/// <summary> /// Before redirecting for authentication to the provider, append the properties for Multi-Factor Authentication /// and configuration settings. /// </summary> /// <param name="notification">The properties used for authentication</param> /// <returns>awaitable Task</returns> private Task RedirectToIdentityProvider(RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) { var authenticationProperties = GetAuthenticationPropertiesFromProtocolMessage(notification.ProtocolMessage, notification.Options); // AcrValues token control the multi-factor authentication, when supplied with any(which could be default or mfa), the user set policy for 2FA // is enforced. When explicitly set to mfa, the authentication is enforced with multi-factor auth. The LoginHint token, is useful for redirecting // an already logged in user directly to the multi-factor auth flow. if (AuthenticationPolicy.TryGetPolicyFromProperties(authenticationProperties.Dictionary, out AuthenticationPolicy policy)) { notification.ProtocolMessage.AcrValues = policy.EnforceMultiFactorAuthentication ? ACR_VALUES.MFA : ACR_VALUES.ANY; notification.ProtocolMessage.LoginHint = policy.Email; } else { notification.ProtocolMessage.AcrValues = ACR_VALUES.ANY; } // Set the redirect_uri token for the alternate domains of same gallery instance if (_alternateSiteRootList != null && _alternateSiteRootList.Contains(notification.Request.Uri.Host)) { notification.ProtocolMessage.RedirectUri = "https://" + notification.Request.Uri.Host + "/" + _callbackPath; } // We always want to show the options to select account when signing in and while changing account. notification.ProtocolMessage.Prompt = SELECT_ACCOUNT; return(Task.FromResult(0)); }
internal static string GetPolicyValue( AuthenticationPolicy xrmPolicy, string elementName, string defaultValue) { string str; return xrmPolicy != null && xrmPolicy.PolicyElements.TryGetValue(elementName, out str) ? str : defaultValue; }
private static object[] PrepareHandlerMethodParameters(MethodInfo method, IServiceProvider services, HttpContext httpContext, AuthenticationPolicy policy, Type[] customAuthenticators) { ParameterInfo[] parameters = method.GetParameters(); if (parameters.Length <= 0) { return(null); } object[] result = new object[parameters.Length]; object value; int i = 0; foreach (ParameterInfo parameter in parameters) { if (parameter.ParameterType.Equals(typeof(HttpContext))) { result[i] = httpContext; } else if (parameter.ParameterType.Equals(typeof(AuthenticationPolicy))) { result[i] = policy; } else if ((parameter.ParameterType.Equals(typeof(Type[])) || parameter.ParameterType.Equals(typeof(IEnumerable <Type>)))) { result[i] = customAuthenticators; } else if ((parameter.ParameterType.Equals(typeof(List <Type>)) || parameter.ParameterType.Equals(typeof(IList <Type>)) || parameter.ParameterType.Equals(typeof(IReadOnlyList <Type>)))) { result[i] = customAuthenticators.ToList(); } else { value = services.GetService(parameter.ParameterType); if (value == null) { if (parameter.HasDefaultValue) { value = parameter.DefaultValue; } else { value = parameter.ParameterType.IsValueType ? Activator.CreateInstance(parameter.ParameterType) : null; } } result[i] = value; } i++; } return(result); }
/// <summary> /// Before redirecting for authentication to the provider, append the properties for Multi-Factor Authentication. /// </summary> /// <param name="notification">The properties used for authentication</param> /// <returns>awaitable Task</returns> private Task RedirectToIdentityProvider(RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) { var authenticationProperties = GetAuthenticationPropertiesFromProtocolMessage(notification.ProtocolMessage, notification.Options); // AcrValues token control the multi-factor authentication, when supplied with any(which could be default or mfa), the user set policy for 2FA // is enforced. When explicitly set to mfa, the authentication is enforced with multi-factor auth. The LoginHint token, is useful for redirecting // an already logged in user directly to the multi-factor auth flow. if (AuthenticationPolicy.TryGetPolicyFromProperties(authenticationProperties.Dictionary, out AuthenticationPolicy policy)) { notification.ProtocolMessage.AcrValues = policy.EnforceMultiFactorAuthentication ? ACR_VALUES.MFA : ACR_VALUES.ANY; notification.ProtocolMessage.LoginHint = policy.Email; } else { notification.ProtocolMessage.AcrValues = ACR_VALUES.ANY; } return(Task.FromResult(0)); }
