public async Task <IActionResult> Login(LoginDTO loginDto)
{
var identity = loginHelper.GetClaimsIdentity(loginDto.ChipId, loginDto.Password);
if (identity == null)
{
ViewBag.Error = "Wrooong!";
}
else
{
// issue an authentication cookie
var properties = new AuthenticationProperties()
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddMonths(1)
};
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, new ClaimsPrincipal(identity), properties);
// redirect to the home page
return(RedirectToRoute(new
{
controller = "Home",
action = "Index"
}));
}
return(View());
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
var action = Request.Method;
string controller = string.Empty;
string api = string.Empty;
try
{
controller = Request.Path.Value.Contains("/api/") ? Request.Path.Value.Split('/')[2] : string.Empty;
api = Request.Path.Value.Contains("/api/") && Request.Path.Value.Split('/').Length > 3
? Request.Path.Value.Split('/')[3]
: string.Empty;
}
catch (Exception)
{
Logging <AuthValidationHandler> .Warning("URL not valid: " + Request.Path.Value);
return(AuthenticateResult.Fail("URL not valid: " + Request.Path.Value));
}
AuthenticationTicket ticket = await CreateTicketAsync(action, controller, api);
if (ticket == null)
{
return(AuthenticateResult.Fail("Authentication failed because the access token was invalid."));
}
await AuthenticationHttpContextExtensions.SignInAsync(Request.HttpContext, ticket.AuthenticationScheme, ticket.Principal);
return(AuthenticateResult.Success(ticket));
}
public async Task <IActionResult> GoogleCallback(string code)
{
var token = await _api.TokenExchange(code);
var googleUser = await _api.GoogleUser(token);
var user = await _db.Users.FirstOrDefaultAsync(u => u.Email == googleUser.Email);
if (user == null)
{
return(RedirectToAction("Beta", "Home"));
}
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Role, "user"),
new Claim(ClaimTypes.Name, googleUser.Name),
new Claim(ClaimTypes.Email, googleUser.Email),
new Claim(ClaimTypes.Sid, user.Id.ToString())
};
var identity = new ClaimsIdentity(claims, "GoogleAuthLogin");
var principal = new ClaimsPrincipal(new[] { identity });
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, AUTH_NAME, principal);
return(RedirectToAction("Index", "Home"));
}
public async Task <IActionResult> SignIn([FromBody] LoginArgs loginArgs)
{
try
{
// credential validation ...
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, "Alex")
};
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
IsPersistent = true,
RedirectUri = Request.Host.Value
};
await AuthenticationHttpContextExtensions.SignInAsync(
HttpContext,
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);
return(Ok());
}
catch (Exception ex)
{
return(BadRequest(new { Error = ex.Message }));
}
}
/// <summary>
/// 设置授权认证数
/// </summary>
/// <param name="value">实体序列化JsonConvert.SerializeObject(data)</param>
/// <param name="valueType"></param>
public async void SetsAuthenticationAsync(string value, AuthorizationStorageType valueType)
{
var claims = new List <Claim>()
{
new Claim(valueType.ToString(), value)
};
Task <AuthenticateResult> authenticateInfo = AuthenticationHttpContextExtensions.AuthenticateAsync(HttpContext, authenticationScheme);
if (!authenticateInfo.IsFaulted && authenticateInfo.Result.Principal != null)
{
claims = authenticateInfo.Result.Principal.Claims.ToList();
int idx = claims.FindIndex(c => { return(c.Type.Equals(valueType.ToString())); });
if (idx >= 0)
{
claims.RemoveAt(idx);
}
claims.Add(new Claim(valueType.ToString(), value));
}
ClaimsIdentity identity = new ClaimsIdentity(claims);
var userPrincipal = new ClaimsPrincipal(identity);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, authenticationScheme, userPrincipal, new Microsoft.AspNetCore.Authentication.AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddHours(24),
IsPersistent = false,
AllowRefresh = true
});
}
public async Task <IActionResult> Login(string name, string password, string email)
{
//validate that there is user data
if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(password) || string.IsNullOrEmpty(email))
{
RedirectToAction(nameof(Index), nameof(HomeController));
}
//login the user: ClaimsIdentity, ClaimsPrincipal and SignInAsync()
