public static ClaimsIdentity InitAuth(CookieResponseSignInContext ctx) { var ident = ctx.Identity; var hctx = (HttpContextWrapper) ctx.Request.Environment.Single(e => e.Key == "System.Web.HttpContextBase").Value; var wutContext = DependencyResolver.Current.GetService <WutNuContext>(); return(InitAuth(ident, hctx, wutContext)); }
private ChatUser GetLoggedInUser(CookieResponseSignInContext context) { var principal = context.Request.User as ClaimsPrincipal; if (principal != null) { return(_repository.GetLoggedInUser(principal)); } return(null); }
public static ClaimsIdentity InitAuth(CookieResponseSignInContext ctx) { var ident = ctx.Identity; var hctx = (HttpContextWrapper) ctx.Request.Environment.Single(e => e.Key == "System.Web.HttpContextBase").Value; var initResults = InitAuth(ident, hctx); return(initResults); }
public void ResponseSignIn(CookieResponseSignInContext context) { if (context.Identity.HasClaim(c => c.Type == SPAddinClaimTypes.SPAddinAuthentication) && !context.Identity.HasClaim(c => c.Type == SPAddinClaimTypes.ShortHandUrl)) { var hostUrl = context.Identity.FindFirst(SPAddinClaimTypes.SPHostUrl).Value; var navigationManager = new NavigationManager(context.OwinContext); var host = navigationManager.EnsureHostByUrl(hostUrl); context.Identity.AddClaim(new Claim(SPAddinClaimTypes.ShortHandUrl, host.ShortHandUrl)); } }
public override void ResponseSignIn(CookieResponseSignInContext context) { if (context.Identity is UmbracoBackOfficeIdentity backOfficeIdentity) { //generate a session id and assign it //create a session token - if we are configured and not in an upgrade state then use the db, otherwise just generate one var session = _runtimeState.Level == RuntimeLevel.Run ? _userService.CreateLoginSession(backOfficeIdentity.Id, context.OwinContext.GetCurrentRequestIpAddress()) : Guid.NewGuid(); backOfficeIdentity.SessionId = session.ToString(); } base.ResponseSignIn(context); }
public override void ResponseSignIn(CookieResponseSignInContext context) { if (context.Identity is UmbracoBackOfficeIdentity backOfficeIdentity) { //generate a session id and assign it //create a session token - if we are configured and not in an upgrade state then use the db, otherwise just generate one var session = _runtimeState.Level == RuntimeLevel.Run ? _userService.CreateLoginSession(backOfficeIdentity.Id, context.OwinContext.GetCurrentRequestIpAddress()) : Guid.NewGuid(); backOfficeIdentity.SessionId = session.ToString(); //since it is a cookie-based authentication add that claim backOfficeIdentity.AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, UmbracoBackOfficeIdentity.Issuer, UmbracoBackOfficeIdentity.Issuer, backOfficeIdentity)); } base.ResponseSignIn(context); }
private static void AddClaim(CookieResponseSignInContext context, ChatUser user) { // Do nothing if the user is banned if (user.IsBanned) { return; } // Add the jabbr id claim context.Identity.AddClaim(new Claim(JabbRClaimTypes.Identifier, user.Id)); // Add the admin claim if the user is an Administrator if (user.IsAdmin) { context.Identity.AddClaim(new Claim(JabbRClaimTypes.Admin, "true")); } EnsurePersistentCookie(context); }
public override void ResponseSignIn(CookieResponseSignInContext context) { var principle = new ClaimsPrincipal(context.Identity); var pictureClaim = principle.FindFirst("profilePicture"); var idClaim = principle.FindFirst(ClaimTypes.NameIdentifier); var nameClaim = principle.FindFirst(ClaimTypes.Name); var emailClaim = principle.FindFirst(ClaimTypes.Email); var id = idClaim == null ? Guid.NewGuid().ToString() : idClaim.Value; var name = nameClaim == null ? "unknown" : System.Net.WebUtility.HtmlEncode(nameClaim.Value); var photo = pictureClaim != null ? pictureClaim.Value : GetPhotoUrl(emailClaim == null ? "" : emailClaim.Value); var rc = new RegisteredClient() { Identity = id, DisplayName = name, Photo = photo }; SetState(rc, context.Response); }
public override void ResponseSignIn(CookieResponseSignInContext context) { var backOfficeIdentity = context.Identity as UmbracoBackOfficeIdentity; if (backOfficeIdentity != null) { //generate a session id and assign it //create a session token - if we are configured and not in an upgrade state then use the db, otherwise just generate one //NOTE - special check because when we are upgrading to 7.8 we cannot create a session since the db isn't ready and we'll get exceptions var canAcquireSession = _appCtx.IsUpgrading == false || _appCtx.CurrentVersion() >= MinUmbracoVersionSupportingLoginSessions; var session = canAcquireSession ? _appCtx.Services.UserService.CreateLoginSession((int)backOfficeIdentity.Id, context.OwinContext.GetCurrentRequestIpAddress()) : Guid.NewGuid(); backOfficeIdentity.UserData.SessionId = session.ToString(); } base.ResponseSignIn(context); }
