private void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
double sessionLifetimeInMinutes =
(e.SessionToken.ValidTo - e.SessionToken.ValidFrom).TotalMinutes;
var logonTokenCacheExpirationWindow = TimeSpan.FromSeconds(1);
SPSecurity.RunWithElevatedPrivileges(delegate()
{
logonTokenCacheExpirationWindow =
Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.Local.LogonTokenCacheExpirationWindow;
});
DateTime now = DateTime.UtcNow;
DateTime validTo = e.SessionToken.ValidTo - logonTokenCacheExpirationWindow;
DateTime validFrom = e.SessionToken.ValidFrom;
if ((now < validTo) && (now > validFrom.AddMinutes((validTo - validFrom).TotalMinutes / 2)))
{
SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;
e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context,
now, now.AddMinutes(sessionLifetimeInMinutes), e.SessionToken.IsPersistent);
e.ReissueCookie = true;
}
}
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender,
SessionSecurityTokenReceivedEventArgs e)
{
System.Diagnostics.Trace.WriteLine("Handling SessionSecurityTokenReceived event");
// https://brockallen.com/2013/02/17/sliding-sessions-in-wif-with-the-session-authentication-module-sam-and-thinktecture-identitymodel/
SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;
var handler =
(SessionSecurityTokenHandler)FederatedAuthentication.FederationConfiguration.IdentityConfiguration
.SecurityTokenHandlers[typeof(SessionSecurityToken)];
Console.WriteLine("Session Time {0} {1} {2} {3}", handler.TokenLifetime, DateTime.UtcNow,
e.SessionToken.ValidFrom, e.SessionToken.ValidTo);
/*var token = e.SessionToken;
*
* e.SessionToken =
* new SessionSecurityToken(
* token.ClaimsPrincipal,
* token.Context,
* DateTime.UtcNow,
* DateTime.UtcNow.AddMinutes(handler.TokenLifetime.Minutes))
* {
* IsPersistent = token.IsPersistent,
* IsReferenceMode = token.IsReferenceMode
* };
*
* e.ReissueCookie = true;*/
}
public ActionResult SignOut()
{
SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;
sam.SignOut();
return(this.Redirect("~/"));
}
public LogAction(SessionAuthenticationModule sessionAuthModule)
{
if (sessionAuthModule == null)
{
throw new ArgumentNullException("sessionAuthModule");
}
this.sessionAuthModule = sessionAuthModule;
}
private bool HandleResponseMessage()
{
try
{
var responseMessage = FederationAuthenticationModule.GetSignInResponseMessage(new HttpRequestWrapper(this.Context.Request));
if (responseMessage != null)
{
string xmlTokenFromMessage = this.FederationAuthenticationModule.GetXmlTokenFromMessage(responseMessage, null);
FederationConfiguration serviceConfiguration = this.FederationAuthenticationModule.FederationConfiguration;
//ServiceConfiguration serviceConfiguration = CUFSSecurityTokenServiceConfiguration.Current;
FederationPassiveTokenReceiver tokenReceiver = new FederationPassiveTokenReceiver(serviceConfiguration);
SecurityToken securityToken = tokenReceiver.ReadToken(xmlTokenFromMessage);
SecurityTokenReceivedEventArgs securityTokenReceivedEventArgs = new SecurityTokenReceivedEventArgs(securityToken);
this.OnSecurityTokenReceived(securityTokenReceivedEventArgs);
if (!securityTokenReceivedEventArgs.Cancel)
{
ClaimsPrincipal claimsPrincipal = tokenReceiver.AuthenticateToken(securityTokenReceivedEventArgs.SecurityToken, true, HttpContext.Current.Request.RawUrl);
if (claimsPrincipal != null)
{
SecurityTokenValidatedEventArgs securityTokenValidatedEventArgs = new SecurityTokenValidatedEventArgs(claimsPrincipal);
this.OnSecurityTokenValidated(securityTokenValidatedEventArgs);
if (!securityTokenValidatedEventArgs.Cancel)
{
SessionAuthenticationModule current = FederatedAuthentication.SessionAuthenticationModule;
DateTime validFrom;
DateTime validTo;
tokenReceiver.ComputeSessionTokenLifeTime(securityTokenReceivedEventArgs.SecurityToken, out validFrom, out validTo);
SessionSecurityToken sessionToken = current.CreateSessionSecurityToken(securityTokenValidatedEventArgs.ClaimsPrincipal, this.GetSessionTokenContext(), validFrom, validTo, false);
SessionSecurityTokenCreatedEventArgs sessionSecurityTokenCreatedEventArgs = new SessionSecurityTokenCreatedEventArgs(sessionToken);
