public async Task <ActionResult> OAuthTokenCallback() { var ctx = GetOAuthContextCookie(); var ip = GetVisibleIdentityProviders().Single(x => x.ID == ctx.IdP); var oauth2 = new OAuth2Client(GetProviderTypeFromOAuthProfileTypes(ip.ProviderType.Value), ip.ClientID, ip.ClientSecret); var result = await oauth2.ProcessCallbackAsync(); if (result.Error != null) { return(View("Error")); } var claims = result.Claims.ToList(); string[] claimsToRemove = new string[] { "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", ClaimTypes.AuthenticationInstant }; foreach (var toRemove in claimsToRemove) { var tmp = claims.Find(x => x.Type == toRemove); if (tmp != null) { claims.Remove(tmp); } } claims.Add(new Claim(Constants.Claims.IdentityProvider, ip.Name, ClaimValueTypes.String, Constants.InternalIssuer)); var id = new ClaimsIdentity(claims, "OAuth"); var cp = new ClaimsPrincipal(id); return(ProcessOAuthResponse(cp, ctx)); }
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context) { var authentication = context.OwinContext.Authentication; if (authentication == null) { return(base.GrantClientCredentials(context)); } var user = authentication.User; if (user == null) { return(base.GrantClientCredentials(context)); } var userAccountService = context.OwinContext.Environment.GetUserAccountService <UserAccount>(); var account = userAccountService.GetByUsername("users", user.Identity.Name); if (account == null) { return(base.GrantClientCredentials(context)); } var claims = account.GetAllClaims(); var id = new System.Security.Claims.ClaimsIdentity(claims, "MembershipReboot"); context.Validated(id); return(base.GrantClientCredentials(context)); }
// auxiliary functions private void addClaim(System.Security.Claims.ClaimsIdentity identity, string claimName, string claimValue) { if (string.IsNullOrEmpty(claimValue) == false) { identity.AddClaim(new System.Security.Claims.Claim(claimName, claimValue)); } }
public async Task <ActionResult> Login(LoginModel details, string returnUrl) { if (ModelState.IsValid) { AppUser user = await UserManager.FindAsync(details.Name, details.Password); if (user == null) { ModelState.AddModelError("", "Invalid name or password."); } else { //创建一个标识该用户的ClaimsIdentity对象。ClaimsIdentity类是IIdentity接口的ASP.NET Identity实现 //创建Cookie,浏览器会在后继的请求中发送这个Cookie System.Security.Claims.ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); //签出用户,这通常意味着使标识已认证用户的Cookie失效 AuthManager.SignOut(); //签入用户,这通常意味着要创建用来标识已认证请求的Cookie AuthManager.SignIn(new AuthenticationProperties {//配置认证过程 //IsPersistent属性设置为true,以使认证Cookie在浏览器中是持久化的,意即用户在开始新会话时,不必再次进行认证 IsPersistent = false }, ident); return(Redirect(returnUrl)); } } ViewBag.returnUrl = returnUrl; return(View(details)); }
/// <summary> /// Permet de définir un claim et le remplacer si exsite déja /// </summary> public static void SetClaim(this System.Security.Claims.ClaimsIdentity claimsIdentity, string claimType, string claimValue, string issuer = null) { if (claimsIdentity == null || string.IsNullOrWhiteSpace(claimType)) { return; } System.Security.Claims.Claim findClaim = claimsIdentity.Claims.Where(c => c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase)).FirstOrDefault(); if (findClaim != null) { claimsIdentity.RemoveClaim(findClaim); } if (claimValue == null) { return; // mode delete } System.Security.Claims.Claim newClaim = null; if (findClaim != null) { newClaim = new System.Security.Claims.Claim(findClaim.Type, claimValue, findClaim.ValueType, issuer); } else { newClaim = new System.Security.Claims.Claim(claimType, claimValue, System.Security.Claims.ClaimValueTypes.String, issuer); } claimsIdentity.AddClaim(newClaim); }
public async Task <IActionResult> OnPost() { if (Authentification.Instance.IsAuthentificated(HttpContext)) { Authentification.Instance.SetLoginStatus(HttpContext, false); return(Page()); } var user = _configuration.GetSection("SiteUser").Get <SiteUser>(); Authentification.Instance.SetLoginStatus(HttpContext, false); if (UserName == user.UserName) { var passwordHasher = new Microsoft.AspNetCore.Identity.PasswordHasher <string>(); if (passwordHasher.VerifyHashedPassword(null, user.Password, Password) == Microsoft.AspNetCore.Identity.PasswordVerificationResult.Success) { var claims = new List <System.Security.Claims.Claim> { new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, UserName) }; var claimsIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme); await HttpContext.SignInAsync(Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme, new System.Security.Claims.ClaimsPrincipal(claimsIdentity)); Authentification.Instance.SetLoginStatus(HttpContext, true); return(RedirectToPage("Index")); } } Message = "Invalid attempt"; return(Page()); }
