public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var user = await _userRepository.GetAsync(context.UserName,
HashHelper.Sha512(context.Password));
context.AuthenticateResult = user == null ? new AuthenticateResult("Incorrect credentials") : new AuthenticateResult(user.Username, user.Username);
}
public override Task <BitJwtToken> LocalLogin(LocalAuthenticationContext context, CancellationToken cancellationToken)
{
string userName = context.UserName;
string password = context.Password;
string activeDirectoryName = AppEnvironment.GetConfig <string>(AppEnvironment.KeyValues.IdentityServer.ActiveDirectoryName);
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, activeDirectoryName))
{
string userNameAsWinUserName = userName;
if (!userNameAsWinUserName.Contains(activeDirectoryName))
{
userNameAsWinUserName = $"{activeDirectoryName}\\{userNameAsWinUserName}";
}
if (principalContext.ValidateCredentials(userNameAsWinUserName, password))
{
using (UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userNameAsWinUserName))
{
if (user != null)
{
return(Task.FromResult(new BitJwtToken {
UserId = user.Sid.Value
}));
}
}
}
}
throw new DomainLogicException("UserInActiveDirectoryCouldNotBeFound");
}
public async Task UpdateFromMember()
{
var member = new Member {
Id = Guid.NewGuid(), Email = "*****@*****.**", FirstName = "UpdatedFirst", LastName = "UpdatedLast"
};
var acct = GetSampleAccount();
acct.MemberId = member.Id;
var args = new UserServiceBuilder();
args.DB.Add(acct);
args.Members.Setup(f => f.GetMember(member.Id)).Returns(Task.FromResult(member));
var svc = args.Build();
var ctx = new LocalAuthenticationContext {
UserName = Username, Password = Password
};
args.DB.SaveChangesCount = 0;
await svc.AuthenticateLocalAsync(ctx);
ctx.AuthenticateResult.IsError.Should().BeFalse();
args.DB.SaveChangesCount.Should().Be(1);
acct.Email.Should().Be(member.Email);
acct.FirstName.Should().Be(member.FirstName);
acct.LastName.Should().Be(member.LastName);
}
/// <summary>
/// This methods gets called for local authentication (whenever the user uses the username and password dialog).
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
User user = await _users.FindOneAsync(u => u.Username == context.UserName);
if (user != null)
{
if (user.Locked)
{
context.AuthenticateResult = new AuthenticateResult("El usuario está bloqueado.");
return;
}
bool ok = Crypto.VerifyHashedPassword(user.Password, context.Password);
if (ok)
{
// agregar claim para security stamp?
context.AuthenticateResult = new AuthenticateResult(user.Id, GetDisplayName(user));
}
else
{
// access failed
context.AuthenticateResult = new AuthenticateResult("El usuario o la contraseña ingresados son incorrectos.");
return;
}
}
}
public async Task MissingMember()
{
var member = new Member {
Id = Guid.NewGuid(), Email = "*****@*****.**", FirstName = "UpdatedFirst", LastName = "UpdatedLast"
};
var acct = GetSampleAccount();
acct.MemberId = member.Id;
var args = new UserServiceBuilder();
args.DB.Add(acct);
args.Logger.Setup(f => f.Error(LogStrings.LinkedMemberNotFound, acct));
args.Members.Setup(f => f.GetMember(member.Id)).Returns(Task.FromResult((Member)null));
var svc = args.Build();
var ctx = new LocalAuthenticationContext {
UserName = Username, Password = Password
};
args.DB.SaveChangesCount = 0;
await svc.AuthenticateLocalAsync(ctx);
ctx.AuthenticateResult.IsError.Should().BeTrue();
ctx.AuthenticateResult.ErrorMessage.Should().Be(Strings.AccountLocked);
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
if (!string.IsNullOrEmpty(context.UserName))
{
context.AuthenticateResult = new AuthenticateResult(context.UserName, context.UserName);
}
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext ctx)
{
var username = ctx.UserName;
