public async Task <ActionResult> FidoRegister()
{
string input = null;
if (this.Request.Body == null)
{
return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Request content is null", HttpStatusCode.Conflict)));
}
// Read the input claims from the request body
using (StreamReader reader = new StreamReader(Request.Body, Encoding.UTF8))
{
input = await reader.ReadToEndAsync();
}
// Check input content value
if (string.IsNullOrEmpty(input))
{
return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Request content is empty", HttpStatusCode.Conflict)));
}
// Convert the input string into InputClaimsModel object
UsernameModel inputClaims = UsernameModel.Parse(input);
if (inputClaims == null)
{
return(StatusCode((int)HttpStatusCode.Conflict, new B2CResponseModel("Can not deserialize input claims", HttpStatusCode.Conflict)));
}
// generate challenge
var challenge = CryptoRandom.CreateUniqueId(16);
// store challenge for later use
tempData.SaveTempData(HttpContext, new Dictionary <string, object> {
{ "challenge", challenge }, { "username", inputClaims.Username }
});
cache.Set(challenge, new Dictionary <string, object> {
{ "challenge", challenge }, { "username", inputClaims.Username }
});
B2CResponseFIDORegisterModel output = new B2CResponseFIDORegisterModel(string.Empty, string.Empty, string.Empty, HttpStatusCode.OK)
{
Username = inputClaims.Username,
Challenge = challenge,
RelyingPartyId = RelyingPartyId
};
return(Ok(output));
}
public IActionResult FidoRegister([FromForm] UsernameModel model)
{
// generate challenge
var challenge = CryptoRandom.CreateRandomKeyString(16);
// store challenge for later use
tempData.SaveTempData(HttpContext, new Dictionary <string, object> {
{ "challenge", challenge }, { "username", model.Username }
});
// send challenge & RP ID to view
return(View(new RegisterViewModel {
Challenge = challenge, RelyingPartyId = RelyingPartyId, Username = model.Username
}));
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
if (!user.Identity.IsAuthenticated)
{
ITempDataProvider provider = context.HttpContext.RequestServices.GetService(typeof(ITempDataProvider)) as ITempDataProvider;
var TempData = provider.LoadTempData(context.HttpContext);
String action = context.RouteData.Values["action"].ToString();
String controller = context.RouteData.Values["controller"].ToString();
if (action == "Perfil")
{
TempData["action"] = "TodosProductos";
TempData["controller"] = "Productos";
}
else
{
TempData["action"] = action;
TempData["controller"] = controller;
}
provider.SaveTempData(context.HttpContext, TempData);
context.Result = this.GetRoute("Login", "Identity");
}
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
if (user.Identity.IsAuthenticated == false)
{
String action = context.RouteData.Values["action"].ToString();
String controller = context.RouteData.Values["controller"].ToString();
ITempDataProvider provider =
(ITempDataProvider)context.HttpContext.RequestServices.GetService(typeof(ITempDataProvider));
var TempData = provider.LoadTempData(context.HttpContext);
TempData["action"] = action;
TempData["controller"] = controller;
provider.SaveTempData(context.HttpContext, TempData);
context.Result = this.GetRedirectToRoute("Identity", "Login");
}
else
{
if (user.IsInRole("Directora") == false)
{
context.Result =
this.GetRedirectToRoute("Identity", "AccesoDenegado");
}
}
}
public HomeController(ITempDataProvider cookie, IAntiforgery antiForgery, IHttpContextAccessor httpContextAccessor, IServiceProvider serviceProvider, IClusterClient grainClient, ILoggerFactory loggerFactory) : base()
{
// this.cookie = cookie;
this.antiForgery = antiForgery;
this.serviceProvider = serviceProvider;
this.grainClient = grainClient;
this.loggerFactory = loggerFactory;
// Create session id in an client-unreadable cookie
IDictionary <string, object> cookieData;
try
{
cookieData = cookie.LoadTempData(httpContextAccessor.HttpContext);
}
catch (CryptographicException)
{
// Server key changed?
