : Constants.PrimaryAuthenticationType; var principal = IdentityServerPrincipal.Create( authResult.Subject, authResult.Name, authenticationMethod, identityProvider, issuer, authTime); var props = new Microsoft.Owin.Security.AuthenticationProperties(); var id = principal.Identities.First(); if (authResult.IsPartialSignIn) { // add claim so partial redirect can return here to continue login var resumeLoginUrl = Url.Link(Constants.RouteNames.ResumeLoginFromRedirect, null); var resumeLoginClaim = new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, resumeLoginUrl); id.AddClaim(resumeLoginClaim); // store original authorization url as claim // so once we result we can return to authorization page var signInMessage = LoadSignInMessage(); var authorizationUrl = signInMessage.ReturnUrl; var authorizationUrlClaim = new Claim(Constants.ClaimTypes.AuthorizationReturnUrl, authorizationUrl); id.AddClaim(authorizationUrlClaim); // allow redircting code to add claims for target page id.AddClaims(authResult.RedirectClaims); } else if (this._options.CookieOptions.IsPersistent) { props.IsPersistent = true; } ClearAuthenticationCookies(); var ctx = Request.GetOwinContext(); ctx.Authentication.SignIn(props, id); }
public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin"); if (allowedOrigin == null) { allowedOrigin = "*"; } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); using (AuthRepository repo = new AuthRepository()) { Microsoft.AspNet.Identity.EntityFramework.IdentityUser user = await repo.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name and password doesnt match the records"); return; } } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("role", "user")); var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string> { { "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props); context.Validated(ticket); }
public async Task<IHttpActionResult> LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return RenderErrorPage(); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return RenderErrorPage(); } var cookie = new MessageCookie<SignInMessage>(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return RenderErrorPage(); } var providerFilter = await GetProviderFilterForClientAsync(signInMessage); if (providerFilter != null && providerFilter.Any() && !providerFilter.Contains(provider)) { Logger.ErrorFormat("Provider {0} not allowed for client: {1}", provider, signInMessage.ClientId); return RenderErrorPage(); } var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add(Constants.Authentication.SigninId, signin); authProp.Dictionary.Add(Constants.Authentication.KatanaAuthenticationType, provider); Request.GetOwinContext().Authentication.Challenge(authProp, provider); return Unauthorized(); }
public async Task <IHttpActionResult> LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return(RenderErrorPage(localizationService.GetMessage(MessageIds.NoExternalProvider))); } if (provider.Length > options.InputLengthRestrictions.IdentityProvider) { Logger.Error("Provider parameter passed was larger than max length"); return(RenderErrorPage()); } if (signin.IsMissing()) { Logger.Info("No signin id passed"); return(HandleNoSignin()); } if (signin.Length > MaxSignInMessageLength) { Logger.Error("Signin parameter passed was larger than max length"); return(RenderErrorPage()); } var signInMessage = signInMessageCookie.Read(signin); if (signInMessage == null) { Logger.Info("No cookie matching signin id found"); return(HandleNoSignin()); } if (!(await clientStore.IsValidIdentityProviderAsync(signInMessage.ClientId, provider))) { var msg = String.Format("External login error: provider {0} not allowed for client: {1}", provider, signInMessage.ClientId); Logger.ErrorFormat(msg); await eventService.RaiseFailureEndpointEventAsync(EventConstants.EndpointNames.Authenticate, msg); return(RenderErrorPage()); } if (context.IsValidExternalAuthenticationProvider(provider) == false) { var msg = String.Format("External login error: provider requested {0} is not a configured external provider", provider); Logger.ErrorFormat(msg); await eventService.RaiseFailureEndpointEventAsync(EventConstants.EndpointNames.Authenticate, msg); return(RenderErrorPage()); } var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; Logger.Info("Triggering challenge for external identity provider"); // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add(Constants.Authentication.SigninId, signin); authProp.Dictionary.Add(Constants.Authentication.KatanaAuthenticationType, provider); context.Authentication.Challenge(authProp, provider); return(Unauthorized()); }