sessionSecurityTokenCreatedEventArgs.WriteSessionCookie = true;
this.OnSessionSecurityTokenCreated(sessionSecurityTokenCreatedEventArgs);
this.FederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionSecurityTokenCreatedEventArgs.SessionToken, sessionSecurityTokenCreatedEventArgs.WriteSessionCookie);
this.OnSignedIn(EventArgs.Empty);
return(true);
}
}
}
}
return(false);
}
catch (Exception ex)
{
this.ErrorText = ex.Message;
return(false);
}
}
public static void SetCookie(string cookieName, string domain)
{
SessionAuthenticationModule sessionAuthenticationModule = FederatedAuthentication.SessionAuthenticationModule;
if (sessionAuthenticationModule != null)
{
sessionAuthenticationModule.CookieHandler.Name = cookieName;
sessionAuthenticationModule.CookieHandler.Domain = domain;
}
}
public async Task <ActionResult> Index(LoginViewModel model) //Login
{
if (!ModelState.IsValid)
{
return(View(model));
}
var result = await repository.login(model);
if (result.resultCode == 200 && !User.Identity.IsAuthenticated)
{
SessionAuthenticationModule sam = (SessionAuthenticationModule)this.HttpContext.ApplicationInstance.Modules["SessionAuthenticationModule"];
IClaimsPrincipal principal = new Microsoft.IdentityModel.Claims.ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(model.Email), null));
List <User> user = new List <User>();
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
string dummy = JsonConvert.SerializeObject(user);
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Email, model.Email));
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.UserData, dummy));
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, "Admin"));
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim("custom", "freecodespot custom claims"));
var token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(20), false);
sam.WriteSessionTokenToCookie(token);
//FormsAuthentication.SetAuthCookie(model.Email, false);
return(RedirectToAction("Index", "Home", result.Data)); //redirect to login form
}
else if (User.Identity.IsAuthenticated)
{
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("", result.message);
}
return(View());
}
private void ConfigureSession()
{
SessionAuthenticationModule sessionAuthenticationModule = FederatedAuthentication.SessionAuthenticationModule;
if (sessionAuthenticationModule != null)
{
sessionAuthenticationModule.CookieHandler.Name = FormsAuthentication.FormsCookieName;
sessionAuthenticationModule.CookieHandler.Domain = FormsAuthentication.CookieDomain;
sessionAuthenticationModule.CookieHandler.RequireSsl = FormsAuthentication.RequireSSL;
sessionAuthenticationModule.CookieHandler.Path = FormsAuthentication.FormsCookiePath;
}
}
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
int minutes = 60;
DateTime now = DateTime.UtcNow;
DateTime validTo = e.SessionToken.ValidTo;
//This can reduce token updates count
if (now < validTo)
{
SessionAuthenticationModule sam = sender as SessionAuthenticationModule;
e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context, now, now.AddMinutes(minutes), e.SessionToken.IsPersistent);
e.ReissueCookie = true;
}
}
public static void EnableSlidingSessionExpirations()
{
SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam == null)
{
throw new ArgumentException("SessionAuthenticationModule is null");
}
sam.SessionSecurityTokenReceived +=
delegate(object sender, SessionSecurityTokenReceivedEventArgs e)
{
var token = e.SessionToken;
var duration = token.ValidTo.Subtract(token.ValidFrom);
if (duration <= TimeSpan.Zero)
{
return;
}
var diff = token.ValidTo.Add(sam.ServiceConfiguration.MaxClockSkew).Subtract(DateTime.UtcNow);
if (diff <= TimeSpan.Zero)
{
return;
}
var halfWay = duration.Add(sam.ServiceConfiguration.MaxClockSkew).TotalMinutes / 2;
var timeLeft = diff.TotalMinutes;
if (timeLeft <= halfWay)
{
// set duration not from original token, but from current app configuration
var handler = sam.ServiceConfiguration.SecurityTokenHandlers[typeof(SessionSecurityToken)] as SessionSecurityTokenHandler;
duration = handler.TokenLifetime;
e.ReissueCookie = true;
e.SessionToken =
new SessionSecurityToken(
token.ClaimsPrincipal,
token.Context,
DateTime.UtcNow,
