예제 #1
0
        /// <summary>
        ///     Authenticates the specified user.
        /// </summary>
        /// <param name="context">The context.</param>
        /// <returns></returns>
        public async Task Consume(ConsumeContext <IAuthenticateUser> context)
        {
            var checkResult = await _checkCredentialsRequest.Request(new CheckCredentials(context.Message.UserName, context.Message.Password));

            if (!checkResult.Valid)
            {
                await context.RespondAsync(AuthenticateUserResult.Failed());

                return;
            }

            var user  = checkResult.User;
            var roles = new List <string>();

            // select delegated privileges
            var delegatedRights = _databaseContext.DelegatedRights.Filter(x => x.Grantee == user.UserName);
            var onBehalfOf      = delegatedRights.Select(x => x.Grantor).ToArray();


            // add manager role
            if (user.IsManager || onBehalfOf.Length > 0)
            {
                roles.Add(WellKnownRoles.Manager);
            }

            /* IMPORTANT NOTE:
             * This is a temporary solution. User group name cannot be hardcoded.
             * We should provide a feature that allows to map User Groups to the application roles.
             * But this is postponded, because of time limit.
             */
            var userGroups = user.Groups;

            if (userGroups.Any(x => x.DisplayName == "Access Control Clients"))
            {
                roles.Add(WellKnownRoles.ClientService);
            }

            // create a ticket
            var ticket          = new Ticket(user, roles.ToArray(), onBehalfOf);
            var encryptedTicket = _encryptor.Encrypt(ticket);
            await context.RespondAsync(new AuthenticateUserResult(true, encryptedTicket, user));
        }
예제 #2
0
        public async Task <ICommandResult> Handle(AuthenticateCommand command)
        {
            ICommandResult result = null;

            try
            {
                var user = await _userRepository.Authenticate(command.Username, command.Password);

                if (user != null)
                {
                    result = new AuthenticateUserResult()
                    {
                        User  = new UserDTO(user.Id, user.Username),
                        Token = GetToken(user)
                    };
                }
            }
            catch (Exception ex)
            {
                AddNotification("AuthenticateCommand", ex.Message);
            }

            return(result);
        }
예제 #3
0
        public async Task <IActionResult> Callback(CancellationToken cancellationToken)
        {
            // read external identity from the temporary cookie
            AuthenticateResult result = await HttpContext.AuthenticateAsync(
                IdentityServerConstants.ExternalCookieAuthenticationScheme);

            if (result?.Succeeded != true)
            {
                throw new Exception("External authentication error");
            }

            AuthenticateExternalUserRequest?authRequest = CreateAuthRequest(result);

            AuthenticateUserResult authResult = await _userAccountService.AuthenticateExternalUserAsync(
                authRequest,
                cancellationToken);

            if (authResult.Success)
            {
                var additionalLocalClaims = new List <Claim>();
                var localSignInProps      = new AuthenticationProperties();
                ProcessLoginCallback(result, additionalLocalClaims, localSignInProps);

                // issue authentication cookie for user
                var isuser = new IdentityServerUser(authResult.User !.Id.ToString("N"))
                {
                    DisplayName      = authResult.User.Name,
                    IdentityProvider = authRequest.Provider,
                    AdditionalClaims = additionalLocalClaims
                };

                await HttpContext.SignInAsync(isuser, localSignInProps);

                // delete temporary cookie used during external authentication
                await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);

                // retrieve return URL
                var returnUrl = result.Properties.Items["returnUrl"] ?? "~/";

                // check if external login is in the context of an OIDC request
                AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(returnUrl);

                await _events.RaiseAsync(new UserLoginSuccessEvent(
                                             authRequest.Provider,
                                             authRequest.UserIdentifier,
                                             authResult.User.Id.ToString("N"),
                                             authResult.User.Name,
                                             true,
                                             context?.Client.ClientId));

                if (context != null)
                {
                    if (context.IsNativeClient())
                    {
                        // The client is native, so this change in how to
                        // return the response is for better UX for the end user.
                        return(this.LoadingPage("Redirect", returnUrl));
                    }
                }

                return(Redirect(returnUrl));
            }
            else
            {
                var returnUrl = result.Properties.Items["returnUrl"] ?? "~/";

                // check if external login is in the context of an OIDC request
                AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(returnUrl);

                var vm = new UserNotFoundViewModel
                {
                    Provider = authRequest.Provider,
                    BackUrl  = context?.RedirectUri ?? "/"
                };

                return(View("UserNotFound", vm));
            }
        }