public IHttpActionResult LoginExternal(string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); VerifySignInMessage(); var ctx = Request.GetOwinContext(); var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; Request.GetOwinContext().Authentication.Challenge(authProp, provider); return Unauthorized(); }
private void IssueAuthenticationCookie(IOwinContext context, string signInMessageId, AuthenticateResult authResult, bool rememberMe) { if (authResult == null) { throw new ArgumentNullException("authResult"); } var props = new Microsoft.Owin.Security.AuthenticationProperties(); var id = authResult.User.Identities.First(); if (authResult.IsPartialSignIn) { // add claim so partial redirect can return here to continue login // we need a random ID to resume, and this will be the query string // to match a claim added. the claim added will be the original // signIn ID. var resumeId = Guid.NewGuid().ToString(); var resumeLoginUrl = context.Environment.GetIdentityServerBaseUrl() + Constants.RoutePaths.ResumeLoginFromRedirect + "?resume=" + resumeId; var resumeLoginClaim = new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, resumeLoginUrl); id.AddClaim(resumeLoginClaim); id.AddClaim(new Claim(String.Format(Constants.ClaimTypes.PartialLoginResumeId, resumeId), signInMessageId)); // add url to start login process over again (which re-triggers preauthenticate) var restartUrl = context.Environment.GetIdentityServerBaseUrl() + "custom/login?signin=" + signInMessageId; id.AddClaim(new Claim(Constants.ClaimTypes.PartialLoginRestartUrl, restartUrl)); } else { context.Environment.IssueLoginCookie(new IdentityServer3.Core.Models.AuthenticatedLogin { Subject = authResult.User.Identity.GetSubjectId(), Name = authResult.User.Identity.Name, PersistentLogin = rememberMe, Claims = id.Claims, }); } if (!authResult.IsPartialSignIn) { // don't issue persistnt cookie if it's a partial signin if (rememberMe == true || (rememberMe != false && options.AuthenticationOptions.CookieOptions.IsPersistent)) { // only issue persistent cookie if user consents (rememberMe == true) or // if server is configured to issue persistent cookies and user has not explicitly // denied the rememberMe (false) // if rememberMe is null, then user was not prompted for rememberMe props.IsPersistent = true; if (rememberMe == true) { var expires = DateTime.SpecifyKind(DateTimeOffset.UtcNow.DateTime, DateTimeKind.Utc).Add(options.AuthenticationOptions.CookieOptions.RememberMeDuration); props.ExpiresUtc = new DateTimeOffset(expires); } } } else { // if rememberme set, then store for later use once we need to issue login cookie props.Dictionary.Add(Constants.Authentication.PartialLoginRememberMe, rememberMe ? "true" : "false"); } context.Authentication.SignIn(props, id); }
public async Task<IHttpActionResult> LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return RenderErrorPage(localizationService.GetMessage(MessageIds.NoExternalProvider)); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie)); } var signInMessage = signInMessageCookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie)); } if (!(await clientStore.IsValidIdentityProviderAsync(signInMessage.ClientId, provider))) { Logger.ErrorFormat("Provider {0} not allowed for client: {1}", provider, signInMessage.ClientId); return RenderErrorPage(); } var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add(Constants.Authentication.SigninId, signin); authProp.Dictionary.Add(Constants.Authentication.KatanaAuthenticationType, provider); context.Authentication.Challenge(authProp, provider); return Unauthorized(); }
public async Task<IHttpActionResult> LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return RenderErrorPage(localizationService.GetMessage(MessageIds.NoExternalProvider)); } if (provider.Length > options.InputLengthRestrictions.IdentityProvider) { Logger.Error("Provider parameter passed was larger than max length"); return RenderErrorPage(); } if (signin.IsMissing()) { Logger.Info("No signin id passed"); return HandleNoSignin(); } if (signin.Length > MaxSignInMessageLength) { Logger.Error("Signin parameter passed was larger than max length"); return RenderErrorPage(); } var signInMessage = signInMessageCookie.Read(signin); if (signInMessage == null) { Logger.Info("No cookie matching signin id found"); return HandleNoSignin(); } if (!(await clientStore.IsValidIdentityProviderAsync(signInMessage.ClientId, provider))) { var msg = String.Format("External login error: provider {0} not allowed for client: {1}", provider, signInMessage.ClientId); Logger.ErrorFormat(msg); await eventService.RaiseFailureEndpointEventAsync(EventConstants.EndpointNames.Authenticate, msg); return RenderErrorPage(); } if (context.IsValidExternalAuthenticationProvider(provider) == false) { var msg = String.Format("External login error: provider requested {0} is not a configured external provider", provider); Logger.ErrorFormat(msg); await eventService.RaiseFailureEndpointEventAsync(EventConstants.EndpointNames.Authenticate, msg); return RenderErrorPage(); } var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; Logger.Info("Triggering challenge for external identity provider"); // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add(Constants.Authentication.SigninId, signin); authProp.Dictionary.Add(Constants.Authentication.KatanaAuthenticationType, provider); context.Authentication.Challenge(authProp, provider); return Unauthorized(); }
