public void AuthenticateWithEmptyToken()
{
//-- Arrange
var userName = "******";
var password = "******";
var roles = new string[] { "Tester" };
var token = string.Empty;
var externalAuthorization = new ExternalAuthenticator()
{
Token = token
};
authService.ExternalAuthorization = externalAuthorization;
authService.UserRepository.Create(userName, new UserData(userName, password, roles.ToList()));
authService.AuthenticateUser(userName, password);
authService.ExternalAuthorization.RequestTokenChange();
authService.DeAuthenticateCurrentUser();
externalAuthorization.Token = string.Empty;
authService.ExternalAuthorization.RequestAuthorization();
AppPrincipal customPrincipal = Thread.CurrentPrincipal as AppPrincipal;
Assert.AreEqual(string.Empty, customPrincipal.Identity.Name);
Assert.AreEqual(0, customPrincipal.Identity.Roles.Length);
Assert.AreEqual(string.Empty, customPrincipal.Identity.Level);
}
public async Task CreateTokenWithNullAppPrincipal()
{
AppPrincipal appPrincipal = null;
UserPrincipal userPrincipal = new UserPrincipal(this.managersContext.Log, "genericUserHandle", IdentityProviderType.AADS2S, "genericUserHandle");
await this.managersContext.SessionTokenManager.CreateToken(appPrincipal, userPrincipal, TimeSpan.FromTicks(1));
}
/// <summary>
/// Create SocialPlus session token
/// </summary>
/// <param name="appPrincipal">app principal (cannot be null)</param>
/// <param name="userPrincipal">user principal (cannot be null)</param>
/// <param name="duration">lifetime of the token</param>
/// <returns>SocialPlus session token</returns>
public async Task <string> CreateToken(AppPrincipal appPrincipal, UserPrincipal userPrincipal, TimeSpan duration)
{
// If init not called, call init.
if (this.initStarted == false)
{
await this.Init();
}
if (appPrincipal == null || userPrincipal == null)
{
throw new ArgumentNullException(
string.Format(
"CreateToken constructor can't take null parameters. appPrincipal: {0}, userPrincipal: {1}",
appPrincipal,
userPrincipal));
}
if (this.signingKey == null)
{
throw new InvalidOperationException("Token manager has a null signing key and thus cannot create tokens.");
}
// A session token has two claims: an app principal claim and a user principal claim
Claim[] claims = new Claim[1] {
this.GenerateUserClaim(userPrincipal)
};
// A token descriptor is like a legend of what the token should include
var tokenDescriptor = this.GenerateSessionTokenDescriptor(appPrincipal, claims, duration);
// Using the token descriptor, we are ready to generate and return the token
var token = this.tokenHandler.CreateToken(tokenDescriptor);
return(this.tokenHandler.WriteToken(token));
}
/// <summary>
/// Returns whether the current data context can currently be saved to the store.
/// </summary>
bool ISaveable.CanSave(AppPrincipal contextUser, IList <ErrorResult> errors)
{
bool result = false;
if (_validator != null)
{
if (_validator.CanAssertAuthorizations)
{
_validator.AssertAuthorizations(contextUser, this.AppContext, this);
}
if (_validator.CanValidate)
{
result = _validator.Validate(contextUser, this.AppContext, this, errors);
}
else
{
result = true;
}
}
else
{
result = true;
}
return(result);
}
public async Task CreateTokenWithNullUserPrincipal()
{
AppPrincipal appPrincipal = new AppPrincipal("genericAppHandle", "genenericAppKey");
UserPrincipal userPrincipal = null;
await this.managersContext.SessionTokenManager.CreateToken(appPrincipal, userPrincipal, TimeSpan.FromTicks(1));
}
/// <summary>
/// Validate the data in the specified entity framework context.
/// </summary>
public bool Validate(AppPrincipal contextPrincipal, AppContextBase appContext, T dataContext, IList <ErrorResult> errors)
{
bool result = true;
if (this.CanValidateUsingDataAnnotations)
{
foreach (object entity in dataContext.GetChanges())
{
var validatationContext = new ValidationContext(entity, serviceProvider: null, items: null);
var volidationContextResults = new List <ValidationResult>();
result = Validator.TryValidateObject(entity, validatationContext, volidationContextResults, true);
foreach (ValidationResult error in volidationContextResults)
{
errors.Add(new ErrorResult(ErrorResultKind.Validation, error.ErrorMessage));
}
}
}
foreach (Validation validation in this.Validations)
{
foreach (object entity in dataContext.GetChanges(validation.Type))
{
if (!validation.Validate(contextPrincipal, appContext, dataContext.Data, entity, errors))
{
result = false;
}
}
}
return(result);
}
public async Task ValidateProperToken()
{
AppPrincipal appPrincipal = new AppPrincipal("genericAppHandle", "genenericAppKey");
UserPrincipal userPrincipal = new UserPrincipal(this.managersContext.Log, "genericUserHandle", IdentityProviderType.AADS2S, "genericUserHandle");
string token = await this.managersContext.SessionTokenManager.CreateToken(appPrincipal, userPrincipal, TimeSpan.FromMinutes(1));
var principals = await this.managersContext.SessionTokenManager.ValidateToken(token);
// Extract app and user principals from session token.
