private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, await user.GenerateUserIdentityAsync(UserManager)); }
public async Task SignInAsync(ApplicationUser user, bool isPersistent, bool rememberBrowser) { // Clear any partial cookies from external or two factor partial sign ins AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie); var userIdentity = await user.GenerateUserIdentityAsync(UserManager); if (rememberBrowser) { var rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(user.Id); AuthenticationManager.SignIn( new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity, rememberBrowserIdentity); } else { AuthenticationManager.SignIn( new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity); } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); ApplicationUser user = new ApplicationUser { Email = "*****@*****.**", PasswordHash = "password" }; ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } else { var DB = new BugTrackerEntities(); var appUser = DB.Users.Where(a => a.Id == user.UserId).FirstOrDefault(); if (appUser != null && appUser.IsDeleted) { context.SetError("invalid_grant", "This account is removed or has no access to the system."); return; } } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName, user.UserId); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = context.OwinContext.Get <string>(Startup.ClientAllowedOriginPropertyName); if (string.IsNullOrWhiteSpace(allowedOrigin)) { allowedOrigin = "*"; // NOTE: CORS 관련 정책 변경 시 수정 } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.Rejected(); context.SetError("invalid_grant", "The username or password is incorrect."); return; } if (!user.EmailConfirmed) { context.Rejected(); context.SetError("invalid_grant", "User did not confirm email."); return; } // NOTE: user locking 정책 변경 시 로직 추가 ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT"); // 확장클레임 추가 부분 oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); oAuthIdentity.AddClaim(new Claim("sub", context.UserName)); // NOTE: Role 추가 여부 결정 var props = new AuthenticationProperties(new Dictionary <string, string> { { Startup.ClientPropertyName, (context.ClientId == null) ? string.Empty:context.ClientId }, //{ "userName", context.UserName } }); var ticket = new AuthenticationTicket(oAuthIdentity, props); context.Validated(ticket); }
private async Task SignInAsync(ApplicationUser user, bool isPersistent) { var clientKey = Request.Browser.Type; await UserManager.SignInClientAsync(user, clientKey); // Zerando contador de logins errados. await UserManager.ResetAccessFailedCountAsync(user.Id); // Coletando Claims externos (se houver) ClaimsIdentity ext = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie); AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie, DefaultAuthenticationTypes.ApplicationCookie); AuthenticationManager.SignIn ( new AuthenticationProperties { IsPersistent = isPersistent }, // Criação da instancia do Identity e atribuição dos Claims await user.GenerateUserIdentityAsync(UserManager, ext) ); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); if (allowedOrigin == null) { allowedOrigin = "*"; } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); AuthRepository _repo = new AuthRepository(); ApplicationUser user = await _repo.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } //var identity = new ClaimsIdentity(context.Options.AuthenticationType); var identity = await user.GenerateUserIdentityAsync(_repo._userManager, "JWT"); identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); var props = new AuthenticationProperties(new Dictionary <string, string> { { "client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket = new AuthenticationTicket(identity, props); context.Validated(ticket); }
public async Task SignInAsync(ApplicationUser user, bool isPersistent, bool rememberBrowser) { // Clear any partial cookies from external or two factor partial sign ins AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie); var userIdentity = await user.GenerateUserIdentityAsync(UserManager); if (rememberBrowser) { var rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(user.Id); AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity, rememberBrowserIdentity); } else { AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity); } }
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return(View(model)); } //ApplicationUser user = await UserManager.FindAsync(model.UserName, model.Password); //ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager); //var claimsPrincipal = new ClaimsPrincipal(oAuthIdentity); //// Set current principal //Thread.CurrentPrincipal = claimsPrincipal; // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, change to shouldLockout: true var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout : false); switch (result) { case SignInStatus.Success: ApplicationUser user = await UserManager.FindAsync(model.UserName, model.Password); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager); var claimsPrincipal = new ClaimsPrincipal(oAuthIdentity); // Set current principal Thread.CurrentPrincipal = claimsPrincipal; return(RedirectToLocal(returnUrl)); case SignInStatus.LockedOut: return(View("Lockout")); case SignInStatus.RequiresVerification: return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe })); case SignInStatus.Failure: default: ModelState.AddModelError("", "Invalid login attempt."); return(View(model)); } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "Имя пользователя или пароль указаны неправильно."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); List <Claim> roles = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).ToList(); // Сериализация существующих ролей пользователя в строку JSON AuthenticationProperties properties = CreateProperties(user.UserName, Newtonsoft.Json.JsonConvert.SerializeObject(roles.Select(x => x.Value))); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); }
