private void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e) { double sessionLifetimeInMinutes = (e.SessionToken.ValidTo - e.SessionToken.ValidFrom).TotalMinutes; var logonTokenCacheExpirationWindow = TimeSpan.FromSeconds(1); SPSecurity.RunWithElevatedPrivileges(delegate() { logonTokenCacheExpirationWindow = Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.Local.LogonTokenCacheExpirationWindow; }); DateTime now = DateTime.UtcNow; DateTime validTo = e.SessionToken.ValidTo - logonTokenCacheExpirationWindow; DateTime validFrom = e.SessionToken.ValidFrom; if ((now < validTo) && (now > validFrom.AddMinutes((validTo - validFrom).TotalMinutes / 2))) { SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule; e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context, now, now.AddMinutes(sessionLifetimeInMinutes), e.SessionToken.IsPersistent); e.ReissueCookie = true; } }
private bool HandleResponseMessage() { try { var responseMessage = FederationAuthenticationModule.GetSignInResponseMessage(new HttpRequestWrapper(this.Context.Request)); if (responseMessage != null) { string xmlTokenFromMessage = this.FederationAuthenticationModule.GetXmlTokenFromMessage(responseMessage, null); FederationConfiguration serviceConfiguration = this.FederationAuthenticationModule.FederationConfiguration; //ServiceConfiguration serviceConfiguration = CUFSSecurityTokenServiceConfiguration.Current; FederationPassiveTokenReceiver tokenReceiver = new FederationPassiveTokenReceiver(serviceConfiguration); SecurityToken securityToken = tokenReceiver.ReadToken(xmlTokenFromMessage); SecurityTokenReceivedEventArgs securityTokenReceivedEventArgs = new SecurityTokenReceivedEventArgs(securityToken); this.OnSecurityTokenReceived(securityTokenReceivedEventArgs); if (!securityTokenReceivedEventArgs.Cancel) { ClaimsPrincipal claimsPrincipal = tokenReceiver.AuthenticateToken(securityTokenReceivedEventArgs.SecurityToken, true, HttpContext.Current.Request.RawUrl); if (claimsPrincipal != null) { SecurityTokenValidatedEventArgs securityTokenValidatedEventArgs = new SecurityTokenValidatedEventArgs(claimsPrincipal); this.OnSecurityTokenValidated(securityTokenValidatedEventArgs); if (!securityTokenValidatedEventArgs.Cancel) { SessionAuthenticationModule current = FederatedAuthentication.SessionAuthenticationModule; DateTime validFrom; DateTime validTo; tokenReceiver.ComputeSessionTokenLifeTime(securityTokenReceivedEventArgs.SecurityToken, out validFrom, out validTo); SessionSecurityToken sessionToken = current.CreateSessionSecurityToken(securityTokenValidatedEventArgs.ClaimsPrincipal, this.GetSessionTokenContext(), validFrom, validTo, false); SessionSecurityTokenCreatedEventArgs sessionSecurityTokenCreatedEventArgs = new SessionSecurityTokenCreatedEventArgs(sessionToken); sessionSecurityTokenCreatedEventArgs.WriteSessionCookie = true; this.OnSessionSecurityTokenCreated(sessionSecurityTokenCreatedEventArgs); this.FederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionSecurityTokenCreatedEventArgs.SessionToken, sessionSecurityTokenCreatedEventArgs.WriteSessionCookie); this.OnSignedIn(EventArgs.Empty); return(true); } } } } return(false); } catch (Exception ex) { this.ErrorText = ex.Message; return(false); } }
public async Task <ActionResult> Index(LoginViewModel model) //Login { if (!ModelState.IsValid) { return(View(model)); } var result = await repository.login(model); if (result.resultCode == 200 && !User.Identity.IsAuthenticated) { SessionAuthenticationModule sam = (SessionAuthenticationModule)this.HttpContext.ApplicationInstance.Modules["SessionAuthenticationModule"]; IClaimsPrincipal principal = new Microsoft.IdentityModel.Claims.ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(model.Email), null)); List <User> user = new List <User>(); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); user.Add(new Models.User { Email = "*****@*****.**", Date = DateTime.Now }); string dummy = JsonConvert.SerializeObject(user); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Email, model.Email)); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.UserData, dummy)); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, "Admin")); principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim("custom", "freecodespot custom claims")); var token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(20), false); sam.WriteSessionTokenToCookie(token); //FormsAuthentication.SetAuthCookie(model.Email, false); return(RedirectToAction("Index", "Home", result.Data)); //redirect to login form } else if (User.Identity.IsAuthenticated) { return(RedirectToAction("Index", "Home")); } else { ModelState.AddModelError("", result.message); } return(View()); }
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e) { int minutes = 60; DateTime now = DateTime.UtcNow; DateTime validTo = e.SessionToken.ValidTo; //This can reduce token updates count if (now < validTo) { SessionAuthenticationModule sam = sender as SessionAuthenticationModule; e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context, now, now.AddMinutes(minutes), e.SessionToken.IsPersistent); e.ReissueCookie = true; } }
