/// <summary> /// This configures Cookies for authentication and adds the feature and data claims to the user. /// There are two approaches: /// 1. One that allows logged in user's permissions to updated when the Roles/Permissions are changed. /// 2. A simpler/better performance way to set up permissions, but doesn't support dynamic updates of logged in user's permissions /// </summary> /// <param name="services"></param> /// <param name="updateCookieOnChange">if false then uses simple method to set up the claims, /// otherwise uses OnValidatePrincipal to allow the claims to be changed.</param> public static void ConfigureCookiesForExtraAuth(this IServiceCollection services, bool updateCookieOnChange) { if (updateCookieOnChange) { services.AddSingleton <IAuthChanges, AuthChanges>(); //User impersonation needs the encryption services provided by AddDataProtection services.AddDataProtection(); var sp = services.BuildServiceProvider(); var extraAuthContextOptions = sp.GetRequiredService <DbContextOptions <ExtraAuthorizeDbContext> >(); var protectionProvider = sp.GetService <IDataProtectionProvider>(); //NOTE: This can be null, which turns off impersonation var authCookieValidate = new AuthCookieValidate(extraAuthContextOptions, protectionProvider); var authCookieSigningOut = new AuthCookieSigningOut(); //see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1#cookie-settings services.ConfigureApplicationCookie(options => { options.Events.OnValidatePrincipal = authCookieValidate.ValidateAsync; //This ensures the impersonation cookie is deleted when a user signs out options.Events.OnSigningOut = authCookieSigningOut.SigningOutAsync; }); } else { services.AddSingleton <IAuthChanges>(x => null); //This will turn off the checks in the ExtraAuthDbContext //Simple version - see https://korzh.com/blogs/net-tricks/aspnet-identity-store-user-data-in-claims services.AddScoped <IUserClaimsPrincipalFactory <IdentityUser>, AddPermissionsToUserClaims>(); } }
/// <summary> /// This configures Cookies for authentication and adds the feature and data claims to the user /// </summary> /// <param name="services"></param> /// <param name="updateCookieOnChange">if false then uses simple method to set up the claims, /// otherwise uses OnValidatePrincipal to allow the claims to be changed.</param> public static void ConfigureCookiesForExtraAuth(this IServiceCollection services, bool updateCookieOnChange) { if (updateCookieOnChange) { var sp = services.BuildServiceProvider(); var extraAuthContextOptions = sp.GetRequiredService <DbContextOptions <ExtraAuthorizeDbContext> >(); var simpleCache = sp.GetRequiredService <ISimpleTimeCache>(); //TODO add update on feature change to AuthCookieValidate var authCookieValidate = new AuthCookieValidate( new CalcAllowedPermissions(extraAuthContextOptions), new CalcDataKey(extraAuthContextOptions), simpleCache); //see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1#cookie-settings services.ConfigureApplicationCookie(options => { options.Events.OnValidatePrincipal = authCookieValidate.ValidateAsync; }); } else { //Simple version - see https://korzh.com/blogs/net-tricks/aspnet-identity-store-user-data-in-claims services.AddScoped <IUserClaimsPrincipalFactory <IdentityUser>, AddPermissionsToUserClaims>(); } }
/// <summary> /// This configures Cookies for authentication and adds the feature and data claims to the user. /// There are two approaches: /// 1. One that allows logged in user's permissions to updated when the Roles/Permissions are changed. /// 2. A simpler/better performance way to set up permissions, but doesn't support dynamic updates of logged in user's permissions /// </summary> /// <param name="services"></param> /// <param name="updateCookieOnChange">if false then uses simple method to set up the claims, /// otherwise uses OnValidatePrincipal to allow the claims to be changed.</param> public static void ConfigureCookiesForExtraAuth(this IServiceCollection services, bool updateCookieOnChange) { if (updateCookieOnChange) { services.AddSingleton <IAuthChanges, AuthChanges>(); var sp = services.BuildServiceProvider(); var extraAuthContextOptions = sp.GetRequiredService <DbContextOptions <ExtraAuthorizeDbContext> >(); var authCookieValidate = new AuthCookieValidate(extraAuthContextOptions); //see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1#cookie-settings services.ConfigureApplicationCookie(options => { options.Events.OnValidatePrincipal = authCookieValidate.ValidateAsync; }); } else { services.AddSingleton <IAuthChanges>(x => null); //This will turn off the checks in the ExtraAuthDbContext //Simple version - see https://korzh.com/blogs/net-tricks/aspnet-identity-store-user-data-in-claims services.AddScoped <IUserClaimsPrincipalFactory <IdentityUser>, AddPermissionsToUserClaims>(); } }