protected override bool AuthorizeCore(HttpContextBase httpContext) { bool authorize = false; System.Security.Claims.ClaimsIdentity claimsIdentity = httpContext.User.Identity as System.Security.Claims.ClaimsIdentity; //get all roles of user from claims token IEnumerable <System.Security.Claims.Claim> userGroupClaims = claimsIdentity.Claims.Where(x => x.Type.ToLower().Contains("group")); // String userRoles = claimsIdentity.Claims.First(x => x.Type.ToLower().Contains("group")).Value; String upn = claimsIdentity.Claims.First(x => x.Type.ToLower().Contains("upn")).Value; //compare the available roles to roles of the user foreach (var role in allowedroles) { string[] rolegroups = ConfigurationManager.AppSettings[role].Split(',').Select(s => s.Trim()).ToArray(); foreach (String rolegroup in rolegroups) { if ((userGroupClaims.Count(x => x.Value.Contains(rolegroup)) > 0) || (upn.Contains(rolegroup))) { System.Web.HttpContext.Current.Session["Role"] = role; if ((role.ToLower() == "apadmin") || (role.ToLower() == "aradmin")) { return(true); } else { authorize = true; } } } } return(authorize); }
public ActionResult Index(ChangeUsernameInputModel model) { if (ModelState.IsValid) { try { //this.userAccountService.ChangeUsername(User.GetUserID(), model.NewUsername); var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } this.userAccountService.ChangeUsername(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), model.NewUsername); this.authSvc.SignIn(User.GetUserID()); return RedirectToAction("Success"); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } } return View("Index", model); }
/// <summary> /// /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override bool IsAuthorized(HttpActionContext actionContext) { bool isAuthorized = false; var autorizacion = HttpContext.Current.Request.Headers["Authorization"]; if (autorizacion != null && autorizacion.StartsWith("Bearer") && autorizacion.Length > 7) { var jwtManager = new JwtManager(); var token = autorizacion.Substring(7, autorizacion.Length - 7); var validateTokenOut = jwtManager.ValidateToken(new MethodParameters.Authentication.JwtManager.ValidateTokenIn() { token = token }); if (validateTokenOut.tokenInformation != null) { var claims = new List <System.Security.Claims.Claim> { new System.Security.Claims.Claim("sessionId", validateTokenOut.tokenInformation.sessionId), new System.Security.Claims.Claim("usrID", validateTokenOut.tokenInformation.usrID) }; var identity = new System.Security.Claims.ClaimsIdentity(claims, "Jwt"); HttpContext.Current.User = new System.Security.Claims.ClaimsPrincipal(identity); isAuthorized = true; } } return(isAuthorized); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnAuthorization(actionContext); if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated) { if (HttpContext.Current.User.GetType() != typeof(PublicationsPrincipal)) { System.Security.Claims.ClaimsIdentity claimsIdentity = ((System.Security.Claims.ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity); string name = claimsIdentity.FindFirst("name").Value; string email = claimsIdentity.FindFirst("email").Value; int userID = Convert.ToInt32(claimsIdentity.FindFirst("userid").Value); bool isAdministrator = Convert.ToBoolean(claimsIdentity.FindFirst("isadmin").Value); if (!isAdministrator) { HandleUnauthorizedRequest(actionContext); } else { HttpContext.Current.User = System.Threading.Thread.CurrentPrincipal = new PublicationsPrincipal(new PublicationsIdentity(name, userID, email, isAdministrator)); } } else { if (!((PublicationsIdentity)HttpContext.Current.User.Identity).IsAdministrator) { HandleUnauthorizedRequest(actionContext); } } } }
public static int GrabUserId(System.Security.Claims.ClaimsIdentity claim) { int id; var o = claim.GetUserId(); return(int.TryParse(o, out id) ? id : 0); }
