private void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e) { double sessionLifetimeInMinutes = (e.SessionToken.ValidTo - e.SessionToken.ValidFrom).TotalMinutes; var logonTokenCacheExpirationWindow = TimeSpan.FromSeconds(1); SPSecurity.RunWithElevatedPrivileges(delegate() { logonTokenCacheExpirationWindow = Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.Local.LogonTokenCacheExpirationWindow; }); DateTime now = DateTime.UtcNow; DateTime validTo = e.SessionToken.ValidTo - logonTokenCacheExpirationWindow; DateTime validFrom = e.SessionToken.ValidFrom; if ((now < validTo) && (now > validFrom.AddMinutes((validTo - validFrom).TotalMinutes / 2))) { SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule; e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context, now, now.AddMinutes(sessionLifetimeInMinutes), e.SessionToken.IsPersistent); e.ReissueCookie = true; } }
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e) { System.Diagnostics.Trace.WriteLine("Handling SessionSecurityTokenReceived event"); // https://brockallen.com/2013/02/17/sliding-sessions-in-wif-with-the-session-authentication-module-sam-and-thinktecture-identitymodel/ SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule; var handler = (SessionSecurityTokenHandler)FederatedAuthentication.FederationConfiguration.IdentityConfiguration .SecurityTokenHandlers[typeof(SessionSecurityToken)]; Console.WriteLine("Session Time {0} {1} {2} {3}", handler.TokenLifetime, DateTime.UtcNow, e.SessionToken.ValidFrom, e.SessionToken.ValidTo); /*var token = e.SessionToken; * * e.SessionToken = * new SessionSecurityToken( * token.ClaimsPrincipal, * token.Context, * DateTime.UtcNow, * DateTime.UtcNow.AddMinutes(handler.TokenLifetime.Minutes)) * { * IsPersistent = token.IsPersistent, * IsReferenceMode = token.IsReferenceMode * }; * * e.ReissueCookie = true;*/ }
public ActionResult SignOut() { SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule; sam.SignOut(); return(this.Redirect("~/")); }
public LogAction(SessionAuthenticationModule sessionAuthModule) { if (sessionAuthModule == null) { throw new ArgumentNullException("sessionAuthModule"); } this.sessionAuthModule = sessionAuthModule; }
private bool HandleResponseMessage() { try { var responseMessage = FederationAuthenticationModule.GetSignInResponseMessage(new HttpRequestWrapper(this.Context.Request)); if (responseMessage != null) { string xmlTokenFromMessage = this.FederationAuthenticationModule.GetXmlTokenFromMessage(responseMessage, null); FederationConfiguration serviceConfiguration = this.FederationAuthenticationModule.FederationConfiguration; //ServiceConfiguration serviceConfiguration = CUFSSecurityTokenServiceConfiguration.Current; FederationPassiveTokenReceiver tokenReceiver = new FederationPassiveTokenReceiver(serviceConfiguration); SecurityToken securityToken = tokenReceiver.ReadToken(xmlTokenFromMessage); SecurityTokenReceivedEventArgs securityTokenReceivedEventArgs = new SecurityTokenReceivedEventArgs(securityToken); this.OnSecurityTokenReceived(securityTokenReceivedEventArgs); if (!securityTokenReceivedEventArgs.Cancel) { ClaimsPrincipal claimsPrincipal = tokenReceiver.AuthenticateToken(securityTokenReceivedEventArgs.SecurityToken, true, HttpContext.Current.Request.RawUrl); if (claimsPrincipal != null) { SecurityTokenValidatedEventArgs securityTokenValidatedEventArgs = new SecurityTokenValidatedEventArgs(claimsPrincipal); this.OnSecurityTokenValidated(securityTokenValidatedEventArgs); if (!securityTokenValidatedEventArgs.Cancel) { SessionAuthenticationModule current = FederatedAuthentication.SessionAuthenticationModule; DateTime validFrom; DateTime validTo; tokenReceiver.ComputeSessionTokenLifeTime(securityTokenReceivedEventArgs.SecurityToken, out validFrom, out validTo); SessionSecurityToken sessionToken = current.CreateSessionSecurityToken(securityTokenValidatedEventArgs.ClaimsPrincipal, this.GetSessionTokenContext(), validFrom, validTo, false); SessionSecurityTokenCreatedEventArgs sessionSecurityTokenCreatedEventArgs = new SessionSecurityTokenCreatedEventArgs(sessionToken); sessionSecurityTokenCreatedEventArgs.WriteSessionCookie = true; this.OnSessionSecurityTokenCreated(sessionSecurityTokenCreatedEventArgs); this.FederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionSecurityTokenCreatedEventArgs.SessionToken, sessionSecurityTokenCreatedEventArgs.WriteSessionCookie); this.OnSignedIn(EventArgs.Empty); return(true); } } } } return(false); } catch (Exception ex) { this.ErrorText = ex.Message; return(false); } }
