/// <summary>
/// This configures Cookies for authentication and adds the feature and data claims to the user.
/// There are two approaches:
/// 1. One that allows logged in user's permissions to updated when the Roles/Permissions are changed.
/// 2. A simpler/better performance way to set up permissions, but doesn't support dynamic updates of logged in user's permissions
/// </summary>
/// <param name="services"></param>
/// <param name="updateCookieOnChange">if false then uses simple method to set up the claims,
/// otherwise uses OnValidatePrincipal to allow the claims to be changed.</param>
public static void ConfigureCookiesForExtraAuth(this IServiceCollection services, bool updateCookieOnChange)
{
if (updateCookieOnChange)
{
services.AddSingleton <IAuthChanges, AuthChanges>();
//User impersonation needs the encryption services provided by AddDataProtection
services.AddDataProtection();
var sp = services.BuildServiceProvider();
var extraAuthContextOptions = sp.GetRequiredService <DbContextOptions <ExtraAuthorizeDbContext> >();
var protectionProvider = sp.GetService <IDataProtectionProvider>(); //NOTE: This can be null, which turns off impersonation
var authCookieValidate = new AuthCookieValidate(extraAuthContextOptions, protectionProvider);
var authCookieSigningOut = new AuthCookieSigningOut();
//see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1#cookie-settings
services.ConfigureApplicationCookie(options =>
{
options.Events.OnValidatePrincipal = authCookieValidate.ValidateAsync;
//This ensures the impersonation cookie is deleted when a user signs out
options.Events.OnSigningOut = authCookieSigningOut.SigningOutAsync;
});
}
else
{
services.AddSingleton <IAuthChanges>(x => null); //This will turn off the checks in the ExtraAuthDbContext
//Simple version - see https://korzh.com/blogs/net-tricks/aspnet-identity-store-user-data-in-claims
services.AddScoped <IUserClaimsPrincipalFactory <IdentityUser>, AddPermissionsToUserClaims>();
}
}
/// <summary>
/// This configures Cookies for authentication and adds the feature and data claims to the user
/// </summary>
/// <param name="services"></param>
/// <param name="updateCookieOnChange">if false then uses simple method to set up the claims,
/// otherwise uses OnValidatePrincipal to allow the claims to be changed.</param>
public static void ConfigureCookiesForExtraAuth(this IServiceCollection services, bool updateCookieOnChange)
{
if (updateCookieOnChange)
{
var sp = services.BuildServiceProvider();
var extraAuthContextOptions = sp.GetRequiredService <DbContextOptions <ExtraAuthorizeDbContext> >();
var simpleCache = sp.GetRequiredService <ISimpleTimeCache>();
//TODO add update on feature change to AuthCookieValidate
var authCookieValidate = new AuthCookieValidate(
new CalcAllowedPermissions(extraAuthContextOptions),
new CalcDataKey(extraAuthContextOptions), simpleCache);
//see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1#cookie-settings
services.ConfigureApplicationCookie(options =>
{
options.Events.OnValidatePrincipal = authCookieValidate.ValidateAsync;
});
}
else
{
//Simple version - see https://korzh.com/blogs/net-tricks/aspnet-identity-store-user-data-in-claims
services.AddScoped <IUserClaimsPrincipalFactory <IdentityUser>, AddPermissionsToUserClaims>();
}
}
/// <summary>
/// This configures Cookies for authentication and adds the feature and data claims to the user.
/// There are two approaches:
/// 1. One that allows logged in user's permissions to updated when the Roles/Permissions are changed.
/// 2. A simpler/better performance way to set up permissions, but doesn't support dynamic updates of logged in user's permissions
/// </summary>
/// <param name="services"></param>
/// <param name="updateCookieOnChange">if false then uses simple method to set up the claims,
/// otherwise uses OnValidatePrincipal to allow the claims to be changed.</param>
public static void ConfigureCookiesForExtraAuth(this IServiceCollection services, bool updateCookieOnChange)
{
if (updateCookieOnChange)
{
services.AddSingleton <IAuthChanges, AuthChanges>();
var sp = services.BuildServiceProvider();
var extraAuthContextOptions = sp.GetRequiredService <DbContextOptions <ExtraAuthorizeDbContext> >();
var authCookieValidate = new AuthCookieValidate(extraAuthContextOptions);
//see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1#cookie-settings
services.ConfigureApplicationCookie(options =>
{
options.Events.OnValidatePrincipal = authCookieValidate.ValidateAsync;
});
}
else
{
services.AddSingleton <IAuthChanges>(x => null); //This will turn off the checks in the ExtraAuthDbContext
//Simple version - see https://korzh.com/blogs/net-tricks/aspnet-identity-store-user-data-in-claims
services.AddScoped <IUserClaimsPrincipalFactory <IdentityUser>, AddPermissionsToUserClaims>();
}
}
