Пример #1
0
        public LdapAuthentcationService(LdapAuthenticationSettings configuration)
        {
            this.configuration = configuration;

            Groups = new Dictionary <string, string>();
            foreach (var element in configuration.GroupNames.GetChildren())
            {
                Groups.Add(element.Key, element.Value);
            }
        }
Пример #2
0
        public static void AddLdapCookieAuthentication(this IServiceCollection services, LdapAuthenticationSettings configuration, LdapAuthenticationPathOptions pathOptions)
        {
            LdapAuthentcationService ldapAuthService = new LdapAuthentcationService(configuration);

            services.AddSingleton(ldapAuthService);

            services.AddAuthentication(SuperDumpAuthenticationScheme)
            .AddPolicyScheme(SuperDumpAuthenticationScheme, SuperDumpAuthenticationScheme, options => {
                options.ForwardDefaultSelector = context => context.Request.Path.StartsWithSegments("/api") ?
                                                 JwtBearerDefaults.AuthenticationScheme : CookieAuthenticationDefaults.AuthenticationScheme;
            })
            .AddCookie(options => {
                options.Cookie.Name       = configuration.AuthenticationCookieName;
                options.SlidingExpiration = true;
                options.ExpireTimeSpan    = TimeSpan.FromDays(configuration.CookieExpireTimeSpanInDays);
                options.Cookie.HttpOnly   = true;

                options.LoginPath        = pathOptions.LoginPath;
                options.LogoutPath       = pathOptions.LogoutPath;
                options.AccessDeniedPath = pathOptions.AccessDeniedPath;
            })
            .AddJwtBearer(options =>
                          options.TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer           = true,
                ValidateAudience         = true,
                ValidateLifetime         = true,
                ValidateIssuerSigningKey = true,
                ValidIssuer      = configuration.TokenIssuer,
                ValidAudience    = configuration.TokenAudience,
                IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(configuration.TokenSigningKey))
            }
                          );

            services.AddAuthorization(options => {
                string adminGroup  = ldapAuthService.Groups[AdminPolicy];
                string userGroup   = ldapAuthService.Groups[UserPolicy];
                string viewerGroup = ldapAuthService.Groups[ViewerPolicy];

                options.AddPolicy(AdminPolicy, policy =>
                                  policy.RequireAssertion(context => context.User.HasClaim(ClaimTypes.GroupSid, adminGroup)));

                options.AddPolicy(UserPolicy, policy =>
                                  policy.RequireAssertion(context => context.User.HasClaim(claim =>
                                                                                           claim.Type == ClaimTypes.GroupSid && (claim.Value == adminGroup || claim.Value == userGroup))));

                options.AddPolicy(ViewerPolicy, policy =>
                                  policy.RequireAssertion(context => context.User.HasClaim(claim =>
                                                                                           claim.Type == ClaimTypes.GroupSid && (claim.Value == adminGroup || claim.Value == userGroup || claim.Value == viewerGroup))));
            });
        }
Пример #3
0
 public TokenController(LdapAuthentcationService authentcationService, IOptions <SuperDumpSettings> settings, ILoggerFactory loggerFactory)
 {
     this.authentcationService = authentcationService;
     this.settings             = settings.Value.LdapAuthenticationSettings;
     logger = loggerFactory.CreateLogger <TokenController>();
 }