protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
var action = Request.Method;
string controller = string.Empty;
string api = string.Empty;
try
{
controller = Request.Path.Value.Contains("/api/") ? Request.Path.Value.Split('/')[2] : string.Empty;
api = Request.Path.Value.Contains("/api/") && Request.Path.Value.Split('/').Length > 3
? Request.Path.Value.Split('/')[3]
: string.Empty;
}
catch (Exception)
{
Logging <AuthValidationHandler> .Warning("URL not valid: " + Request.Path.Value);
return(AuthenticateResult.Fail("URL not valid: " + Request.Path.Value));
}
AuthenticationTicket ticket = await CreateTicketAsync(action, controller, api);
if (ticket == null)
{
return(AuthenticateResult.Fail("Authentication failed because the access token was invalid."));
}
await AuthenticationHttpContextExtensions.SignInAsync(Request.HttpContext, ticket.AuthenticationScheme, ticket.Principal);
return(AuthenticateResult.Success(ticket));
}
public JsonResult OnPost()
{
login_db _context = new login_db(AppGlobal.get_db_option()); //simplifying context initializer by override
AppResponseMessage arm = new AppResponseMessage(); //inisialisasi ARM sebagai standarisasi respon balik
try {
using (var transaction = _context.Database.BeginTransaction()) {
if (Request.Query["f"] == "logout_handler")
{
var history_id = User.FindFirst("history_id").Value;
var history = _context.t_login_history.FirstOrDefault(e => e.t_login_history_id == Convert.ToInt32(history_id));
history.logout_time = DateTime.Now;
_context.t_login_history.Update(history);
_context.SaveChanges();
AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
arm.success();
arm.message = "Success";
}
transaction.Commit();
_context.SaveChanges();
}
} catch (Exception ex) {
arm.fail();
arm.message = ex.Message;
}
return(new JsonResult(arm)); //return ARM dg method JsonResult untuk auto serialize ke format JSON
}
public async Task <IActionResult> Login(string name, string password, string email)
{
//validate that there is user data
if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(password) || string.IsNullOrEmpty(email))
{
RedirectToAction(nameof(Index), nameof(HomeController));
}
//login the user: ClaimsIdentity, ClaimsPrincipal and SignInAsync()
//Create identity clames for the user data
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, name),
new Claim(ClaimTypes.Email, email)
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
//create a claims principal for the user
var principal = new ClaimsPrincipal(identity);
//login the user
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, principal);
return(RedirectToAction("LogedInUsers", "Authentication"));
}
public async Task Logout()
{
// TODO: Does not remove the antiforgery token from cookies
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, "Cookies");
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, "oidc");
}
public async Task <IActionResult> Signout()
{
ViewData["AdfsLogoutUrl"] = _configuration["AdfsLogoutUrl"];
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, "Cookies");
return(Redirect("/"));
}
/// <summary>
/// THIS LOGS OUT OF BOTH IPD AND mvc app
/// </summary>
/// <returns></returns>
public async Task Logout()
{
//only logs out of client not IDP
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, "Cookies");
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, "oidc");
}
public async Task <IActionResult> Login(LoginDTO loginDto)
{
var identity = loginHelper.GetClaimsIdentity(loginDto.ChipId, loginDto.Password);
if (identity == null)
{
ViewBag.Error = "Wrooong!";
}
else
{
// issue an authentication cookie
var properties = new AuthenticationProperties()
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddMonths(1)
};
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, new ClaimsPrincipal(identity), properties);
// redirect to the home page
return(RedirectToRoute(new
{
controller = "Home",
action = "Index"
}));
}
return(View());
}
public async Task <IActionResult> LoginCallback(string returnUrl)
{
IActionResult result;
AuthenticateResult asyncVariable0 = await AuthenticationHttpContextExtensions.AuthenticateAsync(this.HttpContext, "QQConnect");
AuthenticateResult authenticateResult = asyncVariable0;
