private async Task <ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputModel model = null) { var request = await Interaction.GetAuthorizationContextAsync(returnUrl); if (request != null) { var client = await ClientStore.FindEnabledClientByIdAsync(request.ClientId); if (client != null) { var resources = await ResourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested); if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any())) { return(CreateConsentViewModel(model, returnUrl, request, client, resources)); } else { Logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y)); } } else { Logger.LogError("Invalid client id: {0}", request.ClientId); } } else { Logger.LogError("No consent request matching request: {0}", returnUrl); } return(null); }
public async override Task <IActionResult> OnGetAsync() { LoginInput = new LoginInputModel(); var context = await Interaction.GetAuthorizationContextAsync(ReturnUrl); if (context != null) { ShowCancelButton = true; LoginInput.UserNameOrEmailAddress = context.LoginHint; //TODO: Reference AspNetCore MultiTenancy module and use options to get the tenant key! var tenant = context.Parameters[TenantResolverConsts.DefaultTenantKey]; if (!string.IsNullOrEmpty(tenant)) { CurrentTenant.Change(Guid.Parse(tenant)); Response.Cookies.Append(TenantResolverConsts.DefaultTenantKey, tenant); } } if (context?.IdP != null) { LoginInput.UserNameOrEmailAddress = context.LoginHint; ExternalProviders = new[] { new ExternalProviderModel { AuthenticationScheme = context.IdP } }; return(Page()); } var providers = await GetExternalProviders(); ExternalProviders = providers.ToList(); EnableLocalLogin = await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLocalLogin); if (context?.Client?.ClientId != null) { var client = await ClientStore.FindEnabledClientByIdAsync(context?.Client?.ClientId); if (client != null) { EnableLocalLogin = client.EnableLocalLogin; if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any()) { providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList(); } } } if (IsExternalLoginOnly) { return(await base.OnPostExternalLogin(providers.First().AuthenticationScheme)); } return(Page()); }
private async Task <ConsentViewModel> BuildConsentViewModel(string returnUrl) { var request = await InteractionService.GetAuthorizationContextAsync(returnUrl); if (request == null) { throw new InvalidOperationException($"InteractionService.GetAuthorizationContextAsync('{returnUrl}') returned null."); } var client = await ClientStore.FindEnabledClientByIdAsync(request.ClientId); if (client == null) { throw new InvalidOperationException($"ClientStore.FindEnabledClientByIdAsync(clientid) returned null."); } var resources = await ResourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested); if (resources == null) { var scopes = string.Join(", ", request.ScopesRequested); throw new InvalidOperationException($"ResourceStore.FindEnabledResourcesByScopeAsync({scopes}) returned null."); } if (!resources.IdentityResources.Any() && !resources.ApiResources.Any()) { var scopes = string.Join(", ", request.ScopesRequested); throw new InvalidOperationException($"No scopes matching: {scopes}"); } var identityScopes = resources.IdentityResources.Select(ScopeModelForIdentityResource); var offlineScopes = resources.OfflineAccess ? new[] { OfflineAccessScope() } : new ScopeModel[0]; var resourceScopes = resources.ApiResources .SelectMany(r => r.Scopes) .Select(ScopeModelForScope) .Union(offlineScopes); return(new ConsentViewModel { RememberConsent = true, ScopesConsented = Enumerable.Empty <string>(), ReturnUrl = returnUrl, ClientName = client.ClientName, ClientUrl = client.ClientUri, ClientLogoUrl = client.LogoUri, IdentityScopes = identityScopes, ResourceScopes = resourceScopes }); }
private async Task <IEnumerable <ExternalProvider> > GetProvidersAsync(AuthorizationRequest authorizationContext) { if (authorizationContext?.IdP != null) { return(new[] { new ExternalProvider { AuthenticationScheme = authorizationContext.IdP } }); } var schemes = HttpContext.Authentication.GetAuthenticationSchemes(); var windowsProviders = AuthorizationOptions .WindowsProviders .Where(p => schemes.Any(s => s.AuthenticationScheme.Equals(p.AuthenticationScheme, StringComparison.OrdinalIgnoreCase))); var oauthProviders = schemes .Where(s => s.DisplayName != null) .Select(s => new ExternalProvider { AuthenticationScheme = s.AuthenticationScheme, DisplayName = s.DisplayName }); var providers = windowsProviders.Union(oauthProviders); // if the client has restrictions, apply filters on how it can log in. if (authorizationContext?.ClientId != null) { var client = await ClientStore.FindEnabledClientByIdAsync(authorizationContext.ClientId); if (client?.IdentityProviderRestrictions?.Any() == true) { // filter the authentication scheme. return(providers.Where(p => client.IdentityProviderRestrictions.Contains(p.AuthenticationScheme))); } } return(providers); }