AppPrincipal sessionTokenAppPrincipal = null;
UserPrincipal sessionTokenUserPrincipal = null;
foreach (IPrincipal p in principals)
{
if (p is AppPrincipal)
{
sessionTokenAppPrincipal = p as AppPrincipal;
}
else
{
sessionTokenUserPrincipal = p as UserPrincipal;
}
}
Assert.AreEqual(appPrincipal, sessionTokenAppPrincipal);
Assert.AreEqual(userPrincipal, sessionTokenUserPrincipal);
}
public async Task ValidateExpiredToken()
{
AppPrincipal appPrincipal = new AppPrincipal("genericAppHandle", "genenericAppKey");
UserPrincipal userPrincipal = new UserPrincipal(this.managersContext.Log, "genericUserHandle", IdentityProviderType.AADS2S, "genericUserHandle");
string tokenWithShortLifetime = await this.managersContext.SessionTokenManager.CreateToken(appPrincipal, userPrincipal, TimeSpan.FromTicks(1));
await this.managersContext.SessionTokenManager.ValidateToken(tokenWithShortLifetime);
}
public void SerializeDeserializeAppPrincipal()
{
AppPrincipal appPrincipal = new AppPrincipal("genericAppHandle", "genericAppKey");
string serializedAppPrincipal = appPrincipal.ToString();
AppPrincipal deserializedAppPrincipal = new AppPrincipal(serializedAppPrincipal);
Assert.AreEqual(appPrincipal.AppHandle, deserializedAppPrincipal.AppHandle);
Assert.AreEqual(appPrincipal.AppKey, deserializedAppPrincipal.AppKey);
}
public void ShouldGetDifferentImplementationFromResolveContextForUser()
{
IIdentity identity = new AppIdentity();
// three principals, one for each role
var adminPrincipal = new AppPrincipal(identity, new[] { "Admin" });
var salesPrincipal = new AppPrincipal(identity, new[] { "Sales" });
var customerPrincipal = new AppPrincipal(identity, new[] { "Customer" });
var container = new Container();
container.RegisterType <AdminActionsService>();
container.RegisterType <SalesActionsService>();
container.RegisterType <CustomerActionsService>();
container.RegisterType <UserControlPanel>();
// register delegate to read the CurrentPrincipal property, to make it dynamic
container.RegisterDelegate(() => CurrentPrincipal);
// now register the delegate handler for the IUserActionsService, which does the
// role sniffing over the principal
container.RegisterDelegate((IPrincipal p, ResolveContext rc) => {
IUserActionsService toReturn = null;
if (p != null)
{
if (p.IsInRole("Customer"))
{
toReturn = rc.Resolve <CustomerActionsService>();
}
else if (p.IsInRole("Sales"))
{
toReturn = rc.Resolve <SalesActionsService>();
}
else if (p.IsInRole("Admin"))
{
toReturn = rc.Resolve <AdminActionsService>();
}
}
return(toReturn);
});
// set the principal, and resolve
CurrentPrincipal = adminPrincipal;
var result1 = container.Resolve <UserControlPanel>();
// now swap principals
CurrentPrincipal = salesPrincipal;
var result2 = container.Resolve <UserControlPanel>();
// and again
CurrentPrincipal = customerPrincipal;
var result3 = container.Resolve <UserControlPanel>();
Assert.IsType <AdminActionsService>(result1.ActionsService);
Assert.IsType <SalesActionsService>(result2.ActionsService);
Assert.IsType <CustomerActionsService>(result3.ActionsService);
}
/// <summary>
/// Method that generates the token descriptor of a SocialPlus session token
/// </summary>
/// <param name="appPrincipal">app principal</param>
/// <param name="claims">token's claims</param>
/// <param name="duration">lifetime of the token</param>
/// <returns>token descriptor</returns>
private SecurityTokenDescriptor GenerateSessionTokenDescriptor(AppPrincipal appPrincipal, Claim[] claims, TimeSpan duration)
{
var now = DateTime.UtcNow;
return(new SecurityTokenDescriptor
{
TokenIssuerName = appPrincipal.ToString(),
Subject = new ClaimsIdentity(claims),
Lifetime = new Lifetime(null, now.Add(duration)),
SigningCredentials = new SigningCredentials(this.signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest),
});
}
/// <summary>
/// Commit changes to any store in the context that supports it.