DateTime.UtcNow.Add(duration))
{
IsPersistent = token.IsPersistent,
IsSessionMode = token.IsSessionMode
};
}
};
}
private static void WriteCookie(AMSAdmin user, string timeOffsetValue)
{
SessionAuthenticationModule sam = (SessionAuthenticationModule)
HttpContext.Current.ApplicationInstance.Modules["SessionAuthenticationModule"];
IClaimsPrincipal principal =
new ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(user.LogonName), null));
principal.Identities[0].Claims.Add(new Claim("TimeOffset", timeOffsetValue));
principal.Identities[0].Claims.Add(new Claim("AMSAdminID", user.UserID));
principal.Identities[0].Claims.Add(new Claim("AMSAdminName", user.Name));
SessionSecurityToken token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(60), false);
sam.WriteSessionTokenToCookie(token);
}
public static void CacheSessionsOnServer(bool checkForSessionSecurityTokenCache = true)
{
if (checkForSessionSecurityTokenCache &&
!(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.Caches.SessionSecurityTokenCache is PassiveRepositorySessionSecurityTokenCache))
{
throw new Exception("SessionSecurityTokenCache not configured.");
}
SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam == null)
{
throw new ArgumentException("SessionAuthenticationModule is null");
}
sam.IsReferenceMode = true;
}
/// <summary>
/// Checks the current security token.
/// Updates the lifetime if the token is older than 5 minutes.
/// Deletes the token if it's expired.
/// </summary>
/// <param name="sam"></param>
/// <param name="e"></param>
/// <returns></returns>
public static void CheckSecurityToken(SessionAuthenticationModule sam, SessionSecurityTokenReceivedEventArgs e)
{
var now = DateTime.UtcNow;
var sst = e.SessionToken;
var validFrom = sst.ValidFrom;
var validTo = sst.ValidTo;
if (validTo > now && validFrom.AddMinutes(5) < now)
{
e.SessionToken = sam.CreateSessionSecurityToken(sst.ClaimsPrincipal, sst.Context, now, now + (validTo - validFrom), sst.IsPersistent);
e.ReissueCookie = true;
}
else if (validTo < now)
{
sam.DeleteSessionTokenCookie();
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.RawUrl);
}
}
private void ReadProcessCookie(SessionAuthenticationModule sam)
{
ChunkedCookieHandler cookieHandler = new ChunkedCookieHandler();
Byte[] cookie = cookieHandler.Read(Context);
if (null == cookie)
{
present = false;
return;
}
SessionSecurityToken token = sam.ReadSessionTokenFromCookie(cookie);
context.InnerText = token.Context;
isPersistent.InnerText = token.IsPersistent.ToString();
isSessionMode.InnerText = token.IsSessionMode.ToString();
id.InnerText = token.Id;
validFrom.InnerText = token.ValidFrom.ToString();
validTo.InnerText = token.ValidTo.ToString();
}
public static void CacheSessionsOnServer(bool checkForSessionSecurityTokenCache = true)
{
if (checkForSessionSecurityTokenCache)
{
var handler = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers[typeof(SessionSecurityToken)] as SessionSecurityTokenHandler;
if (handler == null)
{
throw new Exception("SessionSecurityTokenHandler not registered.");
}
if (!(handler.TokenCache is PassiveRepositorySessionSecurityTokenCache))
{
throw new Exception("SessionSecurityTokenCache not configured.");
}
}
SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam == null)
{
throw new ArgumentException("SessionAuthenticationModule is null");
}
sam.IsSessionMode = true;
}
private void ReadRawCookie(SessionAuthenticationModule sam)
{
HttpCookie cookie = null;
String baseName = sam.CookieHandler.Name;
rawValues = new NameValueCollection();
cookie = Context.Request.Cookies[baseName];
if (null == cookie)
{
present = false;
return;
}
rawValues[baseName] = cookie.Value;
for (Int32 i = 1; ; ++i)
{
cookie = Context.Request.Cookies[baseName + i];
if (null == cookie)
break;
rawValues[baseName + i] = cookie.Value;
}
}
public void Logout()
{
FederationAuthenticationModule.SignOut(true);
SessionAuthenticationModule.SignOut();
}
/// <summary>
/// Creates a ClaimsPrincipal from the specified user data, sets the current HTTP context and thread principal
/// and writes a session cookie from the resulting SessionSecurityToken using the specified parameters.