cookieData = new Dictionary <string, object>();
}
if (cookieData.TryGetValue("session", out object id) && (id is Guid))
{
this.sessionId = (Guid)id;
}
else
{
// generate a new session id
cookieData["session"] = this.sessionId = Guid.NewGuid();
cookie.SaveTempData(httpContextAccessor.HttpContext, cookieData);
}
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
string controller = context.RouteData.Values["controller"].ToString();
string action = context.RouteData.Values["action"].ToString();
if (user == null)
{
ITempDataProvider provider = (ITempDataProvider)context.HttpContext.RequestServices.GetService(typeof(ITempDataProvider));
var TempData = provider.LoadTempData(context.HttpContext);
TempData["CONTROLLER"] = controller;
TempData["ACTION"] = action;
provider.SaveTempData(context.HttpContext, TempData);
context.Result = GetRoute("Login", "Manage");
}
else
{
int contador = 0;
foreach (var role in rolesPermitidos)
{
if (role == user.FindFirst(ClaimTypes.Role).Value)
{
contador++;
}
;
}
if (contador == 0)
{
context.Result = GetRoute("SinPermisos", "Manage");
}
}
}
private void AddErrorsToTempData()
{
string serializedErrors = JsonConvert.SerializeObject(errors);
Dictionary <string, object> tempDataDictionary = new Dictionary <string, object>();
tempDataDictionary.Add(Constants.tempDataErrorDictionaryName, serializedErrors);
tempDataProvider.SaveTempData(contextAccessor.HttpContext.Request.HttpContext, tempDataDictionary);
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PrivilegeRequirement requirement)
{
if (!_httpContextAccessor.HttpContext.User.HasClaim(c => c.Type == "UserId"))
{
context.Fail();
return;
}
var userid = _httpContextAccessor.HttpContext.User.FindFirst("UserId").Value;
var controllerActionDescriptor = (context.Resource as AuthorizationFilterContext).ActionDescriptor as ControllerActionDescriptor;
var privilegeRequested = (await _contactsApiClient.GetPrivileges()).FirstOrDefault(p => p.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase));
if (privilegeRequested is null || !privilegeRequested.Enabled)
{
var unavailableFeatureContext = new DeniedPrivilegeContext();
_tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> {
{ "UnavailableFeatureContext", JsonConvert.SerializeObject(unavailableFeatureContext) }
});
return;
}
var contactPrivileges = await _contactsApiClient.GetContactPrivileges(Guid.Parse(userid));
if (contactPrivileges.Any(cp => cp.Privilege.Key.Equals(requirement.Privilege, StringComparison.InvariantCultureIgnoreCase)))
{
context.Succeed(requirement);
}
else
{
var deniedPrivilegeContext = new DeniedPrivilegeContext
{
PrivilegeId = privilegeRequested.Id,
Controller = controllerActionDescriptor.ControllerName,
Action = controllerActionDescriptor.ActionName
};
_tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object> {
{ "DeniedPrivilegeContext", JsonConvert.SerializeObject(deniedPrivilegeContext) }
});
}
}
public void Save(ControllerContext controllerContext, ITempDataProvider tempDataProvider)
{
string[] keysToKeep = _initialKeys.Union(_retainedKeys, StringComparer.OrdinalIgnoreCase).ToArray();
string[] keysToRemove = _data.Keys.Except(keysToKeep, StringComparer.OrdinalIgnoreCase).ToArray();
foreach (string key in keysToRemove)
{
_data.Remove(key);
}
tempDataProvider.SaveTempData(controllerContext, _data);
}
/// <summary>
/// 保存数据
/// </summary>
/// <param name="controllerContext"></param>
/// <param name="tempDataProvider"></param>
public void Save(ControllerContext controllerContext, ITempDataProvider tempDataProvider)
{
string[] second = this._initialKeys.Union(this._retainedKeys, StringComparer.OrdinalIgnoreCase).ToArray <string>();
string[] array = this._data.Keys.Except(second, StringComparer.OrdinalIgnoreCase).ToArray <string>();
for (int i = 0; i < array.Length; i++)
{
string key = array[i];
this._data.Remove(key);
}
tempDataProvider.SaveTempData(controllerContext, this._data);
}
public void Save(ControllerContext controllerContext, ITempDataProvider tempDataProvider)
{
// Frequently called so ensure delegate is stateless
RemoveFromDictionary(_data, (KeyValuePair <string, object?> entry, TempDataDictionary tempData) => {
