public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { using (var userRepository = new UserRepository()) { // is the external provider already linked to an account? var existingLinkedUser = userRepository.GetUserForExternalProvider(context.ExternalIdentity.Provider, context.ExternalIdentity.ProviderId); // it is - set as authentication result; if (existingLinkedUser != null) { context.AuthenticateResult = new AuthenticateResult( existingLinkedUser.Subject, existingLinkedUser.UserClaims.First(c => c.ClaimType == Constants.ClaimTypes.GivenName).ClaimValue, existingLinkedUser.UserClaims.Select <UserClaim, Claim>(uc => new Claim(uc.ClaimType, uc.ClaimValue)), authenticationMethod: Constants.AuthenticationMethods.External, identityProvider: context.ExternalIdentity.Provider); return(Task.FromResult(0)); } // no existing link, get email claim to match user var emailClaim = context.ExternalIdentity.Claims.FirstOrDefault(c => c.Type == "email"); if (emailClaim == null) { // return error - we need an email claim to match context.AuthenticateResult = new AuthenticateResult("No email claim available."); return(Task.FromResult(0)); } // find a user with a matching e-mail claim. var userWithMatchingEmailClaim = userRepository.GetUserByEmail(emailClaim.Value); if (userWithMatchingEmailClaim == null && context.ExternalIdentity.Provider == "windows") { // no existing link. If it's a windows user, we're going to ask for additional // information. context.AuthenticateResult = new AuthenticateResult("~/completeadditionalinformation", context.ExternalIdentity); return(Task.FromResult(0)); } if (userWithMatchingEmailClaim == null) { //// return error - we need an existing account //context.AuthenticateResult = new AuthenticateResult("No existing account found."); //return Task.FromResult(0); // create a new account var newUser = new User(); newUser.Subject = Guid.NewGuid().ToString(); newUser.IsActive = true; // add the external identity provider as login provider newUser.UserLogins.Add(new UserLogin() { Subject = newUser.Subject, LoginProvider = context.ExternalIdentity.Provider, ProviderKey = context.ExternalIdentity.ProviderId }); // create a list of claims from the information we got from the external provider // this can be provider-specific if (context.ExternalIdentity.Provider.ToLowerInvariant() == "facebook") { newUser.UserClaims = context.ExternalIdentity .Claims.Where(c => c.Type.ToLowerInvariant() == Constants.ClaimTypes.GivenName || c.Type.ToLowerInvariant() == Constants.ClaimTypes.FamilyName || c.Type.ToLowerInvariant() == Constants.ClaimTypes.Email) .Select <Claim, UserClaim>(c => new UserClaim() { Id = Guid.NewGuid().ToString(), Subject = newUser.Subject, ClaimType = c.Type.ToLowerInvariant(), ClaimValue = c.Value }).ToList(); } // create a new user with the FreeUser role by default newUser.UserClaims.Add(new UserClaim() { Id = Guid.NewGuid().ToString(), Subject = newUser.Subject, ClaimType = "role", ClaimValue = "FreeUser" }); // add the user userRepository.AddUser(newUser); // use this new user context.AuthenticateResult = new AuthenticateResult( newUser.Subject, newUser.UserClaims.First(c => c.ClaimType == Constants.ClaimTypes.GivenName).ClaimValue, newUser.UserClaims.Select <UserClaim, Claim>(uc => new Claim(uc.ClaimType, uc.ClaimValue)), authenticationMethod: Constants.AuthenticationMethods.External, identityProvider: context.ExternalIdentity.Provider); return(Task.FromResult(0)); } // register this external provider for this user account userRepository.AddUserLogin(userWithMatchingEmailClaim.Subject, context.ExternalIdentity.Provider, context.ExternalIdentity.ProviderId); // use this existing account context.AuthenticateResult = new AuthenticateResult( userWithMatchingEmailClaim.Subject, userWithMatchingEmailClaim.UserClaims.First(c => c.ClaimType == Constants.ClaimTypes.GivenName).ClaimValue, userWithMatchingEmailClaim.UserClaims.Select <UserClaim, Claim>(uc => new Claim(uc.ClaimType, uc.ClaimValue)), authenticationMethod: Constants.AuthenticationMethods.External, identityProvider: context.ExternalIdentity.Provider); return(Task.FromResult(0)); } }
/// <summary> /// This method gets called when the user uses an external identity provider to authenticate. /// </summary> /// <param name="context">The context.</param> /// <returns></returns> public Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { return(inner.AuthenticateExternalAsync(context)); }