/// </summary>
public virtual async Task <bool> SaveChangesAsync(AppPrincipal contextUser, Type sharedDataObjectType, bool assertSuccess = false)
{
bool result = false;
List <ErrorResult> errors = new List <ErrorResult>();
OptionsDictionary <Type, object> results = new OptionsDictionary <Type, object>();
List <KeyValuePair <Type, SharedObjectEntry> > sharedObjects = _sharedObjects
.Where(o => (sharedDataObjectType == null || o.Key == sharedDataObjectType) && o.Value.Value != null && o.Value.Value is ISaveable)
.OrderBy(o => o.Value.Index).ToList();
bool canSave = true;
foreach (KeyValuePair <Type, SharedObjectEntry> sharedObject in sharedObjects)
{
canSave = (sharedObject.Value.Value as ISaveable).CanSave(contextUser, errors);
if (!canSave)
{
break;
}
}
_lastSaveErrors = errors;
if (canSave)
{
foreach (KeyValuePair <Type, SharedObjectEntry> sharedObject in sharedObjects)
{
canSave = (sharedObject.Value.Value as ISaveable).CanSave(contextUser, errors);
if (!canSave)
{
break;
}
object saveResult = await((ISaveable)sharedObject.Value.Value).SaveAsync(contextUser);
results.Add(sharedObject.Key, saveResult);
}
result = true;
}
_lastSaveResults = results;
if (assertSuccess)
{
AssertSaveSuccess(result);
}
return(result);
}
/// <summary>
/// Initializes a new instance of the <see cref="SessionsController"/> class
/// </summary>
/// <param name="managersContext">managers context</param>
/// <param name="principalsContext">principals context</param>
public SessionsController(ManagersContext managersContext, PrincipalsContext principalsContext)
: base(
managersContext.Log,
managersContext.IdentitiesManager,
managersContext.SessionTokenManager,
managersContext.UsersManager,
managersContext.AppsManager,
managersContext.ApplicationMetrics)
{
this.appPrincipal = principalsContext.AppPrincipal;
this.userPrincipal = principalsContext.UserPrincipal;
this.guid = Guid.NewGuid();
}
public bool Login(string userId, string password)
{
try
{
string hashed = PhpCompatible.Md5Hash(password);
return(AppPrincipal.Login(userId, hashed));
}
catch (Exception ex)
{
log.ErrorFormat("Login -> Message: {0}", ex.Message);
log.ErrorFormat("Login -> StackTrace: {0}", ex.StackTrace);
return(false);
}
}
/// <summary>
/// Validate authorization header.
/// The SocialPlus auth header must include a token. This token is our own session token that includes an app and a user principal
/// This method:
/// - validates the token
/// - validates the app principal
/// - validates the user principal
/// </summary>
/// <param name="authParameter">authorization parameter</param>
/// <returns>list of principals</returns>
public async Task <List <IPrincipal> > ValidateAuthParameter(string authParameter)
{
string token;
// Parse the authorization header
var authDictionary = new Dictionary <string, string>();
this.ParseAuthParameter(authParameter, authDictionary);
// Get the token and validate it.
authDictionary.TryGetValue("tk", out token);
var principals = await this.sessionTokenManager.ValidateToken(token);
// Before returning the principals, we must validate them
AppPrincipal appPrincipal = null;
UserPrincipal userPrincipal = null;
foreach (var p in principals)
{
if (p is AppPrincipal)
{
appPrincipal = p as AppPrincipal;
}
else
{
userPrincipal = p as UserPrincipal;
}
}
// Fire the validation tasks in parallel
var task1 = this.ValidateAppKey(appPrincipal.AppKey);
var task2 = this.ValidateUserPrincipal(userPrincipal, appPrincipal.AppHandle);
await Task.WhenAll(task1, task2);
// Is app key valid?
if (task1.Result == false)
{
string errorMessage = $"Invalid AppKey. AppPrincipal={appPrincipal.ToString()}";
this.Log.LogException(errorMessage);
}
// Is user principal valid?
if (task2.Result == false)
{
string errorMessage = $"Invalid UserPrincipal. UserPrincipal={userPrincipal.ToString()}, AppHandle={appPrincipal.AppHandle}";
this.Log.LogException(errorMessage);
}
return(principals);
}
/// <summary>
/// Commits the current data context to the store.
