private async Task <ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputModel model = null)
{
var request = await Interaction.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
var client = await ClientStore.FindEnabledClientByIdAsync(request.ClientId);
if (client != null)
{
var resources = await ResourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any()))
{
return(CreateConsentViewModel(model, returnUrl, request, client, resources));
}
else
{
Logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y));
}
}
else
{
Logger.LogError("Invalid client id: {0}", request.ClientId);
}
}
else
{
Logger.LogError("No consent request matching request: {0}", returnUrl);
}
return(null);
}
public async override Task <IActionResult> OnGetAsync()
{
LoginInput = new LoginInputModel();
var context = await Interaction.GetAuthorizationContextAsync(ReturnUrl);
if (context != null)
{
ShowCancelButton = true;
LoginInput.UserNameOrEmailAddress = context.LoginHint;
//TODO: Reference AspNetCore MultiTenancy module and use options to get the tenant key!
var tenant = context.Parameters[TenantResolverConsts.DefaultTenantKey];
if (!string.IsNullOrEmpty(tenant))
{
CurrentTenant.Change(Guid.Parse(tenant));
Response.Cookies.Append(TenantResolverConsts.DefaultTenantKey, tenant);
}
}
if (context?.IdP != null)
{
LoginInput.UserNameOrEmailAddress = context.LoginHint;
ExternalProviders = new[] { new ExternalProviderModel {
AuthenticationScheme = context.IdP
} };
return(Page());
}
var providers = await GetExternalProviders();
ExternalProviders = providers.ToList();
EnableLocalLogin = await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLocalLogin);
if (context?.Client?.ClientId != null)
{
var client = await ClientStore.FindEnabledClientByIdAsync(context?.Client?.ClientId);
if (client != null)
{
EnableLocalLogin = client.EnableLocalLogin;
if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
{
providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();
}
}
}
if (IsExternalLoginOnly)
{
return(await base.OnPostExternalLogin(providers.First().AuthenticationScheme));
}
return(Page());
}
private async Task <ConsentViewModel> BuildConsentViewModel(string returnUrl)
{
var request = await InteractionService.GetAuthorizationContextAsync(returnUrl);
if (request == null)
{
throw new InvalidOperationException($"InteractionService.GetAuthorizationContextAsync('{returnUrl}') returned null.");
}
var client = await ClientStore.FindEnabledClientByIdAsync(request.ClientId);
if (client == null)
{
throw new InvalidOperationException($"ClientStore.FindEnabledClientByIdAsync(clientid) returned null.");
}
var resources = await ResourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
if (resources == null)
{
var scopes = string.Join(", ", request.ScopesRequested);
throw new InvalidOperationException($"ResourceStore.FindEnabledResourcesByScopeAsync({scopes}) returned null.");
}
if (!resources.IdentityResources.Any() && !resources.ApiResources.Any())
{
var scopes = string.Join(", ", request.ScopesRequested);
throw new InvalidOperationException($"No scopes matching: {scopes}");
}
var identityScopes = resources.IdentityResources.Select(ScopeModelForIdentityResource);
var offlineScopes = resources.OfflineAccess ? new[] { OfflineAccessScope() } : new ScopeModel[0];
var resourceScopes = resources.ApiResources
.SelectMany(r => r.Scopes)
.Select(ScopeModelForScope)
.Union(offlineScopes);
return(new ConsentViewModel
{
RememberConsent = true,
ScopesConsented = Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri,
IdentityScopes = identityScopes,
ResourceScopes = resourceScopes
});
}
private async Task <IEnumerable <ExternalProvider> > GetProvidersAsync(AuthorizationRequest authorizationContext)
{
if (authorizationContext?.IdP != null)
{
return(new[]
{
new ExternalProvider {
AuthenticationScheme = authorizationContext.IdP
}
});
}
var schemes = HttpContext.Authentication.GetAuthenticationSchemes();
var windowsProviders = AuthorizationOptions
.WindowsProviders
.Where(p => schemes.Any(s => s.AuthenticationScheme.Equals(p.AuthenticationScheme, StringComparison.OrdinalIgnoreCase)));
var oauthProviders = schemes
.Where(s => s.DisplayName != null)
.Select(s => new ExternalProvider {
AuthenticationScheme = s.AuthenticationScheme, DisplayName = s.DisplayName
});
var providers = windowsProviders.Union(oauthProviders);
// if the client has restrictions, apply filters on how it can log in.
if (authorizationContext?.ClientId != null)
{
var client = await ClientStore.FindEnabledClientByIdAsync(authorizationContext.ClientId);
if (client?.IdentityProviderRestrictions?.Any() == true)
{
// filter the authentication scheme.
return(providers.Where(p => client.IdentityProviderRestrictions.Contains(p.AuthenticationScheme)));
}
}
return(providers);
}
public override async Task <IActionResult> OnGetAsync()
{
LoginInput = new LoginInputModel();
var context = await Interaction.GetAuthorizationContextAsync(ReturnUrl);
if (context != null)
{
LoginInput.UserNameOrEmailAddress = context.LoginHint;
//TODO: Reference AspNetCore MultiTenancy module and use options to get the tenant key!
