public Task Authenticate(ValidatePrincipalContext context)
{
if (!_env.IsDevelopment())
{
context.AuthenticationFailMessage = "Basic authentication only available in Development environment";
return(Task.CompletedTask);
}
// use basic authentication to support Swagger
if (context.UserName != context.Password)
{
context.AuthenticationFailMessage = "Authentication failed.";
return(Task.CompletedTask);
}
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer),
// use (case-sensitive) UserName for role
new Claim(ClaimTypes.Role, context.UserName)
};
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
return(Task.CompletedTask);
}
private Task ValidatePrincipal(ValidatePrincipalContext context)
{
var userInfos = new[]
{
new { UserName = "******", Password = "******", Roles = new string[] { "role1" } },
new { UserName = "******", Password = "******", Roles = new string[] { "role2" } },
new { UserName = "******", Password = "******", Roles = new string[] { "role2", "role3" } },
new { UserName = "******", Password = "******", Roles = new string[] { "role3" } }
};
foreach (var userInfo in userInfos)
{
if ((context.UserName == userInfo.UserName) && (context.Password == userInfo.Password))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer)
};
foreach (string role in userInfo.Roles)
{
claims.Add(new Claim(ClaimTypes.Role, role, context.Options.ClaimsIssuer));
}
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
context.Principal = principal;
}
}
return(Task.CompletedTask);
}
public static async Task ValidatePrincipal <UserType>(ValidatePrincipalContext context)
where UserType : class, IUserEntity
{
var logger = context.HttpContext.RequestServices.GetService <ILoggerFactory>()?.CreateLogger(nameof(BasicAuthenticationEventsTools));
var userManager = (UserManager <UserType>)context.HttpContext.RequestServices.GetService(typeof(UserManager <UserEntity>));
var signInManager = (SignInManager <UserType>)context.HttpContext.RequestServices.GetService(typeof(SignInManager <UserEntity>));
var userEntity = await userManager.FindByNameAsync(context.UserName);
if (userEntity is null)
{
var errorMessage = "The user has not been found.";
logger?.LogInformation(errorMessage);
context.AuthenticationFailMessage = errorMessage;
return;
}
// First check password, then sign in.
var signInResult = signInManager.CheckPasswordSignInAsync(userEntity, context.Password, false);
if (signInResult.Result.Succeeded)
{
// Required by sign in service.
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, ClaimValueTypes.String, context.Options.ClaimsIssuer),
new Claim(ClaimTypes.NameIdentifier, userEntity.Id, ClaimValueTypes.String)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
/// If <see cref="ValidatePrincipalContext.Principal"/>
/// is not null, the user is authenticated successfully.
context.Principal = principal;
}
}
public override async Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
var user = await getUserStrategy.GetAsync(context.UserName, context.Password);
if (user != null)
{
context.Principal = CreatePrincipal(user);
}
}
public override Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
var claims = new List <Claim>
{
new(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer)
};
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
return(Task.CompletedTask);
}
public Task Authenticate(ValidatePrincipalContext context)
{
if (!_env.IsDevelopment())
{
context.AuthenticationFailMessage = "Basic authentication only available in Development environment";
return(Task.CompletedTask);
}
// use basic authentication to support Swagger
if (context.UserName != context.Password)
{
context.AuthenticationFailMessage = "Authentication failed.";
return(Task.CompletedTask);
}
var primaryRoleId = string.Empty;
var email = string.Empty;
switch (context.UserName)
{
case Roles.Admin:
case Roles.Buyer:
primaryRoleId = PrimaryRole.GovernmentDepartment;
email = "*****@*****.**";
break;
case Roles.Supplier:
primaryRoleId = PrimaryRole.ApplicationServiceProvider;
email = "*****@*****.**";
break;
default:
break;
}
var contact = _contactDatastore.ByEmail(email);
var org = _organisationDatastore.ByContact(contact?.Id ?? string.Empty);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Email, email, context.Options.ClaimsIssuer),
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer),
// use (case-sensitive) UserName for role
new Claim(ClaimTypes.Role, context.UserName),
// random organisation for Joe public
new Claim(nameof(Organisations), org?.Id ?? Guid.NewGuid().ToString())
};
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
return(Task.CompletedTask);
}
/// <inheritdoc/>
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
// RFC 7230 section 3.2.2
var authorizationHeaderValues = this.Request.Headers.GetCommaSeparatedValues(HeaderNames.Authorization);
// there is no authorization header so there is nothing to do by this middleware
if ((authorizationHeaderValues == null) || (authorizationHeaderValues.Length == 0))
{
this.Logger.LogDebug("'Authorization' header is not present in the request.");
return(AuthenticateResult.NoResult());
}
string basicAuthorizationHeader = authorizationHeaderValues.FirstOrDefault(s => s.StartsWith(Basic + ' ', StringComparison.OrdinalIgnoreCase));
// Authorization header is not 'Basic' so there is nothing to do by this middleware
if (string.IsNullOrEmpty(basicAuthorizationHeader))
{
this.Logger.LogDebug("'Authorization' header is not in 'Basic' scheme in the request.");
return(AuthenticateResult.NoResult());
}
string credentials = basicAuthorizationHeader.Replace($"{Basic} ", string.Empty).Trim();
if (string.IsNullOrEmpty(credentials))
{
return(AuthenticateResult.Fail("The credentials are not present for 'Basic' scheme."));
}
string decodedCredentials;
try
{
decodedCredentials = Encoding.UTF8.GetString(Convert.FromBase64String(credentials));
}
catch (Exception)
{
return(AuthenticateResult.Fail("The credentials can not be decoded in 'Basic' scheme."));
}
int delimiterIndex = decodedCredentials.IndexOf(":", StringComparison.OrdinalIgnoreCase);
