public async Task <IActionResult> VerifyAuthenticatorCode(VerifyAuthenticatorCodeViewModel model) { if (!this.ModelState.IsValid) { return(this.View(model)); } // The following code protects for brute force attacks against the two factor codes. // If a user enters incorrect codes for a specified amount of time then the user account // will be locked out for a specified amount of time. var result = await this.signInManager.TwoFactorAuthenticatorSignInAsync(model.Code, model.RememberMe, model.RememberBrowser); if (result.Succeeded) { var user = await this.signInManager.GetTwoFactorAuthenticationUserAsync(); var userProfile = await this.accountManager.ProfileGet(user.Email); userProfile.UserToken = Guid.NewGuid().ToString(); userProfile.UserSessionId = this.HttpContext.Session.Id; SecurityCacheManager.SetUserProfile(userProfile, userProfile.UserSessionId); return(this.RedirectToLocal(model.ReturnUrl)); } if (result.IsLockedOut) { return(this.View("Lockout")); } else { this.ModelState.AddModelError(string.Empty, "Invalid code."); return(this.View(model)); } }
public async Task <IActionResult> Login(LoginViewModel model, string returnUrl = null) { this.ViewData["ReturnUrl"] = returnUrl; if (this.ModelState.IsValid) { // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, set lockoutOnFailure: true var result = await this.signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure : false); if (result.Succeeded) { var userProfile = await this.accountManager.ProfileGet(model.Email); userProfile.UserToken = Guid.NewGuid().ToString(); userProfile.UserSessionId = this.HttpContext.Session.Id; SecurityCacheManager.SetUserProfile(userProfile, userProfile.UserSessionId); this.logger.LogInformation("User logged in."); return(this.RedirectToLocal(returnUrl)); } if (result.RequiresTwoFactor) { return(this.RedirectToAction(nameof(this.SendCode), new { returnUrl, model.RememberMe })); } if (result.IsLockedOut) { this.logger.LogWarning("User account locked out."); return(this.RedirectToAction(nameof(this.Lockout))); } else { this.ModelState.AddModelError(string.Empty, "Invalid login attempt."); return(this.View(model)); } } // If we got this far, something failed, redisplay form return(this.View(model)); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomFunctionAuth requirement) { if (!context.User.Identity.IsAuthenticated) { return(Task.CompletedTask); } bool isSuperAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSuperAdmin").Value); bool isSystemAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSystemAdmin").Value); if (isSuperAdmin || isSystemAdmin) { context.Succeed(requirement); return(Task.CompletedTask); } var userId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "UserId").Value); var tenantId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "TenantId").Value); ISecurityCacheManager securityManager = new SecurityCacheManager(); IMetadataManager iMetadataManager = new VPC.Framework.Business.MetadataManager.Contracts.MetadataManager(); var functionSecurities = securityManager.SecurityCache(tenantId, userId, false).FunctionSecurity; if (functionSecurities.Count == 0) { return(Task.CompletedTask); } int[] codes = null; var methodType = string.Empty; var mvcContext = context.Resource as AuthorizationFilterContext; var descriptor = mvcContext?.ActionDescriptor as ControllerActionDescriptor; if (descriptor != null) { methodType = mvcContext.HttpContext.Request.Method; var controllerTypeInfo = descriptor.ControllerTypeInfo; var headerAttr = controllerTypeInfo.GetCustomAttribute <AddHeaderFunction>(); if (headerAttr == null) { return(Task.CompletedTask); } var functionContext = headerAttr.GetHeaderFunction(); if (string.IsNullOrEmpty(functionContext)) { return(Task.CompletedTask); } var itsSecurity = (from entitySecurity in functionSecurities where entitySecurity.FunctionContext == new Guid(functionContext) select entitySecurity).ToList(); if (itsSecurity.Count > 0) { codes = itsSecurity[0].SecurityCode.ToString().Select(t => int.Parse(t.ToString())).ToArray(); } } if (codes == null) { return(Task.CompletedTask); } if (methodType.ToUpper().Equals("GET")) { if (codes[0] > 1) { context.Succeed(requirement); } } else if (methodType.ToUpper().Equals("POST")) { if (codes[3] > 1) { context.Succeed(requirement); } } else if (methodType.ToUpper().Equals("PUT") || methodType.ToUpper().Equals("PATCH")) { if (codes[4] > 1) { context.Succeed(requirement); } } else if (methodType.ToUpper().Equals("DELETE")) { if (codes[5] > 1) { context.Succeed(requirement); } } return(Task.CompletedTask); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomRoleAuth requirement) { if (!context.User.Identity.IsAuthenticated) { return(Task.CompletedTask); } bool isSuperAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSuperAdmin").Value); bool isSystemAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSystemAdmin").Value); if (isSuperAdmin || isSystemAdmin) { context.Succeed(requirement); return(Task.CompletedTask); } var userId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "UserId").Value); var tenantId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "TenantId").Value); ISecurityCacheManager securityManager = new SecurityCacheManager(); IMetadataManager iMetadataManager = new VPC.Framework.Business.MetadataManager.Contracts.MetadataManager(); var entitySecurities = securityManager.SecurityCache(tenantId, userId, false).EntitySecurity; if (entitySecurities.Count == 0) { return(Task.CompletedTask); } int[] codes = null; var methodType = string.Empty; var mvcContext = context.Resource as AuthorizationFilterContext; var descriptor = mvcContext?.ActionDescriptor as ControllerActionDescriptor; if (descriptor != null) { methodType = mvcContext.HttpContext.Request.Method; var routeValueOfX = (string)mvcContext.HttpContext.GetRouteValue("entityName"); if (routeValueOfX == null) { // mvcContext.Result = new JsonResult("Entity name not matching.") { StatusCode = 418 }; return(Task.CompletedTask); } var entityId = iMetadataManager.GetEntityContextByEntityName(routeValueOfX); var itsSecurity = (from entitySecurity in entitySecurities where entitySecurity.EntityId == entityId select entitySecurity).ToList(); if (itsSecurity.Count > 0) { codes = itsSecurity[0].SecurityCode.ToString().Select(t => int.Parse(t.ToString())).ToArray(); } } if (codes == null) { return(Task.CompletedTask); } if (methodType.ToUpper().Equals("GET")) { if (codes[0] > 1) { context.Succeed(requirement); } } else if (methodType.ToUpper().Equals("POST")) { if (codes[3] > 1) { context.Succeed(requirement); } } else if (methodType.ToUpper().Equals("PUT") || methodType.ToUpper().Equals("PATCH")) { if (codes[4] > 1) { context.Succeed(requirement); } } else if (methodType.ToUpper().Equals("DELETE")) { if (codes[5] > 1) { context.Succeed(requirement); } } // if(!context.HasSucceeded) // mvcContext.Result = new JsonResult("Need a custom message") { StatusCode = 418 }; return(Task.CompletedTask); }