private async Task SignInAsync(ApplicationUser user, bool isPersistent) { var clientKey = Request.Browser.Type; await UserManager.SignInClientAsync(user, clientKey); AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie); AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, await user.GenerateUserIdentityAsync(UserManager)); }
public async Task <IHttpActionResult> RegisterExternal() { var info = await Authentication.GetExternalLoginInfoAsync(); if (info == null) { return(InternalServerError()); } string firstName; string lastName; string gender; if (info.Login.LoginProvider == "Google") { var externalIdentity = Authentication.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie); lastName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Surname).Value; firstName = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.GivenName).Value; // birthday = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.DateOfBirth).Value; gender = "male"; } else { var accessToken = Authentication.GetExternalIdentity(DefaultAuthenticationTypes.ExternalCookie).FindFirstValue("FacebookAccessToken"); var fb = new FacebookClient(accessToken); // dynamic aaa = fb.Get("/me"); dynamic myInfo = fb.Get("/me?fields=id,email,first_name,last_name,gender"); lastName = myInfo["last_name"]; firstName = myInfo["first_name"]; gender = myInfo["gender"]; } Gender _gender = Gender.MALE; if (gender.Equals("female")) { _gender = Gender.FEMALE; } var userExtend = new Model.Model.UserExtend(); var user = new ApplicationUser() { UserName = info.Email, Email = info.Email, FirstName = firstName, LastName = lastName, User = userExtend, EmailConfirmed = true, Birthday = null, Gender = _gender }; try { IdentityResult result = await UserManager.CreateAsync(user); if (!result.Succeeded) { return(GetErrorResult(result)); } result = await UserManager.AddLoginAsync(user.Id, info.Login); if (!result.Succeeded) { return(GetErrorResult(result)); } result = await UserManager.AddToRoleAsync(user.Id, "User"); if (!result.Succeeded) { return(GetErrorResult(result)); } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager, CookieAuthenticationDefaults.AuthenticationType); var role = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).FirstOrDefault().Value; var userId = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).FirstOrDefault().Value; AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName, role, userId); Authentication.SignIn(properties, oAuthIdentity, cookieIdentity); return(Ok(properties.Dictionary)); } catch (Exception) { return(BadRequest()); } }
private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); var identity = await user.GenerateUserIdentityAsync(UserManager); identity.AddClaim(new Claim("FirstName", user.FirstName)); identity.AddClaim(new Claim("LastName", user.LastName)); AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, identity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { try { UnitOfWork unitOfWork = new UnitOfWork(); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } var roles = userManager.GetRoles(user.Id); var scope = context.Scope.ToList(); var str = context.Scope[0]; var customerId = Convert.ToInt32(!str.Contains("*")?str:str.Split('*')[0]); var app = !str.Contains("*")?"x": str.Split('*')[1]; if (app == "ap") { var ap_roles = roles.Where(q => q == "Admin" || q == "User").ToList(); if (ap_roles.Count == 0) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } } var employee = await unitOfWork.PersonRepository.GetViewEmployeesByUserId(user.Id, customerId); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "user")); oAuthIdentity.AddClaim(new Claim("sub", context.UserName)); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "Vahid")); AuthenticationProperties properties = CreateProperties(user.UserName, (context.ClientId == null) ? string.Empty : context.ClientId); if (employee != null) { properties.Dictionary.Add("Name", employee.Name); properties.Dictionary.Add("UserId", employee.PersonId.ToString()); properties.Dictionary.Add("EmployeeId", employee.Id.ToString()); properties.Dictionary.Add("Roles", string.Join(",", roles)); } //if (employees.Count > 0) // { // var customers =string.Join("_", employees.Select(q => q.CustomerId).Distinct().ToArray()); // var name = employees.First().Name; // } // properties.Dictionary.Add("Name", "Vahid Moghaddam"); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } catch (Exception ex) { int i = 0; } }
private async Task SignInAsync(ApplicationUser user) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); AuthenticationManager.SignIn(await user.GenerateUserIdentityAsync(UserManager, DefaultAuthenticationTypes.ApplicationCookie)); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); if (allowedOrigin == null) { allowedOrigin = "*"; } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); if (context.Password == ResourceStrings.DefaultPassword) { context.SetError("invalid_grant", ResourceStrings.ChangeDefaultPassword); return; } ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } var claims = new List <Claim>() { new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.Sid, user.Id) }; StringBuilder roles = new StringBuilder(); // add all roles to the claim //foreach (string role in await _aspNetUserRolesRepository.GetUsersRoles(user.Id, true)) //{ // claims.Add(new Claim(ClaimTypes.Role, role)); // roles.Append("," + role); //} //add new properties here. var properties = new AuthenticationProperties(new Dictionary <string, string> { { "email", user.UserName }, { "userId", user.Id } }); //add all priviliges to the claim foreach (var item in await userManager.GetClaimsAsync(user.Id)) { claims.Add(new Claim("Privilege", item.Value)); } // add OrganisationId to the claim ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); oAuthIdentity.AddClaims(claims); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); // context.Request.Context.Authentication.SignIn(cookiesIdentity); }