asyncVariable0 = null;
if (!authenticateResult.Succeeded || !authenticateResult.Principal.Claims.Any <Claim>())
{
result = this.RedirectToRoute("Login");
}
else
{
ExternalAuthenticationParameters asyncVariable3 = new ExternalAuthenticationParameters {
ProviderSystemName = "ExternalAuth.QQConnect"
};
ExternalAuthenticationParameters asyncVariable1 = asyncVariable3;
string asyncVariable2 = await AuthenticationHttpContextExtensions.GetTokenAsync(this.HttpContext, "QQConnect", "access_token");
asyncVariable1.AccessToken = asyncVariable2;
asyncVariable3.Email = authenticateResult.Principal.FindFirst(claim => claim.Type == ClaimTypes.Email)?.Value;
asyncVariable3.ExternalIdentifier = authenticateResult.Principal.FindFirst(claim => claim.Type == ClaimTypes.NameIdentifier)?.Value;
asyncVariable3.ExternalDisplayIdentifier = authenticateResult.Principal.FindFirst(claim => claim.Type == ClaimTypes.Name)?.Value;
asyncVariable3.Claims = authenticateResult.Principal.Claims.Select(claim => new ExternalAuthenticationClaim(claim.Type, claim.Value)).ToList();
ExternalAuthenticationParameters parameters = asyncVariable3;
asyncVariable1 = null;
asyncVariable2 = null;
asyncVariable3 = null;
result = this._externalAuthenticationService.Authenticate(parameters, returnUrl);
}
return(result);
}
public async Task <IActionResult> Contact()
{
//when getting info pass in authority if IDP
var discoveryClient = new DiscoveryClient("https://localhost:44365/");
//gets meta data
var metaDataResponse = await discoveryClient.GetAsync();
//get userInfo endpoint pass in meta data
var userInfoClient = new UserInfoClient(metaDataResponse.UserInfoEndpoint);
//need an access token to call this endpoint above
var accessToken = await AuthenticationHttpContextExtensions
.GetTokenAsync(HttpContext, OpenIdConnectParameterNames.AccessToken);
//call endpoint pass in access token
var response = await userInfoClient.GetAsync(accessToken);
//throw an error exeption if any errors:
if (response.IsError)
{
throw new Exception("error on user endpoint", response.Exception);
}
// response object has a list of claims that are returned from the user info endpoint
//match scopes that are in the access token-- if null its gonna be null
var address = response.Claims.FirstOrDefault(x => x.Type == "address")?.Value;
//return view and pass in new orderview frame model with address in ctor
return(View(new OrderViewFrameModel(address)));
}
public async Task <IActionResult> GoogleCallback(string code)
{
var token = await _api.TokenExchange(code);
var googleUser = await _api.GoogleUser(token);
var user = await _db.Users.FirstOrDefaultAsync(u => u.Email == googleUser.Email);
if (user == null)
{
return(RedirectToAction("Beta", "Home"));
}
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Role, "user"),
new Claim(ClaimTypes.Name, googleUser.Name),
new Claim(ClaimTypes.Email, googleUser.Email),
new Claim(ClaimTypes.Sid, user.Id.ToString())
};
var identity = new ClaimsIdentity(claims, "GoogleAuthLogin");
var principal = new ClaimsPrincipal(new[] { identity });
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, AUTH_NAME, principal);
return(RedirectToAction("Index", "Home"));
}
private async Task PerformSignIn(GenericPrincipal user, string webToken)
{
Dictionary <string, string> items = new Dictionary <string, string>
{
{ "AuthScheme", CookieAuthenticationDefaults.AuthenticationScheme },
};
AuthenticationProperties props = new AuthenticationProperties(items)
{
// web authentication ticket life time, after expire new log in required
ExpiresUtc = DateTime.UtcNow.AddHours(8),
IsPersistent = false,
AllowRefresh = false,
};
List <AuthenticationToken> authenticationTokens = new List <AuthenticationToken>
{
new AuthenticationToken {
Name = "access_token", Value = webToken
},
};
AuthenticationTokenExtensions.StoreTokens(props, authenticationTokens);
await AuthenticationHttpContextExtensions.SignInAsync(_httpContext,
CookieAuthenticationDefaults.AuthenticationScheme, user, props);
}
private async Task <string> GetAccessToken(IConfiguration appConfiguration, IHttpContextAccessor httpContextAccessor)
{
string accessToken = string.Empty;
var currentContext = httpContextAccessor.HttpContext;
// Should we renew access & refresh tokens?
