public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
        {
            var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();

            var cookieScheme = await context.GetCookieAuthenticationSchemeAsync();

            if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
            {
                AugmentPrincipal(principal);

                if (properties == null)
                {
                    properties = new AuthenticationProperties();
                }
                properties.Items[IdentityConstants.AuthenticationProperties.Ip] = context.GetRequestIp();
                if (!properties.Items.ContainsKey(IdentityConstants.AuthenticationProperties.SkipCreateSession))
                {
                    var userDevice = context
                                     .GetHeaderValueAs <string>("User-Agent")
                                     .GetDevice();
                    if (!string.IsNullOrEmpty(userDevice))
                    {
                        properties.Items[IdentityConstants.AuthenticationProperties.Device] = userDevice;
                    }
                }

                await _session.CreateSessionIdAsync(principal, properties);
            }

            await _inner.SignInAsync(context, scheme, principal, properties);
        }
        public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
        {
            var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();

            var cookieScheme = await GetCookieAuthenticationSchemeAsync();

            if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
            {
                if (principal?.IsAnonymous() == false)
                {
                    var currentPrincipal = await _session.GetUserAsync();

                    if (currentPrincipal?.IsAnonymous() == true && _options.AllowRemoveAnonymousUserAfterSigningIn)
                    {
                        await _anonUserManager.DeleteByIdAsync(currentPrincipal.GetSubjectId());
                    }
                }

                if (properties == null)
                {
                    properties = new AuthenticationProperties();
                }
                await _session.CreateSessionIdAsync(principal, properties);
            }

            await _inner.SignInAsync(context, scheme, principal, properties);
        }
        public async Task <AuthenticateResponse> Authenticate(UsernamePasswordCredentials credentials)
        {
            var validationResult = _usernamePasswordCredentialsValidator.Validate(credentials);

            if (!validationResult.IsValid)
            {
                return(new AuthenticationFailure <UsernamePasswordAuthenticateFailureReason>(validationResult.Errors.ParseFailureReasons <UsernamePasswordAuthenticateFailureReason>()));
            }

            var user = await _userDataService.GetUserForAuthentication(credentials.Username);

            // if the user is not found, use a random password to verify against and still do the work. This protects against timing attacks
            var password = user?.Password ?? _randomHashedPasswordProvider.RandomHashedPassword;

            // Verify against the stored password by performing the same hash operation on the entered password
            var hashedPassword = _hashPasswordService.Hash(
                credentials.Password,
                password.Salt,
                password.Prf,
                password.Iterations);

            if (!password.Equals(hashedPassword) || user == null)
            {
                return(new AuthenticationFailure <UsernamePasswordAuthenticateFailureReason>(UsernamePasswordAuthenticateFailureReason.InvalidCredentials));
            }

            var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(
                                                          user.AsClaims(),
                                                          (await _authenticationSchemeProvider.GetDefaultSignInSchemeAsync()).Name));

            return(new AuthenticationSuccess(claimsPrincipal));
        }
 private async Task VerifyAllDefaults(IAuthenticationSchemeProvider provider, AuthenticationScheme?expected)
 {
     Assert.Equal(await provider.GetDefaultForbidSchemeAsync(), expected);
     Assert.Equal(await provider.GetDefaultAuthenticateSchemeAsync(), expected);
     Assert.Equal(await provider.GetDefaultChallengeSchemeAsync(), expected);
     Assert.Equal(await provider.GetDefaultSignInSchemeAsync(), expected);
     Assert.Equal(await provider.GetDefaultSignOutSchemeAsync(), expected);
 }
Exemplo n.º 5
0
    public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
    {
        var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();

        var cookieScheme = await context.GetCookieAuthenticationSchemeAsync();

        if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
        {
            AugmentPrincipal(principal);

            properties ??= new AuthenticationProperties();
            await _session.CreateSessionIdAsync(principal, properties);
        }

        await _inner.SignInAsync(context, scheme, principal, properties);
    }
        public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
        {
            var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();

            if (scheme == null || scheme == defaultScheme.Name)
            {
                AugmentPrincipal(principal);

                if (properties == null)
                {
                    properties = new AuthenticationProperties();
                }
                await _session.CreateSessionIdAsync(principal, properties);
            }

            await _inner.SignInAsync(context, scheme, principal, properties);
        }
Exemplo n.º 7
0
    /// <inheritdoc />
    public virtual async Task ProcessRequestAsync(HttpContext context)
    {
        context.CheckForBffMiddleware(Options);

        var result = await context.AuthenticateAsync();

        if (result.Succeeded && result.Principal?.Identity?.IsAuthenticated == true)
        {
            var userSessionId = result.Principal.FindFirst(JwtClaimTypes.SessionId)?.Value;
            if (!String.IsNullOrWhiteSpace(userSessionId))
            {
                var passedSessionId = context.Request.Query[JwtClaimTypes.SessionId].FirstOrDefault();
                // for an authenticated user, if they have a sesison id claim,
                // we require the logout request to pass that same value to
                // prevent unauthenticated logout requests (similar to OIDC front channel)
                if (Options.RequireLogoutSessionId && userSessionId != passedSessionId)
                {
                    throw new Exception("Invalid Session Id");
                }
            }
        }

        // get rid of local cookie first
        var signInScheme = await AuthenticationSchemeProvider.GetDefaultSignInSchemeAsync();

        await context.SignOutAsync(signInScheme?.Name);

        var returnUrl = context.Request.Query[Constants.RequestParameters.ReturnUrl].FirstOrDefault();

        if (!string.IsNullOrWhiteSpace(returnUrl))
        {
            if (!Util.IsLocalUrl(returnUrl))
            {
                throw new Exception("returnUrl is not application local: " + returnUrl);
            }
        }

        var props = new AuthenticationProperties
        {
            RedirectUri = returnUrl ?? "/"
        };

        // trigger idp logout
        await context.SignOutAsync(props);
    }
        public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
        {
            var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();

            var cookieScheme = await GetCookieAuthenticationSchemeAsync();

            if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
            {
                AugmentPrincipal(principal);
            }
            else
            {
                var claim = principal.FindFirst("http://schemas.microsoft.com/identity/claims/identityprovider");
                if (claim != null)
                {
                    context.Items.Add(JwtClaimTypes.IdentityProvider, claim.Value);
                }
            }
            await _inner.SignInAsync(context, scheme, principal, properties);
        }
Exemplo n.º 9
0
 /// <summary>
 /// Initializes a new instance of the <see cref="AutomaticTokenManagementConfigureCookieOptions"/> class.
 /// </summary>
 /// <param name="provider">The provider.</param>
 public AutomaticTokenManagementConfigureCookieOptions(IAuthenticationSchemeProvider provider)
 {
     this.Scheme = provider.GetDefaultSignInSchemeAsync().GetAwaiter().GetResult();
 }
Exemplo n.º 10
0
 public Task <AuthenticationScheme> GetDefaultSignInSchemeAsync()
 {
     return(_inner.GetDefaultSignInSchemeAsync());
 }
 public AutoRefreshConfigureCookieOptions(IAuthenticationSchemeProvider provider)
 {
     _signInScheme = provider.GetDefaultSignInSchemeAsync().GetAwaiter().GetResult();
 }