private static void WriteCookie(AMSAdmin user, string timeOffsetValue) { SessionAuthenticationModule sam = (SessionAuthenticationModule) HttpContext.Current.ApplicationInstance.Modules["SessionAuthenticationModule"]; IClaimsPrincipal principal = new ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(user.LogonName), null)); principal.Identities[0].Claims.Add(new Claim("TimeOffset", timeOffsetValue)); principal.Identities[0].Claims.Add(new Claim("AMSAdminID", user.UserID)); principal.Identities[0].Claims.Add(new Claim("AMSAdminName", user.Name)); SessionSecurityToken token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(60), false); sam.WriteSessionTokenToCookie(token); }
/// <summary> /// Checks the current security token. /// Updates the lifetime if the token is older than 5 minutes. /// Deletes the token if it's expired. /// </summary> /// <param name="sam"></param> /// <param name="e"></param> /// <returns></returns> public static void CheckSecurityToken(SessionAuthenticationModule sam, SessionSecurityTokenReceivedEventArgs e) { var now = DateTime.UtcNow; var sst = e.SessionToken; var validFrom = sst.ValidFrom; var validTo = sst.ValidTo; if (validTo > now && validFrom.AddMinutes(5) < now) { e.SessionToken = sam.CreateSessionSecurityToken(sst.ClaimsPrincipal, sst.Context, now, now + (validTo - validFrom), sst.IsPersistent); e.ReissueCookie = true; } else if (validTo < now) { sam.DeleteSessionTokenCookie(); HttpContext.Current.Response.Redirect(HttpContext.Current.Request.RawUrl); } }
/// <summary> /// Creates a ClaimsPrincipal from the specified user data, sets the current HTTP context and thread principal /// and writes a session cookie from the resulting SessionSecurityToken using the specified parameters. /// </summary> /// <param name="sessionAuthenticationModule"></param> /// <param name="user">The user data that will be used to create the claims for the ClaimsPrincipal. /// Array values are converted to multiple claims with the same key.</param> /// <param name="context">An application defined context string.</param> /// <param name="domain">The domain used for the session cookie.</param> /// <param name="path">The virtual path used for the session cookie.</param> /// <param name="requireSsl">Indicates if the session cookie should only be used with SSL.</param> /// <param name="httpOnly">Indicates whether the session cookie should be hidden from client script.</param> /// <param name="cookieName">Indicates the name of the session cookie.</param> /// <param name="sessionCookieLifetime">The lifetime for the sesion cookie. A null value indicates no expiration.</param> /// <param name="persistent">Indicates if the user agent should persist the session cookie. </param> public static void CreateSessionCookie( this SessionAuthenticationModule sessionAuthenticationModule, IEnumerable <KeyValuePair <string, object> > user, string context = null, string domain = null, string path = null, bool requireSsl = false, bool httpOnly = true, string cookieName = null, TimeSpan?sessionCookieLifetime = null, bool persistent = false) { if (!string.IsNullOrEmpty(domain)) { sessionAuthenticationModule.CookieHandler.Domain = domain; } if (!string.IsNullOrEmpty(path)) { sessionAuthenticationModule.CookieHandler.Path = path; } if (!string.IsNullOrEmpty(cookieName)) { sessionAuthenticationModule.CookieHandler.Name = cookieName; } sessionAuthenticationModule.CookieHandler.RequireSsl = requireSsl; sessionAuthenticationModule.CookieHandler.HideFromClientScript = httpOnly; var claims = new List <Claim>(); if (user.Any(a => a.Key == "name")) { claims.Add(new Claim(ClaimTypes.Name, user.First(a => a.Key == "name").Value.ToString())); } if (user.Any(a => a.Key == "user_id")) { claims.Add(new Claim(ClaimTypes.NameIdentifier, user.First(a => a.Key == "user_id").Value.ToString())); } if (user.Any(a => a.Key == "connection")) { claims.Add( new Claim( "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", user.First(a => a.Key == "connection").Value.ToString())); } foreach (var attribute in user) { var claimType = attribute.Key; if (attribute.Value != null && attribute.Value.GetType().IsArray) { // Attribute contains an array of values (e.g.: "group" => [ "sales", "producers" ]) foreach (var subattribute in attribute.Value as IEnumerable) { claims.Add(new Claim(claimType, subattribute.ToString())); } } else { claims.Add( new Claim(claimType, attribute.Value != null ? attribute.Value.ToString() : string.Empty)); } } var principal = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(claims, "Auth0") }); var session = sessionAuthenticationModule.CreateSessionSecurityToken( principal, context, DateTime.UtcNow, sessionCookieLifetime.HasValue ? DateTime.UtcNow.Add(sessionCookieLifetime.Value) : DateTime.MaxValue.ToUniversalTime(), persistent); sessionAuthenticationModule.AuthenticateSessionSecurityToken(session, true); }