public override async Task <IActionResult> OnGetAsync() { LoginInput = new LoginInputModel(); var context = await Interaction.GetAuthorizationContextAsync(ReturnUrl); if (context != null) { LoginInput.UserNameOrEmailAddress = context.LoginHint; //TODO: Reference AspNetCore MultiTenancy module and use options to get the tenant key! var tenant = context.Parameters[TenantResolverConsts.DefaultTenantKey]; if (!string.IsNullOrEmpty(tenant)) { CurrentTenant.Change(Guid.Parse(tenant)); Response.Cookies.Append(TenantResolverConsts.DefaultTenantKey, tenant); } } if (context?.IdP != null) { LoginInput.UserNameOrEmailAddress = context.LoginHint; ExternalProviders = new[] { new ExternalProviderModel { AuthenticationScheme = context.IdP } }; return(Page()); } var schemes = await _schemeProvider.GetAllSchemesAsync(); var providers = schemes .Where(x => x.DisplayName != null || x.Name.Equals(_accountOptions.WindowsAuthenticationSchemeName, StringComparison.OrdinalIgnoreCase)) .Select(x => new ExternalProviderModel { DisplayName = x.DisplayName, AuthenticationScheme = x.Name }) .ToList(); EnableLocalLogin = await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLocalLogin); if (context?.ClientId != null) { var client = await ClientStore.FindEnabledClientByIdAsync(context.ClientId); if (client != null) { EnableLocalLogin = client.EnableLocalLogin; if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any()) { providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList(); } } } ExternalProviders = providers.ToArray(); if (IsExternalLoginOnly) { return(await base.OnPostExternalLogin(providers.First().AuthenticationScheme)); } return(Page()); }
public async Task <LoginViewModel> BuildLoginViewModelAsync(string returnUrl) { var context = await Interaction.GetAuthorizationContextAsync(returnUrl); if (context?.IdP != null) { return(new LoginViewModel { EnableLocalLogin = false, ReturnUrl = returnUrl, Username = context?.LoginHint, ExternalProviders = new[] { new ExternalProvider { AuthenticationScheme = context.IdP } } }); } var schemes = ContextAccessor.HttpContext.Authentication.GetAuthenticationSchemes(); var providers = schemes .Where(x => x.DisplayName != null && !AccountOptions.WindowsAuthenticationSchemes.Contains(x.AuthenticationScheme)) .Select(x => new ExternalProvider { DisplayName = x.DisplayName, AuthenticationScheme = x.AuthenticationScheme }).ToList(); if (AccountOptions.WindowsAuthenticationEnabled) { // this is needed to handle windows auth schemes var windowsSchemes = schemes.Where(s => AccountOptions.WindowsAuthenticationSchemes.Contains(s.AuthenticationScheme)); if (windowsSchemes.Any()) { providers.Add(new ExternalProvider { AuthenticationScheme = AccountOptions.WindowsAuthenticationSchemes.First(), DisplayName = AccountOptions.WindowsAuthenticationDisplayName }); } } var allowLocal = true; if (context?.ClientId != null) { var client = await ClientStore.FindEnabledClientByIdAsync(context.ClientId); if (client != null) { allowLocal = client.EnableLocalLogin; if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any()) { providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList(); } } } return(new LoginViewModel { AllowRememberLogin = AccountOptions.AllowRememberLogin, EnableLocalLogin = allowLocal && AccountOptions.AllowLocalLogin, ReturnUrl = returnUrl, Username = context?.LoginHint, ExternalProviders = providers.ToArray() }); }
protected async Task <Client> LoadClient(string clientId) { var client = await ClientStore.FindEnabledClientByIdAsync(clientId); return(client); }
/*****************************************/ /* helper APIs for the AccountController */ /*****************************************/ private async Task <LoginViewModel> BuildLoginViewModelAsync(string returnUrl) { var context = await Interaction.GetAuthorizationContextAsync(returnUrl); if (context?.IdP != null && await SchemeProvider.GetSchemeAsync(context.IdP) != null) { var local = context.IdP == IdentityServer4.IdentityServerConstants.LocalIdentityProvider; // this is meant to short circuit the UI and only trigger the one external IdP var vm = new LoginViewModel { EnableLocalLogin = local, ReturnUrl = returnUrl, Username = context?.LoginHint, }; if (!local) { vm.ExternalProviders = new[] { new ExternalProvider { AuthenticationScheme = context.IdP } }; } return(vm); } var schemes = await SchemeProvider.GetAllSchemesAsync(); var providers = schemes .Where(x => x.DisplayName != null || (x.Name.Equals(AccountOptions.WindowsAuthenticationSchemeName, StringComparison.OrdinalIgnoreCase)) ) .Select(x => new ExternalProvider { DisplayName = x.DisplayName, AuthenticationScheme = x.Name }).ToList(); var allowLocal = true; if (context?.ClientId != null) { var client = await ClientStore.FindEnabledClientByIdAsync(context.ClientId); if (client != null) { allowLocal = client.EnableLocalLogin; if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any()) { providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList(); } } } return(new LoginViewModel { AllowRememberLogin = AccountOptions.AllowRememberLogin, EnableLocalLogin = allowLocal && AccountOptions.AllowLocalLogin, ReturnUrl = returnUrl, Username = context?.LoginHint, ExternalProviders = providers.ToArray() }); }