//Create identity clames for the user data
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, name),
new Claim(ClaimTypes.Email, email)
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
//create a claims principal for the user
var principal = new ClaimsPrincipal(identity);
//login the user
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, principal);
return(RedirectToAction("LogedInUsers", "Authentication"));
}
private async Task PerformSignIn(GenericPrincipal user, string webToken)
{
Dictionary <string, string> items = new Dictionary <string, string>
{
{ "AuthScheme", CookieAuthenticationDefaults.AuthenticationScheme },
};
AuthenticationProperties props = new AuthenticationProperties(items)
{
// web authentication ticket life time, after expire new log in required
ExpiresUtc = DateTime.UtcNow.AddHours(8),
IsPersistent = false,
AllowRefresh = false,
};
List <AuthenticationToken> authenticationTokens = new List <AuthenticationToken>
{
new AuthenticationToken {
Name = "access_token", Value = webToken
},
};
AuthenticationTokenExtensions.StoreTokens(props, authenticationTokens);
await AuthenticationHttpContextExtensions.SignInAsync(_httpContext,
CookieAuthenticationDefaults.AuthenticationScheme, user, props);
}
public async Task <ActionResult> ACS(IFormCollection collection)
{
string samlResponse = "";
string redirect = "";
AuthResponse resp = new AuthResponse();
try
{
samlResponse = Encoding.UTF8.GetString(Convert.FromBase64String(collection["SAMLResponse"]));
redirect = Encoding.UTF8.GetString(Convert.FromBase64String(collection["RelayState"]));
resp.Deserialize(samlResponse);
}
catch (Exception ex)
{
_logger.LogError(ex, "Error reading SAML Response {0}", samlResponse);
}
if (resp.RequestStatus == SamlRequestStatus.Success)
{
//CookieOptions options = new CookieOptions();
//options.Expires = resp.SessionIdExpireDate;
//Response.Cookies.Delete("SPID_COOKIE");
//Response.Cookies.Append("SPID_COOKIE", JsonConvert.SerializeObject(resp), options);
var scheme = "SPIDCookie"; //CookieAuthenticationDefaults.AuthenticationScheme
var claims = resp.GetClaims();
var identityClaims = new List <Claim>();
foreach (var item in claims)
{
identityClaims.Add(new Claim(item.Key, item.Value, ClaimValueTypes.String, resp.Issuer));
}
identityClaims.Add(new Claim(ClaimTypes.Name, claims["Name"], ClaimValueTypes.String, resp.Issuer));
identityClaims.Add(new Claim(ClaimTypes.Surname, claims["FamilyName"], ClaimValueTypes.String, resp.Issuer));
identityClaims.Add(new Claim(ClaimTypes.Email, claims["Email"], ClaimValueTypes.String, resp.Issuer));
var identity = new ClaimsIdentity(identityClaims, scheme);
var principal = new ClaimsPrincipal(identity);
HttpContext.User = principal;
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, scheme, principal,
new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
IsPersistent = true,
AllowRefresh = false
});
}
if (string.IsNullOrEmpty(redirect))
{
redirect = "/";
}
return(Redirect(redirect));
}
public async Task <IActionResult> Login(LoginViewModel model)
{
if (!Request.Form.Keys.Any(x => x == "external"))
{
// 通常ログイン
if (ModelState.IsValid)
{
if (!string.IsNullOrEmpty(model.UserName))
{
// 認証情報を作成する。
List <Claim> claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.Name, model.UserName));
// 認証情報を保存する。
ClaimsIdentity userIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal userPrincipal = new ClaimsPrincipal(userIdentity);
// サイン アップする。
await AuthenticationHttpContextExtensions.SignInAsync(
this.HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal);
// 認証情報を保存する。
MyUserInfo ui = new MyUserInfo(model.UserName, (new GetClientIpAddress()).GetAddress());
UserInfoHandle.SetUserInformation(ui);
//基盤に任せるのでリダイレクトしない。
return(View(model));
}
else
{
// ユーザー認証 失敗
this.ModelState.AddModelError(string.Empty, "指定されたユーザー名またはパスワードが正しくありません。");
}
}
else
{
// LoginViewModelの検証に失敗
}
// Session消去
//this.FxSessionAbandon();
// ポストバック的な
return(this.View(model));
}
else
{
// 外部ログイン
return(Redirect(string.Format(
"https://localhost:44300/MultiPurposeAuthSite/authorize"
+ "?client_id=" + OAuth2AndOIDCParams.ClientID
+ "&response_type=code"
+ "&scope=profile%20email%20phone%20address%20openid"
+ "&state={0}"
+ "&nonce={1}"
+ "&prompt=none",