if (delimiterIndex < 0)
{
return(AuthenticateResult.Fail("The credentials delimiter is not present in 'Basic' scheme."));
}
string userName = decodedCredentials.Substring(0, delimiterIndex);
string password = decodedCredentials.Substring(delimiterIndex + 1);
var context = new ValidatePrincipalContext(this.Context, this.Scheme, this.Options, userName, password);
return(await this.Options.Events.ValidatePrincipal(context));
}
public override Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
if ((context.UserName == demoUsername) && (context.Password == demoPassword))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
context.Principal = principal;
}
return(Task.CompletedTask);
}
public override Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
var user = _userService.Authenticate(context.UserName, context.Password);
if (user != null)
{
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.UserName),
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
context.Principal = principal;
}
return(Task.CompletedTask);
}
public override Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
if ((context.UserName == "test") && (context.Password == "test"))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
context.Principal = principal;
}
return(Task.CompletedTask);
}
/// <inheritdoc/>
public override Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
// keep the bots away
if (string.Equals(context.UserName, _config.Username) && string.Equals(context.Password, _config.Password))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
context.Principal = principal;
}
return(Task.CompletedTask);
}
public override Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
if (context.UserName == this.authenticationSettings.Login &&
context.Password == this.authenticationSettings.Password)
{
var identity = new ClaimsIdentity(
new[]
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer)
},
BasicAuthenticationDefaults.AuthenticationScheme);
context.Principal = new ClaimsPrincipal(identity);
}
return(Task.CompletedTask);
}
public static Task Authenticate(ValidatePrincipalContext context)
{
// use basic authentication to support Swagger
if (context.UserName != context.Password)
{
context.AuthenticationFailMessage = "Authentication failed.";
return(Task.CompletedTask);
}
var primaryRoleId = string.Empty;
switch (context.UserName)
{
case Roles.Admin:
case Roles.Buyer:
primaryRoleId = PrimaryRole.GovernmentDepartment;
break;
case Roles.Supplier:
primaryRoleId = PrimaryRole.ApplicationServiceProvider;
break;
default:
break;
}
var servProv = context.HttpContext.RequestServices;
var orgStore = (IOrganisationDatastore)servProv.GetService(typeof(IOrganisationDatastore));
var org = orgStore.GetAll().FirstOrDefault(x => x.PrimaryRoleId == primaryRoleId);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer),
// use (case-sensitive) UserName for role
new Claim(ClaimTypes.Role, context.UserName),
// random organisation for Joe public
new Claim(nameof(Organisation), org?.Id ?? Guid.NewGuid().ToString())
};
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
return(Task.CompletedTask);
}
public override Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
if (QueryIsValidStaffLogon(_db, context.UserName, context.Password))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer)
};
var principle = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
context.Principal = principle;
var ticket = new AuthenticationTicket(principle, new AuthenticationProperties(), BasicAuthenticationDefaults.AuthenticationScheme);
return(Task.FromResult(AuthenticateResult.Success(ticket)));
}
return(Task.FromResult(AuthenticateResult.Fail("Authentication failed.")));
}
private async Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
// Try sign in
SignInResult result =
await SignInAsync(context.HttpContext, context.UserName, context.Password, true, BasicAuthenticationDefaults.AuthenticationScheme)
.ConfigureAwait(false);
// Check result
if (result.Succeeded)
{
context.Principal = context.HttpContext.User;
}
else if (result.IsLockedOut)
{
context.AuthenticationFailMessage = "Account locked.";
}
else
{
context.AuthenticationFailMessage = "Authentication failed.";
}
}
public Task Authenticate(ValidatePrincipalContext context)
{
var contact = _contactDatastore.ByEmail(context.UserName);
if (contact?.Password != _hash.CreateMD5(context.Password))
{
context.AuthenticationFailMessage = "Authentication failed.";
return(Task.CompletedTask);
}
var claims = new List <Claim>
{
new Claim(ClaimTypes.Email, $"{contact.Email}", context.Options.ClaimsIssuer),
new Claim(ClaimTypes.Role, contact.Role, context.Options.ClaimsIssuer)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicAuthenticationDefaults.AuthenticationScheme));
context.Principal = principal;
return(Task.CompletedTask);
}
public override async Task ValidatePrincipalAsync(ValidatePrincipalContext context)
{
if (String.IsNullOrEmpty(context.UserName))
{
return;
}
using (var sqliteConnection = new SQLiteConnection("Data Source=notesdb.sqlite"))
{
await sqliteConnection.OpenAsync();
var members = await sqliteConnection.QueryAsync("SELECT * FROM member WHERE login=@login AND plainpassword=@password", new { login = context.UserName, password = context.Password });
await sqliteConnection.CloseAsync();
if (members.Count() == 1 && members.First().login == context.UserName)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, context.UserName, context.Options.ClaimsIssuer),
new Claim(ClaimTypes.Email, members.First().email, context.Options.ClaimsIssuer),
new Claim(ClaimTypes.GivenName, members.First().givenname, context.Options.ClaimsIssuer),
new Claim(ClaimType_MemberId, members.First().id.ToString(), context.Options.ClaimsIssuer),
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
context.Principal = principal;
}
//else
//{
// // optional with following default.
// // context.AuthenticationFailMessage = "Authentication failed.";
//}
//return Task.CompletedTask;
}
}