string key = entry.Key;
return(!tempData._initialKeys.Contains(key) &&
!tempData._retainedKeys.Contains(key));
}, this);
tempDataProvider.SaveTempData(controllerContext, _data);
}
public ActionsController(ITempDataProvider cookie, IHttpContextAccessor httpContextAccessor) : base()
{
var data = cookie.LoadTempData(httpContextAccessor.HttpContext);
if (data.TryGetValue("session", out object id) && (id is Guid))
{
this.sessionId = (Guid)id;
}
else
{
// generate a new session id
data["session"] = this.sessionId = Guid.NewGuid();
cookie.SaveTempData(httpContextAccessor.HttpContext, data);
}
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
if (!user.Identity.IsAuthenticated)
{
ITempDataProvider provider = context.HttpContext.RequestServices.GetService(typeof(ITempDataProvider)) as ITempDataProvider;
var TempData = provider.LoadTempData(context.HttpContext);
String action = context.RouteData.Values["action"].ToString();
string controller = context.RouteData.Values["controller"].ToString();
TempData["action"] = action;
TempData["controller"] = controller;
provider.SaveTempData(context.HttpContext, TempData);
context.Result = this.GetRedirectToRoute("Usuario", "Login");
}
}
public ActionsController(IClusterClient grainClient, ITempDataProvider cookie, IHttpContextAccessor httpContextAccessor, IHostingEnvironment env) : base()
{
this.grainClient = grainClient;
this.env = env;
var data = cookie.LoadTempData(httpContextAccessor.HttpContext);
if (data.TryGetValue("session", out object id) && (id is Guid))
{
this.sessionId = (Guid)id;
}
else
{
// generate a new session id
data["session"] = this.sessionId = Guid.NewGuid();
cookie.SaveTempData(httpContextAccessor.HttpContext, data);
}
}
public void Save(ControllerContext controllerContext, ITempDataProvider tempDataProvider)
{
if (_modifiedKeys.Count > 0)
{
// Apply change tracking.
foreach (string x in _initialKeys)
{
if (!_modifiedKeys.Contains(x))
{
_data.Remove(x);
}
}
// Store the dictionary
tempDataProvider.SaveTempData(controllerContext, _data);
}
}
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
try
{
await next(context);
}
catch (ValidationException ex)
{
_tempDataProvider.SaveTempData(context, new Dictionary <string, object>
{
{ ValidationConstants.ModelState, ex.ValidationErrors },
{ ValidationConstants.ViewModel, context.Request.Form.ToDictionary(f => f.Key, f => f.Value.ToString()) }
});
context.Response.Redirect(context.Request.Path);
}
}
public ActionsHub(IClusterClient grainClient, ITempDataProvider cookie, IHttpContextAccessor httpContextAccessor, ILogger <ActionsHub> logger)
{
this.grainClient = grainClient;
this.logger = logger;
var data = cookie.LoadTempData(httpContextAccessor.HttpContext);
if (data.TryGetValue("session", out object id) && (id is Guid))
{
this.sessionId = (Guid)id;
}
else
{
// generate a new session id
data["session"] = this.sessionId = Guid.NewGuid();
cookie.SaveTempData(httpContextAccessor.HttpContext, data);
}
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
if (!user.Identity.IsAuthenticated)
{
String action = context.RouteData.Values["action"].ToString();
String controller = context.RouteData.Values["controller"].ToString();
ITempDataProvider provider = (ITempDataProvider)context.HttpContext.RequestServices.GetService(typeof(ITempDataProvider));
var TempData = provider.LoadTempData(context.HttpContext);
TempData["action"] = action;
TempData["controller"] = controller;
provider.SaveTempData(context.HttpContext, TempData);
RouteValueDictionary route = new RouteValueDictionary(new { controller = "Calculator", action = "Unauthorize" });
context.Result = new RedirectToRouteResult(route);
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ProviderAccountRequirement requirement)
{
var hasIdentityServerAuthorization = HasServiceAuthorization(context) &&
HasUkprnAuthorization(context);
if (context.User.HasClaim(_ukprnClaimFinderPredicate))
{
var ukprnFromClaim = context.User.FindFirst(_ukprnClaimFinderPredicate).Value;
var isOnRoatp = await HasRoatpAuthorizationAsync(context, ukprnFromClaim);