this.State, this.Nonce)));
}
}
public async Task <IActionResult> Login(LoginDto data)
{
var claims = new[] { new Claim(ClaimTypes.Name, data.Username), new Claim(ClaimTypes.Role, "role") };
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
return(Redirect("~/Home/Profile"));
}
/// <summary>
/// Handle onPost Login AJAX based dengan return value JsonResult
/// </summary>
/// <param name="request_parameter"></param>
/// <param name="returnURL"></param>
/// <returns></returns>
public JsonResult OnPost(string request_parameter, string returnURL = null)
{
dynamic login_object = JsonConvert.DeserializeObject(request_parameter);
string user_name = login_object["username"];
string password = login_object["password"];
//Console.WriteLine("user_name>> " + user_name);
//Console.WriteLine("password >> " + password);
AppResponseMessage arm = new AppResponseMessage();
if (!string.IsNullOrWhiteSpace(user_name) && !string.IsNullOrWhiteSpace(password))
{
//jika masukan username & password valid
if (IsValidLogin(user_name, password))
{
//jika username & password dikenali
string user_id = _context.m_user.Where(f => f.user_name == user_name).FirstOrDefault().m_user_id + "";
string Role = _context.m_user.Include(f => f.m_user_group).Where(f => f.user_name == user_name).FirstOrDefault().m_user_group.user_group_name;
string user_category_id = _context.m_user.Where(f => f.user_name == user_name).FirstOrDefault().m_user_group_id + "";
bool status_aktif = _context.m_user.Where(f => f.user_name == user_name).FirstOrDefault().user_active;
if (status_aktif != true)
{
//jika user tidak aktif
arm.fail();
arm.message = "user tidak aktif";
}
else
{
//jika user valid & aktif
var claims = new[] {
new Claim(ClaimTypes.Name, user_name),
new Claim(ClaimTypes.Role, Role),
new Claim("user_id", user_id),
new Claim("user_category_id", user_category_id),
new Claim("user_name", user_name),
};
ClaimsIdentity identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, principal);
arm.success();
arm.message = "login berhasil";
}
}
else
{
arm.fail();
arm.message = "login gagal";
}
}
else
{
arm.fail();
arm.message = "login gagal";
}
return(new JsonResult(arm));
}
public async Task Authenticate(HttpContext httpContext)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, Username)
};
ClaimsIdentity id = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await AuthenticationHttpContextExtensions.SignInAsync(httpContext, new ClaimsPrincipal(id));
}
public JsonResult OnPost()
{
login_db _context = new login_db(AppGlobal.get_db_option()); //simplifying context initializer by override
AppResponseMessage arm = new AppResponseMessage(); //inisialisasi ARM sebagai standarisasi respon balik
try {
using (var transaction = _context.Database.BeginTransaction()) {
if (Request.Query["f"] == "login_handler")
{
string email = Request.Form["email"];
string password = Request.Form["password"];
var m_user = _context.m_user.FirstOrDefault(e => e.email == email && e.password == password);
if (m_user == null)
{
arm.fail();
arm.message = "Data Not Exist!!";
}
else
{
t_login_history login_history = new t_login_history {
m_user_id = m_user.m_user_id,
login_time = DateTime.Now
};
_context.t_login_history.Add(login_history);
_context.SaveChanges();
//jika user valid & aktif
var claims = new[] {
new Claim(ClaimTypes.Email, email),
new Claim("m_user_id", m_user.m_user_id.ToString()),
new Claim("full_name", m_user.full_name),
new Claim("history_id", login_history.t_login_history_id.ToString()),
};
ClaimsIdentity identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, principal);
arm.success();
arm.message = "Success";
}
}
transaction.Commit();
_context.SaveChanges();
}
} catch (Exception ex) {
arm.fail();
arm.message = ex.Message;
}
return(new JsonResult(arm)); //return ARM dg method JsonResult untuk auto serialize ke format JSON
}
public async Task <IActionResult> EmulateUserAsync(string username)
{
List <String> roles = new List <string>();
UserPermission userPermission = findUserPermissions(username);
ClaimsPrincipal principal = new ClaimsPrincipal();
if (userPermission != null)
{
if (userPermission.IsResearcher)
{
roles.Add("User");
}
;
if (userPermission.IsAdmin)
{
roles.Add("Admin");
}
}
;
// Hard coded roles.