/// <summary> /// This method gets called when the user uses an external identity provider to authenticate. /// The user's identity from the external provider is passed via the `externalUser` parameter which contains the /// provider identifier, the provider's identifier for the user, and the claims from the provider for the external user. /// </summary> /// <param name="context">The context.</param> /// <returns></returns> public virtual Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { return(Task.FromResult(0)); }
public Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { throw new NotImplementedException(); }
public Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { return(Task.FromResult(true)); }
public Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { context.ExternalIdentity.Claims = filter.Filter(context.ExternalIdentity.Provider, context.ExternalIdentity.Claims); return(inner.AuthenticateExternalAsync(context)); }
public async Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { }
public async Task <IHttpActionResult> ResumeLoginFromRedirect(string resume) { Logger.Info("Callback requested to resume login from partial login"); if (resume.IsMissing()) { Logger.Error("no resumeId passed"); return(RenderErrorPage()); } if (resume.Length > MaxInputParamLength) { Logger.Error("resumeId length longer than allowed length"); return(RenderErrorPage()); } var user = await context.GetIdentityFromPartialSignIn(); if (user == null) { Logger.Error("no identity from partial login"); return(RenderErrorPage()); } var type = GetClaimTypeForResumeId(resume); var resumeClaim = user.FindFirst(type); if (resumeClaim == null) { Logger.Error("no claim matching resumeId"); return(RenderErrorPage()); } var signInId = resumeClaim.Value; if (signInId.IsMissing()) { Logger.Error("No signin id found in resume claim"); return(RenderErrorPage()); } var signInMessage = signInMessageCookie.Read(signInId); if (signInMessage == null) { Logger.Error("No cookie matching signin id found"); return(RenderErrorPage()); } AuthenticateResult result = null; // determine which return path the user is taking -- are they coming from // a ExternalProvider partial logon, or not var externalProviderClaim = user.FindFirst(Constants.ClaimTypes.ExternalProviderUserId); // cleanup the claims from the partial login if (user.HasClaim(c => c.Type == Constants.ClaimTypes.PartialLoginRestartUrl)) { user.RemoveClaim(user.FindFirst(Constants.ClaimTypes.PartialLoginRestartUrl)); } if (user.HasClaim(c => c.Type == Constants.ClaimTypes.PartialLoginReturnUrl)) { user.RemoveClaim(user.FindFirst(Constants.ClaimTypes.PartialLoginReturnUrl)); } if (user.HasClaim(c => c.Type == Constants.ClaimTypes.ExternalProviderUserId)) { user.RemoveClaim(user.FindFirst(Constants.ClaimTypes.ExternalProviderUserId)); } if (user.HasClaim(c => c.Type == GetClaimTypeForResumeId(resume))) { user.RemoveClaim(user.FindFirst(GetClaimTypeForResumeId(resume))); } if (externalProviderClaim != null) { Logger.Info("using ExternalProviderUserId to call AuthenticateExternalAsync"); var provider = externalProviderClaim.Issuer; var providerId = externalProviderClaim.Value; var externalIdentity = new ExternalIdentity { Provider = provider, ProviderId = providerId, Claims = user.Claims }; Logger.InfoFormat("external user provider: {0}, provider ID: {1}", externalIdentity.Provider, externalIdentity.ProviderId); var externalContext = new ExternalAuthenticationContext { ExternalIdentity = externalIdentity, SignInMessage = signInMessage }; await userService.AuthenticateExternalAsync(externalContext); result = externalContext.AuthenticateResult; if (result == null) { Logger.Warn("user service failed to authenticate external identity"); var msg = localizationService.GetMessage(MessageIds.NoMatchingExternalAccount); await eventService.RaiseExternalLoginFailureEventAsync(externalIdentity, signInId, signInMessage, msg); return(await RenderLoginPage(signInMessage, signInId, msg)); } if (result.IsError) { Logger.WarnFormat("user service returned error message: {0}", result.ErrorMessage); await eventService.RaiseExternalLoginFailureEventAsync(externalIdentity, signInId, signInMessage, result.ErrorMessage); return(await RenderLoginPage(signInMessage, signInId, result.ErrorMessage)); } Logger.Info("External identity successfully validated by user service"); await eventService.RaiseExternalLoginSuccessEventAsync(externalIdentity, signInId, signInMessage, result); } else { // check to see if the resultant user has all the claim types needed to login if (!Constants.AuthenticateResultClaimTypes.All(claimType => user.HasClaim(c => c.Type == claimType))) { Logger.Error("Missing AuthenticateResultClaimTypes -- rendering error page"); return(RenderErrorPage()); } // this is a normal partial login continuation Logger.Info("Partial login resume success -- logging user in"); result = new AuthenticateResult(new ClaimsPrincipal(user)); await eventService.RaisePartialLoginCompleteEventAsync(result.User.Identities.First(), signInId, signInMessage); } return(await SignInAndRedirectAsync(signInMessage, signInId, result)); }