var password = ctx.Password;
var message = ctx.SignInMessage;
ctx.AuthenticateResult = null;
IUserStoreService service = GetUserStoreService(message.ClientId);
var user = service.GetUser(ctx.UserName, ctx.Password);
if (user != null)
{
var result = await PostAuthenticateLocalAsync(user, message);
if (result == null)
{
var claims = GetUserClaims(user);
result = new AuthenticateResult(user.Id.ToString(), user.DisplayName, claims);
}
ctx.AuthenticateResult = result;
}
else
{
ctx.AuthenticateResult = new AuthenticateResult("User cannot be authenticated due to incorrect credentials");
}
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
if (Membership.ValidateUser(context.UserName, context.Password))
{
return;
}
using (var ctx = new ncelsEntities())
{
var user = await ctx.aspnet_Users.FirstOrDefaultAsync(x => x.UserName == context.UserName);
if (user == null)
{
return;
}
var authenticateResult = GetAuthenticateResult(new InMemoryUser
{
Username = user.UserName,
Subject = user.UserName,
Claims = new[]
{
new Claim(Constants.ClaimTypes.GivenName, user.UserName)
}
});
context.AuthenticateResult = authenticateResult;
}
}
public void AuthenticateLocalAsync_UserValidationFails_AuthenticateResultIsNull()
{
// Arrange
var options = new MembershipOptions();
var membershipService = A.Fake <IMembershipService>();
var roleService = A.Fake <IRoleService>();
var context = new LocalAuthenticationContext {
UserName = "******", Password = "******"
};
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**"))
.Returns(Task.FromResult(new MembershipUser {
IsLockedOut = false
}));
A.CallTo(() => membershipService.ValidateUser("*****@*****.**", "password123"))
.Returns(Task.FromResult(false));
var service = new MembershipUserService(options, membershipService, roleService);
// Act
service.AuthenticateLocalAsync(context).Wait();
// Assert
context.AuthenticateResult.Should().BeNull();
A.CallTo(() => membershipService.GetUserAsync("*****@*****.**")).MustHaveHappened();
A.CallTo(() => membershipService.ValidateUser("*****@*****.**", "password123")).MustHaveHappened();
}
/// <summary>Authenticate the User locally</summary>
/// <param name="context">Context</param>
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
context.AuthenticateResult = null;
if (string.IsNullOrWhiteSpace(context.UserName))
{
return;
}
var user = await membershipService.GetUserAsync(context.UserName).ConfigureAwait(false);
if (user == null || user.IsLockedOut)
{
return;
}
if (!await membershipService.ValidateUser(context.UserName, context.Password).ConfigureAwait(false))
{
return;
}
var claims = GetClaimsFromAccount(user);
context.AuthenticateResult = new AuthenticateResult(user.UserId.ToString("N"), user.UserName, claims);
}
public virtual async Task AuthenticateLocalAsync(LocalAuthenticationContext context, CancellationToken cancellationToken)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
try
{
if (context.AuthenticateResult == null)
{
BitJwtToken bitJwtToken = await LocalLogin(context, cancellationToken).ConfigureAwait(false);
AuthenticateResult result = new AuthenticateResult(bitJwtToken.UserId, bitJwtToken.UserId,
BuildClaimsFromBitJwtToken(bitJwtToken),
authenticationMethod: "custom");
context.AuthenticateResult = result;
}
}
catch (Exception ex)
{
ScopeStatusManager.MarkAsFailed("LocalLogin_Failed");
if (context.AuthenticateResult == null && ExceptionToHttpErrorMapper.IsKnownError(ex))
{
context.AuthenticateResult = new AuthenticateResult(ExceptionToHttpErrorMapper.GetMessage(ex));
}
else
{
throw;
}
}
await base.AuthenticateLocalAsync(context).ConfigureAwait(false);
}
public override Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
//TODO RO FLOW to Azure AD Tenant, see unit tests for prototype.
