public async Task ValidateAsync(CookieValidatePrincipalContext context) { var authChanges = new AuthChanges(); var extraContext = context.HttpContext.RequestServices.GetRequiredService <ExtraAuthorizeDbContext>(); var newClaims = new List <Claim>(); var originalClaims = context.Principal.Claims.ToList(); if (originalClaims.All(x => x.Type != PermissionConstants.PackedPermissionClaimType) || authChanges.IsOutOfDateOrMissing(AuthChangesConsts.FeatureCacheKey, originalClaims.SingleOrDefault(x => x.Type == PermissionConstants.LastPermissionsUpdatedClaimType)?.Value, extraContext)) { var rtoPCalcer = new CalcAllowedPermissions(extraContext); var dataKeyCalc = new CalcDataKey(extraContext); //Handle the feature permissions var userId = originalClaims.GetUserIdFromClaims(); newClaims.AddRange(await BuildFeatureClaimsAsync(userId, rtoPCalcer)); newClaims.AddRange(BuildDataClaims(userId, dataKeyCalc)); //Something has changed so we replace the current ClaimsPrincipal with a new one newClaims.AddRange(RemoveUpdatedClaimsFromOriginalClaims(originalClaims, newClaims)); //Copy over unchanged claims //Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal var identity = new ClaimsIdentity(newClaims, "Cookie"); var newPrincipal = new ClaimsPrincipal(identity); context.ReplacePrincipal(newPrincipal); //THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request context.ShouldRenew = true; } }
public async Task ValidateAsync(CookieValidatePrincipalContext context) { if (context.Principal.Claims.Any(x => x.Type == PermissionConstants.PackedPermissionClaimType)) { return; } //No permissions in the claims, so we need to add it. This is only happen once after the user has logged in var dbContext = context.HttpContext.RequestServices.GetRequiredService <ExtraAuthorizeDbContext>(); var rtoPCalcer = new CalcAllowedPermissions(dbContext); var claims = new List <Claim>(); claims.AddRange(context.Principal.Claims); //Copy over existing claims //Now calculate the Permissions Claim value and add it claims.Add(new Claim(PermissionConstants.PackedPermissionClaimType, await rtoPCalcer.CalcPermissionsForUserAsync(context.Principal.Claims.GetUserIdFromClaims()))); //Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal var identity = new ClaimsIdentity(claims, "Cookie"); var newPrincipal = new ClaimsPrincipal(identity); context.ReplacePrincipal(newPrincipal); //THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request context.ShouldRenew = true; }
public async Task ValidateAsync(CookieValidatePrincipalContext context) { var originalClaims = context.Principal.Claims.ToList(); var protectionProvider = context.HttpContext.RequestServices.GetService <IDataProtectionProvider>(); var impHandler = new ImpersonationHandler(context.HttpContext, protectionProvider, originalClaims); var newClaims = new List <Claim>(); if (originalClaims.All(x => x.Type != PermissionConstants.PackedPermissionClaimType) || impHandler.ImpersonationChange) { //There is no PackedPermissionClaimType or there was a change in the impersonation state var extraContext = context.HttpContext.RequestServices.GetRequiredService <ExtraAuthorizeDbContext>(); var rtoPCalcer = new CalcAllowedPermissions(extraContext); var dataKeyCalc = new CalcDataKey(extraContext); var userId = impHandler.GetUserIdForWorkingDataKey(); newClaims.AddRange(await BuildFeatureClaimsAsync(userId, rtoPCalcer)); newClaims.AddRange(BuildDataClaims(userId, dataKeyCalc)); newClaims.AddRange(RemoveUpdatedClaimsFromOriginalClaims(originalClaims, newClaims)); //Copy over unchanged claims impHandler.AddOrRemoveImpersonationClaim(newClaims); //Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal var identity = new ClaimsIdentity(newClaims, "Cookie"); var newPrincipal = new ClaimsPrincipal(identity); context.ReplacePrincipal(newPrincipal); //THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request context.ShouldRenew = true; } }
public ProfileService(UserManager <ApplicationUser> userManager, ApplicationDbContext context) { _services = new ServiceCollection(); var sp = _services.BuildServiceProvider(); _userManager = userManager; _context = context ?? throw new ArgumentNullException(nameof(context)); _calcAllowedPermissions = new CalcAllowedPermissions(_context); }
protected override async Task <ClaimsIdentity> GenerateClaimsAsync(IdentityUser user) { var identity = await base.GenerateClaimsAsync(user); var userId = identity.Claims.GetUserIdFromClaims(); var rtoPCalcer = new CalcAllowedPermissions(_extraAuthDbContext); identity.AddClaim(new Claim(PermissionConstants.PackedPermissionClaimType, await rtoPCalcer.CalcPermissionsForUserAsync(userId))); return(identity); }
private async Task <List <Claim> > BuildFeatureClaimsAsync(string userId, CalcAllowedPermissions rtoP) { var claims = new List <Claim> { new Claim(PermissionConstants.PackedPermissionClaimType, await rtoP.CalcPermissionsForUserAsync(userId)), new Claim(PermissionConstants.LastPermissionsUpdatedClaimType, DateTime.UtcNow.Ticks.ToString()) }; return(claims); }
private async Task <ClaimsIdentity> SetupUserClaimsAsync(IServiceCollection services, ApplicationUser userDetails) { BiddingContext dbContext = services.BuildServiceProvider().GetService <BiddingContext>(); var rtoPCalcer = new CalcAllowedPermissions(dbContext); List <Claim> claims = new List <Claim> { new Claim( type: PermissionConstants.UserIdClaimType, value: userDetails.Id.ToString(), valueType: ClaimValueTypes.Integer, issuer: "Bidding" ), new Claim( type: PermissionConstants.PackedPermissionClaimType, value: await rtoPCalcer.CalcPermissionsForUserAsync(userDetails.Id).ConfigureAwait(true) ) }; return(new ClaimsIdentity(claims)); }
public async Task TestCalcPermissionsForUserAsyncWithModule() { //SETUP var fakeAuthChanges = new FakeAuthChanges(); var options = SqliteInMemory.CreateOptions <ExtraAuthorizeDbContext>(); using (var context = new ExtraAuthorizeDbContext(options, fakeAuthChanges)) { context.Database.EnsureCreated(); context.SeedUserWithDefaultPermissions(PaidForModules.Feature1); var calc = new CalcAllowedPermissions(context); //ATTEMPT var packedP = await calc.CalcPermissionsForUserAsync("userId"); //VERIFY packedP.UnpackPermissionsFromString().ShouldEqual(new List <Permissions> { Permissions.StockRead, Permissions.Feature1Access }); } }
public AuthCookieValidate(CalcAllowedPermissions rtoPCalcer) { _rtoPCalcer = rtoPCalcer; }