public override void ResponseSignIn(CookieResponseSignInContext context) { var principle = new ClaimsPrincipal(context.Identity); var pictureClaim = principle.FindFirst("profilePicture"); var idClaim = principle.FindFirst(ClaimTypes.NameIdentifier); var nameClaim = principle.FindFirst(ClaimTypes.Name); var emailClaim = principle.FindFirst(ClaimTypes.Email); var id = idClaim == null?Guid.NewGuid().ToString() : idClaim.Value; var name = nameClaim == null ? "unknown" : System.Net.WebUtility.HtmlEncode(nameClaim.Value); var photo = pictureClaim != null ? pictureClaim.Value : GetPhotoUrl(emailClaim == null ? "" : emailClaim.Value); var rc = new RegisteredClient() { Identity = id, DisplayName = name, Photo = photo }; SetState(rc, context.Response); }
/// <summary> /// Applies grants to the response /// </summary> /// <returns></returns> protected override async Task ApplyResponseGrantAsync() { AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType); bool shouldSignin = signin != null; AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode); bool shouldSignout = signout != null; if (!(shouldSignin || shouldSignout || _shouldRenew)) { return; } AuthenticationTicket model = await AuthenticateAsync(); try { var cookieOptions = new CookieOptions { Domain = Options.CookieDomain, HttpOnly = Options.CookieHttpOnly, Path = Options.CookiePath ?? "/", }; if (Options.CookieSecure == CookieSecureOption.SameAsRequest) { cookieOptions.Secure = Request.IsSecure; } else { cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always; } if (shouldSignin) { var signInContext = new CookieResponseSignInContext( Context, Options, Options.AuthenticationType, signin.Identity, signin.Properties, cookieOptions); DateTimeOffset issuedUtc; if (signInContext.Properties.IssuedUtc.HasValue) { issuedUtc = signInContext.Properties.IssuedUtc.Value; } else { issuedUtc = Options.SystemClock.UtcNow; signInContext.Properties.IssuedUtc = issuedUtc; } if (!signInContext.Properties.ExpiresUtc.HasValue) { signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan); } Options.Provider.ResponseSignIn(signInContext); if (signInContext.Properties.IsPersistent) { DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan); signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime; } model = new AuthenticationTicket(signInContext.Identity, signInContext.Properties); if (Options.SessionStore != null) { if (_sessionKey != null) { await Options.SessionStore.RemoveAsync(_sessionKey); } _sessionKey = await Options.SessionStore.StoreAsync(model); ClaimsIdentity identity = new ClaimsIdentity( new[] { new Claim(SessionIdClaim, _sessionKey) }, Options.AuthenticationType); model = new AuthenticationTicket(identity, null); } string cookieValue = Options.TicketDataFormat.Protect(model); Options.CookieManager.AppendResponseCookie( Context, Options.CookieName, cookieValue, signInContext.CookieOptions); var signedInContext = new CookieResponseSignedInContext( Context, Options, Options.AuthenticationType, signInContext.Identity, signInContext.Properties); Options.Provider.ResponseSignedIn(signedInContext); } else if (shouldSignout) { if (Options.SessionStore != null && _sessionKey != null) { await Options.SessionStore.RemoveAsync(_sessionKey); } var context = new CookieResponseSignOutContext( Context, Options, cookieOptions); Options.Provider.ResponseSignOut(context); Options.CookieManager.DeleteCookie( Context, Options.CookieName, context.CookieOptions); } else if (_shouldRenew && model.Identity != null) { model.Properties.IssuedUtc = _renewIssuedUtc; model.Properties.ExpiresUtc = _renewExpiresUtc; if (Options.SessionStore != null && _sessionKey != null) { await Options.SessionStore.RenewAsync(_sessionKey, model); ClaimsIdentity identity = new ClaimsIdentity( new[] { new Claim(SessionIdClaim, _sessionKey) }, Options.AuthenticationType); model = new AuthenticationTicket(identity, null); } string cookieValue = Options.TicketDataFormat.Protect(model); if (model.Properties.IsPersistent) { cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime; } Options.CookieManager.AppendResponseCookie( Context, Options.CookieName, cookieValue, cookieOptions); } Response.Headers.Set( HeaderNameCacheControl, HeaderValueNoCache); Response.Headers.Set( HeaderNamePragma, HeaderValueNoCache); Response.Headers.Set( HeaderNameExpires, HeaderValueMinusOne); bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath; bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath; if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200) { IReadableStringCollection query = Request.Query; string redirectUri = query.Get(Options.ReturnUrlParameter); if (!string.IsNullOrWhiteSpace(redirectUri) && IsHostRelative(redirectUri)) { var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri); Options.Provider.ApplyRedirect(redirectContext); } } } catch (Exception exception) { CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options, CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model); Options.Provider.Exception(exceptionContext); if (exceptionContext.Rethrow) { throw; } } }
