예제 #1
0
        private async Task <ClaimsPrincipal> CreatePrincipalFor(SiteMinderAuthenticationToken smAuthToken)
        {
            var claims = new List <Claim>();

            claims.Add(new Claim(ClaimTypes.Role, "role_everyone"));
            if (smAuthToken.IsInternal())
            {
                //EMBC admin
                claims.Add(new Claim(ClaimTypes.Role, "role_volunteer"));
                claims.Add(new Claim(ClaimTypes.Role, "role_local_authority"));
                claims.Add(new Claim(ClaimTypes.Role, "role_provincial_admin"));
                claims.Add(new Claim(ClaimTypes.Sid, smAuthToken.smgov_userguid));
                claims.Add(new Claim(ClaimTypes.Upn, smAuthToken.sm_universalid));
                claims.Add(new Claim(SiteMinderClaimTypes.USER_TYPE, smAuthToken.smgov_usertype));
                claims.Add(new Claim(SiteMinderClaimTypes.NAME, smAuthToken.smgov_userdisplayname));
                claims.Add(new Claim(EssClaimTypes.USER_ID, smAuthToken.smgov_userguid));
            }
            else if (smAuthToken.IsExternal())
            {
                //Volunteer
                var volunteer = dataInterface.GetVolunteerByBceidUserId(smAuthToken.sm_universalid);

                if (volunteer == null)
                {
                    throw new ApplicationException($"Volunteer not found");
                }
                if (volunteer.Externaluseridentifier != null && volunteer.Externaluseridentifier != smAuthToken.smgov_userguid)
                {
                    throw new ApplicationException("Volunteer BCeID GUID does not match");
                }
                if (volunteer.Organization.BCeIDBusinessGuid != null && volunteer.Organization.BCeIDBusinessGuid != smAuthToken.smgov_businessguid)
                {
                    throw new ApplicationException("Volunteer doesn't belong to the correct organization");
                }

                if (string.IsNullOrEmpty(volunteer.Externaluseridentifier))
                {
                    volunteer.Externaluseridentifier = smAuthToken.smgov_userguid;
                    await dataInterface.UpdateVolunteerAsync(volunteer);
                }

                claims.Add(new Claim(ClaimTypes.Role, "role_volunteer"));
                if (volunteer.IsAdministrator ?? false)
                {
                    claims.Add(new Claim(ClaimTypes.Role, "role_local_authority"));
                }
                claims.Add(new Claim(ClaimTypes.Sid, smAuthToken.smgov_userguid));
                claims.Add(new Claim(ClaimTypes.Upn, smAuthToken.sm_universalid));
                claims.Add(new Claim(SiteMinderClaimTypes.USER_TYPE, smAuthToken.smgov_usertype));
                claims.Add(new Claim(SiteMinderClaimTypes.NAME, smAuthToken.smgov_userdisplayname));
                claims.Add(new Claim(SiteMinderClaimTypes.BUSINESS_GUID, smAuthToken.smgov_businessguid));
                claims.Add(new Claim(EssClaimTypes.USER_ID, volunteer.Id));
                claims.Add(new Claim(EssClaimTypes.ORG_ID, volunteer.Organization.Id));
            }

            return(new ClaimsPrincipal(new ClaimsIdentity(claims, Options.Scheme)));
        }
예제 #2
0
 public static void AddToResponse(SiteMinderAuthenticationToken token, HttpResponse res)
 {
     res.Cookies.Append(SM_TOKEN_NAME, token.ToString().Base64Encode(), new CookieOptions()
     {
         SameSite = SameSiteMode.Strict,
         Expires  = DateTimeOffset.Now.AddSeconds(30),
         HttpOnly = true
     });
 }
예제 #3
0
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            var smAuthToken = SiteMinderAuthenticationToken.CreateFromFwdHeaders(Request);

            if (!environment.IsProduction() && smAuthToken.IsAnonymous())
            {
                smAuthToken = SiteMinderAuthenticationToken.CreateForDev(Request);
                Response.Cookies.Delete(SiteMinderAuthenticationToken.SM_TOKEN_NAME);
            }

            logger.LogDebug($"smAuthToken: {smAuthToken.ToString()}");
            var claims = Context.Session.GetString("app.principal");

            if (!string.IsNullOrEmpty(claims))
            {
                var principal = claims.FromJwt();
                logger.LogDebug($"Success (session): {principal.Identity.Name}");
                return(AuthenticateResult.Success(new AuthenticationTicket(principal, Options.Scheme)));
            }
            if (smAuthToken.IsAnonymous())
            {
                logger.LogDebug($"NoResult");
                return(AuthenticateResult.NoResult());
            }

            try
            {
                var principal = await CreatePrincipalFor(smAuthToken);

                Context.Session.SetString("app.principal", principal.ToJwt());
                logger.LogDebug($"Success (new): {principal.Identity.Name}");
                return(AuthenticateResult.Success(new AuthenticationTicket(principal, Options.Scheme)));
            }
            catch (ApplicationException e)
            {
                logger.LogError($"Fail to authenticate user with token '{smAuthToken.ToString()}': {e.Message}");
                return(AuthenticateResult.Fail(e.Message));
            }
        }