public async Task <ActionResult> Login(LoginModel model, string returnUrl) { if (ModelState.IsValid) { ApplicationUser user = await UserManager.FindAsync(model.Email, model.Password); if (user == null) { ModelState.AddModelError("", "Неверный логин или пароль."); } else { System.Security.Claims.ClaimsIdentity claim = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); AuthenticationManager.SignOut(); AuthenticationManager.SignIn(new Microsoft.Owin.Security.AuthenticationProperties { IsPersistent = true }, claim); if (String.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index", "Home")); } return(Redirect(returnUrl)); } } ViewBag.returnUrl = returnUrl; return(View(model)); }
private void SetUsername() { System.Security.Claims.ClaimsIdentity cp = HttpContext.User.Identity as System.Security.Claims.ClaimsIdentity; var name = cp.Claims.First <System.Security.Claims.Claim>(c => c.Type == System.Security.Claims.ClaimTypes.NameIdentifier); ViewBag.UserName = name.Value; }
// GET: Admin/Posts/Create public IActionResult Create() { System.Security.Claims.ClaimsIdentity ci = new System.Security.Claims.ClaimsIdentity(); if (User.Identity.Name != null) { ci = (System.Security.Claims.ClaimsIdentity)User.Identity; } else { return(Challenge()); } Post p = new Post() { CreatedDate = DateTime.Now, BlogPostRecs = new List <BlogPostRec>(), IsDraft = true, IsActive = true, PostedBy = $"{ci.FindFirst(System.Security.Claims.ClaimTypes.GivenName).Value} {ci.FindFirst(System.Security.Claims.ClaimTypes.Surname).Value}" }; foreach (Blog b in _context.Blogs) { BlogPostRec bpr = new BlogPostRec() { BlogId = b.Id, Blog = b }; p.BlogPostRecs.Add(bpr); } p.BlogPostRecs.OrderBy(x => x.Blog.BlogName); return(View(p)); }
//validate user credentials, then generate token //token is used to grant access public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType); //validate client credentials here if (context.UserName == "admin" && context.Password == "admin") { identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, "admin")); identity.AddClaim(new System.Security.Claims.Claim("username", "admin")); identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Shashank Shinde")); context.Validated(identity); } else if (context.UserName == "user" && context.Password == "user") { identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, "user")); identity.AddClaim(new System.Security.Claims.Claim("username", "user")); identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Shinde Shashank")); context.Validated(identity); } else { context.SetError("invalid_grant", "Given username and password is invalid"); return; } }
public ActionResult Index(ChangePasswordInputModel model) { //if (!User.HasUserID()) //{ // return new HttpUnauthorizedResult(); //} var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } var acctID = System.Guid.Parse(_claimsID.Claims.GetValue("sub")); if (ModelState.IsValid) { try { //this.userAccountService.ChangePassword(User.GetUserID(), model.OldPassword, model.NewPassword); this.userAccountService.ChangePassword(acctID, model.OldPassword, model.NewPassword); return View("Success"); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } } return View(model); }
ClaimsPrincipal ISecurityTokenValidator.ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); // validatedToken = new JwtSecurityToken(securityToken); try { tokenHandler.ValidateToken(securityToken, validationParameters, out validatedToken); validatedToken = new JwtSecurityToken("jwtEncodedString"); } catch (Exception ex) { System.Console.WriteLine(ex.Message); throw; } ClaimsPrincipal principal = null; // SecurityToken validToken = null; validatedToken = null; System.Collections.Generic.List <System.Security.Claims.Claim> ls = new System.Collections.Generic.List <System.Security.Claims.Claim>(); ls.Add( new System.Security.Claims.Claim( System.Security.Claims.ClaimTypes.Name, "IcanHazUsr_éèêëïàáâäåãæóòôöõõúùûüñçø_ÉÈÊËÏÀÁÂÄÅÃÆÓÒÔÖÕÕÚÙÛÜÑÇØ 你好,世界 Привет\tмир" , System.Security.Claims.ClaimValueTypes.String ) ); // System.Security.Claims.ClaimsIdentity id = new System.Security.Claims.ClaimsIdentity("authenticationType"); id.AddClaims(ls); principal = new System.Security.Claims.ClaimsPrincipal(id); return(principal); throw new NotImplementedException(); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnAuthorization(actionContext); if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated && HttpContext.Current.User.GetType() != typeof(Principal)) { System.Security.Claims.ClaimsIdentity claimsIdentity = ((System.Security.Claims.ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity); string name = claimsIdentity.FindFirst("name").Value; string email = claimsIdentity.FindFirst("email").Value; string companyName = claimsIdentity.FindFirst("companyname").Value; int userID = Convert.ToInt32(claimsIdentity.FindFirst("userid").Value); int userType = Convert.ToInt32(claimsIdentity.FindFirst("usertype").Value); int companyId = Convert.ToInt32(claimsIdentity.FindFirst("companyid").Value); string ipaddress = claimsIdentity.FindFirst("ipaddress").Value; if (userType == (int)UserType.Admin || userType == (int)UserType.User) { HttpContext.Current.User = System.Threading.Thread.CurrentPrincipal = new Principal(new Identity(name, userID, email, userType, companyId, companyName, ipaddress)); } else { HandleUnauthorizedRequest(actionContext); } } }
public static string AuthorizeUser(string user_name = "", string password = "") { string result = "Unknown user name or password."; try { IParameterCollection Params = new ParameterCollection(); Params.Add("@login", user_name); Params.Add("@password", password); SqlManager M = new DersaAnonimousSqlManager(); int checkresult = M.ExecuteSPWithResult("DERSA_USER$CanAuthorize", false, Params); if (checkresult == (int)DersaUserStatus.active) { IAuthenticationManager authenticationManager = HttpContext.Current.GetOwinContext().Authentication; authenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); var User = new UserProvider(user_name); System.Security.Claims.ClaimsIdentity identity = new System.Security.Claims.ClaimsIdentity(User.Identity, null, "ApplicationCookie", null, null); authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity); return(""); } switch (checkresult) { case (int)DersaUserStatus.registered: result = "Your registration is not completed."; break; } } catch { throw; } return(result); }
public async Task <ActionResult> EditClaims(UserClaim userClaim) { var _user = UserManager.FindByName(userClaim.UserName); if (_user == null) { return(HttpNotFound("Invalid user")); } if (ModelState.IsValid) { // trigger generating identity - usermanager will persist generic types to database _user.Claims.Remove(_user.Claims.Where( c => c.ClaimType == userClaim.ClaimType).First()); _user.Claims.Add(new UserClaimIntPk { UserId = _user.Id, ClaimType = userClaim.ClaimType, ClaimValue = userClaim.ClaimValue }); System.Security.Claims.ClaimsIdentity identity = await _user.GenerateUserIdentityAsync(UserManager); log.Info("Edited claim for user (" + userClaim.ClaimType + ":" + userClaim.ClaimValue + " for " + userClaim.UserName); } return(RedirectToAction("EditClaims", new { UserName = userClaim.UserName })); }
public ActionResult Index() { //if (!User.HasUserID()) //{ // return new HttpUnauthorizedResult(); //} //var acct = this.userAccountService.GetByID(User.GetUserID()); var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } //var acct = this.userAccountService.GetByID(System.Guid.Parse(Thinktecture.IdentityServer.Core.Extensions.PrincipalExtensions.GetSubjectId(this.User))); var acct = this.userAccountService.GetByID(System.Guid.Parse(_claimsID.Claims.GetValue("sub"))); if (acct.HasPassword()) { return View(new ChangePasswordInputModel()); } else { return View("SendPasswordReset"); } }
// // Summary: // Called when a request to the Token endpoint arrives with a "grant_type" of "password". // This occurs when the user has provided name and password credentials directly // into the client application's user interface, and the client application is using // those to acquire an "access_token" and optional "refresh_token". If the web application // supports the resource owner credentials grant type it must validate the context.Username // and context.Password as appropriate. To issue an access token the context.Validated // must be called with a new ticket containing the claims about the resource owner // which should be associated with the access token. The application should take // appropriate measures to ensure