private void ResponseSignIn(CookieResponseSignInContext context) { context.Options.CookieDomain = context.Request.Uri.Host; }
protected override async Task HandleSignInAsync(SignInContext signin) { var ticket = await EnsureCookieTicket(); try { var tenantResolver = tenantResolverFactory.GetResolver(); var cookieOptions = BuildCookieOptions(); //var signInContext = new CookieResponseSignInContext( // Context, // Options, // Options.AuthenticationScheme, // signin.Principal, // new AuthenticationProperties(signin.Properties), // cookieOptions); var signInContext = new CookieResponseSignInContext( Context, Options, tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme), signin.Principal, new AuthenticationProperties(signin.Properties), cookieOptions); DateTimeOffset issuedUtc; if (signInContext.Properties.IssuedUtc.HasValue) { issuedUtc = signInContext.Properties.IssuedUtc.Value; } else { issuedUtc = Options.SystemClock.UtcNow; signInContext.Properties.IssuedUtc = issuedUtc; } if (!signInContext.Properties.ExpiresUtc.HasValue) { signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan); } Options.Notifications.ResponseSignIn(signInContext); if (signInContext.Properties.IsPersistent) { var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan); signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime; } ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme); if (Options.SessionStore != null) { if (_sessionKey != null) { await Options.SessionStore.RemoveAsync(_sessionKey); } _sessionKey = await Options.SessionStore.StoreAsync(ticket); var principal = new ClaimsPrincipal( new ClaimsIdentity( new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) }, Options.ClaimsIssuer)); //ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme); ticket = new AuthenticationTicket(principal, null, tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme)); } //var cookieValue = Options.TicketDataFormat.Protect(ticket); var ticketDataFormet = GetTicketDataFormat(tenantResolver); var cookieValue = ticketDataFormet.Protect(ticket); //Options.CookieManager.AppendResponseCookie( // Context, // Options.CookieName, // cookieValue, // signInContext.CookieOptions); Options.CookieManager.AppendResponseCookie( Context, tenantResolver.ResolveCookieName(Options.CookieName), cookieValue, signInContext.CookieOptions); //var signedInContext = new CookieResponseSignedInContext( // Context, // Options, // Options.AuthenticationScheme, // signInContext.Principal, // signInContext.Properties); var signedInContext = new CookieResponseSignedInContext( Context, Options, tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme), signInContext.Principal, signInContext.Properties); Options.Notifications.ResponseSignedIn(signedInContext); var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath; ApplyHeaders(shouldLoginRedirect); } catch (Exception exception) { var exceptionContext = new CookieExceptionContext(Context, Options, CookieExceptionContext.ExceptionLocation.SignIn, exception, ticket); Options.Notifications.Exception(exceptionContext); if (exceptionContext.Rethrow) { throw; } } }
public void ResponseSignIn(CookieResponseSignInContext context) { _cookieAuthenticationProvider.ResponseSignIn(context); }
/// <summary> /// Implements the interface method by invoking the related delegate method /// </summary> /// <param name="context"></param> public virtual void ResponseSignIn(CookieResponseSignInContext context) { OnResponseSignIn.Invoke(context); }
public void ResponseSignIn(CookieResponseSignInContext context) { }
public void ResponseSignIn(CookieResponseSignInContext context) { var authResult = new AuthenticationResult { Success = true }; EmailUser loggedInUser = GetLoggedInUser(context); var principal = new ClaimsPrincipal(context.Identity); // Do nothing if it's authenticated if (principal.IsAuthenticated()) { EnsurePersistentCookie(context); return; } var user = GetUser(principal); authResult.ProviderName = principal.GetIdentityProvider(); // The user exists so add the claim if (user != null) { if (loggedInUser != null && user != loggedInUser) { // Set an error message authResult.Message = String.Format("This {0} account has already been linked to another user.", authResult.ProviderName); authResult.Success = false; // Keep the old user logged in context.Identity.AddClaim(new Claim(EmailRClaimTypes.Identifier, loggedInUser.Id.ToString())); } else { // Login this user AddClaim(context, user); } } else if (principal.HasRequiredClaims()) { EmailUser targetUser = null; // The user doesn't exist but the claims to create the user do exist if (loggedInUser == null) { // New user so add them user = _membershipService.AddUser(principal); targetUser = user; } else { // If the user is logged in then link _membershipService.LinkIdentity(loggedInUser, principal); _session.SaveChanges(); authResult.Message = String.Format("Successfully linked {0} account.", authResult.ProviderName); targetUser = loggedInUser; } AddClaim(context, targetUser); } else if(!principal.HasPartialIdentity()) { // A partial identity means the user needs to add more claims to login context.Identity.AddClaim(new Claim(EmailRClaimTypes.PartialIdentity, "true")); } var cookieOptions = new CookieOptions { HttpOnly = true }; context.Response.Cookies.Append(Constants.AuthResultCookie, JsonConvert.SerializeObject(authResult), cookieOptions); }
