Exemplo n.º 1
0
        private static void RegisterAuthRoutes(RouteCollection routes)
        {
            if (AppAuthConfiguration.Get().DebugMode)
            {
                routes.MapRoute(
                    "AuthLogin", AuthHelpers.LoginPath,
                    new { controller = "Auth", action = "Login" }
                    );

                routes.MapRoute(
                    "AuthLogout", AuthHelpers.LogoutPath,
                    new { controller = "Auth", action = "Logout" }
                    );
            }
            else
            {
                routes.MapRoute(
                    "AuthLogin", AuthHelpers.LoginPath,
                    new { controller = "Auth", action = "LoginSso" }
                    );

                routes.MapRoute(
                    "AuthSsoFailed", "auth/sso-failed",
                    new { controller = "Auth", action = "SsoFailed" }
                    );
            }
        }
        /// <summary>
        /// Configures the Audit logger (suing Serilog library)
        /// </summary>
        public static void InitializeAuditLogger()
        {
            AuditLogManager.Logger = new LoggerConfiguration()
                                     .WriteTo.Console()
                                     .WriteTo.File(GetAuditLoggingConfiguration().FilePath)
                                     .CreateLogger();

            AuthHelpers.Logger = new LoggerConfiguration()
                                 .WriteTo.Console()
                                 .WriteTo.File(AppAuthConfiguration.Get().LogPath)
                                 .CreateLogger();
        }
        private ActionResult FailCallback()
        {
            if (!(Session[FailedSsoAttemptsKey] is int))
            {
                Session[FailedSsoAttemptsKey] = 0;
            }

            Session[FailedSsoAttemptsKey] = ((int)Session[FailedSsoAttemptsKey]) + 1;
            if ((int)Session[FailedSsoAttemptsKey] > AppAuthConfiguration.Get().MaxSsoAttempts)
            {
                Session[FailedSsoAttemptsKey] = 0;
                return(RedirectToAction("SsoFailed"));
            }

            return(RedirectToSso());
        }
 private ActionResult RedirectToSso()
 {
     return(Redirect(AppAuthConfiguration.Get().GetTimetableLoginUrlOrFail()));
 }
Exemplo n.º 5
0
        /// <summary>
        /// Configures the authentication system
        /// </summary>
        private static void ConfigureAuth(IAppBuilder app)
        {
            if (AppAuthConfiguration.Get().DebugMode)
            {
                // Fake login page with username only

                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                    LoginPath          = new PathString($"/{AuthHelpers.LoginPath}"),

                    Provider = new CookieAuthenticationProvider
                    {
                        OnValidateIdentity = context =>
                        {
                            if (context.Identity.Claims.All(claim => claim.Type != AuthHelpers.DebugModeClaim))
                            {
                                context.RejectIdentity();
                                context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
                            }

                            return(Task.CompletedTask);
                        }
                    }
                });
            }
            else
            {
                // Real SSO mode

                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                    LoginPath          = new PathString($"/{AuthHelpers.LoginPath}"),

                    ExpireTimeSpan    = TimeSpan.FromDays(30),
                    SlidingExpiration = true,

                    Provider = new CookieAuthenticationProvider
                    {
                        OnValidateIdentity = async context =>
                        {
                            if (context.Identity.Claims.Any(claim => claim.Type == AuthHelpers.DebugModeClaim))
                            {
                                context.RejectIdentity();
                                context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
                                return;
                            }

                            Claim sessionGuidClaim = context.Identity.Claims
                                                     .FirstOrDefault(claim => claim.Type == AuthHelpers.TimetableSessionClaim);

                            if (sessionGuidClaim == null)
                            {
                                context.RejectIdentity();
                                context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
                                return;
                            }

                            TimetableDbContext timetableDb = new TimetableDbContext();
                            AuthSession session            =
                                await timetableDb.AuthSessions.FindAsync(new Guid(sessionGuidClaim.Value));

                            if (session == null || session.ExpiresAt < DateTime.Now)
                            {
                                context.RejectIdentity();
                                context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
                                return;
                            }

                            TimetableUserEntry user = await new TimetableUserRepository(timetableDb)
                                                      .GetByUsernameAsync(session.UserEmail);

                            if (user == null || user.UserId != context.Identity.GetUserId())
                            {
                                context.RejectIdentity();
                                context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
                            }
                        }
                    }
                });
            }
        }