/// </summary>
async Task <object> ISaveable.SaveAsync(AppPrincipal contextUser)
{
object result = null;
PrepareChangedCollections();
result = await this.Data.SaveChangesAsync();
if (_validator != null && _validator.CanAudit)
{
_validator.Audit(contextUser, this.AppContext, this);
}
return(result);
}
/// <summary>
/// Initializes a new instance of the <see cref="MyLinkedAccountsController"/> class
/// </summary>
/// <param name="managersContext">managers context</param>
/// <param name="principalsContext">principals context</param>
public MyLinkedAccountsController(ManagersContext managersContext, PrincipalsContext principalsContext)
: base(
managersContext.Log,
managersContext.IdentitiesManager,
managersContext.UsersManager,
managersContext.AppsManager,
managersContext.ViewsManager,
managersContext.SessionTokenManager)
{
this.appPrincipal = principalsContext.AppPrincipal;
this.userPrincipal = principalsContext.UserPrincipal;
this.guid = Guid.NewGuid();
this.handleGenerator = managersContext.HandleGenerator;
this.log = managersContext.Log;
}
/// <summary>
/// Initializes a new instance of the <see cref="TopicsController"/> class
/// </summary>
/// <param name="managersContext">managers context</param>
/// <param name="principalsContext">principals context</param>
public TopicsController(ManagersContext managersContext, PrincipalsContext principalsContext)
: base(
managersContext.Log,
managersContext.UsersManager,
managersContext.TopicsManager,
managersContext.AppsManager,
managersContext.PopularTopicsManager,
managersContext.ViewsManager,
managersContext.TopicNamesManager,
managersContext.HandleGenerator)
{
this.appPrincipal = principalsContext.AppPrincipal;
this.userPrincipal = principalsContext.UserPrincipal;
this.guid = Guid.NewGuid();
}
/// <summary>
/// Check changed entities and assert authorizations.
/// </summary>
public void AssertAuthorizations(AppPrincipal contextPrincipal, AppContextBase appContext, T dataContext)
{
foreach (Authorization authorization in this.Authorizations)
{
foreach (object entity in dataContext.GetChanges(authorization.Type))
{
appContext.AssertAuthorization(authorization.Authorize(contextPrincipal, appContext, dataContext.Data, entity));
}
}
foreach (Type type in this.ReadOnlyTypes)
{
appContext.AssertAuthorization(!dataContext.GetChanges(type).Any());
}
}
/// <summary>
/// Audit changes in the specified entity framework context.
/// </summary>
public void Audit(AppPrincipal contextPrincipal, AppContextBase appContext, T dataContext)
{
try
{
ItemIdentifier userIdentifier = new ItemIdentifier(contextPrincipal.UserInfo.Id, contextPrincipal.UserInfo.Oid, contextPrincipal.UserInfo.UserName);
appContext.AuditLogger.LogActions(AppAuditAction.Delete, 0, userIdentifier, this.AuditTypes, dataContext.GetLastDeleted(), null);
appContext.AuditLogger.LogActions(AppAuditAction.Add, 0, userIdentifier, this.AuditTypes, dataContext.GetLastAdded(), null);
appContext.AuditLogger.LogActions(AppAuditAction.Modify, 0, userIdentifier, this.AuditTypes, dataContext.GetLastModified(), null);
}
catch (Exception ex)
{
appContext.ErrorLogger.LogError(ex, "Could not complete logging of audit actions.", 0, 0, contextPrincipal.UserInfo.Id, contextPrincipal.UserInfo.Oid, contextPrincipal.UserInfo.UserName);
throw;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="MyFollowingController"/> class
/// </summary>
/// <param name="managersContext">managers context</param>
/// <param name="principalsContext">principals context</param>
/// <param name="authHeader">authentication header</param>
public MyFollowingController(ManagersContext managersContext, PrincipalsContext principalsContext, string authHeader)
: base(
managersContext.Log,
managersContext.RelationshipsManager,
managersContext.UsersManager,
managersContext.TopicsManager,
managersContext.ActivitiesManager,
managersContext.ViewsManager,
managersContext.AuthManager,
managersContext.HandleGenerator)
{
this.appPrincipal = principalsContext.AppPrincipal;
this.userPrincipal = principalsContext.UserPrincipal;
this.guid = Guid.NewGuid();
this.authHeader = authHeader;
}
/// <summary>
/// Creates an authentication ticket with the specified properties
/// </summary>
/// <param name="keepLoggedIn">Keep the user logged in</param>
/// <param name="userId">User ID</param>
/// <param name="userName">User name</param>
/// <param name="isServiceUser">Is this user a service user?</param>
/// <param name="subscriptionId">Optional subscription ID</param>
/// <param name="isSubscriptionOwner">Is this user a subscription owner?</param>
public void CreateAuthenticationTicket(bool keepLoggedIn, Guid userId, string userName, bool isServiceUser,
int?subscriptionId, bool isSubscriptionOwner)
{
var appPrincipal = new AppPrincipal(userId, userName, isServiceUser, subscriptionId, isSubscriptionOwner,
null);
var jsonTicket = appPrincipal.Serialize();
var authTicket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddHours(24), true, jsonTicket);
var encTicket = FormsAuthentication.Encrypt(authTicket);
var faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
if (keepLoggedIn)
{
faCookie.Expires = DateTime.Now.AddDays(14);
}
Response.Cookies.Add(faCookie);
}
public void ShouldGetDifferentImplementationFromResolveContextForUser()
{
// this test is functionally identical to the one in DelegateExamples.cs,
// it's just done with an expression, and therefore the format of the code block
// used for the IUserActionsService is different because the compiler can only
// translate expression lambdas.