var expires_at = await AuthenticationHttpContextExtensions.GetTokenAsync(currentContext,
"expires_at");
// compare - make sure to use the exact date formats for comparison
// (UTC, in this case)
if (string.IsNullOrWhiteSpace(expires_at) ||
((DateTime.Parse(expires_at).AddSeconds(-60)).ToUniversalTime()
< DateTime.UtcNow))
{
accessToken = await RenewTokens(appConfiguration, httpContextAccessor);
}
else
{
// get access token
accessToken = await AuthenticationHttpContextExtensions.GetTokenAsync(currentContext,
OpenIdConnectParameterNames.AccessToken);
}
return(accessToken);
}
/// <summary>
/// 获取当前上下文的access_token
/// </summary>
/// <returns></returns>
public async Task <string> GetToken()
{
//只要无法decoded被jwthandler,这里就会有空值
HttpContext httpContext = _httpContextAccessor.HttpContext;
return(await AuthenticationHttpContextExtensions.GetTokenAsync(httpContext, "access_token"));
}
public async Task <ActionResult> ACS(IFormCollection collection)
{
string samlResponse = "";
string redirect = "";
AuthResponse resp = new AuthResponse();
try
{
samlResponse = Encoding.UTF8.GetString(Convert.FromBase64String(collection["SAMLResponse"]));
redirect = Encoding.UTF8.GetString(Convert.FromBase64String(collection["RelayState"]));
resp.Deserialize(samlResponse);
}
catch (Exception ex)
{
_logger.LogError(ex, "Error reading SAML Response {0}", samlResponse);
}
if (resp.RequestStatus == SamlRequestStatus.Success)
{
//CookieOptions options = new CookieOptions();
//options.Expires = resp.SessionIdExpireDate;
//Response.Cookies.Delete("SPID_COOKIE");
//Response.Cookies.Append("SPID_COOKIE", JsonConvert.SerializeObject(resp), options);
var scheme = "SPIDCookie"; //CookieAuthenticationDefaults.AuthenticationScheme
var claims = resp.GetClaims();
var identityClaims = new List <Claim>();
foreach (var item in claims)
{
identityClaims.Add(new Claim(item.Key, item.Value, ClaimValueTypes.String, resp.Issuer));
}
identityClaims.Add(new Claim(ClaimTypes.Name, claims["Name"], ClaimValueTypes.String, resp.Issuer));
identityClaims.Add(new Claim(ClaimTypes.Surname, claims["FamilyName"], ClaimValueTypes.String, resp.Issuer));
identityClaims.Add(new Claim(ClaimTypes.Email, claims["Email"], ClaimValueTypes.String, resp.Issuer));
var identity = new ClaimsIdentity(identityClaims, scheme);
var principal = new ClaimsPrincipal(identity);
HttpContext.User = principal;
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, scheme, principal,
new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
IsPersistent = true,
AllowRefresh = false
});
}
if (string.IsNullOrEmpty(redirect))
{
redirect = "/";
}
return(Redirect(redirect));
}
public async System.Threading.Tasks.Task <IActionResult> logout()
{
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext);
_requestItemsService.Logout();
return(LocalRedirect("/"));
}
/// <summary>
/// 获取授权数据
/// </summary>
/// <param name="valueType"></param>
/// <returns></returns>
public string GetAuthClainValue(AuthorizationStorageType valueType)
{
string value = string.Empty;
try
{
Task <AuthenticateResult> authenticateInfo = AuthenticationHttpContextExtensions.AuthenticateAsync(HttpContext, authenticationScheme);
if (authenticateInfo.IsFaulted || authenticateInfo.Result.Principal == null)
{
return(value);
}
IEnumerable <Claim> claims = authenticateInfo.Result.Principal.Claims;
foreach (Claim claim in claims)
{
if (claim.Type.Equals(valueType.ToString()))
{
value = claim.Value;
break;
}
}
}
catch (Exception)
{
}
return(value);
}
public async Task <IActionResult> SignIn([FromBody] LoginArgs loginArgs)
{
try
{
// credential validation ...