public static void SetCookie(string cookieName, string domain) { SessionAuthenticationModule sessionAuthenticationModule = FederatedAuthentication.SessionAuthenticationModule; if (sessionAuthenticationModule != null) { sessionAuthenticationModule.CookieHandler.Name = cookieName; sessionAuthenticationModule.CookieHandler.Domain = domain; } }
public async Task <ActionResult> Index(LoginViewModel model) //Login { if (!ModelState.IsValid) { return(View(model)); } var result = await repository.login(model); if (result.resultCode == 200 && !User.Identity.IsAuthenticated) { SessionAuthenticationModule sam = (SessionAuthenticationModule)this.HttpContext.ApplicationInstance.Modules["SessionAuthenticationModule"]; IClaimsPrincipal principal = new Microsoft.IdentityModel.Claims.ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(model.Email), null)); List <User> user = new List <User>(); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); string dummy = JsonConvert.SerializeObject(user); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Email, model.Email)); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.UserData, dummy)); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, "Admin")); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim("custom", "freecodespot custom claims")); var token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(20), false); sam.WriteSessionTokenToCookie(token); //FormsAuthentication.SetAuthCookie(model.Email, false); return(RedirectToAction("Index", "Home", result.Data)); //redirect to login form } else if (User.Identity.IsAuthenticated) { return(RedirectToAction("Index", "Home")); } else { ModelState.AddModelError("", result.message); } return(View()); }
private void ConfigureSession() { SessionAuthenticationModule sessionAuthenticationModule = FederatedAuthentication.SessionAuthenticationModule; if (sessionAuthenticationModule != null) { sessionAuthenticationModule.CookieHandler.Name = FormsAuthentication.FormsCookieName; sessionAuthenticationModule.CookieHandler.Domain = FormsAuthentication.CookieDomain; sessionAuthenticationModule.CookieHandler.RequireSsl = FormsAuthentication.RequireSSL; sessionAuthenticationModule.CookieHandler.Path = FormsAuthentication.FormsCookiePath; } }
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e) { int minutes = 60; DateTime now = DateTime.UtcNow; DateTime validTo = e.SessionToken.ValidTo; //This can reduce token updates count if (now < validTo) { SessionAuthenticationModule sam = sender as SessionAuthenticationModule; e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context, now, now.AddMinutes(minutes), e.SessionToken.IsPersistent); e.ReissueCookie = true; } }
public static void EnableSlidingSessionExpirations() { SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule; if (sam == null) { throw new ArgumentException("SessionAuthenticationModule is null"); } sam.SessionSecurityTokenReceived += delegate(object sender, SessionSecurityTokenReceivedEventArgs e) { var token = e.SessionToken; var duration = token.ValidTo.Subtract(token.ValidFrom); if (duration <= TimeSpan.Zero) { return; } var diff = token.ValidTo.Add(sam.ServiceConfiguration.MaxClockSkew).Subtract(DateTime.UtcNow); if (diff <= TimeSpan.Zero) { return; } var halfWay = duration.Add(sam.ServiceConfiguration.MaxClockSkew).TotalMinutes / 2; var timeLeft = diff.TotalMinutes; if (timeLeft <= halfWay) { // set duration not from original token, but from current app configuration var handler = sam.ServiceConfiguration.SecurityTokenHandlers[typeof(SessionSecurityToken)] as SessionSecurityTokenHandler; duration = handler.TokenLifetime; e.ReissueCookie = true; e.SessionToken = new SessionSecurityToken( token.ClaimsPrincipal, token.Context, DateTime.UtcNow, DateTime.UtcNow.Add(duration)) { IsPersistent = token.IsPersistent, IsSessionMode = token.IsSessionMode }; } }; }