// string[] roles = new[]{ "User", "Admin" };
// `AddClaim` is not available directly from `context.Principal.Identity`.
// We can add a new empty identity with the roles we want to the principal.
var identity = new ClaimsIdentity("Custom");
foreach (var role in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
identity.AddClaim(new Claim(JwtRegisteredClaimNames.UniqueName, username));
principal.AddIdentity(identity);
await AuthenticationHttpContextExtensions.SignInAsync(this.HttpContext, "Cookies", principal);
// CookieOptions option = new CookieOptions();
// option.Expires = DateTime.Now.AddMinutes(1000);
//Response.Cookies.Append(".AspNetCore.CasLogin", principal.ToString(), option);
return(RedirectToAction("Index"));
}
public async Task <IActionResult> Login(LoginViewModel viewModel, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View());
}
User user = await _userRepository.GetByUserNameAsync(viewModel.Username);
if (user == null)
{
ModelState.AddModelError(nameof(ErrorCode.UsernameNotFound), Resources.UserNameNotFound);
return(View());
}
if (user.Password != _securityService.ComputeHash(viewModel.Password))
{
ModelState.AddModelError(nameof(ErrorCode.InvalidPassword), Resources.WrongPassword);
return(View());
}
IEnumerable <Role> userRoles = await _userRepository.GetUserRolesAsync(user.Id.GetValueOrDefault());
List <Claim> claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.NameIdentifier, user.UserName),
new Claim(ApplicationClaimTypes.UserId, user.Id.ToString()),
};
foreach (Role role in userRoles)
{
claims.Add(new Claim(ClaimTypes.Role, role.Name));
}
ClaimsIdentity identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties()
{
IsPersistent = false, ExpiresUtc = DateTime.Now.AddMinutes(30).ToUniversalTime()
});
if (Url.IsLocalUrl(returnUrl))
{
return(Redirect(returnUrl));
}
return(Redirect("/"));
}
private async Task RefreshTokensAync()
{
var authorizatinServerInformation =
await DiscoveryClient.GetAsync("http://localhost:26421");
var client = new TokenClient(authorizatinServerInformation.TokenEndpoint,
"socialnetwork_code", "secret");
var refreshToken = await AuthenticationHttpContextExtensions.GetTokenAsync(this.HttpContext, "refresh_token");
var tokenResponse = await client.RequestRefreshTokenAsync(refreshToken);
var identityToken = await AuthenticationHttpContextExtensions.GetTokenAsync(this.HttpContext, "id_token");
var expiresAt = DateTime.UtcNow + TimeSpan.FromSeconds(tokenResponse.ExpiresIn);
var tokens = new[] {
new AuthenticationToken
{
Name = OpenIdConnectParameterNames.IdToken,
Value = tokenResponse.IdentityToken
},
new AuthenticationToken
{
Name = OpenIdConnectParameterNames.AccessToken,
Value = tokenResponse.AccessToken
},
new AuthenticationToken
{
Name = OpenIdConnectParameterNames.RefreshToken,
Value = tokenResponse.RefreshToken
},
new AuthenticationToken
{
Name = "expires_at",
Value = expiresAt.ToString("o", CultureInfo.InvariantCulture)
}
};
//var authenticationInformation =HttpContext.Authentication.GetAuthenticateInfoAsync(CookieAuthenticationDefaults.AuthenticationScheme);
var authenticationInformation = await AuthenticationHttpContextExtensions.AuthenticateAsync(this.HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
authenticationInformation.Properties.StoreTokens(tokens);
await AuthenticationHttpContextExtensions.SignInAsync(this.HttpContext,
CookieAuthenticationDefaults.AuthenticationScheme,
authenticationInformation.Principal,
authenticationInformation.Properties);
}
public async Task <IActionResult> Login(AdminLoginViewModel model)
{
if (this.ModelState.IsValid)
{
try
{
Result <PanelUserDTO> result = await _panelUserService.GetUserAsync(model.Email, model.Password);
if (!result.IsSuccess)
{
model.FormMessage = "E-Posta ya da Şifre bilgisi yanlış, lütfen bilgilerinizi kontrol edin.";
return(this.View((object)model));
}
PanelUserDTO data = result.Data;
List <Claim> claims = new List <Claim>
{
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", data.Id.ToString()),
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", data.Name),
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", data.Email),
new Claim("CompanyId", data.CompanyId.ToString()),