that the endpoint isn’t abused by malicious callers. // The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2 // // Parameters: // context: // The context of the event carries information in and results out. // // Returns: // Task to enable asynchronous execution public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context) { var userName = context.UserName; var password = context.Password; var user = databaseManager.LoginByUsernamePassword(userName, password).ToList(); if (user == null || user.Count() <= 0) { context.SetError("invalid_grant", "The user name and password is incorrect"); return; } var claims = new List <System.Security.Claims.Claim>(); var userInfo = user.FirstOrDefault(); claims.Add(new System.Security.Claims.Claim( System.Security.Claims.ClaimTypes.Name, userInfo.username)); // Setting claim identities for OAuth2 var oAuthClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.OAuth.OAuthDefaults.AuthenticationType); var cookiesClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.Cookies.CookieAuthenticationDefaults.AuthenticationType); // Setting user authentication var properties = CreateProperties(userInfo.username); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(oAuthClaimIdentity, properties); // Grant access to user context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesClaimIdentity); }
private async Task <TagTransactionEntity> StartAsync(System.Security.Claims.ClaimsIdentity user, string channel, string alias) { var tx = new TagTransactionEntity(TagTransactionOperation.Create, channel, alias, user.Name); await this.TagTransactionTable.Create(tx); return(tx); }
private static void SignIn(System.Security.Claims.ClaimsIdentity userIdentity) { var authenticationManager = GetAuthenticationManager(); authenticationManager.SignIn(new AuthenticationProperties() { }, userIdentity); }
public static bool verifyUser(System.Security.Claims.ClaimsIdentity user) { var userExists = db.Users.AsEnumerable().Contains (db.Users.FirstOrDefault (f => f.ID == user.Name)); return(userExists); }
public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { // The authentication types should be set to "Bearer" while setting up the ClaimsIdentity // I have set up basic mandatory ClaimsIdentity. You can add the necessary claims if required. System.Security.Claims.ClaimsIdentity ci = new System.Security.Claims.ClaimsIdentity("Bearer"); context.OwinContext.Authentication.SignIn(ci); context.RequestCompleted(); return Task.FromResult<object>(null); }
/// <summary> /// Gets an internal identity that represents an Aika test user account. /// </summary> /// <returns> /// A <see cref="System.Security.Claims.ClaimsPrincipal"/> that represents an Aika test /// user account. /// </returns> internal static System.Security.Claims.ClaimsPrincipal GetTestIdentity() { var identity = new System.Security.Claims.ClaimsIdentity("AikaTestUser"); identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, Guid.Empty.ToString())); identity.AddClaim(new System.Security.Claims.Claim(identity.NameClaimType, "AikaTestUser")); return(new System.Security.Claims.ClaimsPrincipal(identity)); }
public static string GetClaimValue(this System.Security.Claims.ClaimsIdentity claimIdentity, string claimName) { if (claimIdentity?.HasClaim(c => c.Type == claimName) == true) { return(claimIdentity.Claims.FirstOrDefault(claim => claim.Type == claimName).Value); } return(string.Empty); }
private async Task SignInAsync(ApplicationUser user, bool isPersistent) { this.AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); System.Security.Claims.ClaimsIdentity identity = await this.UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); this.AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity); }
static public ClaimsIdentity Convert( v1ClaimsIdentity v1ClaimsIdentity ) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); foreach ( v1Claim v1claim in v1ClaimsIdentity.Claims ) { claimsIdentity.AddClaim( new Claim( v1claim.ClaimType, v1claim.Value, v1claim.ValueType, v1claim.Issuer, v1claim.OriginalIssuer ) ); } return claimsIdentity; }
static public v1ClaimsIdentity Convert( ClaimsIdentity claimsIdentity ) { v1ClaimsIdentity v1ClaimsIdentity = new v1ClaimsIdentity(); foreach ( Claim claim in claimsIdentity.Claims ) { v1ClaimsIdentity.Claims.Add( new v1Claim( claim.Type, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer ) ); } return v1ClaimsIdentity; }