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, "Alex")
};
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
IsPersistent = true,
RedirectUri = Request.Host.Value
};
await AuthenticationHttpContextExtensions.SignInAsync(
HttpContext,
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);
return(Ok());
}
catch (Exception ex)
{
return(BadRequest(new { Error = ex.Message }));
}
}
/// <summary>
/// 设置授权认证数
/// </summary>
/// <param name="value">实体序列化JsonConvert.SerializeObject(data)</param>
/// <param name="valueType"></param>
public async void SetsAuthenticationAsync(string value, AuthorizationStorageType valueType)
{
var claims = new List <Claim>()
{
new Claim(valueType.ToString(), value)
};
Task <AuthenticateResult> authenticateInfo = AuthenticationHttpContextExtensions.AuthenticateAsync(HttpContext, authenticationScheme);
if (!authenticateInfo.IsFaulted && authenticateInfo.Result.Principal != null)
{
claims = authenticateInfo.Result.Principal.Claims.ToList();
int idx = claims.FindIndex(c => { return(c.Type.Equals(valueType.ToString())); });
if (idx >= 0)
{
claims.RemoveAt(idx);
}
claims.Add(new Claim(valueType.ToString(), value));
}
ClaimsIdentity identity = new ClaimsIdentity(claims);
var userPrincipal = new ClaimsPrincipal(identity);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, authenticationScheme, userPrincipal, new Microsoft.AspNetCore.Authentication.AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddHours(24),
IsPersistent = false,
AllowRefresh = true
});
}
public async Task <IActionResult> Login(LoginViewModel model)
{
if (!Request.Form.Keys.Any(x => x == "external"))
{
// 通常ログイン
if (ModelState.IsValid)
{
if (!string.IsNullOrEmpty(model.UserName))
{
// 認証情報を作成する。
List <Claim> claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.Name, model.UserName));
// 認証情報を保存する。
ClaimsIdentity userIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal userPrincipal = new ClaimsPrincipal(userIdentity);
// サイン アップする。
await AuthenticationHttpContextExtensions.SignInAsync(
this.HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal);
// 認証情報を保存する。
MyUserInfo ui = new MyUserInfo(model.UserName, (new GetClientIpAddress()).GetAddress());
UserInfoHandle.SetUserInformation(ui);
//基盤に任せるのでリダイレクトしない。
return(View(model));
}
else
{
// ユーザー認証 失敗
this.ModelState.AddModelError(string.Empty, "指定されたユーザー名またはパスワードが正しくありません。");
}
}
else
{
// LoginViewModelの検証に失敗
}
// Session消去
//this.FxSessionAbandon();
// ポストバック的な
return(this.View(model));
}
else
{
// 外部ログイン
return(Redirect(string.Format(
"https://localhost:44300/MultiPurposeAuthSite/authorize"
+ "?client_id=" + OAuth2AndOIDCParams.ClientID
+ "&response_type=code"
+ "&scope=profile%20email%20phone%20address%20openid"
+ "&state={0}"
+ "&nonce={1}"
+ "&prompt=none",
this.State, this.Nonce)));
}
}
public async System.Threading.Tasks.Task <IActionResult> logout()
{
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext);
_requestItemsService.Logout();
_configuration["quickstart"] = "false";
return(LocalRedirect("/?egName=home"));
}
public async Task <IActionResult> Login(string returnUrl = null)
{
// Clear the existing external cookie to ensure a clean login process
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext);
ViewData["ReturnUrl"] = returnUrl;
return(View());
}
public async Task <IActionResult> Logout()
{
//FormsAuthentication.SignOut();
await AuthenticationHttpContextExtensions.SignOutAsync(
this.HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
return(this.Redirect(Url.Action("Index", "Home")));
}
public async Task <IActionResult> Shouts()