if (hasIdentityServerAuthorization && isOnRoatp)
{
if (HasDoneOncePerAuthorizedSessionActions(context) == false)
{
var isProviderBlocked = await HasBeenBlockedOnRecruit(context, ukprnFromClaim);
if (isProviderBlocked == false)
{
//Run actions that must be done only once per authorized session
await SetupProvider(context);
SetOncePerAuthorizedSessionActionsCompleted(context);
}
else
{
context.Fail();
}
}
if (context.HasFailed)
{
var mvcContext = (AuthorizationFilterContext)context.Resource;
_tempDataProvider.SaveTempData(mvcContext.HttpContext, _dict);
}
else
{
context.Succeed(requirement);
}
}
}
}
public static void GuardarAcctionController(AuthorizationFilterContext context)
{
//RECUPERAR LA DIRECCION A DONDE QUEREMOS IR
String action = context.RouteData.Values["action"].ToString();
String controller = context.RouteData.Values["controller"].ToString();
//RECUPERAR TEMPDATA PROVIDER
ITempDataProvider provider = (ITempDataProvider)
context.HttpContext.RequestServices.GetService(typeof(ITempDataProvider));
//RECUPERAR EL TEMPDATA
var TempData = provider.LoadTempData(context.HttpContext);
//GUARDAMOS LOS DATOS ACTION Y CONTROLLER
TempData["action"] = action;
TempData["controller"] = controller;
//GUARDAR TEMPDATA PARA PODER LLEGAR AL CONTROLLER
provider.SaveTempData(context.HttpContext, TempData);
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
if (user.Identity.IsAuthenticated == false)
{
//DEBEMOS RECUPERAR LA INFORMACION DE DONDE HA
//PULSADO EL USUARIO
String action = context.RouteData.Values["action"].ToString();
String controller = context.RouteData.Values["controller"].ToString();
//NECESITAMOS RECUPERAR EL PROVEEDOR DE TEMPDATA
//AL NO SER UNA CLASE CONTROLLER, NO ES NATIVO
//PARA ENCONTRARLO, DEBEMOS RECUPERAR LA CLASE QUE HEMOS
//PUESTO EN LAS DEPENDENCIAS DE LA APP (STARTUP)
//RESOLVER DEPENDENCIAS DE UN SERVICIO DEL CONTENEDOR IoC
ITempDataProvider provider = (ITempDataProvider)
context.HttpContext.RequestServices
.GetService(typeof(ITempDataProvider));
//RECUPERAMOS EL TEMPDATA DEL PROVIDER
var TempData = provider.LoadTempData(context.HttpContext);
//GUARDAMOS LOS DATOS
TempData["action"] = action;
TempData["controller"] = controller;
//DEBEMOS SALVAR TEMPDATA PARA QUE LLEGUE AL CONTROLLER
provider.SaveTempData(context.HttpContext, TempData);
//LOGIN
context.Result = this.GetRedirectToRoute("Identity", "Login");
}
else
{
//SOLO QUEREMOS QUE EL PRESI ENTRE
if (user.IsInRole("PRESIDENTE") == false &&
user.IsInRole("ANALISTA") == false &&
user.IsInRole("DIRECTOR") == false)
{
context.Result =
this.GetRedirectToRoute("Identity", "AccesoDenegado");
}
}
}
public HomeController(ITempDataProvider cookie, IAntiforgery antiForgery, IHttpContextAccessor httpContextAccessor, IServiceProvider serviceProvider, ILoggerFactory loggerFactory) : base()
{
// this.cookie = cookie;
this.antiForgery = antiForgery;
this.serviceProvider = serviceProvider;
this.loggerFactory = loggerFactory;
// Create session id in an client-unreadable cookie
var data = cookie.LoadTempData(httpContextAccessor.HttpContext);
if (data.TryGetValue("session", out object id) && (id is Guid))
{
this.sessionId = (Guid)id;
}
else
{
// generate a new session id
data["session"] = this.sessionId = Guid.NewGuid();
cookie.SaveTempData(httpContextAccessor.HttpContext, data);
}
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, Over18Requirement requirement)
{
if (context.User.HasClaim(c => c.Type == nameof(LoginViewModel.Age)))
{
var ageClaim = context.User.Claims.Single(c => c.Type == nameof(LoginViewModel.Age)).Value;
var age = Convert.ToInt32(ageClaim);
if (age >= 18)
{
context.Succeed(requirement);
}
}
if (!context.HasSucceeded)
{
_tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, new Dictionary <string, object>()
{
{ "message", "You need to be over 18 to buy beer." }
});
context.Fail();
}
return(Task.CompletedTask);
}
private void SetValue(string name, object value)
{
_data[name] = value;
_tempDataProvider.SaveTempData(_httpContextAccessor.HttpContext, _data);
}
public Task Invoke(HttpContext context)
{
var cookieData = _cookieProvider.LoadTempData(context);