new Claim("PlaceId", data.PlaceId.ToString()),
new Claim("CompanyName", data.Company.Name),
new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", data.Role.ToString())
};
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "ClaimIdentity"));
var task = AuthenticationHttpContextExtensions.SignInAsync(this.HttpContext, "AdminAreaCookies", claimsPrincipal);
task.Wait();
if (task.IsCompletedSuccessfully)
{
var temp = this.User.Claims;
}
else
{
}
return(this.RedirectToAction("Index", "Manage"));
}
catch (Exception ex)
{
LoggerExtensions.LogError(_logger, ex, "Panel Login Error", Array.Empty <object>());
model.FormMessage = "İşleminiz gerçekleştirilemedi.";
return(this.View((object)model));
}
}
return(this.View((object)model));
}
private async Task <AuthStatusResult> AuthenticateUser(AuthModel model)
{
var user = await _db.Users.SingleOrDefaultAsync(x => x.Phone == model.UserString || x.Email == model.UserString);
//If user write email/phone that doesnt exist in db
if (user == null)
{
_authResult.IncorrectData = true;
_authResult.isSuccessful = false;
return(_authResult);
}
var enteredPassword = _cryProvider.GetPasswordHash(model.Password, user.LocalHash);
//If password is incorrect
if (!user.PasswordHash.SequenceEqual(enteredPassword))
{
_authResult.IncorrectPassword = true;
_authResult.isSuccessful = false;
return(_authResult);
}
//all credentials are true
List <Claim> userClaims = await VerifyUserAsync(user);
if (userClaims == null)
{
_authResult.IncorrectData = true;
_authResult.isSuccessful = false;
return(_authResult);
}
var u_id = new ClaimsIdentity(userClaims, "ApplicationCookie");
var claimsPrincipal = new ClaimsPrincipal(u_id);
await AuthenticationHttpContextExtensions.SignInAsync(_contextAcessor.HttpContext, claimsPrincipal);
_logger.LogInformation($"User email: {user.Email} has been authenticated");
return(_authResult);
}
public async Task <IActionResult> SignIn(LoginViewModel model)
{
if (this.ModelState.IsValid)
{
try
{
Result <UserDTO> result = await _userService.GetUserAsync(model.Email, model.Password);
if (!result.IsSuccess)
{
model.FormMessage = result.FormMessage;
return(this.View((object)model));
}
UserDTO data = result.Data;
List <Claim> claims = new List <Claim>
{
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", data.Id.ToString()),
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", data.Name),
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", data.Email),
new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Member")
};
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "ClaimIdentity"));
AuthenticationProperties val = new AuthenticationProperties();
val.IsPersistent = (true);
val.ExpiresUtc = ((DateTimeOffset?)(model.IsRemember ? DateTimeOffset.UtcNow.AddDays(7.0) : DateTimeOffset.UtcNow.AddHours(2.0)));
AuthenticationProperties val2 = val;
await AuthenticationHttpContextExtensions.SignInAsync(this.HttpContext, "Cookies", claimsPrincipal, val2);
if (this.Url.IsLocalUrl(model.ReturnUrl))
{
return(this.Redirect(model.ReturnUrl));
}
return(this.RedirectToAction("Index", "Home"));
}
catch (Exception ex)
{
LoggerExtensions.LogError(_logger, ex, "SignIn Post Error", Array.Empty <object>());
model.FormMessage = "İşleminiz gerçekleştirilemedi.";
return(this.View((object)model));
}
}
return(this.View((object)model));
}
private async Task CreateCookie(string username)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, GetUserIDByUserName(username).ToString())
};
var claimsIdentity = new ClaimsIdentity(
claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
};
await AuthenticationHttpContextExtensions.SignInAsync(
_httpContextAccessor.HttpContext, CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);
}
public async Task <IActionResult> Login(LoginUserDto user)
{
// to get all users do: context.Users
// var d = context.Users.Find(1);
// for debugging purposes: show list of users
// var d = Context.Users.ToList();
// fetch user from database
var fetchedUser = Context.Users.Where(x => x.Email == user.Email).FirstOrDefault();
// check whether user exists
var userExists = fetchedUser != null;
if (userExists)
{
