public static void AddLdapCookieAuthentication(this IServiceCollection services, LdapAuthenticationSettings configuration, LdapAuthenticationPathOptions pathOptions) { LdapAuthentcationService ldapAuthService = new LdapAuthentcationService(configuration); services.AddSingleton(ldapAuthService); services.AddAuthentication(SuperDumpAuthenticationScheme) .AddPolicyScheme(SuperDumpAuthenticationScheme, SuperDumpAuthenticationScheme, options => { options.ForwardDefaultSelector = context => context.Request.Path.StartsWithSegments("/api") ? JwtBearerDefaults.AuthenticationScheme : CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie(options => { options.Cookie.Name = configuration.AuthenticationCookieName; options.SlidingExpiration = true; options.ExpireTimeSpan = TimeSpan.FromDays(configuration.CookieExpireTimeSpanInDays); options.Cookie.HttpOnly = true; options.Cookie.SecurePolicy = CookieSecurePolicy.Always; options.LoginPath = pathOptions.LoginPath; options.LogoutPath = pathOptions.LogoutPath; options.AccessDeniedPath = pathOptions.AccessDeniedPath; }) .AddJwtBearer(options => options.TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = configuration.TokenIssuer, ValidAudience = configuration.TokenAudience, IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(configuration.TokenSigningKey)) } ); services.AddAuthorization(options => { string adminGroup = ldapAuthService.Groups[AdminPolicy]; string userGroup = ldapAuthService.Groups[UserPolicy]; string viewerGroup = ldapAuthService.Groups[ViewerPolicy]; options.AddPolicy(AdminPolicy, policy => policy.RequireAssertion(context => context.User.HasClaim(ClaimTypes.GroupSid, adminGroup))); options.AddPolicy(UserPolicy, policy => policy.RequireAssertion(context => context.User.HasClaim(claim => claim.Type == ClaimTypes.GroupSid && (claim.Value == adminGroup || claim.Value == userGroup)))); options.AddPolicy(ViewerPolicy, policy => policy.RequireAssertion(context => context.User.HasClaim(claim => claim.Type == ClaimTypes.GroupSid && (claim.Value == adminGroup || claim.Value == userGroup || claim.Value == viewerGroup)))); }); }
public LoginController(LdapAuthentcationService authentificationHelper, ILoggerFactory loggerFactory) { this.authentificationHelper = authentificationHelper; logger = loggerFactory.CreateLogger <LoginController>(); }
public AuthorizationHelper(LdapAuthentcationService authenticationService) { this.authenticationService = authenticationService; }
public TokenController(LdapAuthentcationService authentcationService, IOptions <SuperDumpSettings> settings, ILoggerFactory loggerFactory) { this.authentcationService = authentcationService; this.settings = settings.Value.LdapAuthenticationSettings; logger = loggerFactory.CreateLogger <TokenController>(); }