IIdentity identity = new AppIdentity();
// three principals, one for each role
var adminPrincipal = new AppPrincipal(identity, new[] { "Admin" });
var salesPrincipal = new AppPrincipal(identity, new[] { "Sales" });
var customerPrincipal = new AppPrincipal(identity, new[] { "Customer" });
var container = new Container();
container.RegisterType <AdminActionsService>();
container.RegisterType <SalesActionsService>();
container.RegisterType <CustomerActionsService>();
container.RegisterType <UserControlPanel>();
// register expression to read the CurrentPrincipal property, to make it dynamic
container.RegisterExpression(() => CurrentPrincipal);
// now register the expression for the IUserActionsService, which does the
// role sniffing over the principal as one expression
container.RegisterExpression((IPrincipal p, ResolveContext rc) =>
p.IsInRole("Customer") ?
rc.Resolve <CustomerActionsService>() :
p.IsInRole("Sales") ?
rc.Resolve <SalesActionsService>() :
p.IsInRole("Admin") ?
rc.Resolve <AdminActionsService>() :
(IUserActionsService)null);
// set the principal, and resolve
CurrentPrincipal = adminPrincipal;
var result1 = container.Resolve <UserControlPanel>();
// now swap principals
CurrentPrincipal = salesPrincipal;
var result2 = container.Resolve <UserControlPanel>();
// and again
CurrentPrincipal = customerPrincipal;
var result3 = container.Resolve <UserControlPanel>();
Assert.IsType <AdminActionsService>(result1.ActionsService);
Assert.IsType <SalesActionsService>(result2.ActionsService);
Assert.IsType <CustomerActionsService>(result3.ActionsService);
}
protected override Task InitializeCoreAsync()
{
if (Request.User?.Identity is ClaimsIdentity)
{
var appPrincipal = new AppPrincipal(Request.User.Identity);
var ticket = GetAuthenticationTicket();
if (ticket?.Identity != null)
{
var userWrap = new CurrentUserWrap
{
LoginIp = ticket.Properties.Dictionary[LoginIp],
LoginTime = Convert.ToDateTime(ticket.Properties.Dictionary[LoginTime]),
ClaimsPrincipal = appPrincipal
};
appPrincipal.Identity.UserInfo = userWrap;
}
Request.User = appPrincipal;
Thread.CurrentPrincipal = appPrincipal;
}
return(Task.FromResult <object>(null));
}
public async Task <AppPrincipal> CreatePrincipal(IKeyValueSettings settings, Messages messages, object parameter = null)
{
Identity = new ClaimsIdentity("OAuth2Bearer", System.Security.Claims.ClaimTypes.Upn, ClaimsIdentity.DefaultRoleClaimType);
if (null == settings)
{
throw new ArgumentNullException(nameof(settings));
}
if (null == messages)
{
throw new ArgumentNullException(nameof(messages));
}
/// when we have no internet connectivity may be we have claims in cache.
if (NetworkStatus.None == NetworkInformation.Status)
{
// In a scenario where the claims cached are always for one user like a UI, the identity is not used => so retrieving the claims in the cache is possible!
var identity = new ClaimsIdentity();
cachedClaims = GetClaimsFromCache(identity);
Identity.AddClaims(cachedClaims.Select(p => new Claim(p.ClaimType, p.Value)));
messages.Add(new Message(ServiceModel.MessageCategory.Technical, ServiceModel.MessageType.Information, "Create the principal from the cache due to no network connectivity."));
}
else
{
await BuildTheIdentity(settings, messages, parameter);
}
var authorization = BuildAuthorization(settings, messages);
var user = BuildProfile(settings, messages);
var principal = new AppPrincipal(authorization, Identity, null)
{
Profile = user
};
ApplicationContext.SetPrincipal(principal);
return(principal);
}
/// <summary>
/// Construct the principals context from an app key only. A user principal will be constructed by default
/// </summary>
/// <param name="managersContext">managers context</param>
/// <param name="appKey">app key</param>
/// <param name="identityProviderType">identity provider type (defaults to Twitter)</param>
/// <param name="userPrincipal">user principal</param>
/// <returns>A <see cref="Task"/> representing the asynchronous operation.</returns>
public static async Task <PrincipalsContext> ConstructPrincipalsContext(ManagersContext managersContext, string appKey, IdentityProviderType identityProviderType = IdentityProviderType.Twitter, UserPrincipal userPrincipal = null)
{
// Read app profile
var appLookupEntity = await managersContext.AppsManager.ReadAppByAppKey(appKey);
if (appLookupEntity == null)
{
throw new InvalidOperationException("No app key found in our tables.");
}
// App principal is ready to be created
var appPrincipal = new AppPrincipal(appLookupEntity.AppHandle, appKey);
// Create user principal if the one passed in is null.
