private void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
double sessionLifetimeInMinutes =
(e.SessionToken.ValidTo - e.SessionToken.ValidFrom).TotalMinutes;
var logonTokenCacheExpirationWindow = TimeSpan.FromSeconds(1);
SPSecurity.RunWithElevatedPrivileges(delegate()
{
logonTokenCacheExpirationWindow =
Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.Local.LogonTokenCacheExpirationWindow;
});
DateTime now = DateTime.UtcNow;
DateTime validTo = e.SessionToken.ValidTo - logonTokenCacheExpirationWindow;
DateTime validFrom = e.SessionToken.ValidFrom;
if ((now < validTo) && (now > validFrom.AddMinutes((validTo - validFrom).TotalMinutes / 2)))
{
SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;
e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context,
now, now.AddMinutes(sessionLifetimeInMinutes), e.SessionToken.IsPersistent);
e.ReissueCookie = true;
}
}
private bool HandleResponseMessage()
{
try
{
var responseMessage = FederationAuthenticationModule.GetSignInResponseMessage(new HttpRequestWrapper(this.Context.Request));
if (responseMessage != null)
{
string xmlTokenFromMessage = this.FederationAuthenticationModule.GetXmlTokenFromMessage(responseMessage, null);
FederationConfiguration serviceConfiguration = this.FederationAuthenticationModule.FederationConfiguration;
//ServiceConfiguration serviceConfiguration = CUFSSecurityTokenServiceConfiguration.Current;
FederationPassiveTokenReceiver tokenReceiver = new FederationPassiveTokenReceiver(serviceConfiguration);
SecurityToken securityToken = tokenReceiver.ReadToken(xmlTokenFromMessage);
SecurityTokenReceivedEventArgs securityTokenReceivedEventArgs = new SecurityTokenReceivedEventArgs(securityToken);
this.OnSecurityTokenReceived(securityTokenReceivedEventArgs);
if (!securityTokenReceivedEventArgs.Cancel)
{
ClaimsPrincipal claimsPrincipal = tokenReceiver.AuthenticateToken(securityTokenReceivedEventArgs.SecurityToken, true, HttpContext.Current.Request.RawUrl);
if (claimsPrincipal != null)
{
SecurityTokenValidatedEventArgs securityTokenValidatedEventArgs = new SecurityTokenValidatedEventArgs(claimsPrincipal);
this.OnSecurityTokenValidated(securityTokenValidatedEventArgs);
if (!securityTokenValidatedEventArgs.Cancel)
{
SessionAuthenticationModule current = FederatedAuthentication.SessionAuthenticationModule;
DateTime validFrom;
DateTime validTo;
tokenReceiver.ComputeSessionTokenLifeTime(securityTokenReceivedEventArgs.SecurityToken, out validFrom, out validTo);
SessionSecurityToken sessionToken = current.CreateSessionSecurityToken(securityTokenValidatedEventArgs.ClaimsPrincipal, this.GetSessionTokenContext(), validFrom, validTo, false);
SessionSecurityTokenCreatedEventArgs sessionSecurityTokenCreatedEventArgs = new SessionSecurityTokenCreatedEventArgs(sessionToken);
sessionSecurityTokenCreatedEventArgs.WriteSessionCookie = true;
this.OnSessionSecurityTokenCreated(sessionSecurityTokenCreatedEventArgs);
this.FederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionSecurityTokenCreatedEventArgs.SessionToken, sessionSecurityTokenCreatedEventArgs.WriteSessionCookie);
this.OnSignedIn(EventArgs.Empty);
return(true);
}
}
}
}
return(false);
}
catch (Exception ex)
{
this.ErrorText = ex.Message;
return(false);
}
}
public async Task <ActionResult> Index(LoginViewModel model) //Login
{
if (!ModelState.IsValid)
{
return(View(model));
}
var result = await repository.login(model);
if (result.resultCode == 200 && !User.Identity.IsAuthenticated)
{
SessionAuthenticationModule sam = (SessionAuthenticationModule)this.HttpContext.ApplicationInstance.Modules["SessionAuthenticationModule"];
IClaimsPrincipal principal = new Microsoft.IdentityModel.Claims.ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(model.Email), null));
List <User> user = new List <User>();
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
user.Add(new Models.User {
Email = "*****@*****.**", Date = DateTime.Now
});
string dummy = JsonConvert.SerializeObject(user);
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Email, model.Email));
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.UserData, dummy));
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, "Admin"));
principal.Identities[0].Claims.Add(new Microsoft.IdentityModel.Claims.Claim("custom", "freecodespot custom claims"));
var token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(20), false);
sam.WriteSessionTokenToCookie(token);
//FormsAuthentication.SetAuthCookie(model.Email, false);
return(RedirectToAction("Index", "Home", result.Data)); //redirect to login form
}
else if (User.Identity.IsAuthenticated)
{
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("", result.message);
}
return(View());
}
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
int minutes = 60;
DateTime now = DateTime.UtcNow;
DateTime validTo = e.SessionToken.ValidTo;
//This can reduce token updates count
if (now < validTo)
{
SessionAuthenticationModule sam = sender as SessionAuthenticationModule;
e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context, now, now.AddMinutes(minutes), e.SessionToken.IsPersistent);
e.ReissueCookie = true;
}
}
private static void WriteCookie(AMSAdmin user, string timeOffsetValue)
{
SessionAuthenticationModule sam = (SessionAuthenticationModule)
HttpContext.Current.ApplicationInstance.Modules["SessionAuthenticationModule"];
IClaimsPrincipal principal =
new ClaimsPrincipal(new GenericPrincipal(new GenericIdentity(user.LogonName), null));
principal.Identities[0].Claims.Add(new Claim("TimeOffset", timeOffsetValue));
principal.Identities[0].Claims.Add(new Claim("AMSAdminID", user.UserID));
principal.Identities[0].Claims.Add(new Claim("AMSAdminName", user.Name));
SessionSecurityToken token = sam.CreateSessionSecurityToken(principal, null, DateTime.Now, DateTime.Now.AddMinutes(60), false);
sam.WriteSessionTokenToCookie(token);
}
/// <summary>
/// Checks the current security token.
