예제 #1
0
 public virtual Task AuthenticationValidated(AuthenticationValidatedContext context) => OnAuthenticationValidated(context);
예제 #2
0
 public virtual Task AuthenticationValidated(AuthenticationValidatedContext context) => OnAuthenticationValidated(context);
 internal static Task AuthenticationValidated(AuthenticationValidatedContext context)
 {
     eventsFired.Add(nameof(AuthenticationValidated));
     return Task.FromResult(0);
 }
        /// <summary>
        /// Method that is called by the OIDC middleware after the authentication data has been validated.  This is where most of the sign up
        /// and sign in work is done.
        /// </summary>
        /// <param name="context">An OIDC-supplied <see cref="Microsoft.AspNet.Authentication.OpenIdConnect.AuthenticationValidatedContext"/> containing the current authentication information.</param>
        /// <returns>a completed <see cref="System.Threading.Tasks.Task"/></returns>
        public override async Task AuthenticationValidated(AuthenticationValidatedContext context)
        {
            var principal = context.AuthenticationTicket.Principal;
            var userId = principal.GetObjectIdentifierValue();
            var tenantManager = context.HttpContext.RequestServices.GetService<TenantManager>();
            var userManager = context.HttpContext.RequestServices.GetService<UserManager>();
            var issuerValue = principal.GetIssuerValue();
            _logger.AuthenticationValidated(userId, issuerValue);

            // Normalize the claims first.
            NormalizeClaims(principal);
            var tenant = await tenantManager.FindByIssuerValueAsync(issuerValue)
                .ConfigureAwait(false);

            if (context.IsSigningUp())
            {
                // Originally, we were checking to see if the tenant was non-null, however, this would not allow
                // permission changes to the application in AAD since a re-consent may be required.  Now we just don't
                // try to recreate the tenant.
                if (tenant == null)
                {
                    tenant = await SignUpTenantAsync(context, tenantManager)
                        .ConfigureAwait(false);
                }

                // In this case, we need to go ahead and set up the user signing us up.
                await CreateOrUpdateUserAsync(context.AuthenticationTicket, userManager, tenant)
                    .ConfigureAwait(false);
            }
            else
            {
                if (tenant == null)
                {
                    _logger.UnregisteredUserSignInAttempted(userId, issuerValue);
                    throw new SecurityTokenValidationException($"Tenant {issuerValue} is not registered");
                }

                await CreateOrUpdateUserAsync(context.AuthenticationTicket, userManager, tenant)
                    .ConfigureAwait(false);
            }
        }