/// <summary> /// First - NovellProvider, then OAuth Provider /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); try { NovellUser novelleDirectoryUser = novell.Connect(context.UserName.Trim(), context.Password.Trim()); ApplicationUser applicationUser = userManager.Find(context.UserName.Trim(), context.Password.Trim()); //Особенности нашего обращения с Novell, ничего не попишешь if (applicationUser == null) { //на случай, если пароль поменяли applicationUser = await ChangePassword(context.UserName.Trim(), context.Password.Trim(), userManager); } if (applicationUser == null) { //если человек есть в Novell eDirectory, но нет в AspNetUSers applicationUser = CreateUser(context.UserName.Trim(), context.Password.Trim(), novelleDirectoryUser, userManager); } if (!novelleDirectoryUser.IsAlien) { NovellGroupWisePostOfficeConnection postOfficeConnection = novellGroupWise.Connect(context.UserName.Trim(), context.Password.Trim()); applicationUser.PostOfficeAddress = postOfficeConnection.PostOffice; applicationUser.GroupWiseSessionId = postOfficeConnection.SessionId; } ClaimsIdentity oAuthIdentity = await applicationUser.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await applicationUser.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(applicationUser.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } catch (NovellGroupWiseException ngwe) { context.SetError("invalid_grant", "Username or password is incorrect"); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); } catch (NovelleDirectoryException nede) { //если человека нет в Novell - это и только это показатель того, что его никуда не надо пускать context.SetError("invalid_grant", "Username or password is incorrect"); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); return; } catch (FailedDatabaseConnectionException fdce) { context.SetError("invalid_grant", fdce.Message); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); } catch (Exception e) { context.SetError("invalid_grant", e.Message); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); } }
//ati login public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { try { UnitOfWork unitOfWork = new UnitOfWork(); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } var roles = userManager.GetRoles(user.Id).First(); var scope = context.Scope.ToList(); var customerId = Convert.ToInt32(context.Scope[0]); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); if (roles == "Company") { oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "Company")); } else if (roles == "User") { oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "nuser")); } else { oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "user")); } oAuthIdentity.AddClaim(new Claim("sub", context.UserName)); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "Vahid")); AuthenticationProperties properties = CreateProperties(user.UserName, (context.ClientId == null) ? string.Empty : context.ClientId); if (roles == "Company") { var company = await unitOfWork.CompanyRepository.GetViewCompanyByEmail(context.UserName); if (company != null) { properties.Dictionary.Add("Name", company.Name); properties.Dictionary.Add("UserId", company.Id.ToString()); properties.Dictionary.Add("Image", string.IsNullOrEmpty(company.ImageUrl) ?"": company.ImageUrl.ToString()); properties.Dictionary.Add("Role", "Company"); // properties.Dictionary.Add("EmployeeId", employee.Id.ToString()); } } else { ViewPerson person = await unitOfWork.PersonRepository.GetViewPersonByUserId(user.Id); if (person != null) { properties.Dictionary.Add("Name", person.Name); properties.Dictionary.Add("UserId", person.Id.ToString()); properties.Dictionary.Add("Image", person.ImageUrl.ToString()); properties.Dictionary.Add("Role", roles != "User"? "Person":"User"); // properties.Dictionary.Add("EmployeeId", employee.Id.ToString()); } } AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } catch (Exception ex) { int i = 0; } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { IOwinRequest req = context.Request; IOwinResponse res = context.Response; //Add this Response header as just enabling the Wev API Cors wont enable it for this provider request //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "http://localhost:8267" }); //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" }); //var origin = req.Headers.Get("Origin"); //if (!string.IsNullOrEmpty(origin)) //{ // // allow the cross-site requests // if (!string.IsNullOrEmpty(origin)) // { // //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "http://localhost:8267" }); // res.Headers.Set("Access-Control-Allow-Origin", origin); // } // //if (string.IsNullOrEmpty(res.Headers.Get("Access-Control-Allow-Credentials"))) // //{ // // //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" }); // // res.Headers.Set("Access-Control-Allow-Credentials", "true"); // //} //} //// if this is pre-flight request //if (req.Method == "OPTIONS") //{ // //res.Headers.Add("Access-Control-Allow-Headers", new[] { "Content-Type", "X-CSRF-Token", "X-Requested-With", "Accept", "Accept-Version", "Content-Length", "Content-MD5", "Date", "X-Api-Version", "X-File-Name" }); // // respond immediately with allowed request methods and headers // res.StatusCode = 200; // res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST", "DELETE", "PUT", "PATCH", "OPTIONS"); // res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization", "content-type"); // if (string.IsNullOrEmpty(res.Headers.Get("Access-Control-Allow-Credentials"))) // { // res.Headers.Set("Access-Control-Allow-Credentials", "true"); // } //} var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin"); //if (allowedOrigin == null) allowedOrigin = "*"; //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "Tên đăng nhập hoặc mật khẩu không đúng"); return; } else if (user.LockoutEnabled == false && user.Deleted == true) { context.SetError("deleted", "Failed"); return; } else if (user.LockoutEnabled == true) { context.SetError("locked_out", "Failed"); return; } else { #region Customize VOffice.Model.UserDepartment userInfo = new Model.UserDepartment(); VOffice.Repository.DepartmentRepository departmentRepository = new Repository.DepartmentRepository(); userInfo = departmentRepository.GetUserMainOrganization(user.Id); #endregion Customize ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); string email = string.IsNullOrEmpty(user.Email) ? "" : user.Email; oAuthIdentity.AddClaim(new Claim("userId", user.Id)); oAuthIdentity.AddClaim(new Claim("fullName", userInfo.FullName)); oAuthIdentity.AddClaim(new Claim("firstName", userInfo.FirstName)); oAuthIdentity.AddClaim(new Claim("email", email)); oAuthIdentity.AddClaim(new Claim("username", user.UserName)); oAuthIdentity.AddClaim(new Claim("position", userInfo.Position)); oAuthIdentity.AddClaim(new Claim("staffCode", userInfo.StaffCode)); oAuthIdentity.AddClaim(new Claim("phoneNumber", userInfo.PhoneNumber != null ? userInfo.PhoneNumber.ToString() : string.Empty)); oAuthIdentity.AddClaim(new Claim("dateOfBirth", userInfo.DateOfBirth != null ? userInfo.DateOfBirth.Value.ToString("dd/MM/yyyy") : "")); oAuthIdentity.AddClaim(new Claim("gender", userInfo.Gender != null ? userInfo.Gender.Value.ToString() : "1")); oAuthIdentity.AddClaim(new Claim("avatar", userInfo.Avatar != null ? userInfo.Avatar.ToString() : string.Empty)); oAuthIdentity.AddClaim(new Claim("leader", userInfo.Leader != null ? userInfo.Leader.Value.ToString() : "false")); oAuthIdentity.AddClaim(new Claim("seniorLeader", userInfo.SeniorLeader != null ? userInfo.SeniorLeader.Value.ToString() : "false")); oAuthIdentity.AddClaim(new Claim("superLeader", userInfo.SuperLeader != null ? userInfo.SuperLeader.Value.ToString() : "false")); oAuthIdentity.AddClaim(new Claim("signedBy", userInfo.SignedBy != null ? userInfo.SignedBy.Value.ToString() : "false")); oAuthIdentity.AddClaim(new Claim("googleAccount", userInfo.GoogleAccount != null ? userInfo.GoogleAccount.ToString() : string.Empty)); oAuthIdentity.AddClaim(new Claim("departmentId", userInfo.DepartmentId.ToString())); oAuthIdentity.AddClaim(new Claim("parentDepartmentId", userInfo.RootDepartmentId.ToString())); oAuthIdentity.AddClaim(new Claim("office", userInfo.Office.ToString())); oAuthIdentity.AddClaim(new Claim("subDepartmentId", userInfo.SubDepartmentId.ToString())); oAuthIdentity.AddClaim(new Claim("ListSubDepartmentId", userInfo.ListSubDepartmentId)); oAuthIdentity.AddClaim(new Claim("departmentShortName", userInfo.DepartmentShortName != null ? userInfo.DepartmentShortName.ToString() : string.Empty)); oAuthIdentity.AddClaim(new Claim("departmentName", userInfo.DepartmentName != null ? userInfo.DepartmentName.ToString() : string.Empty)); //remove rolesClaim //var roleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>()); //var roles = roleManager.Roles.ToList(); //foreach (var role in roles) //{ // try // { // oAuthIdentity.RemoveClaim(new Claim(ClaimTypes.Role, role.Name)); // } // catch (Exception ex) // { } //} var currentRoles = await userManager.GetRolesAsync(user.Id); foreach (var item in currentRoles) { oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, item)); } ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); //AuthenticationProperties properties = CreateProperties(user.UserName); var properties = new AuthenticationProperties(new Dictionary <string, string> { { "userId", user.Id }, { "fullName", userInfo.FullName }, { "firstName", userInfo.FirstName }, { "email", email }, { "username", user.UserName }, { "position", userInfo.Position }, { "staffCode", userInfo.StaffCode }, { "phoneNumber", userInfo.PhoneNumber != null ? userInfo.PhoneNumber.ToString() : string.Empty }, { "dateOfBirth", userInfo.DateOfBirth != null ? userInfo.DateOfBirth.Value.ToString("dd/MM/yyyy") : "" }, { "gender", userInfo.Gender != null ? userInfo.Gender.Value.ToString() : "1" }, { "avatar", userInfo.Avatar != null ? userInfo.Avatar.ToString() : string.Empty }, { "leader", userInfo.Leader != null ? userInfo.Leader.Value.ToString() : "false" }, { "seniorLeader", userInfo.SeniorLeader != null ? userInfo.SeniorLeader.Value.ToString() : "false" }, { "superLeader", userInfo.SuperLeader != null ? userInfo.SuperLeader.Value.ToString() : "false" }, { "signedBy", userInfo.SignedBy != null ? userInfo.SignedBy.Value.ToString() : "false" }, { "googleAccount", userInfo.GoogleAccount != null ? userInfo.GoogleAccount.ToString() : string.Empty }, { "departmentId", userInfo.DepartmentId.ToString() }, { "parentDepartmentId", userInfo.RootDepartmentId.ToString() }, { "office", userInfo.Office.ToString() }, { "subDepartmentId", userInfo.SubDepartmentId.ToString() }, { "ListSubDepartmentId", userInfo.ListSubDepartmentId }, { "departmentShortName", userInfo.DepartmentShortName != null?userInfo.DepartmentShortName.ToString():string.Empty }, { "departmentName", userInfo.DepartmentName != null?userInfo.DepartmentName.ToString():string.Empty } }); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } }
private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); //var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); //identity.AddClaim(new Claim("FirstName", user.FirstName)); //identity.AddClaim(new Claim("LastName", user.LastName)); //identity.AddClaim(new Claim("Institution", user.Institution)); AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, await user.GenerateUserIdentityAsync(UserManager)); }
public async Task <ActionResult> ExternalLoginCallback(string returnUrl) { var result = await AuthenticationManager.AuthenticateAsync(DefaultAuthenticationTypes.ExternalCookie); if (result?.Identity == null) { return(RedirectToAction("Login")); } var idClaim = result.Identity.FindFirst(ClaimTypes.NameIdentifier); if (idClaim == null) { return(RedirectToAction("Login")); } var login = new UserLoginInfo(idClaim.Issuer, idClaim.Value); // Sign in the user with this external login provider if the user already has a login ApplicationUser user = await UserManager.FindAsync(login); if (user != null) { ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName); Request.GetOwinContext().Authentication.SignIn(properties, oAuthIdentity, cookieIdentity); user.LastConsent = DateTime.UtcNow; await UserManager.UpdateAsync(user); return(RedirectToLocal(returnUrl)); } else { RegisterExternalBindingModel model = new RegisterExternalBindingModel(); if (idClaim.Issuer == "Facebook") { // Get details from Facebook var accessToken = result.Identity.Claims.Where(c => c.Type.Equals("ExternalAccessToken")).Select(c => c.Value).FirstOrDefault(); Uri apiRequestUri = new Uri("https://graph.facebook.com/me?fields=id,first_name,last_name,email,picture.type(square)&access_token=" + accessToken); using (var webClient = new WebClient()) { var json = webClient.DownloadString(apiRequestUri); dynamic jsonResult = JsonConvert.DeserializeObject(json); model.Email = jsonResult.email; model.Given_name = jsonResult.first_name; model.Family_name = jsonResult.last_name; model.Picture = jsonResult.picture.data.url; } } else { // Get details from Google var accessToken = result.Identity.Claims.Where(c => c.Type.Equals("urn:google:accesstoken")).Select(c => c.Value).FirstOrDefault(); Uri apiRequestUri = new Uri("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + accessToken); using (var webClient = new WebClient()) { var json = webClient.DownloadString(apiRequestUri); dynamic jsonResult = JsonConvert.DeserializeObject(json); model.Email = jsonResult.email; model.Picture = jsonResult.picture; model.Family_name = jsonResult.family_name; model.Given_name = jsonResult.given_name; } } var appUser = new ApplicationUser { UserName = model.Email, Email = model.Email, ImageUrl = model.Picture, FirstName = model.Given_name, Surname = model.Family_name, DateCreated = DateTime.UtcNow, AuthProvider = idClaim.Issuer, Trusted = false, LastConsent = DateTime.UtcNow }; ApplicationUser existingResult = await UserManager.FindByEmailAsync(appUser.Email); if (existingResult == null) { // New user IdentityResult createResult = await UserManager.CreateAsync(appUser); if (!createResult.Succeeded) { return(RedirectToAction("Login")); } } else { // user already exists with that email appUser = existingResult; } // Add this oauth login to the user account IdentityResult idResult = await UserManager.AddLoginAsync(appUser.Id, login); if (!idResult.Succeeded) { return(RedirectToAction("Login")); } ClaimsIdentity oAuthIdentity = await appUser.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookieIdentity = await appUser.GenerateUserIdentityAsync(UserManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(appUser.UserName); await SignInManager.SignInAsync(appUser, true, true); Request.GetOwinContext().Authentication.SignIn(properties, oAuthIdentity, cookieIdentity); return(RedirectToLocal(returnUrl)); } }
// [ValidateAntiForgeryToken] public async Task <ActionResult> Login(LoginViewModel model, string returnUrl) { try { if (!ModelState.IsValid) { return(View(model)); } ApplicationUser usermodel = _userManager.Users.FirstOrDefault(m => m.UserName.Trim() == model.Email); if (usermodel != null) { //string USERPERMISSION = SetUserPermissions(usermodel.Id); var userIdentity = await _userManager.CreateIdentityAsync(usermodel, DefaultAuthenticationTypes.ApplicationCookie); userIdentity.AddClaim(new Claim("FullName", usermodel.FullName)); userIdentity.AddClaim(new Claim("Email", usermodel.Email)); userIdentity.AddClaim(new Claim("DateCreated", usermodel.DateCreated.ToString("MM/dd/yyyy"))); // userIdentity.AddClaim(new Claim("UserPermission", USERPERMISSION)); var listIdentity = new List <ClaimsIdentity>(); listIdentity.Add(userIdentity); ClaimsPrincipal c = new ClaimsPrincipal(listIdentity); AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = model.RememberMe }, userIdentity); } // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, change to shouldLockout: true var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout : false); switch (result) { case SignInStatus.Success: if (User.Identity.GetFullName() == string.Empty) { await usermodel.GenerateUserIdentityAsync(_userManager); } if (usermodel.IsFirstLogin) { return(RedirectToAction("SetFirstlogin", new { code = usermodel.Id.EncryptID() })); } return(RedirectToLocal(returnUrl)); case SignInStatus.LockedOut: return(View("Lockout")); case SignInStatus.RequiresVerification: return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe })); case SignInStatus.Failure: default: ModelState.AddModelError("", "Invalid login attempt."); return(View(model)); } } catch (Exception ex) { _log.Error(ex); return(View(model)); } }