/// Updates the lifetime if the token is older than 5 minutes.
/// Deletes the token if it's expired.
/// </summary>
/// <param name="sam"></param>
/// <param name="e"></param>
/// <returns></returns>
public static void CheckSecurityToken(SessionAuthenticationModule sam, SessionSecurityTokenReceivedEventArgs e)
{
var now = DateTime.UtcNow;
var sst = e.SessionToken;
var validFrom = sst.ValidFrom;
var validTo = sst.ValidTo;
if (validTo > now && validFrom.AddMinutes(5) < now)
{
e.SessionToken = sam.CreateSessionSecurityToken(sst.ClaimsPrincipal, sst.Context, now, now + (validTo - validFrom), sst.IsPersistent);
e.ReissueCookie = true;
}
else if (validTo < now)
{
sam.DeleteSessionTokenCookie();
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.RawUrl);
}
}
/// <summary>
/// Creates a ClaimsPrincipal from the specified user data, sets the current HTTP context and thread principal
/// and writes a session cookie from the resulting SessionSecurityToken using the specified parameters.
/// </summary>
/// <param name="sessionAuthenticationModule"></param>
/// <param name="user">The user data that will be used to create the claims for the ClaimsPrincipal.
/// Array values are converted to multiple claims with the same key.</param>
/// <param name="context">An application defined context string.</param>
/// <param name="domain">The domain used for the session cookie.</param>
/// <param name="path">The virtual path used for the session cookie.</param>
/// <param name="requireSsl">Indicates if the session cookie should only be used with SSL.</param>
/// <param name="httpOnly">Indicates whether the session cookie should be hidden from client script.</param>
/// <param name="cookieName">Indicates the name of the session cookie.</param>
/// <param name="sessionCookieLifetime">The lifetime for the sesion cookie. A null value indicates no expiration.</param>
/// <param name="persistent">Indicates if the user agent should persist the session cookie. </param>
public static void CreateSessionCookie(
this SessionAuthenticationModule sessionAuthenticationModule,
IEnumerable <KeyValuePair <string, object> > user,
string context = null,
string domain = null,
string path = null,
bool requireSsl = false,
bool httpOnly = true,
string cookieName = null,
TimeSpan?sessionCookieLifetime = null,
bool persistent = false)
{
if (!string.IsNullOrEmpty(domain))
{
sessionAuthenticationModule.CookieHandler.Domain = domain;
}
if (!string.IsNullOrEmpty(path))
{
sessionAuthenticationModule.CookieHandler.Path = path;
}
if (!string.IsNullOrEmpty(cookieName))
{
sessionAuthenticationModule.CookieHandler.Name = cookieName;
}
sessionAuthenticationModule.CookieHandler.RequireSsl = requireSsl;
sessionAuthenticationModule.CookieHandler.HideFromClientScript = httpOnly;
var claims = new List <Claim>();
if (user.Any(a => a.Key == "name"))
{
claims.Add(new Claim(ClaimTypes.Name, user.First(a => a.Key == "name").Value.ToString()));
}
if (user.Any(a => a.Key == "user_id"))
{
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.First(a => a.Key == "user_id").Value.ToString()));
}
if (user.Any(a => a.Key == "connection"))
{
claims.Add(
new Claim(
"http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",
user.First(a => a.Key == "connection").Value.ToString()));
}
foreach (var attribute in user)
{
var claimType = attribute.Key;
if (attribute.Value != null && attribute.Value.GetType().IsArray)
{
// Attribute contains an array of values (e.g.: "group" => [ "sales", "producers" ])
foreach (var subattribute in attribute.Value as IEnumerable)
{
claims.Add(new Claim(claimType, subattribute.ToString()));
}
}
else
{
claims.Add(
new Claim(claimType, attribute.Value != null ? attribute.Value.ToString() : string.Empty));
}
}
var principal = new ClaimsPrincipal(new ClaimsIdentity[] { new ClaimsIdentity(claims, "Auth0") });
var session = sessionAuthenticationModule.CreateSessionSecurityToken(
principal,
context,
DateTime.UtcNow,
sessionCookieLifetime.HasValue
? DateTime.UtcNow.Add(sessionCookieLifetime.Value)
: DateTime.MaxValue.ToUniversalTime(),
persistent);
sessionAuthenticationModule.AuthenticateSessionSecurityToken(session, true);
}