if (userPrincipal == null)
{
string userHandle = managersContext.HandleGenerator.GenerateShortHandle();
string accountId = managersContext.HandleGenerator.GenerateShortHandle();
userPrincipal = new UserPrincipal(managersContext.Log, userHandle, identityProviderType, accountId);
}
return(new PrincipalsContext(appPrincipal, userPrincipal));
}
public async Task RefreshIdentity(AppPrincipal principal, bool reloadClaims = false)
{
ClaimsIdentity identity = null;
var isPersistent = principal.IsPersistent;
if (reloadClaims)
{
var adminUser = await _userManager.FindByIdAsync(principal.Id);
if (adminUser != null)
{
identity = await adminUser.GenerateUserIdentityAsync(
_userManager,
isPersistentState : isPersistent,
screenLockedState : false
);
}
}
else
{
identity = principal.Identity as ClaimsIdentity;
}
if (identity == null)
{
throw new Exception("The provided principal has an invalid identity.", new Exception(nameof(RefreshIdentity)));
}
AuthenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant(
identity,
new AuthenticationProperties {
IsPersistent = isPersistent
}
);
}
public async Task Invoke(HttpContext context)
{
// Get the scoped instance of the container!
IContainerResolve container = (IContainerResolve)context.RequestServices.GetService(typeof(IContainerResolve));
var logger = container.Resolve <ILogger <ClaimsPrincipalMiddleware> >();
try
{
// if we have some part of the site not in MVC (like swagger) and we need to force
// authentication. We can add the start of the path to check and in this case we force a login!
if (null != context.User && !context.User.Identity.IsAuthenticated)
{
if (_option.OpenIdOptions.ForceAuthenticationForPaths.Any(r =>
{
return(r.Last().Equals('*') ?
context.Request.Path.Value.StartsWith(r.Remove(r.Length - 1), StringComparison.InvariantCultureIgnoreCase)
:
context.Request.Path.Value.Equals(r, StringComparison.InvariantCultureIgnoreCase));
}))
{
logger.Technical().System("Force an OpenId connection.").Log();
var cleanUri = new Uri(new Uri(context.Request.GetEncodedUrl()).GetLeftPart(UriPartial.Path));
if (Uri.TryCreate(_option.RedirectAuthority, UriKind.Absolute, out var authority))
{
cleanUri = new Uri(authority, cleanUri.AbsolutePath);
}
var properties = new AuthenticationProperties()
{
RedirectUri = cleanUri.ToString()
};
await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
return;
}
}
if (null != context.User && context.User.Identity.IsAuthenticated)
{
logger.Technical().System("Create the principal.").Log();
// Add Telemetry.
using (var activity = _activitySource?.StartActivity("Create Arc4u Principal", ActivityKind.Producer))
{
// As the extension point can use some ITokenProvider based on the user.
// A dummy Principal is created based on the context identity!
// Must be registered as Scoped!
if (container.TryResolve <IApplicationContext>(out var applicationContext))
{
applicationContext.SetPrincipal(new AppPrincipal(new Authorization(), context.User.Identity, "S-1-0-0"));
}
// Load Claims from an external source if necessary!
if (_option.ClaimsFillerOptions.LoadClaimsFromClaimsFillerProvider)
{
await LoadExtraClaimsAsync(context, container, logger);
}
// Build an AppPrincipal.
AppPrincipal principal = null;
var profileFiller = container.Resolve <IClaimProfileFiller>();
var authorizationFiller = container.Resolve <IClaimAuthorizationFiller>();
var authorization = authorizationFiller.GetAuthorization(context.User.Identity);
var profile = profileFiller.GetProfile(context.User.Identity);
principal = new AppPrincipal(authorization, context.User.Identity, profile.Sid)
{
Profile = profile
};
// Check if we have an ActivityID.
