public virtual bool IsAuthorized(string provider) { var tokens = this.GetAuthTokens(provider); return(AuthenticateService.GetAuthProvider(provider).IsAuthorizedSafe(this, tokens)); }
/// <summary> /// Configure the service with plugins and features. /// </summary> public override void Configure(Container container) { //set up orm connection factory, mainly used for auth stuff var dbFactory = new OrmLiteConnectionFactory(AppSettings.GetConnectionString("AUTH_DB"), SqlServer2012Dialect.Provider); container.Register <IDbConnectionFactory>(c => dbFactory); Plugins.Add(new OpenApiFeature()); //the open api feature //implement the custom auth provider Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] { //new AspNetWindowsAuthProvider(this), //<-- this can only be used when hoisting in IIS!!! new ApiKeyAuthProvider(AppSettings), new CredentialsAuthProvider(AppSettings), new JwtAuthProvider(AppSettings), //<--when not using Microsoft.Identity.Client to get JWT token. //new AadJwtAuthProvider(AppSettings), //new MicrosoftGraphAuthProvider(AppSettings), //new IdentityServerAuthFeature(AppSettings), //new CustomCredentialsAuthProvider(), //<-- we will use this to look at active directory, although should be changed to something else //other providers can be used for external connections. })); //allso add the registration feature, where we can register users, roles and permissions Plugins.Add(new RegistrationFeature()); //add a memory cache client to the container. //container.Register<ICacheClient>(new MemoryCacheClient()); //<-- to do this in memory while in dev. //container.RegisterAs<OrmLiteCacheClient, ICacheClient>(); //container.Register<IDbConnectionFactory>(c => new OrmLiteConnectionFactory(ConfigurationManager.ConnectionStrings["AUTH_DB"].ConnectionString, SqlServer2012Dialect.Provider)); //container.Register<IAuthRepository>(c => new OrmLiteAuthRepository(c.Resolve<IDbConnectionFactory>()) //{ UseDistinctRoleTables = true }); //container.Resolve<IAuthRepository>().InitSchema(); //container.Resolve<ICacheClient>().InitSchema(); //container.Register<ICacheClient>(new JarsCacheClient()); //container.Register<IAuthRepository>(c => new JarsAuthRepository()); container.Register <ICacheClient>(new OrmLiteCacheClient() { DbFactory = dbFactory }); container.Resolve <ICacheClient>().InitSchema(); container.Register <IAuthRepository>(c => new OrmLiteAuthRepository(dbFactory)); container.Resolve <IAuthRepository>().InitSchema(); //new SaltedHash().GetHashAndSaltString("password", out string hash, out string salt); //then we need to add a user to authenticate to the user repository. var authRepo = container.Resolve <IAuthRepository>(); if (authRepo.GetUserAuthByUserName("JarsAdminUser") == null) { authRepo.CreateUserAuth(new UserAuth() { FirstName = "Admin", LastName = "Admin", DisplayName = "Jars Admin", UserName = "******", Email = "*****@*****.**", Roles = { RoleNames.Admin }, Permissions = { JarsPermissions.Full } }, "J@r5@dm1nU53r"); } if (authRepo.GetUserAuthByUserName("JarsMobileApp") == null) { authRepo.CreateUserAuth(new UserAuth() { FirstName = "JarsMobile", LastName = "App", DisplayName = "JarsMobile App", UserName = "******", //Email = "*****@*****.**", Roles = { JarsRoles.MobileApp }, Permissions = { JarsPermissions.CanView, JarsPermissions.CanAdd, JarsPermissions.CanEdit, JarsPermissions.CanDelete } }, "Th1sN33ds70Ch@ng£"); } if (authRepo.GetUserAuthByUserName("AdminUser") == null) { authRepo.CreateUserAuth(new UserAuth() { FirstName = "AdminTest", LastName = "AdminTest", DisplayName = "Jars Admin Test", UserName = "******", Email = "*****@*****.**", Roles = { RoleNames.Admin }, Permissions = { JarsPermissions.Full } }, "adminuser"); } if (authRepo.GetUserAuthByUserName("guestuser") == null) { authRepo.CreateUserAuth(new UserAuth() { FirstName = "Guest", LastName = "User", DisplayName = "Guest User", UserName = "******", Email = "*****@*****.**", Roles = { JarsRoles.Guest }, }, "guestuser"); //get the user from the database and give it some roles var testUser = authRepo.GetUserAuthByUserName("guestuser"); authRepo.AssignRoles(testUser, new[] { JarsRoles.Guest }); } if (authRepo.GetUserAuthByUserName("TestUser") == null) { authRepo.CreateUserAuth(new UserAuth() { FirstName = "Test", LastName = "User", DisplayName = "Test User", UserName = "******", Email = "*****@*****.