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, fetchedUser.Username),
new Claim(ClaimTypes.Email, fetchedUser.Email),
new Claim(ClaimTypes.Role, "User")
};
var userPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "SuperSecureLogin"));
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext,
CookieAuthenticationDefaults.AuthenticationScheme,
userPrincipal,
new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(30),
IsPersistent = false,
AllowRefresh = false
});
return(RedirectToAction("Index", "Home"));
}
else
{
ViewBag.ErrMsg = "UserName or Password is invalid! Please try again.";
return(View());
}
}
public async Task <IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
UserSessionApiHelper sessionApiHelper = new UserSessionApiHelper();
var sessionResponse = await sessionApiHelper.Login(model.Email, model.Password);
if (sessionResponse != null)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, sessionResponse.UserDetails.Name),
new Claim(ClaimTypes.Role, sessionResponse.UserDetails.UserTypeId.ToString()),
new Claim(ClaimTypes.NameIdentifier, sessionResponse.UserDetails.Username),
new Claim(ClaimTypes.Email, sessionResponse.UserDetails.Email),
new Claim("HasRestaurantConfigured", sessionResponse.UserDetails.HasRestaurantConfigured.HasValue ? sessionResponse.UserDetails.HasRestaurantConfigured.Value.ToString() : string.Empty),
new Claim("SessionKey", sessionResponse.SessionKey),
};
var props = new AuthenticationProperties
{
IsPersistent = false,
ExpiresUtc = DateTime.UtcNow.AddMinutes(30)
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, new ClaimsPrincipal(identity), props);
return(RedirectToLocal(returnUrl));
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return(View(model));
}
}
// If we got this far, something failed, redisplay form
return(View(model));
}
public async Task <IActionResult> RegisterUser(RegisterUserViewModel model)
{
if (ModelState.IsValid)
{
// create user + claims
var userToCreate = new Entities.User();
userToCreate.Password = model.Password;
userToCreate.Username = model.Username;
userToCreate.IsActive = true;
userToCreate.Claims.Add(new Entities.UserClaim("country", model.Country));
userToCreate.Claims.Add(new Entities.UserClaim("address", model.Address));
userToCreate.Claims.Add(new Entities.UserClaim("given_name", model.Firstname));
userToCreate.Claims.Add(new Entities.UserClaim("family_name", model.Lastname));
userToCreate.Claims.Add(new Entities.UserClaim("email", model.Email));
userToCreate.Claims.Add(new Entities.UserClaim("subscriptionlevel", "FreeUser"));
// add it through the repository
marvinUserRepository.AddUser(userToCreate);
if (!marvinUserRepository.Save())
{
throw new Exception($"Creating a user failed.");
}
// log the user in
//await HttpContext.Authentication.SignInAsync(userToCreate.SubjectId, userToCreate.Username);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, User);
// continue with the flow
if (interactionService.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(Redirect("~/"));
}
// ModelState invalid, return the view with the passed-in model
// so changes can be made
return(View(model));
}
public async Task <IActionResult> Login(AuthenticateUserCommand command)
{
if (!ModelState.IsValid)
{
return(View(command));
}
var response = await this.Mediator.Send(command);
if (response.IsFailure)
{
ModelState.AddModelErrors(response.Errors);
command.Password = string.Empty;
command.ConfirmPassword = string.Empty;
return(View(command));
}
var user = response.Result;
var role = user.RoleName;
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Sid, user.Id),
new Claim(ClaimTypes.Role, (role != null ? role : "Guest")),
new Claim(ClaimTypes.Name, user.UserName)
};
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, IdentityConstants.ApplicationScheme, new ClaimsPrincipal(
new ClaimsIdentity(claims, IdentityConstants.ApplicationScheme)),
new AuthenticationProperties {
IsPersistent = command.RememberMe
});
if (!string.IsNullOrEmpty(command.ReturnUrl))
{
return(Redirect(command.ReturnUrl));
}
return(RedirectToAction("Index", "Home"));
}
public async Task <IActionResult> LoginWithRole(string name, string role)
{