private static void WriteCookie(AMSAdmin user, string timeOffsetValue) { SessionAuthenticationModule sam = (SessionAuthenticationModule) HttpContext.Current.ApplicationInstance.Modules["SessionAuthenticationModule"]; IClaimsPrincipal principal = new ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(user.LogonName), null)); principal.Identities[0].Claims.Add(new Claim("TimeOffset", timeOffsetValue)); principal.Identities[0].Claims.Add(new Claim("AMSAdminID", user.UserID)); principal.Identities[0].Claims.Add(new Claim("AMSAdminName", user.Name)); SessionSecurityToken token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(60), false); sam.WriteSessionTokenToCookie(token); }
public static void CacheSessionsOnServer(bool checkForSessionSecurityTokenCache = true) { if (checkForSessionSecurityTokenCache && !(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.Caches.SessionSecurityTokenCache is PassiveRepositorySessionSecurityTokenCache)) { throw new Exception("SessionSecurityTokenCache not configured."); } SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule; if (sam == null) { throw new ArgumentException("SessionAuthenticationModule is null"); } sam.IsReferenceMode = true; }
/// <summary> /// Checks the current security token. /// Updates the lifetime if the token is older than 5 minutes. /// Deletes the token if it's expired. /// </summary> /// <param name="sam"></param> /// <param name="e"></param> /// <returns></returns> public static void CheckSecurityToken(SessionAuthenticationModule sam, SessionSecurityTokenReceivedEventArgs e) { var now = DateTime.UtcNow; var sst = e.SessionToken; var validFrom = sst.ValidFrom; var validTo = sst.ValidTo; if (validTo > now && validFrom.AddMinutes(5) < now) { e.SessionToken = sam.CreateSessionSecurityToken(sst.ClaimsPrincipal, sst.Context, now, now + (validTo - validFrom), sst.IsPersistent); e.ReissueCookie = true; } else if (validTo < now) { sam.DeleteSessionTokenCookie(); HttpContext.Current.Response.Redirect(HttpContext.Current.Request.RawUrl); } }
private void ReadProcessCookie(SessionAuthenticationModule sam) { ChunkedCookieHandler cookieHandler = new ChunkedCookieHandler(); Byte[] cookie = cookieHandler.Read(Context); if (null == cookie) { present = false; return; } SessionSecurityToken token = sam.ReadSessionTokenFromCookie(cookie); context.InnerText = token.Context; isPersistent.InnerText = token.IsPersistent.ToString(); isSessionMode.InnerText = token.IsSessionMode.ToString(); id.InnerText = token.Id; validFrom.InnerText = token.ValidFrom.ToString(); validTo.InnerText = token.ValidTo.ToString(); }
public static void CacheSessionsOnServer(bool checkForSessionSecurityTokenCache = true) { if (checkForSessionSecurityTokenCache) { var handler = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers[typeof(SessionSecurityToken)] as SessionSecurityTokenHandler; if (handler == null) { throw new Exception("SessionSecurityTokenHandler not registered."); } if (!(handler.TokenCache is PassiveRepositorySessionSecurityTokenCache)) { throw new Exception("SessionSecurityTokenCache not configured."); } } SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule; if (sam == null) { throw new ArgumentException("SessionAuthenticationModule is null"); } sam.IsSessionMode = true; }
