public async Task <IActionResult> Login(ApplicationUser user, string returnUrl = null) { var use_sams = false; if (!string.IsNullOrWhiteSpace(_configuration["sams:is_enabled"])) { bool.TryParse(_configuration["sams:is_enabled"], out use_sams); } if (use_sams) { return(RedirectToAction("SignIn")); } const string badUserNameOrPasswordMessage = "Username or password is incorrect."; if ( user == null || string.IsNullOrWhiteSpace(user.UserName) || string.IsNullOrWhiteSpace(user.Password) ) { return(BadRequest(badUserNameOrPasswordMessage)); } try { var unsuccessful_login_attempts_number_before_lockout = Program.config_unsuccessful_login_attempts_number_before_lockout; var unsuccessful_login_attempts_within_number_of_minutes = Program.config_unsuccessful_login_attempts_within_number_of_minutes; var unsuccessful_login_attempts_lockout_number_of_minutes = Program.config_unsuccessful_login_attempts_lockout_number_of_minutes; var password_days_before_expires = Program.config_password_days_before_expires; var is_locked_out = false; var failed_login_count = 0; DateTime grace_period_date = DateTime.Now; try { //var session_event_request_url = $"{Program.config_couchdb_url}/session/_design/session_event_sortable/_view/by_date_created_user_id?startkey=[" + "{}" + $",\"{user.UserName}\"]&decending=true&limit={unsuccessful_login_attempts_number_before_lockout}"; var session_event_request_url = $"{Program.config_couchdb_url}/session/_design/session_event_sortable/_view/by_user_id?startkey=\"{user.UserName}\"&endkey=\"{user.UserName}\""; var session_event_curl = new cURL("GET", null, session_event_request_url, null, Program.config_timer_user_name, Program.config_timer_password); string response_from_server = await session_event_curl.executeAsync(); //var session_event_response = Newtonsoft.Json.JsonConvert.DeserializeObject<mmria.common.model.couchdb.get_sortable_view_reponse_object_key_header<mmria.common.model.couchdb.session_event>>(response_from_server); var session_event_response = Newtonsoft.Json.JsonConvert.DeserializeObject <mmria.common.model.couchdb.get_sortable_view_reponse_header <mmria.common.model.couchdb.session_event> >(response_from_server); DateTime first_item_date = DateTime.Now; DateTime last_item_date = DateTime.Now; var MaxRange = DateTime.Now.AddMinutes(-unsuccessful_login_attempts_within_number_of_minutes); session_event_response.rows.Sort(new mmria.common.model.couchdb.Compare_Session_Event_By_DateCreated <mmria.common.model.couchdb.session_event>()); /* * if(password_days_before_expires > 0) * { * var date_of_last_password_change = DateTime.MinValue; * * foreach(var session_event in session_event_response.rows) * { * if(session_event.value.action_result == mmria.common.model.couchdb.session_event.session_event_action_enum.password_changed) * { * date_of_last_password_change = session_event.value.date_created; * break; * } * } * * if(date_of_last_password_change != DateTime.MinValue) * { * days_til_password_expires = password_days_before_expires - (int)(DateTime.Now - date_of_last_password_change).TotalDays; * } * } */ foreach (var session_event in session_event_response.rows.Where(row => row.value.date_created >= MaxRange)) { if (session_event.value.action_result == mmria.common.model.couchdb.session_event.session_event_action_enum.failed_login) { failed_login_count++; if (failed_login_count == 1) { first_item_date = session_event.value.date_created; } if (failed_login_count >= unsuccessful_login_attempts_number_before_lockout) { last_item_date = session_event.value.date_created; grace_period_date = first_item_date.AddMinutes(unsuccessful_login_attempts_lockout_number_of_minutes); if (DateTime.Now < grace_period_date) { is_locked_out = true; break; } } } else if (session_event.value.action_result == mmria.common.model.couchdb.session_event.session_event_action_enum.successful_login) { break; } } } catch (Exception ex) { System.Console.WriteLine($"{ex}"); } if (is_locked_out) { return(RedirectToAction("Locked", new { user_name = user.UserName, grace_period_date = grace_period_date })); //return View("~/Views/Account/Locked.cshtml"); } string post_data = string.Format("name={0}&password={1}", user.UserName, user.Password); byte[] post_byte_array = System.Text.Encoding.ASCII.GetBytes(post_data); string request_string = Program.config_couchdb_url + "/_session"; System.Net.WebRequest request = System.Net.WebRequest.Create(new Uri(request_string)); //request.UseDefaultCredentials = true; request.PreAuthenticate = false; //request.Credentials = new System.Net.NetworkCredential("mmrds", "mmrds"); request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = post_byte_array.Length; using (System.IO.Stream stream = request.GetRequestStream()) { stream.Write(post_byte_array, 0, post_byte_array.Length); } System.Net.WebResponse response = (System.Net.HttpWebResponse)request.GetResponse(); System.IO.Stream dataStream = response.GetResponseStream(); System.IO.StreamReader reader = new System.IO.StreamReader(dataStream); string responseFromServer = await reader.ReadToEndAsync(); mmria.common.model.couchdb.login_response json_result = Newtonsoft.Json.JsonConvert.DeserializeObject <mmria.common.model.couchdb.login_response>(responseFromServer); mmria.common.model.couchdb.login_response[] result = new mmria.common.model.couchdb.login_response[] { json_result }; this.Response.Headers.Add("Set-Cookie", response.Headers["Set-Cookie"]); string[] set_cookie = response.Headers["Set-Cookie"].Split(';'); string[] auth_array = set_cookie[0].Split('='); if (auth_array.Length > 1) { string auth_session_token = auth_array[1]; result[0].auth_session = auth_session_token; } else { result[0].auth_session = ""; } if (json_result.ok && !string.IsNullOrWhiteSpace(json_result.name)) { const string Issuer = "https://contoso.com"; var claims = new List <Claim>(); claims.Add(new Claim(ClaimTypes.Name, json_result.name, ClaimValueTypes.String, Issuer)); foreach (var role in json_result.roles) { if (role == "_admin") { claims.Add(new Claim(ClaimTypes.Role, "installation_admin", ClaimValueTypes.String, Issuer)); } } foreach (var role in mmria.server.util.authorization.get_current_user_role_jurisdiction_set_for(json_result.name).Select(jr => jr.role_name).Distinct()) { claims.Add(new Claim(ClaimTypes.Role, role, ClaimValueTypes.String, Issuer)); } //Response.Cookies.Append("uid", json_result.name); //Response.Cookies.Append("roles", string.Join(",",json_result.roles)); //claims.Add(new Claim("EmployeeId", string.Empty, ClaimValueTypes.String, Issuer)); //claims.Add(new Claim("EmployeeId", "123", ClaimValueTypes.String, Issuer)); //claims.Add(new Claim(ClaimTypes.DateOfBirth, "1970-06-08", ClaimValueTypes.Date)); //var userIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var session_idle_timeout_minutes = 30; if (_configuration["mmria_settings:session_idle_timeout_minutes"] != null) { int.TryParse(_configuration["mmria_settings:session_idle_timeout_minutes"], out session_idle_timeout_minutes); } var userIdentity = new ClaimsIdentity("SuperSecureLogin"); userIdentity.AddClaims(claims); var userPrincipal = new ClaimsPrincipal(userIdentity); await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties { ExpiresUtc = DateTime.UtcNow.AddMinutes(session_idle_timeout_minutes), IsPersistent = false, AllowRefresh = false, }); } var Session_Event_Message = new mmria.server.model.actor.Session_Event_Message ( DateTime.Now, user.UserName, this.GetRequestIP(), json_result.ok && json_result.name != null? mmria.server.model.actor.Session_Event_Message.Session_Event_Message_Action_Enum.successful_login: mmria.server.model.actor.Session_Event_Message.Session_Event_Message_Action_Enum.failed_login ); _actorSystem.ActorOf(Props.Create <mmria.server.model.actor.Record_Session_Event>()).Tell(Session_Event_Message); //this.ActionContext.Response.Headers.Add("Set-Cookie", auth_session_token); } catch (Exception ex) { Console.WriteLine(ex); var Session_Event_Message = new mmria.server.model.actor.Session_Event_Message ( DateTime.Now, user.UserName, this.GetRequestIP(), mmria.server.model.actor.Session_Event_Message.Session_Event_Message_Action_Enum.failed_login ); _actorSystem.ActorOf(Props.Create <mmria.server.model.actor.Record_Session_Event>()).Tell(Session_Event_Message); } /* * var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme); * identity.AddClaim(new Claim(ClaimTypes.Name, lookupUser.UserName)); * * await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); */ if (returnUrl == null) { returnUrl = TempData["returnUrl"]?.ToString(); } if (returnUrl != null) { return(Redirect(returnUrl)); } return(RedirectToAction(nameof(HomeController.Index), "Home")); }
public async Task <ActionResult> SignInCallback() { var sams_endpoint_authorization = _configuration["sams:endpoint_authorization"]; var sams_endpoint_token = _configuration["sams:endpoint_token"]; var sams_endpoint_user_info = _configuration["sams:endpoint_user_info"]; var sams_endpoint_token_validation = _configuration["sams:token_validation"]; var sams_endpoint_user_info_sys = _configuration["sams:endpoint_user_info_sys"]; var sams_client_id = _configuration["sams:client_id"]; var sams_client_secret = _configuration["sams:client_secret"]; var sams_callback_url = _configuration["sams:callback_url"]; //?code=6c17b2a3-d65a-44fd-a28c-9aee982f80be&state=a4c8326ca5574999aa13ca02e9384c3d // Retrieve code and state from query string, pring for debugging var querystring = Request.QueryString.Value; var querystring_skip = querystring.Substring(1, querystring.Length - 1); var querystring_array = querystring_skip.Split("&"); var querystring_dictionary = new Dictionary <string, string>(); foreach (string item in querystring_array) { var pair = item.Split("="); querystring_dictionary.Add(pair[0], pair[1]); } var code = querystring_dictionary["code"]; var state = querystring_dictionary["state"]; System.Diagnostics.Debug.WriteLine($"code: {code}"); System.Diagnostics.Debug.WriteLine($"state: {state}"); HttpClient client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Post, sams_endpoint_token); /* * request.Content = new FormUrlEncodedContent(new Dictionary<string, string> { * { "client_id", sams_client_id }, * { "client_secret", sams_client_secret }, * { "grant_type", "client_credentials" }, * { "code", code }, * }); */ request.Content = new FormUrlEncodedContent(new Dictionary <string, string> { { "client_id", sams_client_id }, { "client_secret", sams_client_secret }, { "grant_type", "authorization_code" }, { "code", code }, { "scope", "openid profile email" }, { "redirect_uri", sams_callback_url } }); var response = await client.SendAsync(request); response.EnsureSuccessStatusCode(); var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var access_token = payload.Value <string>("access_token"); var refresh_token = payload.Value <string>("refresh_token"); var expires_in = payload.Value <int>("expires_in"); var scope = payload.Value <string>("scope"); //HttpContext.Session.SetString("access_token", access_token); //HttpContext.Session.SetString("refresh_token", refresh_token); var unix_time = DateTimeOffset.UtcNow.AddSeconds(expires_in); //HttpContext.Session.SetString("expires_at", unix_time.ToString()); var id_token = payload.Value <string>("id_token");; var id_array = id_token.Split('.'); var replaced_value = id_array[1].Replace('-', '+').Replace('_', '/'); var base64 = replaced_value.PadRight(replaced_value.Length + (4 - replaced_value.Length % 4) % 4, '='); var id_0 = DecodeToken(id_array[0]); var id_1 = DecodeToken(id_array[1]); var id_body = Base64Decode(base64); var user_info_sys_request = new HttpRequestMessage(HttpMethod.Post, sams_endpoint_user_info + "?token=" + id_token); user_info_sys_request.Headers.Add("Authorization", "Bearer " + access_token); user_info_sys_request.Headers.Add("client_id", sams_client_id); user_info_sys_request.Headers.Add("client_secret", sams_client_secret); /* * user_info_sys_request.Content = new FormUrlEncodedContent(new Dictionary<string, string> { * { "client_id", sams_client_id }, * { "client_secret", sams_client_secret }, * { "grant_type", "client_credentials" }, * { "scope", scope }, * }); */ response = await client.SendAsync(user_info_sys_request); response.EnsureSuccessStatusCode(); var temp_string = await response.Content.ReadAsStringAsync(); payload = JObject.Parse(temp_string); var email = payload.Value <string>("email"); //check if user exists var config_couchdb_url = _configuration["mmria_settings:couchdb_url"]; var config_timer_user_name = _configuration["mmria_settings:timer_user_name"]; var config_timer_password = _configuration["mmria_settings:timer_password"]; mmria.common.model.couchdb.user user = null; try { string request_string = config_couchdb_url + "/_users/" + System.Web.HttpUtility.HtmlEncode("org.couchdb.user:"******"GET", null, request_string, null, config_timer_user_name, config_timer_password); var responseFromServer = await user_curl.executeAsync(); user = Newtonsoft.Json.JsonConvert.DeserializeObject <mmria.common.model.couchdb.user>(responseFromServer); } catch (Exception ex) { Console.WriteLine(ex); } mmria.common.model.couchdb.document_put_response user_save_result = null; if (user == null)// if user does NOT exists create user with email { user = add_new_user(email.ToLower(), Guid.NewGuid().ToString()); try { Newtonsoft.Json.JsonSerializerSettings settings = new Newtonsoft.Json.JsonSerializerSettings(); settings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore; var object_string = Newtonsoft.Json.JsonConvert.SerializeObject(user, settings); string user_db_url = config_couchdb_url + "/_users/" + user._id; var user_curl = new mmria.server.cURL("PUT", null, user_db_url, object_string, config_timer_user_name, config_timer_password); var responseFromServer = await user_curl.executeAsync(); user_save_result = Newtonsoft.Json.JsonConvert.DeserializeObject <mmria.common.model.couchdb.document_put_response>(responseFromServer); } catch (Exception ex) { Console.WriteLine(ex); } } //create login session if (user_save_result == null || user_save_result.ok) { var session_data = new System.Collections.Generic.Dictionary <string, string>(StringComparer.InvariantCultureIgnoreCase); session_data["access_token"] = access_token; session_data["refresh_token"] = refresh_token; session_data["expires_at"] = unix_time.ToString(); await create_user_principal(user.name, new List <string>(), unix_time.DateTime); var Session_Event_Message = new mmria.server.model.actor.Session_Event_Message ( DateTime.Now, user.name, this.GetRequestIP(), mmria.server.model.actor.Session_Event_Message.Session_Event_Message_Action_Enum.successful_login ); _actorSystem.ActorOf(Props.Create <mmria.server.model.actor.Record_Session_Event>()).Tell(Session_Event_Message); var Session_Message = new mmria.server.model.actor.Session_Message ( Guid.NewGuid().ToString(), //_id = null, //_rev = DateTime.Now, //date_created = DateTime.Now, //date_last_updated = null, //date_expired = true, //is_active = user.name, //user_id = this.GetRequestIP(), //ip = Session_Event_Message._id, // session_event_id = session_data ); _actorSystem.ActorOf(Props.Create <mmria.server.model.actor.Post_Session>()).Tell(Session_Message); Response.Cookies.Append("sid", Session_Message._id); Response.Cookies.Append("expires_at", unix_time.ToString()); //return RedirectToAction("Index", "HOME"); //return