//validate name not empty and role is Basic or Admin
if (string.IsNullOrEmpty(name) && (role != "Basic" || role != "Admin"))
{
RedirectToAction(nameof(Index));
}
//Add role to User with no duplicates
if (!User.IsInRole(role))
{
//Add role claim to the existing user
var claims = new List <Claim> {
new Claim(ClaimTypes.Role, role)
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var user = HttpContext.User;
user.AddIdentity(identity);
var principal = user;
//SignIn
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, principal);
}
var redirect = string.Empty;
if (role == "Admin")
{
redirect = "AuthenticateAndAuthorizeWithRole";
}
else
{
redirect = "AuthenticateAndAuthorize";
}
return(RedirectToAction(redirect));
}
public async Task <IActionResult> CookiesLogin(string returnUrl = null)
{
const string Issuer = "https://gov.uk";
var claims = new List <Claim> {
new Claim(ClaimTypes.Name, "Billy", ClaimValueTypes.String, Issuer),
new Claim(ClaimTypes.Surname, "Bunter", ClaimValueTypes.String, Issuer),
new Claim(ClaimTypes.Country, "UK", ClaimValueTypes.String, Issuer),
new Claim("Hero", "Danger Mouse", ClaimValueTypes.String)
};
var userIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var userPrincipal = new ClaimsPrincipal(userIdentity);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, userPrincipal,
new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
IsPersistent = false,
AllowRefresh = false
});
return(View());
}
public async Task SignInAsync(RentUser user)
{
var isAdmin = await _unitOfWork.Users.IsAdministrator(user);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Sid, user.UserId.ToString()),
new Claim(ClaimTypes.Name, user.FirstName + ' ' + user.LastName),
new Claim(ClaimTypes.GivenName, user.FirstName),
new Claim(ClaimTypes.Surname, user.LastName),
new Claim("OfficeID", user.OfficeId.ToString())
};
if (isAdmin)
{
claims.Add(new Claim("Admin", "true"));
}
var identity = new ClaimsIdentity(claims, "local", "name", "role");
var principal = new ClaimsPrincipal(identity);
await AuthenticationHttpContextExtensions.SignInAsync(_httpContextAccessor.HttpContext, principal);
// await _httpContextAccessor.HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
}
public async Task <IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
AuthenticateResult result = await AuthenticationHttpContextExtensions.AuthenticateAsync(this.HttpContext, "Cookies");
LoginViewModel signInModel = new LoginViewModel
{
ReturnUrl = returnUrl,
FormMessage = "İşleminiz gerçekleştirilirken sorun oluştu."
};
AuthenticateResult obj = result;
if (obj == null || !obj.Succeeded)
{
return(this.View("SignIn", (object)signInModel));
}
ClaimsPrincipal principal = result.Principal;
if (principal == null)
{
return(this.View("SignIn", (object)signInModel));
}
List <Claim> source = principal.Claims.ToList();
Claim claim = source.FirstOrDefault((Claim x) => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");
if (claim == null)
{
signInModel.FormMessage = "Kullanıcı bilgilerinize erişelemedi. Yetkilim uygulamasına erişim verdiğinize emin olup tekrar deneyin.";
return(this.View("SignIn", (object)signInModel));
}
string externalProvider = claim.Issuer;
Claim emailClaim = null;
if (externalProvider == "Facebook")
{
emailClaim = source.FirstOrDefault((Claim x) => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
if (emailClaim == null)
{
signInModel.FormMessage = "E-Posta bilgilerinize erişelemedi. Yetkilim uygulamasının e-posta adresinize erişimine izin verdiğinize emin olup tekrar deneyin.";
return(this.View("SignIn", (object)signInModel));
}
}
Claim nameClaim = source.FirstOrDefault((Claim x) => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name");
string externalUserId = claim.Value;
try
{
Result <UserDTO> result2 = await _userService.GetExternalUserAsync(externalProvider, externalUserId);
int ıd;
if (!result2.IsSuccess)
{
if (!(result2.ResultCode == "NOT_REGISTERED"))
{
signInModel.FormMessage = result2.FormMessage;
return(this.View("SignIn", (object)signInModel));
}
UserDTO model = new UserDTO
{
Name = nameClaim?.Value,
Email = emailClaim?.Value
};