return(base.AuthenticateLocalAsync(context));
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext ctx)
{
var clientId = ctx.SignInMessage.ClientId;
if (clientId == null)
{
var isWsfpRequest = WsFedProtocolHelper.IsWsFedProtocolRequest(ctx.SignInMessage.ReturnUrl);
Ensure.Equal(isWsfpRequest, true);
var realm = WsFedProtocolHelper.GetRealm(ctx.SignInMessage.ReturnUrl);
var wsfp = _tenantService.GetWsFedProtocolMappingByRealm(realm);
var mapping = _tenantService.GetClientMapping(wsfp.Realm);
_schema = mapping.TenantId;
}
else if (clientId == AppSettings.IamClientId)
{
_schema = ctx.SignInMessage.Tenant;
}
else
{
var mapping = _tenantService.GetClientMapping(clientId);
_schema = mapping.TenantId;
}
((IamUserManager)userManager).IdsUserStore.IdsContext.CacheKey = _schema;
await base.AuthenticateLocalAsync(ctx);
}
public Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var user = _userRepository.Find(context.UserName);
//check if passwords match against user column
//My password was hashed,
//so I had to hash it with the saved salt first and then compare.
if (user.Password == context.Password)
{
context.AuthenticateResult = new AuthenticateResult(
user.UserId.ToString(),
user.Email,
//I set up some claims
new Claim[]
{
//Firstname and Surname are DB columns mapped to User object (from table [User])
new Claim(Constants.ClaimTypes.Name, user.Firstname + " " + user.Surname),
new Claim(Constants.ClaimTypes.Email, user.Email),
new Claim(Constants.ClaimTypes.Role, user.Role.ToString()),
//custom claim
new Claim("company", user.Company)
}
);
}
return(Task.FromResult(0));
}
public async override Task <BitJwtToken> LocalLogin(LocalAuthenticationContext context, CancellationToken cancellationToken)
{
if (context.SignInMessage.TryGetValueFromAcr("x", out string x))
{
Logger.AddLogData("x", x);
}
if (context.SignInMessage.TryGetValueFromAcr("y", out string y))
{
Logger.AddLogData("y", y);
}
Logger.AddLogData("username", context.UserName);
Logger.AddLogData("password", context.Password);
LocalUser user = _localUsers.SingleOrDefault(u => u.UserId == context.UserName && u.Password == context.Password);
if (user == null)
{
throw new DomainLogicException("LoginFailed");
}
BitJwtToken jwtToken = new BitJwtToken {
UserId = user.UserId
};
jwtToken.CustomProps.Add("custom-data", "test");
return(jwtToken);
}
public override Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var username = context.UserName;
var password = context.Password;
var message = context.SignInMessage;
if (message != null)
{
var tenant = message.Tenant;
if (username == password)
{
var claims = new List <Claim>
{
new Claim("account_store", tenant)
};
var result = new AuthenticateResult("123", username,
claims: claims,
authenticationMethod: "custom");
context.AuthenticateResult = new AuthenticateResult("123", username, claims);
}
}
return(Task.FromResult(0));
}
public async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var signInData = Mapper.Map <SignInMessage, SignInData>(context.SignInMessage);
var result = await domainService.AuthenticateLocalAsync(context.UserName, context.Password, signInData);
context.AuthenticateResult = Mapper.Map <AuthenticationResult, AuthenticateResult>(result);
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var form = await ctx.Request.ReadFormAsync();
var extra = form["extra"];
await base.AuthenticateLocalAsync(context);
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
string username = context.UserName;
string password = context.Password;
try
{
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, _activeDirectoryName))
{
string userNameAsWinUserName = username;
if (!userNameAsWinUserName.Contains(_activeDirectoryName))
{
userNameAsWinUserName = $"{_activeDirectoryName}\\{userNameAsWinUserName}";
}
if (principalContext.ValidateCredentials(userNameAsWinUserName, password))
{
using (
UserPrincipal user = UserPrincipal.FindByIdentity(principalContext,
IdentityType.SamAccountName, userNameAsWinUserName))