/// <summary> /// используется для генерации токена /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //-------------- Если требуется получить токен: ----------------------- // 1. Клиент обращается к ресурсу /Token для получения токена // 2. Если в пришедшем запросе есть заголовок "grant_type" и он имеет значение "password", // то система вызывает метод GrantResourceOwnerCredentials() у провайдера авторизации ApplicationOAuthProvider // 3. Провайдер авторизации обращается к классу ApplicationUserManager // для валидации поступивших данных (логина и пароля) и по ним создает объект claims identity // 4. Если валидация прошла успешно, то провайдер авторизации создает аутентификационный тикет, // который применяется для генерации токена var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "Имя пользователя или пароль указаны неправильно."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); //++ // AuthenticationProperties properties = CreateProperties(user.UserName); // AuthenticationProperties properties = CreateProperties("userName", user.UserName); // //---------- Добавляем сведения о ролях текущего пользователя - только для целей отладки >>> -------------------- // string roles = ""; bool is_user = await userManager.IsInRoleAsync(user.Id, "user"); if (is_user) { roles = "user"; } bool is_manager = await userManager.IsInRoleAsync(user.Id, "manager"); if (is_manager) { if (!string.IsNullOrWhiteSpace(roles)) roles += ","; roles += "manager"; } bool is_admin = await userManager.IsInRoleAsync(user.Id, "admin"); if (is_admin) { if (!string.IsNullOrWhiteSpace(roles)) roles += ","; roles += "admin"; } if (!string.IsNullOrWhiteSpace(roles)) { properties.Dictionary.Add("userRoles", roles); } // //---------- <<< Добавляем сведения о ролях текущего пользователя - только для целей отладки -------------------- // AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); var _accountServices = new AccountServices(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user.LockoutEnabled) { await Task.Factory.StartNew(() => { _accountServices.CreateLoginHistory(new MNG_HistoryLogin() { DateLogin = DateTime.Now, UserName = context.UserName, Status = "Thất bại: Tài khoản đang bị khóa.", IP = context.OwinContext.Request.RemoteIpAddress }); }); context.SetError("invalid_grant", "Tài khoản đang bị khóa."); return; } if (user == null) { await Task.Factory.StartNew(() => { _accountServices.CreateLoginHistory(new MNG_HistoryLogin() { DateLogin = DateTime.Now, UserName = context.UserName, Status = "Thất bại: Sai tài khoản hoặc mật khẩu", IP = context.OwinContext.Request.RemoteIpAddress }); }); context.SetError("invalid_grant", "The user name or password is incorrect."); return; } await Task.Factory.StartNew(() => { _accountServices.CreateLoginHistory(new MNG_HistoryLogin() { DateLogin = DateTime.Now, UserName = context.UserName, Status = "Thành công", IP = context.OwinContext.Request.RemoteIpAddress }); }); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); // Create generic identity. MenuServices _menuServices = new MenuServices(); IList <Claim> claims = new List <Claim>(); claims.Add(new Claim("UserID", string.IsNullOrEmpty(user.Id) ? string.Empty : user.Id)); claims.Add(new Claim("PhoneNumber", string.IsNullOrEmpty(user.PhoneNumber) ? string.Empty : user.PhoneNumber)); claims.Add(new Claim("FullName", string.IsNullOrEmpty(user.FullName) ? string.Empty : user.FullName)); claims.Add(new Claim("Email", string.IsNullOrEmpty(user.Email) ? string.Empty : user.Email)); claims.Add(new Claim("Menus", string.IsNullOrEmpty(user.Id) ? string.Empty : _menuServices.GetMenu4ClaimsByUserId(user.Id.ToString()))); oAuthIdentity.AddClaims(claims); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = "*"; context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = null; //bypass de validación de directorio activo if (Properties.Settings.Default.ambiente != "des") { //validacion directorio activo var validaDA = directorioActivo.validaUsuarioLDAP(context.UserName, context.Password, Properties.Settings.Default.loginIntranet, Properties.Settings.Default.dominioDa); if (validaDA.existe) { user = await userManager.FindAsync(context.UserName, context.UserName); if (user == null) { context.SetError("Usuario no existe", "Usuario no existe registrado aplicativo SAX."); return; } else if (user.Estatus == 0) { context.SetError("Usuario inactivo", "Usuario inactivo en aplicativo SAX."); return; } } else { context.SetError("Usuario no existe", "El usuario no existe en el directorio activo."); return; } } else { user = await userManager.FindAsync(context.UserName, context.UserName); if (user == null) { context.SetError("Usuario no existe", "Usuario no existe registrado aplicativo SAX."); return; } else if (user.Estatus == 0) { context.SetError("Usuario inactivo", "Usuario inactivo en aplicativo SAX."); return; } } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public async Task <IHttpActionResult> GetExternalLogin(string provider, string error = null) { string redirectUri = string.Empty; if (error != null) { return(Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error))); } if (!User.Identity.IsAuthenticated) { return(new ChallengeResult(provider, this)); } ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity); if (externalLogin == null) { return(InternalServerError()); } if (externalLogin.LoginProvider != provider) { Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); return(new ChallengeResult(provider, this)); } var redirectUriValidationResult = ValidateClientAndRedirectUri(this.Request, ref redirectUri); if (!string.IsNullOrWhiteSpace(redirectUriValidationResult)) { return(BadRequest(redirectUriValidationResult)); } ApplicationUser user = await UserManager.FindAsync(new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey)); bool hasRegistered = user != null; if (hasRegistered) { Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName); Authentication.SignIn(properties, oAuthIdentity, cookieIdentity); } else { IEnumerable <Claim> claims = externalLogin.GetClaims(); ClaimsIdentity identity = new ClaimsIdentity(claims, OAuthDefaults.AuthenticationType); Authentication.SignIn(identity); } //redirectUri = string.Format("{0}#external_access_token={1}&provider={2}&haslocalaccount={3}&external_user_name={4}", // redirectUri, // externalLogin.ExternalAccessToken, // externalLogin.LoginProvider, // hasRegistered.ToString(), // externalLogin.UserName); redirectUri = string.Format("{0}#external_access_token={1}&provider={2}&haslocalaccount={3}&external_user_name={4}", redirectUri, externalLogin.ExternalAccessToken, externalLogin.LoginProvider, hasRegistered.ToString(), externalLogin.UserName); return(Redirect(redirectUri)); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { /*Gets Extra keys sent form the user's computer, however we will make this unnessesary * var data = await context.Request.ReadFormAsync(); * string email = data.GetValues("email").First(); */ //setup nessesary variables var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = null; bool loggedIn = false; if (string.IsNullOrWhiteSpace(context.Password)) //check if valid password was provided { context.SetError(ErrorResponse.PasswordIsBad.error.ToString(), ErrorResponse.PasswordIsBad.error_description); //rejects, password is wrong return; } else { user = await LoginUtils.findByIdentifierAsync(context.UserName, userManager); } if (user == null) { context.SetError(ErrorResponse.CantLogin.error.ToString(), ErrorResponse.CantLogin.error_description); //rejects, no user found return; } var PasswordCheck = userManager.PasswordHasher.VerifyHashedPassword(user.PasswordHash, context.Password); //check if password was correct if (PasswordCheck.Equals(PasswordVerificationResult.Success) && user.PhoneNumberConfirmed) //user provided correct creentials { loggedIn = true; } else if (PasswordCheck.Equals(PasswordVerificationResult.Success)) { //Send an SMS!! string otp = Base.LoginUtils.GenerateOTP(user); await SMSService.SendMessage(user.PhoneNumber.ToString(), String.Format("Your SMS code is {0} use it to confirm your phone number withing {1} min", otp, LoginUtils.Interval / 60)); context.SetError(ErrorResponse.PhoneNumberUnconfirmed.error.ToString(), ErrorResponse.PhoneNumberUnconfirmed.error_description); } else if (!loggedIn)// log in with SMS code { loggedIn = LoginUtils.ValidateOTP(user, context.Password); if (!user.PhoneNumberConfirmed && loggedIn) //if the user's phone number is not confirmed, and if logged in set it confirmed { user.PhoneNumberConfirmed = true; await userManager.UpdateAsync(user); } } if (loggedIn) //user provided correct creentials { ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, //generates identity OAuthDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.Id.ToString()); //generates properties AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); //puts properties and idenity into authentication ticket context.Validated(ticket); } else { context.SetError(ErrorResponse.CantLogin.error.ToString(), ErrorResponse.CantLogin.error_description); //rejects, password is wrong } /*ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, * CookieAuthenticationDefaults.AuthenticationType); */ //context.Request.Context.Authentication.SignIn(cookiesIdentity); }
public static async Task <ClaimsIdentity> GenerateUserIdentityAsync(this ApplicationUser user, UserManager <ApplicationUser> manager) { var userRoles = new UserRolesRepo(); return(await user.GenerateUserIdentityAsync(manager, userRoles)); }
// Add helpers region #region Helpers private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, await user.GenerateUserIdentityAsync(_userManager)); Services.Users.UpdateOnlineStatusById(user.Id, true); }
private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); // Extracted the part that has been changed in SignInAsync for clarity. await SetExternalProperties(user); var identity = await user.GenerateUserIdentityAsync(UserManager); AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = "*"; context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } if (!user.EmailConfirmed) { context.SetError("invalid_grant", "User did not confirm email."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT"); //third party (google) using (AuthRepository _repo = new AuthRepository()) { var identityUser = await _repo.FindUser(context.UserName, context.Password); if (identityUser == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("role", "user")); var props = new AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket2 = new AuthenticationTicket(identity, props); //contains the identity of the user var ticket = new AuthenticationTicket(oAuthIdentity, null); //passing the ticket to OAuth bearer access token. context.Validated(ticket); context.Validated(ticket2); }
