private async Task <Entities.User> AutoProvisionWindowsUser(string provider, string providerUserId, IEnumerable <Claim> claims) { if (_windowsKeyMap.ContainsKey(providerUserId)) { // find matching user var existingUser = await _localUserService.GetUserBySubjectAsync(_windowsKeyMap[providerUserId]); if (existingUser != null) { await _localUserService.AddExternalProviderToUser( existingUser.Subject, provider, providerUserId); await _localUserService.SaveChangesAsync(); return(existingUser); } } var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId, new List <Claim>()); await _localUserService.SaveChangesAsync(); return(user); }
public async Task <IActionResult> CallbackLink() { // read external identity from the temporary cookie var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme); if (result?.Succeeded != true) { throw new Exception("External authentication error"); } if (_logger.IsEnabled(LogLevel.Debug)) { var externalClaims = result.Principal.Claims.Select(c => $"{c.Type}: {c.Value}"); _logger.LogDebug("External claims: {@claims}", externalClaims); } // lookup our user and external provider info var(provider, providerUserId, claims) = await FindFromExternalProvider(result); if (HttpContext.User.Identity.IsAuthenticated) { var subject = HttpContext.User.Claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject); try { await _localUserService.AddExternalProviderToUser( subject.Value, provider, providerUserId); await _localUserService.SaveChangesAsync(); } catch (DbUpdateException e) { Debug.WriteLine(e.Message); } } // delete temporary cookie used during external authentication await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme); // retrieve return URL var returnUrl = Base64UrlEncoder.Decode(result.Properties.Items["returnUrl"]) ?? "~/"; // check if external login is in the context of an OIDC request var context = await _interaction.GetAuthorizationContextAsync(returnUrl); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", returnUrl)); } } return(Redirect(returnUrl)); }
public async Task <IActionResult> ActivateUser(string securityCode) { if (await _localUserService.ActivateUser(securityCode)) { ViewData["Message"] = "Your account was successfully activated. " + "Navigate to your client application to log in"; } else { ViewData["Message"] = "Your account could not be activated. " + "Please contact your administrator"; } await _localUserService.SaveChangesAsync(); return(View()); }
public async Task <IActionResult> RegisterForMfa( RegisterForMfaViewModel model) { if (ModelState.IsValid) { // read identity from the temporary cookie var resultIdent = await HttpContext.AuthenticateAsync("idsrv.mfa"); if (resultIdent?.Succeeded != true) { throw new Exception("MFA authentication error"); } var subject = resultIdent.Principal.FindFirst(JwtClaimTypes.Subject)?.Value; if (await _localUserService.AddUserSecret(subject, "TOTP", model.Secret)) { await _localUserService.SaveChangesAsync(); return(Redirect(model.ReturnUrl)); } else { throw new Exception("MFA registration error"); } } return(View(model)); }
private async Task <User> AutoProvisionUser(string provider, string providerUserId, IEnumerable <Claim> claims) { var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId, claims.ToList()); await _localUserService.SaveChangesAsync(); return(user); }
public async Task <IActionResult> RequestPassword(RequestPasswordViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var securityCode = await _localUserService.InitiatePasswordResetRequest(model.Email); await _localUserService.SaveChangesAsync(); // create an activation link var link = Url.ActionLink("ResetPassword", "PasswordReset", new { securityCode }); Debug.WriteLine(link); return(View("PasswordResetRequestSent")); }
private async Task <User> AutoProvisionUser(string provider, string providerUserId, IEnumerable <Claim> claims) { var mappedClaims = new List <Claim>(); foreach (var claim in claims) { if (_facebookClaimTypeMap.ContainsKey(claim.Type)) { mappedClaims.Add(new Claim(_facebookClaimTypeMap[claim.Type], claim.Value)); } } //var user = _users.AutoProvisionUser(provider, providerUserId, claims.ToList()); var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId, mappedClaims); await _localUserService.SaveChangesAsync(); return(user); }
private async Task <Rekommend.IDP.Entities.User> AutoProvisionUser(string provider, string providerUserId, IEnumerable <Claim> claims) { var mappedClaims = new List <Claim>(); // map the claims and ignore those for which no mapping exists foreach (var claim in claims) { if (_facebookClaimTypeMap.ContainsKey(claim.Type)) { mappedClaims.Add(new Claim(_facebookClaimTypeMap[claim.Type], claim.Value)); } } var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId, mappedClaims); await _localUserService.SaveChangesAsync(); return(user); }
public async Task <IActionResult> RegisterForMfa( RegisterForMfaViewModel model) { if (ModelState.IsValid) { var subject = User.FindFirst(JwtClaimTypes.Subject)?.Value; if (await _localUserService.AddUserSecret(subject, "TOTP", model.Secret)) { await _localUserService.SaveChangesAsync(); return(Redirect("~/")); } else { throw new Exception("MFA registration error"); } } return(View(model)); }