public async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
var signInData = Mapper.Map <SignInMessage, SignInData>(context.SignInMessage);
var result = await domainService.PreAuthenticateAsync(signInData);
context.AuthenticateResult = Mapper.Map <AuthenticationResult, AuthenticateResult>(result);
}
public async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
foreach (var service in this.services)
{
await service.PreAuthenticateAsync(context);
}
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
var owinContext = new OwinContext(owinService.Environment);
var request = owinContext.Request;
var ranges = configService.GetClientRanges();
if (ranges == null || ranges.Length == 0)
{
return(Task.FromResult(0));
}
var clientAddress = request.GetClientAddress();
if (clientAddress == null)
{
return(Task.FromResult(0));
}
var isInRange = ranges.Any(r => r.Contains(clientAddress));
if (isInRange)
{
context.SignInMessage.IdP = "windows";
}
return(Task.FromResult(0));
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
string id = ctx.Request.Query.Get("signin");
context.AuthenticateResult = new AuthenticateResult("~/account/login?id=" + id, (IEnumerable <Claim>)null);
return(Task.FromResult(0));
}
public async Task <IHttpActionResult> Login(string signin = null)
{
Logger.Info("Login page requested");
if (signin.IsMissing())
{
Logger.Info("No signin id passed");
return(HandleNoSignin());
}
if (signin.Length > MaxInputParamLength)
{
Logger.Error("Signin parameter passed was larger than max length");
return(RenderErrorPage());
}
var signInMessage = signInMessageCookie.Read(signin);
if (signInMessage == null)
{
Logger.Info("No cookie matching signin id found");
return(HandleNoSignin());
}
Logger.DebugFormat("signin message passed to login: {0}", JsonConvert.SerializeObject(signInMessage, Formatting.Indented));
var preAuthContext = new PreAuthenticationContext {
SignInMessage = signInMessage
};
await userService.PreAuthenticateAsync(preAuthContext);
var authResult = preAuthContext.AuthenticateResult;
if (authResult != null)
{
if (authResult.IsError)
{
Logger.WarnFormat("user service returned an error message: {0}", authResult.ErrorMessage);
await eventService.RaisePreLoginFailureEventAsync(signin, signInMessage, authResult.ErrorMessage);
return(RenderErrorPage(authResult.ErrorMessage));
}
Logger.Info("user service returned a login result");
await eventService.RaisePreLoginSuccessEventAsync(signin, signInMessage, authResult);
return(await SignInAndRedirectAsync(signInMessage, signin, authResult));
}
if (signInMessage.IdP.IsPresent())
{
Logger.InfoFormat("identity provider requested, redirecting to: {0}", signInMessage.IdP);
return(await LoginExternal(signin, signInMessage.IdP));
}
return(await RenderLoginPage(signInMessage, signin));
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
if (context.SignInMessage.ClientId == "SimpleClientApp")
{
context.SignInMessage.IdP = "windows";
}
return(base.PreAuthenticateAsync(context));
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
var id = ctx.Request.Query.Get("signin");
var redirectPath = string.Format("~/custom/login?id={0}", id);
context.AuthenticateResult = new AuthenticateResult(redirectPath, new List <Claim>());
return(Task.FromResult(0));
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
var id = _owinContext.Request.Query.Get("signin");
var returnUrl = HttpUtility.UrlEncode(context.SignInMessage.ReturnUrl);
var clientId = context.SignInMessage.ClientId;
var url = $"~/employer/login?id={id}&returnUrl={returnUrl}&clientId={clientId}";
context.AuthenticateResult = new AuthenticateResult(url, (IEnumerable <Claim>)null);
return(Task.FromResult(0));
}
public IRealmReferral ProposeTransit(KrbTgsReq tgsReq, PreAuthenticationContext context)
{
if (!tgsReq.Body.SName.FullyQualifiedName.EndsWith(currentRealm) &&
!tgsReq.Body.SName.FullyQualifiedName.Contains("not.found"))
{
return(new FakeRealmReferral(tgsReq.Body));
}
return(null);
}
public IRealmReferral?ProposeTransit(KrbTgsReq tgsReq, PreAuthenticationContext context)
{
if (!tgsReq.Body.SName.FullyQualifiedName.EndsWith(_currentRealm, StringComparison.InvariantCultureIgnoreCase) &&
!tgsReq.Body.SName.FullyQualifiedName.Contains("not.found"))
{
return(new FakeRealmReferral(tgsReq.Body));
}
return(null);
}
public override async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
// checking to see if they will go straight to Azure by doing this
// this has to match with the Options.AuthenticationType
context.SignInMessage.IdP = "azure";
await base.PreAuthenticateAsync(context);
var msg2 = context.SignInMessage;
}
public async override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
if (OnPreAuthenticate != null)
{
await OnPreAuthenticate(context);
}
else
{
await base.PreAuthenticateAsync(context);
}
}
public async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
var res = await new OwinContext(_oes.Environment).Authentication.AuthenticateAsync(DefaultAuthenticationTypes.ApplicationCookie);
if (res == null)
{
throw new InvalidOperationException("Should be authenticated at this stage");
}
var id = res.Identity.GetUserId();
var name = res.Identity.GetUserName();
context.AuthenticateResult = new AuthenticateResult(id, name);
}
public void AsReqPreAuth_PkinitCertificateAccessible()
{
var credCert = new X509Certificate2(ReadDataFile("testuser.pfx"), "p");
var cred = new TrustedAsymmetricCredential(credCert, "*****@*****.**");