internal WindowsPolicyConfiguration(AuthenticationPolicy xrmPolicy) : base(xrmPolicy) { }
public ActionResult ChallengeAuthentication(string returnUrl, string provider, AuthenticationPolicy policy = null) { try { return(_authService.Challenge(provider, returnUrl, policy)); } catch (InvalidOperationException) { // This exception will be thrown when the unsupported provider is invoked, return 404. return(new HttpStatusCodeResult(HttpStatusCode.NotFound)); } }
public override ActionResult Challenge(string redirectUrl, AuthenticationPolicy policy = null) { return(new ChallengeResult(BaseConfig.AuthenticationType, redirectUrl, policy?.GetProperties())); }
internal static IActionResult ExecuteHandler(Type handler, object[] constructParameters, HttpContext httpContext, AuthenticationPolicy policy, Type[] customAuthenticators) { IServiceProvider services = httpContext.RequestServices; IHandlerInvokeMethodCache cache = services.GetRequiredService <IHandlerInvokeMethodCache>(); InvokeMethodInfo methodInfo = cache.Get(handler); if (methodInfo != null) { return(ExecuteMethod(methodInfo)); } return(null); IActionResult ExecuteMethod(InvokeMethodInfo info) { try { MethodInfo method = info.Method; object handler_instance = ActivatorUtilities.CreateInstance(services, handler, constructParameters); object invoke_result = method.Invoke(handler_instance, PrepareHandlerMethodParameters(method, services, httpContext, policy, customAuthenticators)); switch (info.ReturnType) { case InvokeMethodReturnType.Void: return(null); case InvokeMethodReturnType.Task: { Task result = (Task)invoke_result; if (result == null) { return(null); } if (result.Status == TaskStatus.WaitingToRun || result.Status == TaskStatus.Created) { result.Start(); } result.Wait(); return(null); } case InvokeMethodReturnType.TaskWithIActionResult: { object awaiter = info.GetAwaiter.Invoke(invoke_result, null); IActionResult result = (IActionResult)info.GetResult.Invoke(awaiter, null); if (result == null) { return(null); } return(result); } case InvokeMethodReturnType.IActionResult: default: { IActionResult result = (IActionResult)invoke_result; if (result == null) { return(null); } return(result); } } } catch (Exception ex) { Debug.WriteLine(ex); return(null); } } }
public virtual ActionResult Challenge(string providerName, string redirectUrl, AuthenticationPolicy policy = null) { Authenticator provider; if (!Authenticators.TryGetValue(providerName, out provider)) { throw new InvalidOperationException(string.Format( CultureInfo.CurrentCulture, ServicesStrings.UnknownAuthenticationProvider, providerName)); } if (!provider.BaseConfig.Enabled) { throw new InvalidOperationException(string.Format( CultureInfo.CurrentCulture, ServicesStrings.AuthenticationProviderDisabled, providerName)); } return(provider.Challenge(redirectUrl, policy)); }
public AuthenticationRequiredAttribute(AuthenticationPolicy policy = AuthenticationPolicy.All, AuthenticationFailedAction failedAction = AuthenticationFailedAction.KeepUnauthenticated) { Policy = policy; FailedAction = failedAction; }
internal IActionResult Execute(HttpContext httpContext, AuthenticationPolicy policy, Type[] customAuthenticators) { return(AuthenticationHelper.ExecuteHandler(Handler, ConstructParameters, httpContext, policy, customAuthenticators)); }
internal PolicyConfiguration(AuthenticationPolicy xrmPolicy) { this.XrmPolicy = xrmPolicy; this.Initialize(); }