protected virtual void ConfigureAuthBuilder(AuthenticationBuilder authBuilder)
{
var allUserAreas = _userAreaDefinitionRepository.GetAll();
foreach (var userArea in allUserAreas)
{
var cookieNamespace = _authCookieNamespaceProvider.GetNamespace(userArea.UserAreaCode);
var scheme = AuthenticationSchemeNames.UserArea(userArea.UserAreaCode);
var options = new UserAreaSchemeRegistrationOptions(userArea, scheme, cookieNamespace);
ConfigureUserAreaScheme(authBuilder, options);
}
}
/// <summary>
/// This method is called for each user area registered in Cofoundry. The default implementation
/// adds a cookie authentication scheme, using <see cref="ConfigureCookieOptions"/> to configure
/// the cookie options. Override this if you want to completely customize the configuration of
/// an authentication scheme e.g. replacing cookie authentication.
/// </summary>
/// <param name="authenticationBuilder">The builder to add the user area authentication scheme to.</param>
/// <param name="schemeRegistrationOptions">Parameters that can be used to configure the authentication scheme.</param>
protected virtual void ConfigureUserAreaScheme(AuthenticationBuilder authenticationBuilder, UserAreaSchemeRegistrationOptions schemeRegistrationOptions)
{
authenticationBuilder
.AddCookie(schemeRegistrationOptions.Scheme, cookieOptions =>
{
ConfigureCookieOptions(cookieOptions, schemeRegistrationOptions);
});
}
/// <summary>
/// Configures the cookie options for a cookie-based user area authentication scheme.
/// Override this to customize the default cookie settings used by Cofoundry.
/// </summary>
/// <param name="cookieOptions">Options to be configured.</param>
/// <param name="schemeRegistrationOptions">Parameters that can be used to configure the authentication scheme.</param>
protected virtual void ConfigureCookieOptions(CookieAuthenticationOptions cookieOptions, UserAreaSchemeRegistrationOptions schemeRegistrationOptions)
{
cookieOptions.Cookie.Name = schemeRegistrationOptions.CookieNamespace + schemeRegistrationOptions.UserArea.UserAreaCode;
cookieOptions.Cookie.HttpOnly = true;
cookieOptions.Cookie.IsEssential = true;
cookieOptions.Cookie.SameSite = SameSiteMode.Lax;
cookieOptions.Events.OnValidatePrincipal = ValidateCookiePrincipal;
if (!string.IsNullOrWhiteSpace(schemeRegistrationOptions.UserArea.SignInPath))
{
cookieOptions.LoginPath = schemeRegistrationOptions.UserArea.SignInPath;
}
else
{
cookieOptions.Events.OnRedirectToLogin = DefaultSignInRedirectAction;
}
cookieOptions.Events.OnRedirectToAccessDenied = DefaultDenyAction;
}