var asReq = KrbAsReq.CreateAsReq(cred, AuthenticationOptions.AllAuthentication);
var handler = new KdcAsReqMessageHandler(
asReq.EncodeApplication(),
new ListenerOptions
{
DefaultRealm = "corp.identityintervention.com",
RealmLocator = realm => new FakeRealmService(realm)
});
handler.PreAuthHandlers[PaDataType.PA_PK_AS_REQ] = service => new PaDataPkAsReqHandler(service)
{
IncludeOption = X509IncludeOption.EndCertOnly
};
var context = new PreAuthenticationContext();
handler.DecodeMessage(context);
handler.ExecutePreValidate(context);
handler.QueryPreValidate(context);
handler.ValidateTicketRequest(context);
handler.QueryPreExecute(context);
handler.ExecuteCore(context);
Assert.AreEqual(PaDataType.PA_PK_AS_REQ, context.ClientAuthority);
Assert.AreEqual(1, context.PreAuthenticationState.Count);
Assert.IsTrue(context.PreAuthenticationState.TryGetValue(PaDataType.PA_PK_AS_REQ, out PaDataState paState));
var state = paState as PkInitState;
Assert.IsNotNull(state);
Assert.IsNotNull(state.ClientCertificate);
Assert.AreEqual(1, state.ClientCertificate.Count);
var clientCert = state.ClientCertificate[0];
Assert.IsFalse(clientCert.HasPrivateKey);
Assert.AreEqual(credCert.Thumbprint, clientCert.Thumbprint);
}
/// <summary>
/// Impersonate user based on AcrValue flag
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
this.Log().Info("===> PreAuthenticateAsync");
var acrValue = context.SignInMessage.AcrValues.FirstOrDefault(acr => acr.Contains("impersonate"));
if (_impersonateUserService.IsImpersonateFlow(acrValue))
{
context.AuthenticateResult = await _impersonateUserService.ImpersonateUser(acrValue);
}
else
{
await base.PreAuthenticateAsync(context);
}
}
public override void Arrange()
{
base.Arrange();
_requestQueryString.Add("signin", new[] { "test-signin-id" });
_preAuthenticationContext = new PreAuthenticationContext
{
SignInMessage = new SignInMessage
{
ReturnUrl = "http://some-relying-party.local",
ClientId = "UnitTests"
}
};
}
public Task PreAuthenticateAsync(PreAuthenticationContext context)
{
Logger.Debug("PreAuthenticateAsync:" + JsonConvert.SerializeObject(context, new JsonSerializerSettings()
{
ReferenceLoopHandling = ReferenceLoopHandling.Ignore
}));
if (context.SignInMessage != null && !string.IsNullOrEmpty(context.SignInMessage.ClientId))
{
var us = UserServiceFinder.Get(context.SignInMessage.ClientId);
if (us != null)
{
return(us.PreAuthenticateAsync(context));
}
}
return(Task.FromResult(0));
}
public override async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
var user = await owinContext.Environment.GetIdentityServerPartialLoginAsync();
if (user == null)
{
// no idp, so do partial login to HRD page
context.AuthenticateResult = new AuthenticateResult("~/hrd", (IEnumerable <Claim>)null);
}
else
{
// we have partial login, so look for IdP claim
var idp_claim = user.Claims.FirstOrDefault(x => x.Type == "idp");
if (idp_claim == null)
{
context.AuthenticateResult = new AuthenticateResult("Error: no IdP claim found");
}
context.SignInMessage.IdP = idp_claim.Value;
}
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
var cookie = HttpContext.Current.Request.Cookies.Get(".AspNet.ApplicationCookie");
if (cookie != null)
{
var secureDataFormat = new TicketDataFormat(new MachineKeyProtector());
var ticket = secureDataFormat.Unprotect(cookie.Value);
context.AuthenticateResult = new AuthenticateResult(
ticket.Identity.Name,
ticket.Identity.Name,
null,
"idsrv",
"cookieauth");
}
else
{
HttpContext.Current.Response.Redirect("/Account/Login?ReturnUrl=" + HttpUtility.UrlEncode(HttpContext.Current.Request.Url.ToString()));
}
return(base.PreAuthenticateAsync(context));
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
// context.SignInMessage.IdP = "windows";
return(base.PreAuthenticateAsync(context));
}
public virtual Task PreAuthenticateAsync(PreAuthenticationContext context, CancellationToken cancellationToken)
{
return(base.PreAuthenticateAsync(context));
}
public sealed override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return(PreAuthenticateAsync(context, OwinContext.Request.CallCancelled));
}
public sealed override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return(PreAuthenticateAsync(context, CurrentCancellationToken));
}
/// <summary>
/// This method gets called before the login page is shown. This allows you to authenticate the
/// user somehow based on data coming from the host (e.g. client certificates or trusted headers)
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return(inner.PreAuthenticateAsync(context));
}
/// <summary>
/// This method gets called before the login page is shown. This allows you to determine if the user should be authenticated by some out of band mechanism (e.g. client certificates or trusted headers).
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public virtual Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return(Task.FromResult(0));
}
public Task PreAuthenticateAsync(PreAuthenticationContext context)
{
throw new NotImplementedException();
}
public override Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return(base.PreAuthenticateAsync(context));
}
public override async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
base.PreAuthenticateAsync(context);
}
public async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
}
public async Task PreAuthenticateAsync(PreAuthenticationContext context)
{
await this.inMemoryUserService.PreAuthenticateAsync(context);
}