public void ResponseSignIn(CookieResponseSignInContext context) { context.OwinContext.TraceOutput.WriteLine($"ResponseSignIn {context.AuthenticationType} {context.Identity.Name}"); }
protected virtual void DoResponseSignIn(CookieResponseSignInContext context) { //AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType); var s = context.Response.StatusCode; }
private static void EnsurePersistentCookie(CookieResponseSignInContext context) { if (context.Properties == null) { context.Properties = new AuthenticationProperties(); } context.Properties.IsPersistent = true; }
public void ResponseSignIn(CookieResponseSignInContext context) { //throw new NotImplementedException(); }
private static void AddClaim(CookieResponseSignInContext context, ChatUser user) { // Do nothing if the user is banned if (user.IsBanned) { return; } // Add the jabbr id claim context.Identity.AddClaim(new Claim(JabbRClaimTypes.Identifier, user.Id)); // Add the admin claim if the user is an Administrator if (user.IsAdmin) { context.Identity.AddClaim(new Claim(JabbRClaimTypes.Admin, "true")); } EnsurePersistentCookie(context); }
private ChatUser GetLoggedInUser(CookieResponseSignInContext context) { var principal = context.Request.User as ClaimsPrincipal; if (principal != null) { return _repository.GetLoggedInUser(principal); } return null; }
private EmailUser GetLoggedInUser(CookieResponseSignInContext context) { var principal = context.Request.User as ClaimsPrincipal; if (principal != null) { var userId = principal.GetUserId(); return _session.Query<EmailUser>().SingleOrDefault(u => u.Id != null && u.Id == principal.GetUserId()); } return null; }
public override void ResponseSignIn(CookieResponseSignInContext context) { context.Options.CookiePath = TenantCookiePath(); base.ResponseSignIn(context); }
public void ResponseSignIn(CookieResponseSignInContext context) { var authResult = new AuthenticationResult { Success = true }; ChatUser loggedInUser = GetLoggedInUser(context); var principal = new ClaimsPrincipal(context.Identity); // Do nothing if it's authenticated if (principal.IsAuthenticated()) { EnsurePersistentCookie(context); return; } ChatUser user = _repository.GetUser(principal); authResult.ProviderName = principal.GetIdentityProvider(); // The user exists so add the claim if (user != null) { if (loggedInUser != null && user != loggedInUser) { // Set an error message authResult.Message = String.Format(LanguageResources.Account_AccountAlreadyLinked, authResult.ProviderName); authResult.Success = false; // Keep the old user logged in context.Identity.AddClaim(new Claim(JabbRClaimTypes.Identifier, loggedInUser.Id)); } else { // Login this user AddClaim(context, user); } } else if (principal.HasRequiredClaims()) { ChatUser targetUser = null; // The user doesn't exist but the claims to create the user do exist if (loggedInUser == null) { // New user so add them user = _membershipService.AddUser(principal); targetUser = user; } else { // If the user is logged in then link _membershipService.LinkIdentity(loggedInUser, principal); _repository.CommitChanges(); authResult.Message = String.Format(LanguageResources.Account_AccountLinkedSuccess, authResult.ProviderName); targetUser = loggedInUser; } AddClaim(context, targetUser); } else if (!principal.HasPartialIdentity()) { // A partial identity means the user needs to add more claims to login context.Identity.AddClaim(new Claim(JabbRClaimTypes.PartialIdentity, "true")); } var cookieOptions = new CookieOptions { HttpOnly = true }; context.Response.Cookies.Append(Constants.AuthResultCookie, JsonConvert.SerializeObject(authResult), cookieOptions); }
public override void ResponseSignIn(CookieResponseSignInContext context) { base.ResponseSignIn(context); }
private static void AddClaim(CookieResponseSignInContext context, EmailUser user) { // Add the jabbr id claim context.Identity.AddClaim(new Claim(EmailRClaimTypes.Identifier, user.Id.ToString())); // Add the admin claim if the user is an Administrator if (user.IsAdmin) { context.Identity.AddClaim(new Claim(EmailRClaimTypes.Admin, "true")); } EnsurePersistentCookie(context); }