var tenant = context.Parameters[TenantResolverConsts.DefaultTenantKey];
if (!string.IsNullOrEmpty(tenant))
{
CurrentTenant.Change(Guid.Parse(tenant));
Response.Cookies.Append(TenantResolverConsts.DefaultTenantKey, tenant);
}
}
if (context?.IdP != null)
{
LoginInput.UserNameOrEmailAddress = context.LoginHint;
ExternalProviders = new[] { new ExternalProviderModel {
AuthenticationScheme = context.IdP
} };
return(Page());
}
var schemes = await _schemeProvider.GetAllSchemesAsync();
var providers = schemes
.Where(x => x.DisplayName != null || x.Name.Equals(_accountOptions.WindowsAuthenticationSchemeName, StringComparison.OrdinalIgnoreCase))
.Select(x => new ExternalProviderModel
{
DisplayName = x.DisplayName,
AuthenticationScheme = x.Name
})
.ToList();
EnableLocalLogin = await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLocalLogin);
if (context?.ClientId != null)
{
var client = await ClientStore.FindEnabledClientByIdAsync(context.ClientId);
if (client != null)
{
EnableLocalLogin = client.EnableLocalLogin;
if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
{
providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();
}
}
}
ExternalProviders = providers.ToArray();
if (IsExternalLoginOnly)
{
return(await base.OnPostExternalLogin(providers.First().AuthenticationScheme));
}
return(Page());
}
public async Task <LoginViewModel> BuildLoginViewModelAsync(string returnUrl)
{
var context = await Interaction.GetAuthorizationContextAsync(returnUrl);
if (context?.IdP != null)
{
return(new LoginViewModel
{
EnableLocalLogin = false,
ReturnUrl = returnUrl,
Username = context?.LoginHint,
ExternalProviders = new[] { new ExternalProvider {
AuthenticationScheme = context.IdP
} }
});
}
var schemes = ContextAccessor.HttpContext.Authentication.GetAuthenticationSchemes();
var providers = schemes
.Where(x => x.DisplayName != null && !AccountOptions.WindowsAuthenticationSchemes.Contains(x.AuthenticationScheme))
.Select(x => new ExternalProvider
{
DisplayName = x.DisplayName,
AuthenticationScheme = x.AuthenticationScheme
}).ToList();
if (AccountOptions.WindowsAuthenticationEnabled)
{
// this is needed to handle windows auth schemes
var windowsSchemes = schemes.Where(s => AccountOptions.WindowsAuthenticationSchemes.Contains(s.AuthenticationScheme));
if (windowsSchemes.Any())
{
providers.Add(new ExternalProvider
{
AuthenticationScheme = AccountOptions.WindowsAuthenticationSchemes.First(),
DisplayName = AccountOptions.WindowsAuthenticationDisplayName
});
}
}
var allowLocal = true;
if (context?.ClientId != null)
{
var client = await ClientStore.FindEnabledClientByIdAsync(context.ClientId);
if (client != null)
{
allowLocal = client.EnableLocalLogin;
if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
{
providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();
}
}
}
return(new LoginViewModel
{
AllowRememberLogin = AccountOptions.AllowRememberLogin,
EnableLocalLogin = allowLocal && AccountOptions.AllowLocalLogin,
ReturnUrl = returnUrl,
Username = context?.LoginHint,
ExternalProviders = providers.ToArray()
});
}
protected async Task <Client> LoadClient(string clientId)
{
var client = await ClientStore.FindEnabledClientByIdAsync(clientId);
return(client);
}
/*****************************************/
/* helper APIs for the AccountController */
/*****************************************/
private async Task <LoginViewModel> BuildLoginViewModelAsync(string returnUrl)
{
var context = await Interaction.GetAuthorizationContextAsync(returnUrl);
if (context?.IdP != null && await SchemeProvider.GetSchemeAsync(context.IdP) != null)
{
var local = context.IdP == IdentityServer4.IdentityServerConstants.LocalIdentityProvider;
// this is meant to short circuit the UI and only trigger the one external IdP
var vm = new LoginViewModel
{
EnableLocalLogin = local,
ReturnUrl = returnUrl,
Username = context?.LoginHint,
};
if (!local)
{
vm.ExternalProviders = new[] { new ExternalProvider {
AuthenticationScheme = context.IdP
} };
}
return(vm);
}
var schemes = await SchemeProvider.GetAllSchemesAsync();
var providers = schemes
.Where(x => x.DisplayName != null ||
(x.Name.Equals(AccountOptions.WindowsAuthenticationSchemeName, StringComparison.OrdinalIgnoreCase))
)
.Select(x => new ExternalProvider
{
DisplayName = x.DisplayName,
AuthenticationScheme = x.Name
}).ToList();
var allowLocal = true;
if (context?.ClientId != null)
{
var client = await ClientStore.FindEnabledClientByIdAsync(context.ClientId);
if (client != null)
{
allowLocal = client.EnableLocalLogin;
if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
{
providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();
}
}
}
return(new LoginViewModel
{
AllowRememberLogin = AccountOptions.AllowRememberLogin,
EnableLocalLogin = allowLocal && AccountOptions.AllowLocalLogin,
ReturnUrl = returnUrl,
Username = context?.LoginHint,
ExternalProviders = providers.ToArray()
});
}