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { return(Task.FromResult <AuthenticateResult>(null)); }
public Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { context.AuthenticateResult = null; return(Task.FromResult(0)); }
public override async Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { var externalIdentity = context.ExternalIdentity; context.AuthenticateResult = await GetAppropriateAuthenticationResult(externalIdentity); }
protected virtual async Task <string> GetInternalUserId(ExternalAuthenticationContext context) { throw new NotImplementedException(); }
public async Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { await this.innerUserService.AuthenticateExternalAsync(context); }
public sealed override Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { return(AuthenticateExternalAsync(context, OwinContext.Request.CallCancelled)); }
protected virtual Task <string> GetInternalUserId(ExternalAuthenticationContext context, CancellationToken cancellationToken) { throw new NotImplementedException(); }
public async Task <IHttpActionResult> LoginExternalCallback(string error = null) { Logger.Info("Callback invoked from external identity provider"); if (error.IsPresent()) { if (error.Length > MaxInputParamLength) { error = error.Substring(0, MaxInputParamLength); } Logger.ErrorFormat("External identity provider returned error: {0}", error); await eventService.RaiseExternalLoginErrorEventAsync(error); return(RenderErrorPage(String.Format(localizationService.GetMessage(MessageIds.ExternalProviderError), error))); } var signInId = await context.GetSignInIdFromExternalProvider(); if (signInId.IsMissing()) { Logger.Info("No signin id passed"); return(HandleNoSignin()); } var signInMessage = signInMessageCookie.Read(signInId); if (signInMessage == null) { Logger.Info("No cookie matching signin id found"); return(HandleNoSignin()); } var user = await context.GetIdentityFromExternalProvider(); if (user == null) { Logger.Error("no identity from external identity provider"); return(await RenderLoginPage(signInMessage, signInId, localizationService.GetMessage(MessageIds.NoMatchingExternalAccount))); } var externalIdentity = ExternalIdentity.FromClaims(user.Claims); if (externalIdentity == null) { var claims = user.Claims.Select(x => new { x.Type, x.Value }); Logger.ErrorFormat("no subject or unique identifier claims from external identity provider. Claims provided:\r\n{0}", LogSerializer.Serialize(claims)); return(await RenderLoginPage(signInMessage, signInId, localizationService.GetMessage(MessageIds.NoMatchingExternalAccount))); } Logger.InfoFormat("external user provider: {0}, provider ID: {1}", externalIdentity.Provider, externalIdentity.ProviderId); var externalContext = new ExternalAuthenticationContext { ExternalIdentity = externalIdentity, SignInMessage = signInMessage }; await userService.AuthenticateExternalAsync(externalContext); var authResult = externalContext.AuthenticateResult; if (authResult == null) { Logger.Warn("user service failed to authenticate external identity"); var msg = localizationService.GetMessage(MessageIds.NoMatchingExternalAccount); await eventService.RaiseExternalLoginFailureEventAsync(externalIdentity, signInId, signInMessage, msg); return(await RenderLoginPage(signInMessage, signInId, msg)); } if (authResult.IsError) { Logger.WarnFormat("user service returned error message: {0}", authResult.ErrorMessage); await eventService.RaiseExternalLoginFailureEventAsync(externalIdentity, signInId, signInMessage, authResult.ErrorMessage); return(await RenderLoginPage(signInMessage, signInId, authResult.ErrorMessage)); } Logger.Info("External identity successfully validated by user service"); await eventService.RaiseExternalLoginSuccessEventAsync(externalIdentity, signInId, signInMessage, authResult); return(await SignInAndRedirectAsync(signInMessage, signInId, authResult)); }
public sealed override Task AuthenticateExternalAsync(ExternalAuthenticationContext context) { return(AuthenticateExternalAsync(context, CurrentCancellationToken)); }
protected virtual Task <BitJwtToken> ExternalLogin(ExternalAuthenticationContext context, CancellationToken cancellationToken) { throw new NotImplementedException(); }
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext ctx) { return(base.AuthenticateExternalAsync(ctx)); }