public ActionResult Remove(Guid id) { //this.userAccountService.RemovePasswordResetSecret(User.GetUserID(), id); var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } this.userAccountService.RemovePasswordResetSecret(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), id); return RedirectToAction("Index"); }
public static int GrabUserId(System.Security.Claims.ClaimsIdentity claim) { if (!int.TryParse(claim.GetUserId(), out int id)) { return(0); } else { return(id); } }
static public v1ClaimsIdentity Convert(ClaimsIdentity claimsIdentity) { v1ClaimsIdentity v1ClaimsIdentity = new v1ClaimsIdentity(); foreach (Claim claim in claimsIdentity.Claims) { v1ClaimsIdentity.Claims.Add(new v1Claim(claim.Type, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer)); } return(v1ClaimsIdentity); }
static public ClaimsIdentity Convert(v1ClaimsIdentity v1ClaimsIdentity) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); foreach (v1Claim v1claim in v1ClaimsIdentity.Claims) { claimsIdentity.AddClaim(new Claim(v1claim.ClaimType, v1claim.Value, v1claim.ValueType, v1claim.Issuer, v1claim.OriginalIssuer)); } return(claimsIdentity); }
/// <summary> /// 发放。授权资源访问凭证 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async System.Threading.Tasks.Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context) { //return base.GrantResourceOwnerCredentials(context); var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); //鉴定ClientID之后。授权来源 if (allowedOrigin == null) { allowedOrigin = this.userClientAuth? "*" : this.AnoymouseAllowedOrigins; } /////ngauthenticationweb Access-Control-Allow-Origin //来源鉴定 context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", allowedOrigin.Split(',')); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE" }); Microsoft.AspNet.Identity.EntityFramework.IdentityUser user = await authRepository.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "用户名,密码不正确"); return; } //claim based 认证 var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, context.UserName)); identity.AddClaim(new System.Security.Claims.Claim("sub", context.UserName)); identity.AddClaim(new System.Security.Claims.Claim("role", "user")); //identity.AddClaim(new System.Security.Claims.Claim("test", "test")); var claims = MallAuth.ServerCache.GlobalCache.getInstance().getUserClaims(context.UserName); foreach (var item in claims) { identity.AddClaim(new System.Security.Claims.Claim(item.Type, item.Value)); } ///额外的响应参数.注意这个和Claim不同 var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props); context.Validated(ticket); //context.Validated(identity); }
public void MarkUserAsLoggedOut() { _sessionStorageService.RemoveItemAsync("emailAddress"); _sessionStorageService.RemoveItemAsync("token"); var identity = new System.Security.Claims.ClaimsIdentity(); var user = new System.Security.Claims.ClaimsPrincipal(identity); NotifyAuthenticationStateChanged(System.Threading.Tasks.Task .FromResult(new Microsoft.AspNetCore.Components.Authorization.AuthenticationState(user))); }
public ActionResult Index() { //var account = this.userAccountService.GetByID(User.GetUserID()); var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } var account = this.userAccountService.GetByID(System.Guid.Parse(_claimsID.Claims.GetValue("sub"))); var vm = new PasswordResetSecretsViewModel { Secrets = account.PasswordResetSecrets.ToArray() }; return View("Index", vm); }
public void Configuration(IAppBuilder app) { var oauthProvider = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider { OnGrantResourceOwnerCredentials = async context => { if (context.UserName == "rboyina" && context.Password == "welcome@123") { var claimsIdentity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType); claimsIdentity.AddClaim(new System.Security.Claims.Claim("user", context.UserName)); context.Validated(claimsIdentity); return; } context.Rejected(); }, OnValidateClientAuthentication = async context => { string clientId; string clientSecret; if (context.TryGetBasicCredentials(out clientId, out clientSecret)) { if (clientId == "ravi" && clientSecret == "secretKey") { context.Validated(); } } } }; var oauthOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new Microsoft.Owin.PathString("/accesstoken"), Provider = oauthProvider, AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(1), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(3), SystemClock = new Microsoft.Owin.Infrastructure.SystemClock() }; app.UseOAuthAuthorizationServer(oauthOptions); app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions()); var config = new System.Web.Http.HttpConfiguration(); config.MapHttpAttributeRoutes(); app.UseWebApi(config); }