**", Roles = { JarsRoles.User }, }, "testuser"); //get the user from the database and give it some roles var testUser = authRepo.GetUserAuthByUserName("testuser"); authRepo.AssignRoles(testUser, new[] { JarsRoles.User }, new[] { JarsPermissions.CanView, JarsPermissions.CanAddAppointment }); } if (authRepo.GetUserAuthByUserName("TestUser") == null) { authRepo.CreateUserAuth(new UserAuth() { FirstName = "Power", LastName = "User", DisplayName = "Power User", UserName = "******", Email = "*****@*****.**", Roles = { JarsRoles.PowerUser }, }, "poweruser"); //get the user from the database and give it some roles var testUser = authRepo.GetUserAuthByUserName("poweruser"); authRepo.AssignRoles(testUser, new[] { JarsRoles.PowerUser }); } if (authRepo.GetUserAuthByUserName("TestUser") == null) { authRepo.CreateUserAuth(new UserAuth() { FirstName = "Manager", LastName = "User", DisplayName = "Manager User", UserName = "******", Email = "*****@*****.**", Roles = { JarsRoles.Manager }, }, "manageruser"); //get the user from the database and give it some roles var testUser = authRepo.GetUserAuthByUserName("manageruser"); authRepo.AssignRoles(testUser, new[] { JarsRoles.Manager }); } AfterInitCallbacks.Add(host => { var authProvider = (ApiKeyAuthProvider) AuthenticateService.GetAuthProvider(ApiKeyAuthProvider.Name); using (var db = host.TryResolve <IDbConnectionFactory>().Open()) { var userWithKeysIds = db.Column <string>(db.From <ApiKey>() .SelectDistinct(x => x.UserAuthId)).Map(int.Parse); var userIdsMissingKeys = db.Column <string>(db.From <UserAuth>() .Where(x => userWithKeysIds.Count == 0 || !userWithKeysIds.Contains(x.Id)) .Select(x => x.Id)); var aRepo = (IManageApiKeys)host.TryResolve <IAuthRepository>(); foreach (var userId in userIdsMissingKeys) { var apiKeys = authProvider.GenerateNewApiKeys(userId.ToString()); aRepo.StoreAll(apiKeys); } } }); }
public virtual bool IsAuthorized(string provider) { var tokens = ProviderOAuthAccess.FirstOrDefault(x => x.Provider == provider); return(AuthenticateService.GetAuthProvider(provider).IsAuthorizedSafe(this, tokens)); }
public async Task Login(string token, string operatingSystem, string ipAddress, string nameVersionClient) { var jwtAuthProviderReader = (JwtAuthProviderReader)AuthenticateService.GetAuthProvider("jwt"); try { var jwtPayload = jwtAuthProviderReader.GetVerifiedJwtPayload(new BasicHttpRequest(), token.Split('.')); await Groups.AddToGroupAsync(this.Context.ConnectionId, _loginedGroup); Context.Items["login"] = jwtPayload["name"]; Context.Items["uid"] = jwtPayload["sub"]; Context.Items["session"] = jwtPayload["session"]; var user = await _ravenSession.LoadAsync <User>(jwtPayload["sub"]); if (user != null) { Context.Items["nickname"] = user.DisplayName; } var logOn = new LogOn { Id = jwtPayload["sub"], UserLogin = jwtPayload["name"], }; if (long.TryParse(jwtPayload["exp"], out long expire)) { logOn.ExpireTime = DateTimeOffset.FromUnixTimeSeconds(expire); if (logOn.ExpireTime < DateTimeOffset.UtcNow) { throw new TokenException("Token is expired"); } } await Clients.Caller.SendAsync(logOn); var userLoginAudit = await _ravenSession.LoadAsync <LoginAudit>(jwtPayload["sub"] + "/LoginAudit"); if (userLoginAudit != null) { if (jwtPayload["session"] != userLoginAudit.SessionId) { userLoginAudit.NameVersionClient = nameVersionClient; userLoginAudit.OperatingSystem = operatingSystem; userLoginAudit.IpAddress = ipAddress; userLoginAudit.DateOfEntry = DateTime.Now; userLoginAudit.SessionId = jwtPayload["session"]; await _ravenSession.StoreAsync(userLoginAudit); await _ravenSession.SaveChangesAsync(); } } else { userLoginAudit = new LoginAudit { Id = jwtPayload["sub"] + "/LoginAudit", OperatingSystem = operatingSystem, DateOfEntry = DateTime.Now, IpAddress = ipAddress, NameVersionClient = nameVersionClient, SessionId = jwtPayload["session"] }; await _ravenSession.StoreAsync(userLoginAudit); await _ravenSession.SaveChangesAsync(); } Log.Information($"Connected {Context.Items["login"]}({Context.Items["uid"]}) with session {Context.Items["session"]}"); } catch (Exception e) { await Clients.Caller.SendAsync(new LogOn { Error = true }); Log.Warning($"Bad token from connection {Context.ConnectionId}"); } }