public async Task <IActionResult> VerifyAuthenticatorCode(VerifyAuthenticatorCodeViewModel model)
{
if (!this.ModelState.IsValid)
{
return(this.View(model));
}
// The following code protects for brute force attacks against the two factor codes.
// If a user enters incorrect codes for a specified amount of time then the user account
// will be locked out for a specified amount of time.
var result = await this.signInManager.TwoFactorAuthenticatorSignInAsync(model.Code, model.RememberMe, model.RememberBrowser);
if (result.Succeeded)
{
var user = await this.signInManager.GetTwoFactorAuthenticationUserAsync();
var userProfile = await this.accountManager.ProfileGet(user.Email);
userProfile.UserToken = Guid.NewGuid().ToString();
userProfile.UserSessionId = this.HttpContext.Session.Id;
SecurityCacheManager.SetUserProfile(userProfile, userProfile.UserSessionId);
return(this.RedirectToLocal(model.ReturnUrl));
}
if (result.IsLockedOut)
{
return(this.View("Lockout"));
}
else
{
this.ModelState.AddModelError(string.Empty, "Invalid code.");
return(this.View(model));
}
}
public async Task <IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
this.ViewData["ReturnUrl"] = returnUrl;
if (this.ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await this.signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure : false);
if (result.Succeeded)
{
var userProfile = await this.accountManager.ProfileGet(model.Email);
userProfile.UserToken = Guid.NewGuid().ToString();
userProfile.UserSessionId = this.HttpContext.Session.Id;
SecurityCacheManager.SetUserProfile(userProfile, userProfile.UserSessionId);
this.logger.LogInformation("User logged in.");
return(this.RedirectToLocal(returnUrl));
}
if (result.RequiresTwoFactor)
{
return(this.RedirectToAction(nameof(this.SendCode), new { returnUrl, model.RememberMe }));
}
if (result.IsLockedOut)
{
this.logger.LogWarning("User account locked out.");
return(this.RedirectToAction(nameof(this.Lockout)));
}
else
{
this.ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return(this.View(model));
}
}
// If we got this far, something failed, redisplay form
return(this.View(model));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomFunctionAuth requirement)
{
if (!context.User.Identity.IsAuthenticated)
{
return(Task.CompletedTask);
}
bool isSuperAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSuperAdmin").Value);
bool isSystemAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSystemAdmin").Value);
if (isSuperAdmin || isSystemAdmin)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
var userId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "UserId").Value);
var tenantId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "TenantId").Value);
ISecurityCacheManager securityManager = new SecurityCacheManager();
IMetadataManager iMetadataManager = new VPC.Framework.Business.MetadataManager.Contracts.MetadataManager();
var functionSecurities = securityManager.SecurityCache(tenantId, userId, false).FunctionSecurity;
if (functionSecurities.Count == 0)
{
return(Task.CompletedTask);
}
int[] codes = null;
var methodType = string.Empty;
var mvcContext = context.Resource as AuthorizationFilterContext;
var descriptor = mvcContext?.ActionDescriptor as ControllerActionDescriptor;
if (descriptor != null)
{
methodType = mvcContext.HttpContext.Request.Method;
var controllerTypeInfo = descriptor.ControllerTypeInfo;
var headerAttr = controllerTypeInfo.GetCustomAttribute <AddHeaderFunction>();
if (headerAttr == null)
{
return(Task.CompletedTask);
}
var functionContext = headerAttr.GetHeaderFunction();
if (string.IsNullOrEmpty(functionContext))
{
return(Task.CompletedTask);
}
var itsSecurity = (from entitySecurity in functionSecurities where entitySecurity.FunctionContext == new Guid(functionContext) select entitySecurity).ToList();
if (itsSecurity.Count > 0)
{
codes = itsSecurity[0].SecurityCode.ToString().Select(t => int.Parse(t.ToString())).ToArray();
}
}
if (codes == null)
{
return(Task.CompletedTask);
}
if (methodType.ToUpper().Equals("GET"))
{
if (codes[0] > 1)
{
context.Succeed(requirement);
}
}
else if (methodType.ToUpper().Equals("POST"))
{
if (codes[3] > 1)
{
context.Succeed(requirement);
}
}
else if (methodType.ToUpper().Equals("PUT") || methodType.ToUpper().Equals("PATCH"))
{
if (codes[4] > 1)
{
context.Succeed(requirement);
}
}
else if (methodType.ToUpper().Equals("DELETE"))
{
if (codes[5] > 1)
{
context.Succeed(requirement);
}
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomRoleAuth requirement)
{
if (!context.User.Identity.IsAuthenticated)
{
return(Task.CompletedTask);
}
bool isSuperAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSuperAdmin").Value);
bool isSystemAdmin = bool.Parse(context.User.Claims.FirstOrDefault(c => c.Type == "IsSystemAdmin").Value);
if (isSuperAdmin || isSystemAdmin)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
var userId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "UserId").Value);
var tenantId = new Guid(context.User.Claims.FirstOrDefault(c => c.Type == "TenantId").Value);
ISecurityCacheManager securityManager = new SecurityCacheManager();
IMetadataManager iMetadataManager = new VPC.Framework.Business.MetadataManager.Contracts.MetadataManager();
var entitySecurities = securityManager.SecurityCache(tenantId, userId, false).EntitySecurity;
if (entitySecurities.Count == 0)
{
return(Task.CompletedTask);
}
int[] codes = null;
var methodType = string.Empty;
var mvcContext = context.Resource as AuthorizationFilterContext;
var descriptor = mvcContext?.ActionDescriptor as ControllerActionDescriptor;
if (descriptor != null)
{
methodType = mvcContext.HttpContext.Request.Method;
var routeValueOfX = (string)mvcContext.HttpContext.GetRouteValue("entityName");
if (routeValueOfX == null)
{
// mvcContext.Result = new JsonResult("Entity name not matching.") { StatusCode = 418 };
return(Task.CompletedTask);
}
var entityId = iMetadataManager.GetEntityContextByEntityName(routeValueOfX);
var itsSecurity = (from entitySecurity in entitySecurities where entitySecurity.EntityId == entityId select entitySecurity).ToList();
if (itsSecurity.Count > 0)
{
codes = itsSecurity[0].SecurityCode.ToString().Select(t => int.Parse(t.ToString())).ToArray();
}
}
if (codes == null)
{
return(Task.CompletedTask);
}
if (methodType.ToUpper().Equals("GET"))
{
if (codes[0] > 1)
{
context.Succeed(requirement);
}
}
else if (methodType.ToUpper().Equals("POST"))
{
if (codes[3] > 1)
{
context.Succeed(requirement);
}
}
else if (methodType.ToUpper().Equals("PUT") || methodType.ToUpper().Equals("PATCH"))
{
if (codes[4] > 1)
{
context.Succeed(requirement);
}
}
else if (methodType.ToUpper().Equals("DELETE"))
{
if (codes[5] > 1)
{
context.Succeed(requirement);
}
}
// if(!context.HasSucceeded)
// mvcContext.Result = new JsonResult("Need a custom message") { StatusCode = 418 };
return(Task.CompletedTask);
}
