public bool LoginIntent(AuthenticationConclusion conc) { var idp = (AS)SVX.VProgram_API.GetParticipant(idpParticipantId); SVX.VProgram_API.AssumeTrustedServer(idp.SVX_Principal); SVX.VProgram_API.AssumeTrustedServer(SVX_Principal); SVX.VProgram_API.AssumeTrustedBrowser(conc.channel); return(idp.Ghost_CheckSignedIn(SVX.VProgram_API.Owner(conc.channel), conc.userProfile.UserID)); }
public bool LoginSafety(AuthenticationConclusion conc) { var idp = (AS)SVX.VProgram_API.GetParticipant(idpParticipantId); var idpUserPrincipal = GenericAuthStandards.GetIdPUserPrincipal(idp.SVX_Principal, conc.userProfile.UserID); SVX.VProgram_API.AssumeTrustedServer(idp.SVX_Principal); SVX.VProgram_API.AssumeTrustedServer(SVX_Principal); SVX.VProgram_API.AssumeTrusted(idpUserPrincipal); // bool x = SVX.VProgram_API.ActsFor(conc.authenticatedClient, idp.SVX_Principal); // bool y = SVX.VProgram_API.ActsFor(conc.authenticatedClient, SVX_Principal); return(SVX.VProgram_API.ActsFor(conc.channel, idpUserPrincipal)); }
public async Task AuthenticationDone(AuthenticationConclusion conclusion, SVAuthRequestContext context) { if (context.channel != conclusion.channel) { throw new Exception("Attempt to apply an AuthenticationConclusion to the wrong channel."); } if (!BypassCertification) { SVX.SVX_Ops.Certify(conclusion, LoginSafety, idpParticipantId); SVX.SVX_Ops.Certify(conclusion, LoginIntent, idpParticipantId); } await Utils.AbandonAndCreateSessionAsync(conclusion, context); }
public static async Task LocalAbandonAndCreateSessionAsync(GenericAuth.AuthenticationConclusion conclusion, SVAuthRequestContext context) { Console.WriteLine(JsonConvert.SerializeObject(conclusion.userProfile)); //return; string createSessionEndpoint = Config.config.internalPlatformRootUrl + "CreateNewSession." + Config.config.WebAppSettings.platform.fileExtension; var abandonSessionRequest = new HttpRequestMessage(HttpMethod.Post, createSessionEndpoint); abandonSessionRequest.Headers.Add("Cookie", Config.config.WebAppSettings.platform.sessionCookieName + "=" + context.http.Request.Cookies[Config.config.WebAppSettings.platform.sessionCookieName] + ";"); HttpResponseMessage abandonSessionResponse = await PerformHttpRequestAsync(abandonSessionRequest); Trace.Write("Abandoned session"); var createSessionRequest = new HttpRequestMessage(HttpMethod.Post, createSessionEndpoint); createSessionRequest.Headers.Add("Cookie", ""); createSessionRequest.Content = ObjectToUrlEncodedContent(conclusion.userProfile); HttpResponseMessage createSessionResponse = await PerformHttpRequestAsync(createSessionRequest); Trace.Write("Created session"); var setcookie = createSessionResponse.Headers.GetValues("Set-Cookie"); // HTTP request and response data structures are subtly different between the HTTP client and server libraries... // What we really want is "add another Set-Cookie value, creating // the header if it doesn't exist yet". For now, just try to create // the header, and we'll get an exception if there was already one // (e.g., for the SVAuthSessionID, which shouldn't normally be set // in the same response). context.http.Response.Headers.Add("Set-Cookie", setcookie.ToArray()); string redir_url = context.http.Request.Cookies["LandingUrl"]; //Console.WriteLine("LandingUrl="+ redir_url); if (redir_url == null || redir_url == "") { Microsoft.Extensions.Primitives.StringValues referer; context.http.Request.Headers.TryGetValue("referer", out referer); redir_url = System.Net.WebUtility.UrlDecode(referer); Console.WriteLine("referer=" + redir_url); } context.http.Response.StatusCode = 303; context.http.Response.Redirect(redir_url); }
public static void RemoteAbandonAndCreateSessionAsync(GenericAuth.AuthenticationConclusion conclusion, SVAuthRequestContext context) { string agentscope = Config.config.AgentSettings.agentScope.ToLower(); if (agentscope != "*" && !context.concdst.ToLower().EndsWith(agentscope)) { throw new Exception("This agent is not allowed to serve the host " + context.concdst); } string SerializedUserProfile = JsonConvert.SerializeObject(conclusion.userProfile); Console.WriteLine(SerializedUserProfile); string conckey = context.conckey; UTF8Encoding utf8 = new UTF8Encoding(); byte[] key = utf8.GetBytes(conckey).Take <byte>(256 / 8).ToArray <byte>(); byte[] IV = utf8.GetBytes(conckey).Take <byte>(128 / 8).ToArray <byte>(); byte[] encrypted = EncryptStringToBytes_Aes(SerializedUserProfile, key, IV); string encrypted_str = BitConverter.ToString(encrypted).Replace("-", ""); int pos = context.concdst.IndexOf('?'); if (pos < 1) { throw new Exception("platform info is missing in the concdst string"); } string platform = context.concdst.Substring(pos + 1); string concdst = context.concdst.Replace("?", "/SVAuth/adapters/"); string redir_url = concdst + "/RemoteCreateNewSession." + platform + "?encryptedUserProfile=" + encrypted_str; //tmp //redir_url += "&conckey=" + context.http.Request.Query["conckey"] + "&userProfile=" + SerializedUserProfile; ; context.http.Response.StatusCode = 303; context.http.Response.Redirect(redir_url); }