/// </summary>
/// <param name="sessionAuthenticationModule"></param>
/// <param name="user">The user data that will be used to create the claims for the ClaimsPrincipal.
/// Array values are converted to multiple claims with the same key.</param>
/// <param name="context">An application defined context string.</param>
/// <param name="domain">The domain used for the session cookie.</param>
/// <param name="path">The virtual path used for the session cookie.</param>
/// <param name="requireSsl">Indicates if the session cookie should only be used with SSL.</param>
/// <param name="httpOnly">Indicates whether the session cookie should be hidden from client script.</param>
/// <param name="cookieName">Indicates the name of the session cookie.</param>
/// <param name="sessionCookieLifetime">The lifetime for the sesion cookie. A null value indicates no expiration.</param>
/// <param name="persistent">Indicates if the user agent should persist the session cookie. </param>
public static void CreateSessionCookie(
this SessionAuthenticationModule sessionAuthenticationModule,
IEnumerable <KeyValuePair <string, object> > user,
string context = null,
string domain = null,
string path = null,
bool requireSsl = false,
bool httpOnly = true,
string cookieName = null,
TimeSpan?sessionCookieLifetime = null,
bool persistent = false)
{
if (!string.IsNullOrEmpty(domain))
{
sessionAuthenticationModule.CookieHandler.Domain = domain;
}
if (!string.IsNullOrEmpty(path))
{
sessionAuthenticationModule.CookieHandler.Path = path;
}
if (!string.IsNullOrEmpty(cookieName))
{
sessionAuthenticationModule.CookieHandler.Name = cookieName;
}
sessionAuthenticationModule.CookieHandler.RequireSsl = requireSsl;
sessionAuthenticationModule.CookieHandler.HideFromClientScript = httpOnly;
var claims = new List <Claim>();
if (user.Any(a => a.Key == "name"))
{
claims.Add(new Claim(ClaimTypes.Name, user.First(a => a.Key == "name").Value.ToString()));
}
if (user.Any(a => a.Key == "user_id"))
{
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.First(a => a.Key == "user_id").Value.ToString()));
}
if (user.Any(a => a.Key == "connection"))
{
claims.Add(
new Claim(
"http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",
user.First(a => a.Key == "connection").Value.ToString()));
}
foreach (var attribute in user)
{
var claimType = attribute.Key;
if (attribute.Value != null && attribute.Value.GetType().IsArray)
{
// Attribute contains an array of values (e.g.: "group" => [ "sales", "producers" ])
foreach (var subattribute in attribute.Value as IEnumerable)
{
claims.Add(new Claim(claimType, subattribute.ToString()));
}
}
else
{
claims.Add(
new Claim(claimType, attribute.Value != null ? attribute.Value.ToString() : string.Empty));
}
}
var principal = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(claims, "Auth0") });
var session = sessionAuthenticationModule.CreateSessionSecurityToken(
principal,
context,
DateTime.UtcNow,
sessionCookieLifetime.HasValue
? DateTime.UtcNow.Add(sessionCookieLifetime.Value)
: DateTime.MaxValue.ToUniversalTime(),
persistent);
sessionAuthenticationModule.AuthenticateSessionSecurityToken(session, true);
}
public void SetSessionPrincipal(SessionSecurityToken token)
{
SessionAuthenticationModule authModule = new SessionAuthenticationModule();
authModule.SetPrincipalAndWriteSessionToken(token, true);
}