var activityIdHeader = context.Request?.Headers?.FirstOrDefault(h => h.Key.Equals("activityid", StringComparison.InvariantCultureIgnoreCase));
if (null == activityIdHeader || !activityIdHeader.HasValue || String.IsNullOrWhiteSpace(activityIdHeader.Value.Key) || StringValues.Empty == activityIdHeader.Value || activityIdHeader.Value.Value.Count == 0)
{
principal.ActivityID = Guid.NewGuid();
}
else
{
Guid activityId = Guid.Empty;
if (Guid.TryParse(activityIdHeader.Value.Value[0], out activityId) && activityId != Guid.Empty)
{
logger.Technical().Information($"Set the activity to the principal based on the caller information: {activityId}.").Log();
}
else
{
logger.Technical().Information($"The activity id given by the caller is not a valid Guid. A new one has been assigned.").Log();
activityId = Guid.NewGuid();
}
principal.ActivityID = activityId;
}
activity?.AddTag(LoggingConstants.ActivityId, principal.ActivityID);
// Check for a culture.
var cultureHeader = context.Request?.Headers?.FirstOrDefault(h => h.Key.Equals("culture", StringComparison.InvariantCultureIgnoreCase));
if (null != cultureHeader && cultureHeader.HasValue && StringValues.Empty != activityIdHeader.Value && cultureHeader.Value.Value.Count > 0)
{
try
{
principal.Profile.CurrentCulture = new CultureInfo(cultureHeader.Value.Value[0]);
}
catch (Exception ex)
{
logger.Technical().Exception(ex).Log();
}
}
logger.Technical().System("Set AppPrincipal to the HttpContext.User.").Log();
context.User = principal;
if (null != applicationContext)
{
logger.Technical().System("Set AppPrincipal to the ApplicationContext.").Log();
applicationContext.SetPrincipal(principal);
}
}
}
}
catch (Exception ex)
{
logger.Technical().Exception(ex).Log();
}
await _next(context);
}
private Container ConfigureDependencyInjectionContainer(IAppBuilder appBuilder)
{
var container = GetContainer();
var domainAssemblies = GetKnownDomainAssemblies();
//
container.Register <AppUserStore>();
container.Register <AppUserManager>();
container.Register <AppSignInManager>();
container.Register(() => appBuilder.GetDataProtectionProvider());
container.Register(() =>
{
if (AdvancedExtensions.IsVerifying(container) || HttpContext.Current == null)
{
return(new OwinContext().Authentication);
}
return(HttpContext.Current.GetOwinContext().Authentication);
});
//
var cloudName = AppSettings.Cloudinary.CloudName;
var cloudApiKey = AppSettings.Cloudinary.CloudApiKey;
var cloudApiSecret = AppSettings.Cloudinary.CloudApiSecret;
var azureBlobsConnection = AppSettings.Azure.BlobsConnection;
var azureBlobsDefaultContainer = AppSettings.Azure.BlobsDefaultContainer;
var fileSystemStorageFolder = AppSettings.FileSystem.StorageFolder;
var activeStorageService = AppSettings.ActiveStorageService;
var cloudinaryStorage = Lifestyle.Singleton.CreateRegistration <IBlobStorageService>(
() => new CloudinaryStorageService(cloudName, cloudApiKey, cloudApiSecret), container);
var azureBlobsStorage = Lifestyle.Singleton.CreateRegistration <IAzureStorageService>(
() => new AzureStorageService(azureBlobsConnection, azureBlobsDefaultContainer), container);
var fileSystemStorage = Lifestyle.Singleton.CreateRegistration <IBlobStorageService>(
() => new FileSystemStorageService(fileSystemStorageFolder), container);
container.RegisterConditional(typeof(IBlobStorageService), cloudinaryStorage, context => "cloudinary".Equals(activeStorageService));
container.RegisterConditional(typeof(IBlobStorageService), azureBlobsStorage, context => "azurestorage".Equals(activeStorageService));
container.RegisterConditional(typeof(IBlobStorageService), fileSystemStorage, context => !context.Handled); // Defaults to filesystem
var cloudinaryThumbService = Lifestyle.Singleton.CreateRegistration <ICloudinaryThumbService>(
() => new CloudinaryThumbService(cloudName), container);
var imageResizerThumbService = Lifestyle.Singleton.CreateRegistration <IImageResizerThumbService>(
() => new ImageResizerThumbService(), container);
container.RegisterConditional(typeof(IBlobThumbService), cloudinaryThumbService, context => "cloudinary".Equals(activeStorageService));
container.RegisterConditional(typeof(IBlobThumbService), imageResizerThumbService, context => !context.Handled); // Defaults to image resizer
//
var connectionString = WebConfigurationManager.ConnectionStrings["SqlServerConnection"].ConnectionString;
container.Register <IDbConnectionFactory>(() => new SqlConnectionFactory(connectionString));
container.Register <IBlobsRepository, BlobsRepository>();
container.Register <ILogsRepository, LogsRepository>();