private void ReadRawCookie(SessionAuthenticationModule sam) { HttpCookie cookie = null; String baseName = sam.CookieHandler.Name; rawValues = new NameValueCollection(); cookie = Context.Request.Cookies[baseName]; if (null == cookie) { present = false; return; } rawValues[baseName] = cookie.Value; for (Int32 i = 1; ; ++i) { cookie = Context.Request.Cookies[baseName + i]; if (null == cookie) break; rawValues[baseName + i] = cookie.Value; } }
public void Logout() { FederationAuthenticationModule.SignOut(true); SessionAuthenticationModule.SignOut(); }
/// <summary> /// Creates a ClaimsPrincipal from the specified user data, sets the current HTTP context and thread principal /// and writes a session cookie from the resulting SessionSecurityToken using the specified parameters. /// </summary> /// <param name="sessionAuthenticationModule"></param> /// <param name="user">The user data that will be used to create the claims for the ClaimsPrincipal. /// Array values are converted to multiple claims with the same key.</param> /// <param name="context">An application defined context string.</param> /// <param name="domain">The domain used for the session cookie.</param> /// <param name="path">The virtual path used for the session cookie.</param> /// <param name="requireSsl">Indicates if the session cookie should only be used with SSL.</param> /// <param name="httpOnly">Indicates whether the session cookie should be hidden from client script.</param> /// <param name="cookieName">Indicates the name of the session cookie.</param> /// <param name="sessionCookieLifetime">The lifetime for the sesion cookie. A null value indicates no expiration.</param> /// <param name="persistent">Indicates if the user agent should persist the session cookie. </param> public static void CreateSessionCookie( this SessionAuthenticationModule sessionAuthenticationModule, IEnumerable <KeyValuePair <string, object> > user, string context = null, string domain = null, string path = null, bool requireSsl = false, bool httpOnly = true, string cookieName = null, TimeSpan?sessionCookieLifetime = null, bool persistent = false) { if (!string.IsNullOrEmpty(domain)) { sessionAuthenticationModule.CookieHandler.Domain = domain; } if (!string.IsNullOrEmpty(path)) { sessionAuthenticationModule.CookieHandler.Path = path; } if (!string.IsNullOrEmpty(cookieName)) { sessionAuthenticationModule.CookieHandler.Name = cookieName; } sessionAuthenticationModule.CookieHandler.RequireSsl = requireSsl; sessionAuthenticationModule.CookieHandler.HideFromClientScript = httpOnly; var claims = new List <Claim>(); if (user.Any(a => a.Key == "name")) { claims.Add(new Claim(ClaimTypes.Name, user.First(a => a.Key == "name").Value.ToString())); } if (user.Any(a => a.Key == "user_id")) { claims.Add(new Claim(ClaimTypes.NameIdentifier, user.First(a => a.Key == "user_id").Value.ToString())); } if (user.Any(a => a.Key == "connection")) { claims.Add( new Claim( "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", user.First(a => a.Key == "connection").Value.ToString())); } foreach (var attribute in user) { var claimType = attribute.Key; if (attribute.Value != null && attribute.Value.GetType().IsArray) { // Attribute contains an array of values (e.g.: "group" => [ "sales", "producers" ]) foreach (var subattribute in attribute.Value as IEnumerable) { claims.Add(new Claim(claimType, subattribute.ToString())); } } else { claims.Add( new Claim(claimType, attribute.Value != null ? attribute.Value.ToString() : string.Empty)); } } var principal = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(claims, "Auth0") }); var session = sessionAuthenticationModule.CreateSessionSecurityToken( principal, context, DateTime.UtcNow, sessionCookieLifetime.HasValue ? DateTime.UtcNow.Add(sessionCookieLifetime.Value) : DateTime.MaxValue.ToUniversalTime(), persistent); sessionAuthenticationModule.AuthenticateSessionSecurityToken(session, true); }
public void SetSessionPrincipal(SessionSecurityToken token) { SessionAuthenticationModule authModule = new SessionAuthenticationModule(); authModule.SetPrincipalAndWriteSessionToken(token, true); }