private Principal GetOrCreatePrincipal(AuthenticationSuccessMessage authenticationSuccessMessage, TimeSpan?cacheTimeSpan = null)
{
var principalManagmentService = _principalManagmentService;//AppDependencyLocator.Current.GetInstance<PrincipalManagmentService>();
var identity = authenticationSuccessMessage.Identity;
var idp = identity.GetIdp();
var sub = identity.GetSub();
var unqiueIdentifier = identity.GetSessionUniqueIdentifier();
var principal = principalManagmentService.Get(idp, sub, unqiueIdentifier, cacheTimeSpan);
// I am throttling this, whilst it possibly doesn't stop mutli env
// it limits the exposure
// there shouldn't be that many new user creates!
// arguble not to throttle, going to er on side of caution
if (principal == null)
{
try
{
_mutex.Wait();
principal = principalManagmentService.CreateIfNotExists(idp, sub,
authenticationSuccessMessage.UserId ?? identity.Name ?? "Service",
unqiueIdentifier,
cacheTimeSpan);
}
finally
{
_mutex.Release();
}
_diagnosticsTracingService.Trace(TraceLevel.Info, $"new user created idp : {idp}, sub : {sub}");
}
return(principal);
}
// Invoked by OIDC flows, when successfully authenticated.
public void OnAuthenticationSuccess(AuthenticationSuccessMessage authenticationSuccessMessage)
{
var identity = authenticationSuccessMessage.Identity;
AddSessionUniqueIdentifier(identity);
var principal = GetOrCreatePrincipal(authenticationSuccessMessage, identity.GetDurationToLive());
AddClaims(identity, principal);
}
public void SecurityTokenValidated(AuthenticationSuccessMessage authenticationSuccessMessage)
{
OnAuthenticationSuccess(authenticationSuccessMessage);
//var identity = authenticationSuccessMessage.Identity;
//AddSessionUniqueIdentifier(identity);
//var principal = GetOrCreatePrincipal(authenticationSuccessMessage);
//AddClaims(identity, principal);
//// Now add a Session!!!
//var session = _sessionService.CreateAndSave(principal, identity.GetSessionUniqueIdentifier());
//identity.AddClaim(new Claim(ClaimTitles.SessionIdentifier, session.Id.ToString()));
}
/// <summary>
/// This event happens when the user has authenticated
/// so if you want to add a claim, now is the time.
/// </summary>
/// <param name="notification"></param>
/// <returns></returns>
private static Task OnSecurityTokenValidated(
SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var protocolMessage = notification.ProtocolMessage;
var authenticationSuccessMessage = new AuthenticationSuccessMessage()
{
UserId = protocolMessage.UserId,
Identity = notification.AuthenticationTicket.Identity
};
_oidcNotificationHandlerService.SecurityTokenValidated(authenticationSuccessMessage);
return(Task.FromResult(0));
}
