public SiteIdentityOptionsResolver(
IHttpContextAccessor httpContextAccessor,
// CookieAuthenticationEvents cookieEvents,
SiteAuthCookieValidator siteValidator
)
{
this.httpContextAccessor = httpContextAccessor;
this.cookieEvents = new CookieAuthenticationEvents();
this.siteValidator = siteValidator;
}
public SiteIdentityOptionsResolver(
IHttpContextAccessor httpContextAccessor,
IOptions <MultiTenantOptions> multiTenantOptionsAccessor,
SiteAuthCookieValidator siteValidator
)
{
this.httpContextAccessor = httpContextAccessor;
this.cookieEvents = new CookieAuthenticationEvents();
this.siteValidator = siteValidator;
multiTenantOptions = multiTenantOptionsAccessor.Value;
}
public static IApplicationBuilder UseCloudscribeCoreDefaultAuthentication(
this IApplicationBuilder builder,
ILoggerFactory loggerFactory,
MultiTenantOptions multiTenantOptions,
SiteContext tenant,
CookieSecurePolicy applicationCookieSecure = CookieSecurePolicy.SameAsRequest
)
{
var useFolder = !multiTenantOptions.UseRelatedSitesMode
&& multiTenantOptions.Mode == cloudscribe.Core.Models.MultiTenantMode.FolderName
&& tenant.SiteFolderName.Length > 0;
var externalCookieOptions = builder.SetupOtherCookies(
AuthenticationScheme.External,
multiTenantOptions.UseRelatedSitesMode,
tenant);
builder.UseCookieAuthentication(externalCookieOptions);
var twoFactorRememberMeCookieOptions = builder.SetupOtherCookies(
AuthenticationScheme.TwoFactorRememberMe,
multiTenantOptions.UseRelatedSitesMode,
tenant);
builder.UseCookieAuthentication(twoFactorRememberMeCookieOptions);
var twoFactorUserIdCookie = builder.SetupOtherCookies(
AuthenticationScheme.TwoFactorUserId,
multiTenantOptions.UseRelatedSitesMode,
tenant);
builder.UseCookieAuthentication(twoFactorUserIdCookie);
//var cookieEvents = new CookieAuthenticationEvents();
var logger = loggerFactory.CreateLogger<SiteAuthCookieValidator>();
var cookieValidator = new SiteAuthCookieValidator(logger);
var appCookieOptions = builder.SetupAppCookie(
cookieValidator,
AuthenticationScheme.Application,
multiTenantOptions.UseRelatedSitesMode,
tenant,
applicationCookieSecure
);
builder.UseCookieAuthentication(appCookieOptions);
// known issue here is if a site is updated to populate the
// social auth keys, it currently requires a restart so that the middleware gets registered
// in order for it to work or for the social auth buttons to appear
builder.UseSocialAuth(tenant, externalCookieOptions, useFolder);
return builder;
}
public SiteCookieAuthenticationEvents(
SiteAuthCookieValidator validator) : base()
{
OnValidatePrincipal = validator.ValidatePrincipal;
}
public SiteCookieAuthenticationEvents(
SiteAuthCookieValidator validator) : base()
{
OnValidatePrincipal = validator.ValidatePrincipal;
}
public static CookieAuthenticationOptions SetupAppCookie(
this IApplicationBuilder app,
SiteAuthCookieValidator siteValidator,
string scheme,
bool useRelatedSitesMode,
SiteContext tenant,
CookieSecurePolicy cookieSecure = CookieSecurePolicy.SameAsRequest
)
{
var cookieEvents = new CookieAuthenticationEvents();
var options = new CookieAuthenticationOptions();
if (useRelatedSitesMode)
{
options.AuthenticationScheme = scheme;
options.CookieName = scheme;
options.CookiePath = "/";
}
else
{
//options.AuthenticationScheme = $"{scheme}-{tenant.SiteFolderName}";
options.AuthenticationScheme = scheme;
options.CookieName = $"{scheme}-{tenant.SiteFolderName}";
options.CookiePath = "/" + tenant.SiteFolderName;
cookieEvents.OnValidatePrincipal = siteValidator.ValidatePrincipal;
}
var tenantPathBase = string.IsNullOrEmpty(tenant.SiteFolderName)
? PathString.Empty
: new PathString("/" + tenant.SiteFolderName);
options.LoginPath = tenantPathBase + "/account/login";
options.LogoutPath = tenantPathBase + "/account/logoff";
options.AccessDeniedPath = tenantPathBase + "/account/accessdenied";
options.Events = cookieEvents;
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = false;
options.CookieSecure = cookieSecure;
return options;
}