RedirectToAction("Index", "HOME"); } return(RedirectToAction("Index", "HOME")); // Generate JWT for token request //var cert = new X509Certificate2(Server.MapPath("~/App_Data/cert.pfx"), "1234"); /* * var cert = new X509Certificate2(); * var signingCredentials = new SigningCredentials(new X509SecurityKey(cert), SecurityAlgorithms.RsaSha256); * var header = new JwtHeader(signingCredentials); * * var header = new JwtHeader(); * var payload = new JwtPayload * { * {"iss", sams_client_id}, * {"sub", sams_client_id}, * {"aud", $"{sams_endpoint_token}"}, * {"jti", Guid.NewGuid().ToString("N")}, * {"exp", (int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds + 5 * 60} * }; * var securityToken = new JwtSecurityToken(header, payload); * var handler = new JwtSecurityTokenHandler(); * var tokenString = handler.WriteToken(securityToken); * * // Send POST to make token request * using (var wb = new WebClient()) * { * var data = new NameValueCollection(); * data["client_assertion"] = tokenString; * data["client_assertion_type"] = HttpUtility.HtmlEncode("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); * data["code"] = code; * data["grant_type"] = "authorization_code"; * * //var response = wb.UploadValues($"{IdpUrl}/api/openid_connect/token", "POST", data); * var response = wb.UploadValues($"{sams_endpoint_token}", "POST", data); * * var responseString = Encoding.ASCII.GetString(response); * dynamic tokenResponse = JObject.Parse(responseString); * * var token = handler.ReadToken((String)tokenResponse.id_token) as JwtSecurityToken; * var userId = token.Claims.First(c => c.Type == "sub").Value; * var userEmail = token.Claims.First(c => c.Type == "email").Value; * * TempData["id"] = userId; * TempData["email"] = userEmail; * //return RedirectToAction("Index", "HOME"); * return RedirectToAction("Index", "HOME"); * }*/ }
public async System.Threading.Tasks.Task <mmria.common.model.couchdb.document_put_response> Post([FromBody] ApplicationUser user) { //bool valid_login = false; string object_string = null; mmria.common.model.couchdb.document_put_response result = new mmria.common.model.couchdb.document_put_response(); var userName = User.Identities.First( u => u.IsAuthenticated && u.HasClaim(c => c.Type == ClaimTypes.Name)).FindFirst(ClaimTypes.Name).Value; /* */ try { string user_db_url = Program.config_couchdb_url + "/_users/org.couchdb.user:"******"GET", null, user_db_url, object_string, Program.config_timer_user_name, Program.config_timer_password); var responseFromServer = await user_curl.executeAsync(); var user_object = Newtonsoft.Json.JsonConvert.DeserializeObject <mmria.common.model.couchdb.user>(responseFromServer); if ( user_object == null || !user.UserName.Equals(userName, StringComparison.OrdinalIgnoreCase) ) { return(null); } user_object.password = user.Password; Newtonsoft.Json.JsonSerializerSettings settings = new Newtonsoft.Json.JsonSerializerSettings(); settings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore; object_string = Newtonsoft.Json.JsonConvert.SerializeObject(user_object, settings); user_curl = new cURL("PUT", null, user_db_url, object_string, Program.config_timer_user_name, Program.config_timer_password); responseFromServer = await user_curl.executeAsync(); result = Newtonsoft.Json.JsonConvert.DeserializeObject <mmria.common.model.couchdb.document_put_response>(responseFromServer); if (result.ok) { var Session_Event_Message = new mmria.server.model.actor.Session_Event_Message ( DateTime.Now, userName, _accessor.HttpContext.Connection.RemoteIpAddress.ToString(), mmria.server.model.actor.Session_Event_Message.Session_Event_Message_Action_Enum.password_changed ); _actorSystem.ActorOf(Props.Create <mmria.server.model.actor.Record_Session_Event>()).Tell(Session_Event_Message); } } catch (Exception ex) { Console.WriteLine(ex); } return(result); }