{
if (user == null)
{
throw new InvalidOperationException("LoginFailed");
}
List <Claim> claims = new List <Claim>
{
new Claim("sub", user.Sid.Value),
new Claim("primary_sid", user.Sid.Value),
new Claim("upn", user.UserPrincipalName),
new Claim("name", user.Name),
new Claim("given_name", user.GivenName)
};
AuthenticateResult result = new AuthenticateResult(user.SamAccountName, user.SamAccountName,
claims,
authenticationMethod: "custom");
context.AuthenticateResult = result;
}
}
else
{
throw new InvalidOperationException("LoginFailed");
}
}
await base.AuthenticateLocalAsync(context);
}
catch
{
AuthenticateResult result = new AuthenticateResult("LoginFailed");
context.AuthenticateResult = result;
}
}
public void AuthenticatedUserClaimsAreGeneratedWhenPasswordMatches()
{
var context = new LocalAuthenticationContext {
UserName = AccountName, Password = Password
};
Task task = sut.AuthenticateLocalAsync(context);
AssertAuthenticatedUserClaims(task, context.AuthenticateResult);
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var user = await _userRepository
.GetUserAsync(context.UserName, context.Password);
context.AuthenticateResult = user == null
? new AuthenticateResult("Invalid credentials")
: new AuthenticateResult(user.Subject, user.UserName);
}
public override Task <string> GetUserIdByLocalAuthenticationContextAsync(LocalAuthenticationContext context, CancellationToken cancellationToken)
{
if (context.UserName == context.Password)
{
return(Task.FromResult(context.UserName));
}
throw new DomainLogicException("LoginFailed");
}
public async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var user = await _userService.GetUser(context.UserName, context.Password.Sha256());
if (user != null)
{
context.AuthenticateResult = new AuthenticateResult(user.Subject, user.Username);
}
}
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var form = await ctx.Request.ReadFormAsync();
var password = form["password"];
context.Password = Utils.md5Unicodebase64(password);
await base.AuthenticateLocalAsync(context);
}
public async override Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
if (OnAuthenticateLocal != null)
{
await OnAuthenticateLocal(context);
}
else
{
await base.AuthenticateLocalAsync(context);
}
}
public override Task <BitJwtToken> LocalLogin(LocalAuthenticationContext context, CancellationToken cancellationToken)
{
if (context.UserName == context.Password)
{
return(Task.FromResult(new BitJwtToken {
UserId = context.UserName
}));
}
throw new DomainLogicException("LoginFailed");
}
/// <inheritdoc/>
public override async Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
IdSrvUserDto user = await this.UserRepository.GetUserByUserNameAndPasswordAsync(context.UserName, context.Password);
if (user != null)
{
context.AuthenticateResult = user.IsBlocked ?
new AuthenticateResult(errorMessage: $"User \"{user.UserName}\" is blocked") :
new AuthenticateResult(user.Id.ToString(), user.UserName);
}
}
public override Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var user = Users.SingleOrDefault(x => x.Username == context.UserName && x.Password == context.Password);
if (user != null)
{
context.AuthenticateResult = new AuthenticateResult(user.Subject, user.Username);
}
return(Task.FromResult(0));
}
/// <summary>
/// 使用username password自定义登录
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var signInMessage = context.SignInMessage;
var user = UserBiz.CheckLogin(context.UserName, context.Password);
if (user != null)
{
context.AuthenticateResult = new AuthenticateResult(user.Subject, user.Username);
}
return(Task.FromResult(0));
}
public void EmptyResultIsReturnedWhenPasswordDoesNotMatch()
{
var context = new LocalAuthenticationContext {
UserName = AccountName, Password = Password
};
identityManagementUserService.IsMatchingPassword(AccountName, Password).Returns(false);
Task task = sut.AuthenticateLocalAsync(context);
AssertEmptyResult(task, context.AuthenticateResult);
}