private void IssueAuthenticationCookie( AuthenticateResult authResult, string authenticationMethod, string identityProvider, long authTime) { if (authResult == null) throw new ArgumentNullException("authResult"); if (String.IsNullOrWhiteSpace(authenticationMethod)) throw new ArgumentNullException("authenticationMethod"); if (String.IsNullOrWhiteSpace(identityProvider)) throw new ArgumentNullException("identityProvider"); Logger.InfoFormat("logging user in as subject: {0}, name: {1}{2}", authResult.Subject, authResult.Name, authResult.IsPartialSignIn ? " (partial login)" : ""); var issuer = authResult.IsPartialSignIn ? Constants.PartialSignInAuthenticationType : Constants.PrimaryAuthenticationType; var principal = IdentityServerPrincipal.Create( authResult.Subject, authResult.Name, authenticationMethod, identityProvider, issuer, authTime); var props = new Microsoft.Owin.Security.AuthenticationProperties(); var id = principal.Identities.First(); if (authResult.IsPartialSignIn) { // add claim so partial redirect can return here to continue login var resumeLoginUrl = Url.Link(Constants.RouteNames.ResumeLoginFromRedirect, null); var resumeLoginClaim = new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, resumeLoginUrl); id.AddClaim(resumeLoginClaim); // store original authorization url as claim // so once we result we can return to authorization page var signInMessage = LoadSignInMessage(); var authorizationUrl = signInMessage.ReturnUrl; var authorizationUrlClaim = new Claim(Constants.ClaimTypes.AuthorizationReturnUrl, authorizationUrl); id.AddClaim(authorizationUrlClaim); // allow redircting code to add claims for target page id.AddClaims(authResult.RedirectClaims); } else if (this._options.CookieOptions.IsPersistent) { props.IsPersistent = true; } ClearAuthenticationCookies(); var ctx = Request.GetOwinContext(); ctx.Authentication.SignIn(props, id); }
private void IssueAuthenticationCookie(string signInMessageId, AuthenticateResult authResult, bool? rememberMe = null) { if (authResult == null) throw new ArgumentNullException("authResult"); Logger.InfoFormat("issuing cookie{0}", authResult.IsPartialSignIn ? " (partial login)" : ""); var props = new Microsoft.Owin.Security.AuthenticationProperties(); var id = authResult.User.Identities.First(); if (authResult.IsPartialSignIn) { // add claim so partial redirect can return here to continue login // we need a random ID to resume, and this will be the query string // to match a claim added. the claim added will be the original // signIn ID. var resumeId = CryptoRandom.CreateUniqueId(); var resumeLoginUrl = context.GetPartialLoginResumeUrl(resumeId); var resumeLoginClaim = new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, resumeLoginUrl); id.AddClaim(resumeLoginClaim); id.AddClaim(new Claim(GetClaimTypeForResumeId(resumeId), signInMessageId)); } else { signInMessageCookie.Clear(signInMessageId); } if (!authResult.IsPartialSignIn) { // don't issue persistnt cookie if it's a partial signin if (rememberMe == true || (rememberMe != false && this.options.AuthenticationOptions.CookieOptions.IsPersistent)) { // only issue persistent cookie if user consents (rememberMe == true) or // if server is configured to issue persistent cookies and user has not explicitly // denied the rememberMe (false) // if rememberMe is null, then user was not prompted for rememberMe props.IsPersistent = true; if (rememberMe == true) { var expires = DateTimeHelper.UtcNow.Add(options.AuthenticationOptions.CookieOptions.RememberMeDuration); props.ExpiresUtc = new DateTimeOffset(expires); } } } ClearAuthenticationCookies(); context.Authentication.SignIn(props, id); }
public IHttpActionResult LoginExternal(string provider) { logger.Start("[AuthenticationController.LoginExternal] called"); VerifyLoginRequestMessage(); var ctx = Request.GetOwinContext(); var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; Request.GetOwinContext().Authentication.Challenge(authProp, provider); return Unauthorized(); }