container.Register <IIdentityRepository, IdentityRepository>();
container.Register <IUsersRepository, UsersRepository>();
//
var mailGunApiKey = AppSettings.MailGun.ApiKey;
var mailGunDomainName = AppSettings.MailGun.DomainName;
var defaultFromAddress = new MailAddress(
AppSettings.Emails.DefaultEmailFromAddress,
AppSettings.Emails.DefaultEmailFromDisplayName
);
var activeEmailDispatcherService = AppSettings.ActiveEmailDispatcherService;
var mailGunDispatcherService = container.Options.DefaultLifestyle.CreateRegistration <IMailGunApiEmailDispatcherService>(
() => new MailGunApiEmailDispatcherService(mailGunApiKey, mailGunDomainName, defaultFromAddress), container);
var netSmtpDispatcherService = container.Options.DefaultLifestyle.CreateRegistration <ISystemNetSmtpEmailDispatcherService>(
() => new SystemNetSmtpEmailDispatcherService(defaultFromAddress), container);
container.RegisterConditional(typeof(IEmailDispatcherService), mailGunDispatcherService, context => "mailgun".Equals(activeEmailDispatcherService));
container.RegisterConditional(typeof(IEmailDispatcherService), netSmtpDispatcherService, context => !context.Handled); // Default
//
container.RegisterSingleton(() => new BlobServiceConfigs()
{
DefaultThumbBackgroundHexColor = AppSettings.Blobs.DefaultThumbBackgroundHexColor,
DefaultThumbForegroundHexColor = AppSettings.Blobs.DefaultThumbForegroundHexColor
});
container.Register <IBlobService, BlobService>();
container.Register <IGlobalizationService, GlobalizationService>();
container.Register <IRealtimeService, RealtimeService>();
//
container.Register(typeof(IValidator <>), domainAssemblies);
container.Register <ISessionContext>(() =>
{
if (AdvancedExtensions.IsVerifying(container) || HttpContext.Current == null)
{
return(UserSessionContext.Null);
}
var currentPrincipal = new AppPrincipal(HttpContext.Current.User);
return(new UserSessionContext(
userId: currentPrincipal.Id
));
});
//
container.Register <IPasswordHasher, PasswordHasher>();
//
container.RegisterSingleton <ILogger>(() =>
{
var logger = new LoggerConfiguration();
var loggerFilePath = Path.Combine(
AppDomain.CurrentDomain.BaseDirectory,
AppSettings.Logger.StorageFolder.Trim('~').Trim('\\', '/').Replace("/", "\\"),
"log_.txt"
);
logger = logger.Enrich.With <SerilogActivityIdEnricher>();
logger = logger.WriteTo.Async((log) => log.File(
new SerilogTextFormatter(),
loggerFilePath,
rollingInterval: RollingInterval.Day,
shared: true
));
logger = logger.WriteTo.Async((log) => log.MSSqlServer(
connectionString,
tableName: "Logs",
autoCreateSqlTable: true
));
return(logger.CreateLogger());
});
//
container.Register <DatabusHub>();
//
container.Verify();
return(container);
}
private void SetupApplicationRuntime(IAppBuilder appBuilder, Container container)
{
//
appBuilder.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = AppSettings.Auth.CookieName,
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString(AppSettings.Auth.LogInPath),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <AppUserManager, AppUserEntity, int>(
validateInterval: TimeSpan.FromMinutes(0),
regenerateIdentityCallback: (manager, user) =>
{
var currentPricipal = HttpContext.Current.User;
var currentAdminPrincipal = new AppPrincipal(currentPricipal);
var currentIsPersistentState = currentAdminPrincipal.IsPersistent;
var currentScreenLockState = currentAdminPrincipal.ScreenLocked;
return(user.GenerateUserIdentityAsync(
manager,
isPersistentState: currentIsPersistentState,
screenLockedState: currentScreenLockState
));
},
getUserIdCallback: (user) =>
{
return(user.GetUserId <int>());
}
)
}
});
//
var imageResizerBlobsInfraPlugin = new ImageResizerThumbPlugin(
blobService: container.GetInstance <IBlobStorageService>()
);
imageResizerBlobsInfraPlugin.Install(ImageResizer.Configuration.Config.Current);
//
ValidatorOptions.LanguageManager = new ValidationLanguageManager();
FluentValidationModelValidatorProvider.Configure(config =>
{
config.ValidatorFactory = new SimpleInjectorValidatorFactory(container);
});
//
DependencyResolver.SetResolver(
new SimpleInjectorDependencyResolver(container)
);
//
var serializer = JsonSerializer.Create(new SharedJsonSettings()
{
ContractResolver = new SignalRCamelCaseJsonResolver()
});
//
GlobalHost.DependencyResolver.Register(typeof(JsonSerializer), () => serializer);
GlobalHost.DependencyResolver.Register(typeof(IUserIdProvider), () => new UserIdProvider());
GlobalHost.DependencyResolver.Register(typeof(IHubActivator), () => new HubsActivator());
//
appBuilder.MapSignalR();
}