{
await RefreshTokensAync();
var token = await AuthenticationHttpContextExtensions.GetTokenAsync(this.HttpContext, "access_token");
return(View());
}
public async Task <IActionResult> Login(LoginDto data)
{
var claims = new[] { new Claim(ClaimTypes.Name, data.Username), new Claim(ClaimTypes.Role, "role") };
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
return(Redirect("~/Home/Profile"));
}
public static string getUserName(HttpContext context)
{
string tokenString = AuthenticationHttpContextExtensions.GetTokenAsync(context, "access_token").Result;
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken token = handler.ReadJwtToken(tokenString);
return(token.Subject);
}
public async Task <ActionResult <IEnumerable <string> > > GetAsync()
{
var token = await AuthenticationHttpContextExtensions.GetTokenAsync(HttpContext, "Bearer", "access_token");
string userId = User.FindFirst(ClaimTypes.Name)?.Value;
return(new string[] { "Token for calling the frontend api is", token });
}
/// <summary>
/// Handle onPost Login AJAX based dengan return value JsonResult
/// </summary>
/// <param name="request_parameter"></param>
/// <param name="returnURL"></param>
/// <returns></returns>
public JsonResult OnPost(string request_parameter, string returnURL = null)
{
dynamic login_object = JsonConvert.DeserializeObject(request_parameter);
string user_name = login_object["username"];
string password = login_object["password"];
//Console.WriteLine("user_name>> " + user_name);
//Console.WriteLine("password >> " + password);
AppResponseMessage arm = new AppResponseMessage();
if (!string.IsNullOrWhiteSpace(user_name) && !string.IsNullOrWhiteSpace(password))
{
//jika masukan username & password valid
if (IsValidLogin(user_name, password))
{
//jika username & password dikenali
string user_id = _context.m_user.Where(f => f.user_name == user_name).FirstOrDefault().m_user_id + "";
string Role = _context.m_user.Include(f => f.m_user_group).Where(f => f.user_name == user_name).FirstOrDefault().m_user_group.user_group_name;
string user_category_id = _context.m_user.Where(f => f.user_name == user_name).FirstOrDefault().m_user_group_id + "";
bool status_aktif = _context.m_user.Where(f => f.user_name == user_name).FirstOrDefault().user_active;
if (status_aktif != true)
{
//jika user tidak aktif
arm.fail();
arm.message = "user tidak aktif";
}
else
{
//jika user valid & aktif
var claims = new[] {
new Claim(ClaimTypes.Name, user_name),
new Claim(ClaimTypes.Role, Role),
new Claim("user_id", user_id),
new Claim("user_category_id", user_category_id),
new Claim("user_name", user_name),
};
ClaimsIdentity identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, principal);
arm.success();
arm.message = "login berhasil";
}
}
else
{
arm.fail();
arm.message = "login gagal";
}
}
else
{
arm.fail();
arm.message = "login gagal";
}
return(new JsonResult(arm));
}
/// <summary>
/// Attempts to sign out user.
/// </summary>
/// <returns>Default route view.</returns>
public async Task <IActionResult> Logout()
{
if (User.Identity.IsAuthenticated)
{
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
}
return(Redirect("/"));
}
public async Task <IActionResult> Login()
{
if (IsAuthenticated)
{
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, authenticationScheme);
}
return(View());
}
public async Task <IActionResult> Index()
{
ViewData["access_token"] = await AuthenticationHttpContextExtensions.GetTokenAsync(HttpContext, "access_token");
ViewData["id_token"] = await AuthenticationHttpContextExtensions.GetTokenAsync(HttpContext, "id_token");
return(View());
}