Result <UserDTO> result3 = await _userService.AddExternalUserAsync(externalProvider, externalUserId, model);
if (!result3.IsSuccess)
{
signInModel.FormMessage = result3.FormMessage;
return(this.View("SignIn", (object)signInModel));
}
ıd = result3.Data.Id;
}
else
{
ıd = result2.Data.Id;
}
List <Claim> claims = new List <Claim>
{
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", ıd.ToString()),
nameClaim,
new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Member")
};
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(result.Ticket.Principal.Identity);
claimsPrincipal.AddIdentity(new ClaimsIdentity(claims, "ClaimIdentity"));
AuthenticationProperties val = new AuthenticationProperties();
val.IsPersistent = (true);
await AuthenticationHttpContextExtensions.SignInAsync(this.HttpContext, "Cookies", claimsPrincipal, val);
}
catch (Exception ex)
{
LoggerExtensions.LogError(_logger, ex, "Facebook Post Error", Array.Empty <object>());
return(this.View("SignIn", (object)signInModel));
}
return(this.LocalRedirect(returnUrl ?? "/"));
}
public async Task <IActionResult> Login(LoginViewModel viewModel, string returnUrl)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
var user = await _service.GetUserAsync(viewModel.Account, viewModel.Password, _context);
if (user != null)
{
if (user.Password.Trim() != MD5Utility.Sign(viewModel.Password, user.Salt))
{
ViewBag.ErrorInfo = "用户名或密码错误";
return(View());
}
_logger.LogInformation("用户:{0}于{1}登录系统", viewModel.Account, DateTime.Now.ToString("yyyy-MM-dd hh:mm:ss"));
string role = GetRole(user);
//根据用户角色创建claim声明
List <Claim> claim = new List <Claim>
{
new Claim(ClaimTypes.Role, role)
};
var userIdentity = new ClaimsIdentity(role);
userIdentity.AddClaims(claim);
var userPrincipal = new ClaimsPrincipal(userIdentity);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, userPrincipal, new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
IsPersistent = false,
AllowRefresh = false
});
//设置当前用户信息
await _service.SetCurrentUser(user.IdentityUserOID, _httpContextAccessor, _context);
if (!string.IsNullOrEmpty(returnUrl))
{
return(RedirectToLocal(returnUrl));
}
return(RedirectToRoute(new
{
area = user.HomePage,
controller = "Home",
action = "Index"
}));
}
else
{
ViewBag.ErrorInfo = "当前用户不存在";
return(View());
}
}
//返回模型验证错误信息
ViewBag.ErrorInfo = this.ModelState.Keys.SelectMany(key => this.ModelState[key].Errors).FirstOrDefault().ErrorMessage;
return(View(viewModel));
}
public async Task <ActionResult> OAuth2AuthorizationCodeGrantClient(string code, string state)
{
try
{
string response = "";
if (state == this.State) // CSRF(XSRF)対策のstateの検証は重要
{
response = await OAuth2AndOIDCClient.GetAccessTokenByCodeAsync(
new Uri("https://localhost:44300/MultiPurposeAuthSite/token"),
OAuth2AndOIDCParams.ClientID, OAuth2AndOIDCParams.ClientSecret,
HttpUtility.HtmlEncode("http://localhost:58496/Home/OAuth2AuthorizationCodeGrantClient"), code);
// 汎用認証サイトはOIDCをサポートしたのでid_tokenを取得し、検証可能。
//Base64UrlTextEncoder base64UrlEncoder = new Base64UrlTextEncoder();
Dictionary <string, string> dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(response);
// id_tokenの検証コード
if (dic.ContainsKey("id_token"))
{
string sub = "";
string nonce = "";
JObject jobj = null;
if (IdToken.Verify(dic["id_token"], dic["access_token"],
code, state, out sub, out nonce, out jobj) && nonce == this.Nonce)
{
// ログインに成功
// /userinfoエンドポイントにアクセスする場合
response = await OAuth2AndOIDCClient.GetUserInfoAsync(
new Uri("https://localhost:44300/MultiPurposeAuthSite/userinfo"), dic["access_token"]);
// 認証情報を作成する。
List <Claim> claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.Name, sub));
// 認証情報を保存する。
ClaimsIdentity userIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal userPrincipal = new ClaimsPrincipal(userIdentity);
// サイン アップする。
await AuthenticationHttpContextExtensions.SignInAsync(
this.HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal);
// 認証情報を保存する。
MyUserInfo ui = new MyUserInfo(sub, (new GetClientIpAddress()).GetAddress());
UserInfoHandle.SetUserInformation(ui);
return(this.Redirect(Url.Action("Index", "Home")));
}
}
else
{
}
}
else
{
}
// ログインに失敗
return(RedirectToAction("Login"));
}
finally
{
this.ClearExLoginsParams();
}
}