bool hasWaitRoomId = cookieData.ContainsKey("_waitroom");
object proxyUserId;
bool hasUserId = cookieData.TryGetValue("_proxyUserId", out proxyUserId);
// Any connection with a session ID is allowed
if (cookieData.ContainsKey("_proxySession"))
{
if (hasUserId)
{
_telemetry.Context.User.Id = cookieData["_proxyUserId"].ToString();
}
return(_next(context));
}
// Get or create a user ID for tracking context
if (!hasUserId)
{
string trackingCookieSessionId = context.Request.Cookies[_trackingCookie];
proxyUserId = String.IsNullOrEmpty(trackingCookieSessionId) ? Guid.NewGuid().ToString() : trackingCookieSessionId;
cookieData.Add("_proxyUserId", proxyUserId);
}
_telemetry.Context.User.Id = proxyUserId.ToString();
_telemetry.Context.Session.Id = proxyUserId.ToString();
if (!_tracker.TryAcquireSession())
{
// This is a new user connecting during an active session block
if (_waitRoomEnabled)
{
if (!hasWaitRoomId)
{
string waitRoomId = Guid.NewGuid().ToString();
cookieData.Add("_waitroom", waitRoomId);
_cookieProvider.SaveTempData(context, cookieData);
// _logger.LogWarning("User {id} in wait room", proxyUserId);
_telemetry.Context.Operation.ParentId = waitRoomId;
_telemetry.TrackEvent("waitroom start", new Dictionary <string, string> {
{ "waitroom_id", waitRoomId }
});
}
else
{
// TODO: Check for context.Session.GetInt("_retries"); Increment this and then do something different in the response - could do some templating here
// Track page refresh in telemetry
string waitRoomId = cookieData["_waitroom"].ToString();
_telemetry.Context.Operation.ParentId = waitRoomId;
}
context.Response.ContentLength = _html.Length;
context.Response.ContentType = "text/html";
context.Response.StatusCode = _htmlResponseCode;
return(context.Response.Body.WriteAsync(_html).AsTask());
}
else
{
_logger.LogWarning("User {id} exceeded quota (waitroom disabled)", proxyUserId);
return(_next(context));
}
}
// Clear waitroom data from the proxy cookie
if (hasWaitRoomId)
{
string waitRoomId = cookieData["_waitroom"].ToString();
_telemetry.Context.Operation.ParentId = waitRoomId;
_telemetry.TrackEvent("waitroom end", new Dictionary <string, string> {
{ "waitroom_id", waitRoomId }
});
cookieData.Remove("_waitroom");
_cookieProvider.SaveTempData(context, cookieData);
}
cookieData.Add("_proxySession", "true");
_cookieProvider.SaveTempData(context, cookieData);
return(_next(context));
}
public async Task Invoke(HttpContext context, ITempDataProvider tdp, DbT10Software db)
{
// check and get exisiting user lastaccesstime
string lastAccess = context.Request.Cookies["lastAccessTime"];
// Check if lastAccessTime session object is available
if (lastAccess == null)
{
// When lastAccessTime is null, it is a new session
context.Response.Cookies.Append("lastAccessTime", DateTime.Now.ToString(), new CookieOptions
{
HttpOnly = true,
SameSite = SameSiteMode.Lax
});
}
else
{
// When lastAccessTime is present, check if it has passed 20 minutes
DateTime lastAccessDateTime = Convert.ToDateTime(lastAccess);
// If now is more than 20 mins from lastAccessTime
if (DateTime.Now.CompareTo(lastAccessDateTime.AddMinutes(20)) == 1)
{
//if user not active, remove the last accesstime and redirect to session timeout controller
//controller will clean up session and redirect to gallery page with session timeout message
context.Response.Cookies.Delete("lastAccessTime");
string sessionId = context.Request.Cookies["sessionId"];
if (sessionId != null)
{
var session = db.Sessions.FirstOrDefault(session => session.Id == sessionId);
if (session != null)
{
db.Sessions.Remove(session);
db.SaveChanges();
}
}
context.Response.Cookies.Delete("sessionId");
// Uses injected TempDataProvider to add TempData into context without controller
tdp.SaveTempData(context, new Dictionary <string, object> {
["Alert"] = "warning|Your session has timed-out!"
});
context.Response.Redirect("/Gallery/Index");
return;
}
else
{
// if user still active, keep Update last access time stamp
context.Response.Cookies.Append("lastAccessTime", DateTime.Now.ToString(), new CookieOptions
{
HttpOnly = true,
SameSite = SameSiteMode.Lax
});
}
}
await next(context);
}