public ActionResult Add(AddSecretQuestionInputModel model) { if (ModelState.IsValid) { try { //this.userAccountService.AddPasswordResetSecret(User.GetUserID(), model.Question, model.Answer); var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } this.userAccountService.AddPasswordResetSecret(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), model.Question, model.Answer); return RedirectToAction("Index"); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } } return View("Add", model); }
public ActionResult Index(ChangeEmailRequestInputModel model) { if (ModelState.IsValid) { try { //this.userAccountService.ChangeEmailRequest(User.GetUserID(), model.NewEmail); var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } this.userAccountService.ChangeEmailRequest(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), model.NewEmail); if (userAccountService.Configuration.RequireAccountVerification) { return View("ChangeRequestSuccess", (object)model.NewEmail); } else { return View("Success"); } } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } } return View("Index", model); }
private static System.Security.Claims.ClaimsPrincipal CreateClaimsPrincipal(string userKey) { System.Security.Claims.ClaimsIdentity claimIdentity; if (userKey == null) { claimIdentity = new System.Security.Claims.ClaimsIdentity(); } else { var claim = new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userKey); var claims = new List<System.Security.Claims.Claim> { claim }; claimIdentity = new System.Security.Claims.ClaimsIdentity(claims, "Test"); } var identity = new System.Security.Claims.ClaimsIdentity[] { claimIdentity }; return new System.Security.Claims.ClaimsPrincipal(identity); }
public async Task<ActionResult> OAuthTokenCallback() { var ctx = GetOAuthContextCookie(); var ip = GetVisibleIdentityProviders().Single(x => x.ID == ctx.IdP); var oauth2 = new OAuth2Client(GetProviderTypeFromOAuthProfileTypes(ip.ProviderType.Value), ip.ClientID, ip.ClientSecret); var result = await oauth2.ProcessCallbackAsync(); if (result.Error != null) return View("Error"); var claims = result.Claims.ToList(); string[] claimsToRemove = new string[] { "http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", ClaimTypes.AuthenticationInstant }; foreach (var toRemove in claimsToRemove) { var tmp = claims.Find(x => x.Type == toRemove); if (tmp != null) claims.Remove(tmp); } claims.Add(new Claim(Constants.Claims.IdentityProvider, ip.Name, ClaimValueTypes.String, Constants.InternalIssuer)); var id = new ClaimsIdentity(claims, "OAuth"); var cp = new ClaimsPrincipal(id); return ProcessOAuthResponse(cp, ctx); }
public UserHttpContext(string userKey) { var claim = new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userKey); var claimIdentity = new System.Security.Claims.ClaimsIdentity(new List<System.Security.Claims.Claim> { claim }, "Test"); var identity = new System.Security.Claims.ClaimsIdentity[] { claimIdentity }; var principal = new System.Security.Claims.ClaimsPrincipal(identity); User = principal; _Request = MockHttpContextFactory.CreateRequest(); _Response = MockHttpContextFactory.CreateResponse(); }
public ActionResult SendPasswordReset() { //if (!User.HasUserID()) //{ // return new HttpUnauthorizedResult(); //} var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity); if (!_claimsID.HasClaim("sub")) { return new HttpUnauthorizedResult(); } try { //var acct = this.userAccountService.GetByID(User.GetUserID()); var acct = this.userAccountService.GetByID(System.Guid.Parse(_claimsID.Claims.GetValue("sub"))); this.userAccountService.ResetPassword(acct.Tenant, acct.Email); return View("Sent"); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } return View("SendPasswordReset"); }