public IHttpActionResult LoginExternal(string signin, string provider) { Logger.InfoFormat("External login requested for provider: {0}", provider); if (provider.IsMissing()) { Logger.Error("No provider passed"); return(RenderErrorPage()); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new MessageCookie <SignInMessage>(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } var ctx = Request.GetOwinContext(); var authProp = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = Url.Route(Constants.RouteNames.LoginExternalCallback, null) }; // add the id to the dictionary so we can recall the cookie id on the callback authProp.Dictionary.Add("signin", signin); Request.GetOwinContext().Authentication.Challenge(authProp, provider); return(Unauthorized()); }
public async Task <IHttpActionResult> LoginLocal(string signin, LoginCredentials model) { Logger.Info("Login page submitted"); if (this._options.AuthenticationOptions.EnableLocalLogin == false) { Logger.Warn("EnableLocalLogin disabled -- returning 405 MethodNotAllowed"); return(StatusCode(HttpStatusCode.MethodNotAllowed)); } if (signin.IsMissing()) { Logger.Error("No signin id passed"); return(RenderErrorPage()); } var cookie = new MessageCookie <SignInMessage>(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signin); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } if (model == null) { Logger.Error("no data submitted"); return(await RenderLoginPage(signInMessage, signin, Messages.InvalidUsernameOrPassword)); } // the browser will only send 'true' if ther user has checked the checkbox // it will pass nothing if the user does not check the checkbox // this check here is to establish if the user deliberatly did not check the checkbox // or if the checkbox was not presented as an option (and thus AllowRememberMe is not allowed) // true means they did check it, false means they did not, null means they were not presented with the choice if (_options.AuthenticationOptions.CookieOptions.AllowRememberMe) { if (model.RememberMe != true) { model.RememberMe = false; } } else { model.RememberMe = null; } if (!ModelState.IsValid) { Logger.Warn("validation error: username or password missing"); return(await RenderLoginPage(signInMessage, signin, ModelState.GetError(), model.Username, model.RememberMe == true)); } var authResult = await _userService.AuthenticateLocalAsync(model.Username, model.Password, signInMessage); if (authResult == null) { Logger.WarnFormat("user service indicated incorrect username or password for username: {0}", model.Username); return(await RenderLoginPage(signInMessage, signin, Messages.InvalidUsernameOrPassword, model.Username, model.RememberMe == true)); } if (authResult.IsError) { Logger.WarnFormat("user service returned an error message: {0}", authResult.ErrorMessage); return(await RenderLoginPage(signInMessage, signin, authResult.ErrorMessage, model.Username, model.RememberMe == true)); } return(SignInAndRedirect(signInMessage, signin, authResult, model.RememberMe)); }
public async Task <IHttpActionResult> ResumeLoginFromRedirect(string resume) { Logger.Info("Callback requested to resume login from partial login"); if (resume.IsMissing()) { Logger.Error("no resumeId passed"); return(RenderErrorPage()); } var user = await GetIdentityFromPartialSignIn(); if (user == null) { Logger.Error("no identity from partial login"); return(RenderErrorPage()); } var type = GetClaimTypeForResumeId(resume); var resumeClaim = user.FindFirst(type); if (resumeClaim == null) { Logger.Error("no claim matching resumeId"); return(RenderErrorPage()); } var signInId = resumeClaim.Value; if (signInId.IsMissing()) { Logger.Error("No signin id found in resume claim"); return(RenderErrorPage()); } var cookie = new MessageCookie <SignInMessage>(Request.GetOwinContext(), this._options); var signInMessage = cookie.Read(signInId); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } AuthenticateResult result = null; var externalProviderClaim = user.FindFirst(Constants.ClaimTypes.ExternalProviderUserId); if (externalProviderClaim == null) { // the user/subject was known, so pass thru (without the redirect claims) user.RemoveClaim(user.FindFirst(Constants.ClaimTypes.PartialLoginReturnUrl)); user.RemoveClaim(user.FindFirst(GetClaimTypeForResumeId(resume))); result = new AuthenticateResult(new ClaimsPrincipal(user)); } else { // the user was not known, we need to re-execute AuthenticateExternalAsync // to obtain a subject to proceed var provider = externalProviderClaim.Issuer; var providerId = externalProviderClaim.Value; var externalId = new ExternalIdentity() { Provider = new IdentityProvider { Name = provider }, ProviderId = providerId, Claims = user.Claims }; result = await _userService.AuthenticateExternalAsync(externalId); if (result == null) { Logger.Warn("user service failed to authenticate external identity"); return(await RenderLoginPage(signInMessage, signInId, Messages.NoMatchingExternalAccount)); } if (result.IsError) { Logger.WarnFormat("user service returned error message: {0}", result.ErrorMessage); return(await RenderLoginPage(signInMessage, signInId, result.ErrorMessage)); } } return(SignInAndRedirect(signInMessage, signInId, result)); }