public override Task<ClaimsIdentity> CreateUserIdentityAsync(ApplicationUser user) { return user.GenerateUserIdentityAsync((ApplicationUserManager)UserManager); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); ApplicationUser user = await userManager.FindByNameAsync(context.UserName); if (user != null) { var passwordExpired = false; var passwordExpirationDays = Convert.ToInt32(ConfigurationManager.AppSettings["PasswordExpirationDays"]); if (passwordExpirationDays > 0) { passwordExpired = user.LastPasswordChangedDate.AddDays(passwordExpirationDays) < DateTime.Now; } var validCredentials = await userManager.FindAsync(context.UserName, context.Password); if (await userManager.IsLockedOutAsync(user.Id)) { // account locked // use invalid user name or password message to avoid disclosing that a valid username was input context.SetError("invalid_grant", "The user name or password is incorrect."); } else if (validCredentials == null) { // invalid credentials // increment failed login count if (await userManager.GetLockoutEnabledAsync(user.Id)) { await userManager.AccessFailedAsync(user.Id); } context.SetError("invalid_grant", "The user name or password is incorrect."); } else if (passwordExpired) { // password expired context.SetError("invalid_grant", "Password expired"); } else { // successful login ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.Email); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); // reset failed attempts count await userManager.ResetAccessFailedCountAsync(user.Id); } } else { // invalid username context.SetError("invalid_grant", "The user name or password is incorrect."); } }
private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie); AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, await user.GenerateUserIdentityAsync(UserManager)); }
public async Task <ClaimsIdentity> LogIn(string login, string password, bool isRemember) { ApplicationUser currentUser = await this.userManager.FindAsync(login, password); return(await currentUser.GenerateUserIdentityAsync(this.userManager)); }
public async Task <ActionResult> Student(Students model) { IdentityResult result = null; if (model != null && model.Termsofuse && !string.IsNullOrWhiteSpace(model.FirstName) && !string.IsNullOrWhiteSpace(model.LastName) && !string.IsNullOrWhiteSpace(model.Email) && !string.IsNullOrWhiteSpace(model.Bio)) { string password = Membership.GeneratePassword(12, 1); string userName = getUserName(model.Email); var user = new ApplicationUser() { UserName = userName, Email = model.Email }; result = await UserManager.CreateAsync(user, password); if (result.Succeeded) { try { CultureInfo ci = ResolveCulture(); model.Language = ci.DisplayName; model.Country = getCountry(ci); model.Birthday = model.OptionalBirthDay.HasValue ? model.OptionalBirthDay.Value : DateTime.MinValue; var auth = HttpContext.GetOwinContext().Authentication; auth.SignOut(DefaultAuthenticationTypes.ExternalCookie); auth.SignIn(new AuthenticationProperties() { IsPersistent = true }, await user.GenerateUserIdentityAsync(UserManager)); var userCreated = await UserManager.FindByEmailAsync(model.Email); userCreated.Roles.Add(new IdentityUserRole { RoleId = 4.ToString() }); await UserManager.UpdateAsync(userCreated); model.Street = model.BusinessName = model.City = model.Phone = model.CellProvider = model.HomeOrganizationID = model.Zip = "-"; model.IsProfilePublic = false; await studentRepository.UpsetProspectData(userCreated.Id, model); string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id); var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme); await notificationManager.SendUserRegisteredNotification(user.Email, callbackUrl, password, userName); string registrationMessage = string.Format(Resources.Resources.RegistrationMessage, userName + "--" + model.Email, "StudentNewForm"); await notificationManager.SendSytemNotification(registrationMessage, Resources.Resources.NewUser, this.Request.IsLocal); } catch (Exception ex) { string registrationMessage = " === " + DateTime.Now.ToLongDateString() + " === " + Environment.NewLine + ex.Message + userName + model.Email + "----->" + ex.Message + "=== " + Environment.NewLine; _logger.Error(registrationMessage); } return(RedirectToAction("SetupProperty", "Home", new { guided = true })); } } _logger.Error(model == null ? "Model is null" : $"{model.Termsofuse.ToString()} - {model.FirstName} - {model.LastName} - {model.Email} - UserManager Errors:" + getErrorText(result?.Errors)); model.Error = true; return(View("~/Views/Landings/Student.cshtml", model)); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); if (allowedOrigin == null) { allowedOrigin = "*"; } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); using (var db = new ApplicationDbContext()) { using (var usermanager = new UserManagerHelper()) { ApplicationUser dbUser = null; dbUser = await db.Users.SingleOrDefaultAsync(x => x.Email == context.UserName && x.Tenant == context.ClientId); if (dbUser == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } if (!await usermanager.UserManager.UserManager.CheckPasswordAsync(dbUser, context.Password)) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } if (dbUser == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } var identity = await dbUser.GenerateUserIdentityAsync(context.OwinContext.GetUserManager <ApplicationUserManager>(), "JWT"); var props = new AuthenticationProperties(new Dictionary <string, string> { { "client_id", context.ClientId }, { "userId", dbUser.Id }, { "userName", context.UserName }, { "ip_address", HttpContext.Current.Request.Form["ip_address"] }, { "user_agent", HttpContext.Current.Request.Form["user_agent"] }, { "env", ConfigurationManager.AppSettings["Environment"] } }); var ticket = new AuthenticationTicket(identity, props); context.Validated(ticket); } } }